diff --git a/CHANGELOG.md b/CHANGELOG.md
index 905f6da6de..8f42d99245 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -16,6 +16,10 @@
   * [BREAKING CHANGE] Added `IsSingleInstance` parameter.
 * AADTenantAppManagementPolicy
   * [BREAKING CHANGE] Added `IsSingleInstance` and removed `Ensure` parameter.
+* EXOActiveSyncMailboxPolicy
+  * Changed cmdlets from `*-ActiveSyncMailboxPolicy` to `*-MobileDeviceMailboxPolicy`.
+  * [BREAKING CHANGE] Updated property names to match newly returned values and parameters.
+    Added new properties `AllowGooglePushNotifications` and `AllowMicrosoftPushNotifications`.
 * EXODkimSigningConfig
   * Fixed an issue to create new DkimSigningConfig
     FIXES [#6982](https://github.com/microsoft/Microsoft365DSC/issues/6982)
diff --git a/Examples/Resources/EXOActiveSyncMailboxPolicy/1-Create.ps1 b/Examples/Resources/EXOActiveSyncMailboxPolicy/1-Create.ps1
index d74747c848..5bdb3dee72 100644
--- a/Examples/Resources/EXOActiveSyncMailboxPolicy/1-Create.ps1
+++ b/Examples/Resources/EXOActiveSyncMailboxPolicy/1-Create.ps1
@@ -31,14 +31,16 @@ Configuration Example
             AllowConsumerEmail                       = $True;
             AllowDesktopSync                         = $True;
             AllowExternalDeviceManagement            = $False;
+            AllowGooglePushNotifications             = $True;
             AllowHTMLEmail                           = $True;
             AllowInternetSharing                     = $True;
             AllowIrDA                                = $True;
+            AllowMicrosoftPushNotifications          = $True;
             AllowMobileOTAUpdate                     = $True;
             AllowNonProvisionableDevices             = $True;
             AllowPOPIMAPEmail                        = $True;
             AllowRemoteDesktop                       = $True;
-            AllowSimpleDevicePassword                = $True;
+            AllowSimplePassword                      = $True;
             AllowSMIMEEncryptionAlgorithmNegotiation = "AllowAnyAlgorithmNegotiation";
             AllowSMIMESoftCerts                      = $True;
             AllowStorageCard                         = $True;
@@ -46,13 +48,13 @@ Configuration Example
             AllowUnsignedApplications                = $True;
             AllowUnsignedInstallationPackages        = $True;
             AllowWiFi                                = $True;
-            AlphanumericDevicePasswordRequired       = $False;
+            AlphanumericPasswordRequired             = $False;
             ApprovedApplicationList                  = @();
             AttachmentsEnabled                       = $True;
             DeviceEncryptionEnabled                  = $False;
-            DevicePasswordEnabled                    = $False;
-            DevicePasswordExpiration                 = "Unlimited";
-            DevicePasswordHistory                    = 0;
+            PasswordEnabled                          = $False;
+            PasswordExpiration                       = "Unlimited";
+            PasswordHistory                          = 0;
             DevicePolicyRefreshInterval              = "Unlimited";
             Identity                                 = "Test";
             IrmEnabled                               = $True;
@@ -60,13 +62,13 @@ Configuration Example
             IsDefaultPolicy                          = $True;
             MaxAttachmentSize                        = "Unlimited";
             MaxCalendarAgeFilter                     = "All";
-            MaxDevicePasswordFailedAttempts          = "Unlimited";
+            MaxPasswordFailedAttempts                = "Unlimited";
             MaxEmailAgeFilter                        = "All";
             MaxEmailBodyTruncationSize               = "Unlimited";
             MaxEmailHTMLBodyTruncationSize           = "Unlimited";
-            MaxInactivityTimeDeviceLock              = "Unlimited";
-            MinDevicePasswordComplexCharacters       = 1;
-            MinDevicePasswordLength                  = 1;
+            MaxInactivityTimeLock                    = "Unlimited";
+            MinPasswordComplexCharacters             = 1;
+            MinPasswordLength                        = 1;
             Name                                     = "Test";
             PasswordRecoveryEnabled                  = $False;
             RequireDeviceEncryption                  = $False;
diff --git a/Examples/Resources/EXOActiveSyncMailboxPolicy/2-Update.ps1 b/Examples/Resources/EXOActiveSyncMailboxPolicy/2-Update.ps1
index 130f3fd6d7..b230830f68 100644
--- a/Examples/Resources/EXOActiveSyncMailboxPolicy/2-Update.ps1
+++ b/Examples/Resources/EXOActiveSyncMailboxPolicy/2-Update.ps1
@@ -27,18 +27,20 @@ Configuration Example
             AllowApplePushNotifications              = $True;
             AllowBluetooth                           = "Allow";
             AllowBrowser                             = $True;
-            AllowCamera                              = $False; #drift
+            AllowCamera                              = $False; # Drift
             AllowConsumerEmail                       = $True;
             AllowDesktopSync                         = $True;
             AllowExternalDeviceManagement            = $False;
+            AllowGooglePushNotifications             = $True;
             AllowHTMLEmail                           = $True;
             AllowInternetSharing                     = $True;
             AllowIrDA                                = $True;
+            AllowMicrosoftPushNotifications          = $True;
             AllowMobileOTAUpdate                     = $True;
             AllowNonProvisionableDevices             = $True;
             AllowPOPIMAPEmail                        = $True;
             AllowRemoteDesktop                       = $True;
-            AllowSimpleDevicePassword                = $True;
+            AllowSimplePassword                      = $True;
             AllowSMIMEEncryptionAlgorithmNegotiation = "AllowAnyAlgorithmNegotiation";
             AllowSMIMESoftCerts                      = $True;
             AllowStorageCard                         = $True;
@@ -46,13 +48,13 @@ Configuration Example
             AllowUnsignedApplications                = $True;
             AllowUnsignedInstallationPackages        = $True;
             AllowWiFi                                = $True;
-            AlphanumericDevicePasswordRequired       = $False;
+            AlphanumericPasswordRequired             = $False;
             ApprovedApplicationList                  = @();
             AttachmentsEnabled                       = $True;
             DeviceEncryptionEnabled                  = $False;
-            DevicePasswordEnabled                    = $False;
-            DevicePasswordExpiration                 = "Unlimited";
-            DevicePasswordHistory                    = 0;
+            PasswordEnabled                          = $False;
+            PasswordExpiration                       = "Unlimited";
+            PasswordHistory                          = 0;
             DevicePolicyRefreshInterval              = "Unlimited";
             Identity                                 = "Test";
             IrmEnabled                               = $True;
@@ -60,13 +62,13 @@ Configuration Example
             IsDefaultPolicy                          = $True;
             MaxAttachmentSize                        = "Unlimited";
             MaxCalendarAgeFilter                     = "All";
-            MaxDevicePasswordFailedAttempts          = "Unlimited";
+            MaxPasswordFailedAttempts                = "Unlimited";
             MaxEmailAgeFilter                        = "All";
             MaxEmailBodyTruncationSize               = "Unlimited";
             MaxEmailHTMLBodyTruncationSize           = "Unlimited";
-            MaxInactivityTimeDeviceLock              = "Unlimited";
-            MinDevicePasswordComplexCharacters       = 1;
-            MinDevicePasswordLength                  = 1;
+            MaxInactivityTimeLock                    = "Unlimited";
+            MinPasswordComplexCharacters             = 1;
+            MinPasswordLength                        = 1;
             Name                                     = "Test";
             PasswordRecoveryEnabled                  = $False;
             RequireDeviceEncryption                  = $False;
diff --git a/Examples/Resources/EXOActiveSyncMailboxPolicy/3-Remove.ps1 b/Examples/Resources/EXOActiveSyncMailboxPolicy/3-Remove.ps1
index 585f9b6658..d5cc2da2d6 100644
--- a/Examples/Resources/EXOActiveSyncMailboxPolicy/3-Remove.ps1
+++ b/Examples/Resources/EXOActiveSyncMailboxPolicy/3-Remove.ps1
@@ -31,14 +31,16 @@ Configuration Example
             AllowConsumerEmail                       = $True;
             AllowDesktopSync                         = $True;
             AllowExternalDeviceManagement            = $False;
+            AllowGooglePushNotifications             = $True;
             AllowHTMLEmail                           = $True;
             AllowInternetSharing                     = $True;
             AllowIrDA                                = $True;
+            AllowMicrosoftPushNotifications          = $True;
             AllowMobileOTAUpdate                     = $True;
             AllowNonProvisionableDevices             = $True;
             AllowPOPIMAPEmail                        = $True;
             AllowRemoteDesktop                       = $True;
-            AllowSimpleDevicePassword                = $True;
+            AllowSimplePassword                      = $True;
             AllowSMIMEEncryptionAlgorithmNegotiation = "AllowAnyAlgorithmNegotiation";
             AllowSMIMESoftCerts                      = $True;
             AllowStorageCard                         = $True;
@@ -46,13 +48,13 @@ Configuration Example
             AllowUnsignedApplications                = $True;
             AllowUnsignedInstallationPackages        = $True;
             AllowWiFi                                = $True;
-            AlphanumericDevicePasswordRequired       = $False;
+            AlphanumericPasswordRequired             = $False;
             ApprovedApplicationList                  = @();
             AttachmentsEnabled                       = $True;
             DeviceEncryptionEnabled                  = $False;
-            DevicePasswordEnabled                    = $False;
-            DevicePasswordExpiration                 = "Unlimited";
-            DevicePasswordHistory                    = 0;
+            PasswordEnabled                          = $False;
+            PasswordExpiration                       = "Unlimited";
+            PasswordHistory                          = 0;
             DevicePolicyRefreshInterval              = "Unlimited";
             Identity                                 = "Test";
             IrmEnabled                               = $True;
@@ -60,13 +62,13 @@ Configuration Example
             IsDefaultPolicy                          = $True;
             MaxAttachmentSize                        = "Unlimited";
             MaxCalendarAgeFilter                     = "All";
-            MaxDevicePasswordFailedAttempts          = "Unlimited";
+            MaxPasswordFailedAttempts                = "Unlimited";
             MaxEmailAgeFilter                        = "All";
             MaxEmailBodyTruncationSize               = "Unlimited";
             MaxEmailHTMLBodyTruncationSize           = "Unlimited";
-            MaxInactivityTimeDeviceLock              = "Unlimited";
-            MinDevicePasswordComplexCharacters       = 1;
-            MinDevicePasswordLength                  = 1;
+            MaxInactivityTimeLock                    = "Unlimited";
+            MinPasswordComplexCharacters             = 1;
+            MinPasswordLength                        = 1;
             Name                                     = "Test";
             PasswordRecoveryEnabled                  = $False;
             RequireDeviceEncryption                  = $False;
diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOActiveSyncMailboxPolicy/MSFT_EXOActiveSyncMailboxPolicy.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOActiveSyncMailboxPolicy/MSFT_EXOActiveSyncMailboxPolicy.psm1
index 03e69c5d00..9d7ad8e663 100644
--- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOActiveSyncMailboxPolicy/MSFT_EXOActiveSyncMailboxPolicy.psm1
+++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOActiveSyncMailboxPolicy/MSFT_EXOActiveSyncMailboxPolicy.psm1
@@ -39,6 +39,10 @@ function Get-TargetResource
         [System.Boolean]
         $AllowExternalDeviceManagement,
 
+        [Parameter()]
+        [System.Boolean]
+        $AllowGooglePushNotifications,
+
         [Parameter()]
         [System.Boolean]
         $AllowHTMLEmail,
@@ -51,6 +55,10 @@ function Get-TargetResource
         [System.Boolean]
         $AllowIrDA,
 
+        [Parameter()]
+        [System.Boolean]
+        $AllowMicrosoftPushNotifications,
+
         [Parameter()]
         [System.Boolean]
         $AllowMobileOTAUpdate,
@@ -69,7 +77,7 @@ function Get-TargetResource
 
         [Parameter()]
         [System.Boolean]
-        $AllowSimpleDevicePassword,
+        $AllowSimplePassword,
 
         [Parameter()]
         [System.String]
@@ -101,7 +109,7 @@ function Get-TargetResource
 
         [Parameter()]
         [System.Boolean]
-        $AlphanumericDevicePasswordRequired,
+        $AlphanumericPasswordRequired,
 
         [Parameter()]
         [System.String[]]
@@ -117,15 +125,15 @@ function Get-TargetResource
 
         [Parameter()]
         [System.Boolean]
-        $DevicePasswordEnabled,
+        $PasswordEnabled,
 
         [Parameter()]
         [System.String]
-        $DevicePasswordExpiration,
+        $PasswordExpiration,
 
         [Parameter()]
         [System.Int32]
-        $DevicePasswordHistory,
+        $PasswordHistory,
 
         [Parameter()]
         [System.String]
@@ -154,7 +162,7 @@ function Get-TargetResource
 
         [Parameter()]
         [System.String]
-        $MaxDevicePasswordFailedAttempts,
+        $MaxPasswordFailedAttempts,
 
         [Parameter()]
         [System.String]
@@ -171,15 +179,15 @@ function Get-TargetResource
 
         [Parameter()]
         [System.String]
-        $MaxInactivityTimeDeviceLock,
+        $MaxInactivityTimeLock,
 
         [Parameter()]
         [System.Int32]
-        $MinDevicePasswordComplexCharacters,
+        $MinPasswordComplexCharacters,
 
         [Parameter()]
         [System.Int32]
-        $MinDevicePasswordLength,
+        $MinPasswordLength,
 
         [Parameter()]
         [System.Boolean]
@@ -281,7 +289,7 @@ function Get-TargetResource
             $nullResult = $PSBoundParameters
             $nullResult.Ensure = 'Absent'
 
-            $instance = Get-ActiveSyncMailboxPolicy -Identity $Identity -ErrorAction SilentlyContinue
+            $instance = Get-MobileDeviceMailboxPolicy -Identity $Identity -ErrorAction SilentlyContinue
 
             if ($null -eq $instance)
             {
@@ -306,14 +314,16 @@ function Get-TargetResource
             AllowConsumerEmail                       = [System.Boolean]$instance.AllowConsumerEmail
             AllowDesktopSync                         = [System.Boolean]$instance.AllowDesktopSync
             AllowExternalDeviceManagement            = [System.Boolean]$instance.AllowExternalDeviceManagement
+            AllowGooglePushNotifications             = [System.Boolean]$instance.AllowGooglePushNotifications
             AllowHTMLEmail                           = [System.Boolean]$instance.AllowHTMLEmail
             AllowInternetSharing                     = [System.Boolean]$instance.AllowInternetSharing
             AllowIrDA                                = [System.Boolean]$instance.AllowIrDA
+            AllowMicrosoftPushNotifications          = [System.Boolean]$instance.AllowMicrosoftPushNotifications
             AllowMobileOTAUpdate                     = [System.Boolean]$instance.AllowMobileOTAUpdate
             AllowNonProvisionableDevices             = [System.Boolean]$instance.AllowNonProvisionableDevices
             AllowPOPIMAPEmail                        = [System.Boolean]$instance.AllowPOPIMAPEmail
             AllowRemoteDesktop                       = [System.Boolean]$instance.AllowRemoteDesktop
-            AllowSimpleDevicePassword                = [System.Boolean]$instance.AllowSimpleDevicePassword
+            AllowSimplePassword                      = [System.Boolean]$instance.AllowSimplePassword
             AllowSMIMEEncryptionAlgorithmNegotiation = [System.String]$instance.AllowSMIMEEncryptionAlgorithmNegotiation
             AllowSMIMESoftCerts                      = [System.Boolean]$instance.AllowSMIMESoftCerts
             AllowStorageCard                         = [System.Boolean]$instance.AllowStorageCard
@@ -321,26 +331,26 @@ function Get-TargetResource
             AllowUnsignedApplications                = [System.Boolean]$instance.AllowUnsignedApplications
             AllowUnsignedInstallationPackages        = [System.Boolean]$instance.AllowUnsignedInstallationPackages
             AllowWiFi                                = [System.Boolean]$instance.AllowWiFi
-            AlphanumericDevicePasswordRequired       = [System.Boolean]$instance.AlphanumericDevicePasswordRequired
+            AlphanumericPasswordRequired             = [System.Boolean]$instance.AlphanumericPasswordRequired
             ApprovedApplicationList                  = [System.String[]]$instance.ApprovedApplicationList
             AttachmentsEnabled                       = [System.Boolean]$instance.AttachmentsEnabled
             DeviceEncryptionEnabled                  = [System.Boolean]$instance.DeviceEncryptionEnabled
-            DevicePasswordEnabled                    = [System.Boolean]$instance.DevicePasswordEnabled
-            DevicePasswordExpiration                 = [System.String]$instance.DevicePasswordExpiration
-            DevicePasswordHistory                    = [System.Int32]$instance.DevicePasswordHistory
+            PasswordEnabled                          = [System.Boolean]$instance.PasswordEnabled
+            PasswordExpiration                       = [System.String]$instance.PasswordExpiration
+            PasswordHistory                          = [System.Int32]$instance.PasswordHistory
             DevicePolicyRefreshInterval              = [System.String]$instance.DevicePolicyRefreshInterval
             IrmEnabled                               = [System.Boolean]$instance.IrmEnabled
             IsDefault                                = [System.Boolean]$instance.IsDefault
             IsDefaultPolicy                          = [System.Boolean]$instance.IsDefaultPolicy
             MaxAttachmentSize                        = [System.String]$instance.MaxAttachmentSize
             MaxCalendarAgeFilter                     = [System.String]$instance.MaxCalendarAgeFilter
-            MaxDevicePasswordFailedAttempts          = [System.String]$instance.MaxDevicePasswordFailedAttempts
+            MaxPasswordFailedAttempts                = [System.String]$instance.MaxPasswordFailedAttempts
             MaxEmailAgeFilter                        = [System.String]$instance.MaxEmailAgeFilter
             MaxEmailBodyTruncationSize               = [System.String]$instance.MaxEmailBodyTruncationSize
             MaxEmailHTMLBodyTruncationSize           = [System.String]$instance.MaxEmailHTMLBodyTruncationSize
-            MaxInactivityTimeDeviceLock              = [System.String]$instance.MaxInactivityTimeDeviceLock
-            MinDevicePasswordComplexCharacters       = [System.Int32]$instance.MinDevicePasswordComplexCharacters
-            MinDevicePasswordLength                  = [System.Int32]$instance.MinDevicePasswordLength
+            MaxInactivityTimeLock                    = [System.String]$instance.MaxInactivityTimeLock
+            MinPasswordComplexCharacters             = [System.Int32]$instance.MinPasswordComplexCharacters
+            MinPasswordLength                        = [System.Int32]$instance.MinPasswordLength
             PasswordRecoveryEnabled                  = [System.Boolean]$instance.PasswordRecoveryEnabled
             RequireDeviceEncryption                  = [System.Boolean]$instance.RequireDeviceEncryption
             RequireEncryptedSMIMEMessages            = [System.Boolean]$instance.RequireEncryptedSMIMEMessages
@@ -412,6 +422,10 @@ function Set-TargetResource
         [System.Boolean]
         $AllowExternalDeviceManagement,
 
+        [Parameter()]
+        [System.Boolean]
+        $AllowGooglePushNotifications,
+
         [Parameter()]
         [System.Boolean]
         $AllowHTMLEmail,
@@ -424,6 +438,10 @@ function Set-TargetResource
         [System.Boolean]
         $AllowIrDA,
 
+        [Parameter()]
+        [System.Boolean]
+        $AllowMicrosoftPushNotifications,
+
         [Parameter()]
         [System.Boolean]
         $AllowMobileOTAUpdate,
@@ -442,7 +460,7 @@ function Set-TargetResource
 
         [Parameter()]
         [System.Boolean]
-        $AllowSimpleDevicePassword,
+        $AllowSimplePassword,
 
         [Parameter()]
         [System.String]
@@ -474,7 +492,7 @@ function Set-TargetResource
 
         [Parameter()]
         [System.Boolean]
-        $AlphanumericDevicePasswordRequired,
+        $AlphanumericPasswordRequired,
 
         [Parameter()]
         [System.String[]]
@@ -490,15 +508,15 @@ function Set-TargetResource
 
         [Parameter()]
         [System.Boolean]
-        $DevicePasswordEnabled,
+        $PasswordEnabled,
 
         [Parameter()]
         [System.String]
-        $DevicePasswordExpiration,
+        $PasswordExpiration,
 
         [Parameter()]
         [System.Int32]
-        $DevicePasswordHistory,
+        $PasswordHistory,
 
         [Parameter()]
         [System.String]
@@ -527,7 +545,7 @@ function Set-TargetResource
 
         [Parameter()]
         [System.String]
-        $MaxDevicePasswordFailedAttempts,
+        $MaxPasswordFailedAttempts,
 
         [Parameter()]
         [System.String]
@@ -544,15 +562,15 @@ function Set-TargetResource
 
         [Parameter()]
         [System.String]
-        $MaxInactivityTimeDeviceLock,
+        $MaxInactivityTimeLock,
 
         [Parameter()]
         [System.Int32]
-        $MinDevicePasswordComplexCharacters,
+        $MinPasswordComplexCharacters,
 
         [Parameter()]
         [System.Int32]
-        $MinDevicePasswordLength,
+        $MinPasswordLength,
 
         [Parameter()]
         [System.Boolean]
@@ -654,17 +672,17 @@ function Set-TargetResource
     if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent')
     {
         $setParameters.Remove('Identity')
-        New-ActiveSyncMailboxPolicy @SetParameters
+        New-MobileDeviceMailboxPolicy @SetParameters
     }
     # UPDATE
     elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present')
     {
-        Set-ActiveSyncMailboxPolicy @SetParameters
+        Set-MobileDeviceMailboxPolicy @SetParameters
     }
     # REMOVE
     elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present')
     {
-        Remove-ActiveSyncMailboxPolicy -Identity $Identity
+        Remove-MobileDeviceMailboxPolicy -Identity $Identity
     }
 }
 
@@ -707,6 +725,10 @@ function Test-TargetResource
         [System.Boolean]
         $AllowExternalDeviceManagement,
 
+        [Parameter()]
+        [System.Boolean]
+        $AllowGooglePushNotifications,
+
         [Parameter()]
         [System.Boolean]
         $AllowHTMLEmail,
@@ -719,6 +741,10 @@ function Test-TargetResource
         [System.Boolean]
         $AllowIrDA,
 
+        [Parameter()]
+        [System.Boolean]
+        $AllowMicrosoftPushNotifications,
+
         [Parameter()]
         [System.Boolean]
         $AllowMobileOTAUpdate,
@@ -737,7 +763,7 @@ function Test-TargetResource
 
         [Parameter()]
         [System.Boolean]
-        $AllowSimpleDevicePassword,
+        $AllowSimplePassword,
 
         [Parameter()]
         [System.String]
@@ -769,7 +795,7 @@ function Test-TargetResource
 
         [Parameter()]
         [System.Boolean]
-        $AlphanumericDevicePasswordRequired,
+        $AlphanumericPasswordRequired,
 
         [Parameter()]
         [System.String[]]
@@ -785,15 +811,15 @@ function Test-TargetResource
 
         [Parameter()]
         [System.Boolean]
-        $DevicePasswordEnabled,
+        $PasswordEnabled,
 
         [Parameter()]
         [System.String]
-        $DevicePasswordExpiration,
+        $PasswordExpiration,
 
         [Parameter()]
         [System.Int32]
-        $DevicePasswordHistory,
+        $PasswordHistory,
 
         [Parameter()]
         [System.String]
@@ -822,7 +848,7 @@ function Test-TargetResource
 
         [Parameter()]
         [System.String]
-        $MaxDevicePasswordFailedAttempts,
+        $MaxPasswordFailedAttempts,
 
         [Parameter()]
         [System.String]
@@ -839,15 +865,15 @@ function Test-TargetResource
 
         [Parameter()]
         [System.String]
-        $MaxInactivityTimeDeviceLock,
+        $MaxInactivityTimeLock,
 
         [Parameter()]
         [System.Int32]
-        $MinDevicePasswordComplexCharacters,
+        $MinPasswordComplexCharacters,
 
         [Parameter()]
         [System.Int32]
-        $MinDevicePasswordLength,
+        $MinPasswordLength,
 
         [Parameter()]
         [System.Boolean]
@@ -992,7 +1018,7 @@ function Export-TargetResource
 
     try
     {
-        [array]$policies = Get-ActiveSyncMailboxPolicy -ErrorAction Stop
+        [array]$policies = Get-MobileDeviceMailboxPolicy -ErrorAction Stop
 
         $i = 1
         $dscContent = ''
diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOActiveSyncMailboxPolicy/MSFT_EXOActiveSyncMailboxPolicy.schema.mof b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOActiveSyncMailboxPolicy/MSFT_EXOActiveSyncMailboxPolicy.schema.mof
index 32242a76b3..9fec71878f 100644
--- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOActiveSyncMailboxPolicy/MSFT_EXOActiveSyncMailboxPolicy.schema.mof
+++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOActiveSyncMailboxPolicy/MSFT_EXOActiveSyncMailboxPolicy.schema.mof
@@ -1,4 +1,4 @@
-[ClassVersion("1.0.0.0"), FriendlyName("EXOActiveSyncMailboxPolicy")]
+[ClassVersion("1.0.0.1"), FriendlyName("EXOActiveSyncMailboxPolicy")]
 class MSFT_EXOActiveSyncMailboxPolicy : OMI_BaseResource
 {
     [Write, Description("Specifies the name of the policy.")] String Name;
@@ -9,14 +9,16 @@ class MSFT_EXOActiveSyncMailboxPolicy : OMI_BaseResource
     [Write, Description("Specifies whether the mobile phone user can configure a personal email account on the device.")] Boolean AllowConsumerEmail;
     [Write, Description("Specifies whether the mobile phone can synchronize with a desktop computer through a cable.")] Boolean AllowDesktopSync;
     [Write, Description("Specifies whether an external device management program is allowed to manage the device.")] Boolean AllowExternalDeviceManagement;
+    [Write, Description("The AllowGooglePushNotifications parameter controls whether the user can receive push notifications from Google for Outlook on the web for devices. Valid input for this parameter is $true or $false. The default value is $true.")] Boolean AllowGooglePushNotifications;
     [Write, Description("Specifies whether HTML email is enabled on the device.")] Boolean AllowHTMLEmail;
     [Write, Description("Specifies whether the mobile phone can be used as a modem to connect a computer to the Internet.")] Boolean AllowInternetSharing;
     [Write, Description("Specifies whether infrared connections are allowed to the mobile phone.")] Boolean AllowIrDA;
+    [Write, Description("The AllowMicrosoftPushNotifications parameter specifies whether push notifications are enabled on the mobile device. Valid input for this parameter is $true or $false. The default value is $true.")] Boolean AllowMicrosoftPushNotifications;
     [Write, Description("Specifies whether certain updates are seen by devices that implemented support for this restricting functionality.")] Boolean AllowMobileOTAUpdate;
     [Write, Description("Enables all devices to synchronize with the computer running Exchange, regardless of whether the device can enforce all the specific settings established in the Mobile Device mailbox policy.")] Boolean AllowNonProvisionableDevices;
     [Write, Description("Specifies whether the user can configure a POP3 or IMAP4 email account on the device.")] Boolean AllowPOPIMAPEmail;
     [Write, Description("Specifies whether the mobile phone can initiate a remote desktop connection.")] Boolean AllowRemoteDesktop;
-    [Write, Description("Specifies whether a simple device password is allowed.")] Boolean AllowSimpleDevicePassword;
+    [Write, Description("Specifies whether a simple device password is allowed.")] Boolean AllowSimplePassword;
     [Write, Description("Specifies whether the messaging application on the device can negotiate the encryption algorithm in case a recipient's certificate doesn't support the specified encryption algorithm.")] String AllowSMIMEEncryptionAlgorithmNegotiation;
     [Write, Description("Specifies whether S/MIME software certificates are allowed.")] Boolean AllowSMIMESoftCerts;
     [Write, Description("Specifies whether the device can access information stored on a storage card.")] Boolean AllowStorageCard;
@@ -24,26 +26,26 @@ class MSFT_EXOActiveSyncMailboxPolicy : OMI_BaseResource
     [Write, Description("Specifies whether unsigned applications can be installed on the device.")] Boolean AllowUnsignedApplications;
     [Write, Description("Specifies whether unsigned installation packages can be run on the device.")] Boolean AllowUnsignedInstallationPackages;
     [Write, Description("Specifies whether wireless Internet access is allowed on the device.")] Boolean AllowWiFi;
-    [Write, Description("Specifies whether the device password must be alphanumeric.")] Boolean AlphanumericDevicePasswordRequired;
+    [Write, Description("Specifies whether the device password must be alphanumeric.")] Boolean AlphanumericPasswordRequired;
     [Write, Description("Specifies a list of approved applications for the device.")] String ApprovedApplicationList[];
     [Write, Description("Specifies whether the user can download attachments.")] Boolean AttachmentsEnabled;
     [Write, Description("Enables device encryption on the mobile phone.")] Boolean DeviceEncryptionEnabled;
-    [Write, Description("Specifies that the user set a password for the device.")] Boolean DevicePasswordEnabled;
-    [Write, Description("Specifies the length of time, in days, that a password can be used.")] String DevicePasswordExpiration;
-    [Write, Description("Specifies the number of previously used passwords to store.")] Sint32 DevicePasswordHistory;
+    [Write, Description("Specifies that the user set a password for the device.")] Boolean PasswordEnabled;
+    [Write, Description("Specifies the length of time, in days, that a password can be used.")] String PasswordExpiration;
+    [Write, Description("Specifies the number of previously used passwords to store.")] Sint32 PasswordHistory;
     [Write, Description("Specifies how often the policy is sent from the server to the mobile phone")] String DevicePolicyRefreshInterval;
     [Write, Description("Specifies whether Information Rights Management (IRM) is enabled for the mailbox policy.")] Boolean IrmEnabled;
     [Write, Description("Specifies whether this policy is the default Mobile Device mailbox policy.")] Boolean IsDefault;
     [Write, Description("Specifies whether this policy is the default Mobile Device mailbox policy.")] Boolean IsDefaultPolicy;
     [Write, Description("Specifies the maximum size of attachments that can be downloaded to the mobile phone.")] String MaxAttachmentSize;
     [Write, Description("Specifies the maximum range of calendar days that can be synchronized to the device."), ValueMap{"All", "TwoWeeks", "OneMonth", "ThreeMonths", "SixMonths"}, Values{"All", "TwoWeeks", "OneMonth", "ThreeMonths", "SixMonths"}] String MaxCalendarAgeFilter;
-    [Write, Description("Specifies the number of attempts a user can make to enter the correct password for the device.")] String MaxDevicePasswordFailedAttempts;
+    [Write, Description("Specifies the number of attempts a user can make to enter the correct password for the device.")] String MaxPasswordFailedAttempts;
     [Write, Description("Specifies the maximum number of days of email items to synchronize to the device."), ValueMap{"All", "OneDay", "ThreeDays", "OneWeek", "TwoWeeks", "OneMonth", "ThreeMonths", "SixMonths"}, Values{"All", "OneDay", "ThreeDays", "OneWeek", "TwoWeeks", "OneMonth", "ThreeMonths", "SixMonths"}] String MaxEmailAgeFilter;
     [Write, Description("Specifies the maximum size at which email messages are truncated when synchronized to the device.")] String MaxEmailBodyTruncationSize;
     [Write, Description("Specifies the maximum size at which HTML-formatted email messages are synchronized to the device.")] String MaxEmailHTMLBodyTruncationSize;
-    [Write, Description("Specifies the length of time that the device can be inactive before the password is required to reactivate the device.")] String MaxInactivityTimeDeviceLock;
-    [Write, Description("Specifies the minimum number of complex characters required in a device password.")] Sint32 MinDevicePasswordComplexCharacters;
-    [Write, Description("Specifies the minimum number of characters in the device password.")] Sint32 MinDevicePasswordLength;
+    [Write, Description("Specifies the length of time that the device can be inactive before the password is required to reactivate the device.")] String MaxInactivityTimeLock;
+    [Write, Description("Specifies the minimum number of complex characters required in a device password.")] Sint32 MinPasswordComplexCharacters;
+    [Write, Description("Specifies the minimum number of characters in the device password.")] Sint32 MinPasswordLength;
     [Write, Description("Specifies whether you can store the recovery password for the device on an Exchange server.")] Boolean PasswordRecoveryEnabled;
     [Write, Description("Specifies whether encryption is required on the device.")] Boolean RequireDeviceEncryption;
     [Write, Description("Specifies whether you must encrypt S/MIME messages.")] Boolean RequireEncryptedSMIMEMessages;
diff --git a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMailboxCalendarConfiguration/MSFT_EXOMailboxCalendarConfiguration.psm1 b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMailboxCalendarConfiguration/MSFT_EXOMailboxCalendarConfiguration.psm1
index 2b4c07968c..cdda3d23d1 100644
--- a/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMailboxCalendarConfiguration/MSFT_EXOMailboxCalendarConfiguration.psm1
+++ b/Modules/Microsoft365DSC/DSCResources/MSFT_EXOMailboxCalendarConfiguration/MSFT_EXOMailboxCalendarConfiguration.psm1
@@ -230,6 +230,9 @@ function Get-TargetResource
         $nullResult = $PSBoundParameters
         $nullResult.Ensure = 'Absent'
 
+        # The cmdlet will show the warning "Events from Email parameters of this cmdlet are deprecated. Use Get-EventsFromEmailConfiguration instead."
+        # However, the new cmdlet does not work and throws an Internal Server Error exception
+        # Keep using Get-MailboxCalendarConfiguration for now
         $config = Get-MailboxCalendarConfiguration -Identity $Identity -ErrorAction SilentlyContinue
 
         if ($null -eq $config)
diff --git a/Modules/Microsoft365DSC/SchemaDefinition.json b/Modules/Microsoft365DSC/SchemaDefinition.json
index b61c11622d..1319bdad33 100644
--- a/Modules/Microsoft365DSC/SchemaDefinition.json
+++ b/Modules/Microsoft365DSC/SchemaDefinition.json
@@ -1 +1 @@
-[{"ClassName":"MSFT_MicrosoftGraphAccessReviewPrincipalScope","Parameters":[{"CIMType":"String","Description":"The query representing what will be reviewed in an access review.","Name":"Query","Option":"Write"},{"CIMType":"String","Description":"In the scenario where reviewers need to be specified dynamically, this property is used to indicate the relative source of the query. This property is only required if a relative query is specified. For example, ./manager.","Name":"QueryRoot","Option":"Write"},{"CIMType":"String","Description":"Indicates the type of query. Types include MicrosoftGraph and ARM.","Name":"QueryType","Option":"Write"},{"CIMType":"String","Description":"The type of the entity.","Name":"odataType","Option":"Required","ValueMap":["#microsoft.graph.accessReviewPrincipalScope","#microsoft.graph.accessReviewQueryScope"],"Values":["#microsoft.graph.accessReviewPrincipalScope","#microsoft.graph.accessReviewQueryScope"]},{"CIMType":"String","Description":"The type of users to include in the review. The possible values are: allUsers, guestUsers, inactiveUsers, inactiveGuestUsers.","Name":"scopeType","Option":"Write","ValueMap":["allUsers","guestUsers","inactiveUsers","inactiveGuestUsers"],"Values":["allUsers","guestUsers","inactiveUsers","inactiveGuestUsers"]}],"Description":"Azure AD Access Review Definition"},{"ClassName":"MSFT_MicrosoftGraphAccessReviewResourceScope","Parameters":[{"CIMType":"String","Description":"The query representing what will be reviewed in an access review.","Name":"Query","Option":"Write"},{"CIMType":"String","Description":"In the scenario where reviewers need to be specified dynamically, this property is used to indicate the relative source of the query. This property is only required if a relative query is specified. For example, ./manager.","Name":"QueryRoot","Option":"Write"},{"CIMType":"String","Description":"Indicates the type of query. Types include MicrosoftGraph and ARM.","Name":"QueryType","Option":"Write"},{"CIMType":"String","Description":"The type of the entity.","Name":"odataType","Option":"Required","ValueMap":["#microsoft.graph.accessReviewResourceScope","#microsoft.graph.accessReviewQueryScope"],"Values":["#microsoft.graph.accessReviewResourceScope","#microsoft.graph.accessReviewQueryScope"]},{"CIMType":"String","Description":"The display name of the resource.","Name":"displayName","Option":"Write"},{"CIMType":"String","Description":"The identifier of the resource.","Name":"resourceScopeId","Option":"Write"},{"CIMType":"String","Description":"The type of users to include in the review. The possible values are: group, catalog, servicePrincipal, directoryRole, accessPackageAssignmentPolicy.","Name":"scopeType","Option":"Write","ValueMap":["group","catalog","servicePrincipal","directoryRole","accessPackageAssignmentPolicy"],"Values":["group","catalog","servicePrincipal","directoryRole","accessPackageAssignmentPolicy"]}],"Description":"Azure AD Access Review Definition"},{"ClassName":"MSFT_MicrosoftGraphAccessReviewScope","Parameters":[{"CIMType":"String","Description":"The query representing what will be reviewed in an access review.","Name":"Query","Option":"Write"},{"CIMType":"String","Description":"In the scenario where reviewers need to be specified dynamically, this property is used to indicate the relative source of the query. This property is only required if a relative query is specified. For example, ./manager.","Name":"QueryRoot","Option":"Write"},{"CIMType":"String","Description":"Indicates the type of query. Types include MicrosoftGraph and ARM.","Name":"QueryType","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphAccessReviewPrincipalScope[]","Description":"Defines the scopes of the principals for which access to resources are reviewed in the access review.","Name":"PrincipalScopes","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphAccessReviewResourceScope[]","Description":"Defines the scopes of the resources for which access is reviewed.","Name":"ResourceScopes","Option":"Write"},{"CIMType":"String","Description":"The type of the entity.","Name":"odataType","Option":"Required","ValueMap":["#microsoft.graph.accessReviewQueryScope","#microsoft.graph.accessReviewReviewerScope","#microsoft.graph.principalResourceMembershipsScope","#microsoft.graph.accessReviewInactiveUsersQueryScope"],"Values":["#microsoft.graph.accessReviewQueryScope","#microsoft.graph.accessReviewReviewerScope","#microsoft.graph.principalResourceMembershipsScope","#microsoft.graph.accessReviewInactiveUsersQueryScope"]}],"Description":"Azure AD Access Review Definition"},{"ClassName":"MSFT_MicrosoftGraphAccessReviewScheduleSettings","Parameters":[{"CIMType":"MSFT_MicrosoftGraphAccessReviewApplyAction[]","Description":"Optional field. Describes the  actions to take once a review is complete. There are two types that are currently supported: removeAccessApplyAction (default) and disableAndDeleteUserApplyAction. Field only needs to be specified in the case of disableAndDeleteUserApplyAction.","Name":"ApplyActions","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether decisions are automatically applied. When set to false, an admin must apply the decisions manually once the reviewer completes the access review. When set to true, decisions are applied automatically after the access review instance duration ends, whether or not the reviewers have responded. Default value is false.  CAUTION: If both autoApplyDecisionsEnabled and defaultDecisionEnabled are true, all access for the principals to the resource risks being revoked if the reviewers fail to respond.","Name":"AutoApplyDecisionsEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether decisions on previous access review stages are available for reviewers on an accessReviewInstance with multiple subsequent stages. If not provided, the default is disabled (false).","Name":"DecisionHistoriesForReviewersEnabled","Option":"Write"},{"CIMType":"String","Description":"Decision chosen if defaultDecisionEnabled is enabled. Can be one of Approve, Deny, or Recommendation.","Name":"DefaultDecision","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether the default decision is enabled or disabled when reviewers do not respond. Default value is false.  CAUTION: If both autoApplyDecisionsEnabled and defaultDecisionEnabled are true, all access for the principals to the resource risks being revoked if the reviewers fail to respond.","Name":"DefaultDecisionEnabled","Option":"Write"},{"CIMType":"UInt32","Description":"Duration of each recurrence of review (accessReviewInstance) in number of days. NOTE: If the stageSettings of the accessReviewScheduleDefinition object is defined, its durationInDays setting will be used instead of the value of this property.","Name":"InstanceDurationInDays","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether reviewers are required to provide justification with their decision. Default value is false.","Name":"JustificationRequiredOnApproval","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether emails are enabled or disabled. Default value is false.","Name":"MailNotificationsEnabled","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphAccessReviewRecommendationInsightSetting[]","Description":"Optional. Describes the types of insights that aid reviewers to make access review decisions. NOTE: If the stageSettings of the accessReviewScheduleDefinition object is defined, its recommendationInsightSettings setting will be used instead of the value of this property.","Name":"RecommendationInsightSettings","Option":"Write"},{"CIMType":"String","Description":"Optional field. Indicates the period of inactivity (with respect to the start date of the review instance) that recommendations will be configured from. The recommendation will be to deny if the user is inactive during the look-back duration. For reviews of groups and Microsoft Entra roles, any duration is accepted. For reviews of applications, 30 days is the maximum duration. If not specified, the duration is 30 days. NOTE: If the stageSettings of the accessReviewScheduleDefinition object is defined, its recommendationLookBackDuration setting will be used instead of the value of this property.","Name":"RecommendationLookBackDuration","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether decision recommendations are enabled or disabled. NOTE: If the stageSettings of the accessReviewScheduleDefinition object is defined, its recommendationsEnabled setting will be used instead of the value of this property.","Name":"RecommendationsEnabled","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphPatternedRecurrence","Description":"Detailed settings for recurrence using the standard Outlook recurrence object. Note: Only dayOfMonth, interval, and type (weekly, absoluteMonthly) properties are supported. Use the property startDate on recurrenceRange to determine the day the review starts.","Name":"Recurrence","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether reminders are enabled or disabled. Default value is false.","Name":"ReminderNotificationsEnabled","Option":"Write"}],"Description":"Azure AD Access Review Definition"},{"ClassName":"MSFT_MicrosoftGraphAccessReviewApplyAction","Parameters":[{"CIMType":"String","Description":"The type of the entity.","Name":"odataType","Option":"Write","ValueMap":["#microsoft.graph.disableAndDeleteUserApplyAction","#microsoft.graph.removeAccessApplyAction"],"Values":["#microsoft.graph.disableAndDeleteUserApplyAction","#microsoft.graph.removeAccessApplyAction"]}],"Description":"Azure AD Access Review Definition"},{"ClassName":"MSFT_MicrosoftGraphAccessReviewRecommendationInsightSetting","Parameters":[{"CIMType":"String","Description":"Optional. Indicates the time period of inactivity (with respect to the start date of the review instance) that recommendations will be configured from. The recommendation will be to deny if the user is inactive during the look-back duration. For reviews of groups and Microsoft Entra roles, any duration is accepted. For reviews of applications, 30 days is the maximum duration. If not specified, the duration is 30 days.","Name":"RecommendationLookBackDuration","Option":"Write"},{"CIMType":"String","Description":"Indicates whether inactivity is calculated based on the user's inactivity in the tenant or in the application. The possible values are tenant, application, unknownFutureValue. application is only relevant when the access review is a review of an assignment to an application.","Name":"SignInScope","Option":"Write","ValueMap":["tenant","application","unknownFutureValue"],"Values":["tenant","application","unknownFutureValue"]},{"CIMType":"String","Description":"The type of the entity.","Name":"odataType","Option":"Write","ValueMap":["#microsoft.graph.groupPeerOutlierRecommendationInsightSettings","#microsoft.graph.userLastSignInRecommendationInsightSetting"],"Values":["#microsoft.graph.groupPeerOutlierRecommendationInsightSettings","#microsoft.graph.userLastSignInRecommendationInsightSetting"]}],"Description":"Azure AD Access Review Definition"},{"ClassName":"MSFT_MicrosoftGraphPatternedRecurrence","Parameters":[{"CIMType":"MSFT_MicrosoftGraphRecurrencePattern","Description":"The frequency of an event. Do not specify for a one-time access review.  For access reviews: Do not specify this property for a one-time access review.   Only interval, dayOfMonth, and type (weekly, absoluteMonthly) properties of recurrencePattern are supported.","Name":"Pattern","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphRecurrenceRange","Description":"The duration of an event.","Name":"Range","Option":"Write"}],"Description":"Azure AD Access Review Definition"},{"ClassName":"MSFT_MicrosoftGraphRecurrencePattern","Parameters":[{"CIMType":"UInt32","Description":"The day of the month on which the event occurs. Required if type is absoluteMonthly or absoluteYearly.","Name":"DayOfMonth","Option":"Write"},{"CIMType":"String[]","Description":"A collection of the days of the week on which the event occurs. The possible values are: sunday, monday, tuesday, wednesday, thursday, friday, saturday. If type is relativeMonthly or relativeYearly, and daysOfWeek specifies more than one day, the event falls on the first day that satisfies the pattern.  Required if type is weekly, relativeMonthly, or relativeYearly.","Name":"DaysOfWeek","Option":"Write"},{"CIMType":"String","Description":"The first day of the week. The possible values are: sunday, monday, tuesday, wednesday, thursday, friday, saturday. Default is sunday. Required if type is weekly.","Name":"FirstDayOfWeek","Option":"Write"},{"CIMType":"String","Description":"Specifies on which instance of the allowed days specified in daysOfWeek the event occurs, counted from the first instance in the month. The possible values are: first, second, third, fourth, last. Default is first. Optional and used if type is relativeMonthly or relativeYearly.","Name":"Index","Option":"Write","ValueMap":["first","second","third","fourth","last"],"Values":["first","second","third","fourth","last"]},{"CIMType":"UInt32","Description":"The number of units between occurrences, where units can be in days, weeks, months, or years, depending on the type. Required.","Name":"Interval","Option":"Write"},{"CIMType":"UInt32","Description":"The month in which the event occurs.  This is a number from 1 to 12.","Name":"Month","Option":"Write"},{"CIMType":"String","Description":"The recurrence pattern type: daily, weekly, absoluteMonthly, relativeMonthly, absoluteYearly, relativeYearly. Required. For more information, see values of type property.","Name":"Type","Option":"Write","ValueMap":["daily","weekly","absoluteMonthly","relativeMonthly","absoluteYearly","relativeYearly"],"Values":["daily","weekly","absoluteMonthly","relativeMonthly","absoluteYearly","relativeYearly"]}],"Description":"Azure AD Access Review Definition"},{"ClassName":"MSFT_MicrosoftGraphRecurrenceRange","Parameters":[{"CIMType":"String","Description":"The date to stop applying the recurrence pattern. Depending on the recurrence pattern of the event, the last occurrence of the meeting may not be this date. Required if type is endDate.","Name":"EndDate","Option":"Write"},{"CIMType":"UInt32","Description":"The number of times to repeat the event. Required and must be positive if type is numbered.","Name":"NumberOfOccurrences","Option":"Write"},{"CIMType":"String","Description":"Time zone for the startDate and endDate properties. Optional. If not specified, the time zone of the event is used.","Name":"RecurrenceTimeZone","Option":"Write"},{"CIMType":"String","Description":"The date to start applying the recurrence pattern. The first occurrence of the meeting may be this date or later, depending on the recurrence pattern of the event. Must be the same value as the start property of the recurring event. Required.","Name":"StartDate","Option":"Write"},{"CIMType":"String","Description":"The recurrence range. Possible values are: endDate, noEnd, numbered. Required.","Name":"Type","Option":"Write","ValueMap":["endDate","noEnd","numbered"],"Values":["endDate","noEnd","numbered"]}],"Description":"Azure AD Access Review Definition"},{"ClassName":"MSFT_MicrosoftGraphAccessReviewStageSettings","Parameters":[{"CIMType":"String[]","Description":"Indicate which decisions will go to the next stage. Can be a subset of Approve, Deny, Recommendation, or NotReviewed. If not provided, all decisions will go to the next stage. Optional.","Name":"DecisionsThatWillMoveToNextStage","Option":"Write"},{"CIMType":"String[]","Description":"Defines the sequential or parallel order of the stages and depends on the stageId. Only sequential stages are currently supported. For example, if stageId is 2, then dependsOn must be 1. If stageId is 1, don't specify dependsOn. Required if stageId isn't 1.","Name":"DependsOnValue","Option":"Write"},{"CIMType":"UInt32","Description":"The duration of the stage. Required.  NOTE: The cumulative value of this property across all stages  1. Will override the instanceDurationInDays setting on the accessReviewScheduleDefinition object. 2. Can't exceed the length of one recurrence. That is, if the review recurs weekly, the cumulative durationInDays can't exceed 7.","Name":"DurationInDays","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphAccessReviewRecommendationInsightSetting[]","Description":"Recommendation Insights Settings","Name":"RecommendationInsightSettings","Option":"Write"},{"CIMType":"String","Description":"Optional field. Indicates the time period of inactivity (with respect to the start date of the review instance) from which that recommendations will be configured. The recommendation is to deny if the user is inactive during the look back duration. For reviews of groups and Microsoft Entra roles, any duration is accepted. For reviews of applications, 30 days is the maximum duration. If not specified, the duration is 30 days. NOTE: The value of this property overrides the corresponding setting on the accessReviewScheduleDefinition object.","Name":"RecommendationLookBackDuration","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether showing recommendations to reviewers is enabled. Required. NOTE: The value of this property overrides the corresponding setting on the accessReviewScheduleDefinition object.","Name":"RecommendationsEnabled","Option":"Required"},{"CIMType":"String","Description":"Unique identifier of the accessReviewStageSettings. The stageId is used in dependsOn property to indicate the stage relationship. Required.","Name":"StageId","Option":"Write"}],"Description":"Azure AD Access Review Definition"},{"ClassName":"MSFT_AADAccessReviewDefinitionReviewer","Parameters":[{"CIMType":"String","Description":"Indicates the display name of the current reviewer, either of a group or of a user.","Name":"DisplayName","Option":"Write"},{"CIMType":"String","Description":"Indicates the type of reviewer. Possible values: Manager, Owner, User, Group","Name":"Type","Option":"Required","ValueMap":["Manager","Owner","User","Group"],"Values":["Manager","Owner","User","Group"]},{"CIMType":"String","Description":"Indicates the type of reviewer. Possible values: User, Group, Self, Manager, Sponsor, ResourceOwner, ManagerOrSponsor","Name":"ScopeType","Option":"Write","ValueMap":["User","Group","Self","Manager","Sponsor","ResourceOwner","ManagerOrSponsor"],"Values":["User","Group","Self","Manager","Sponsor","ResourceOwner","ManagerOrSponsor"]}],"Description":"Azure AD Access Review Definition"},{"ClassName":"MSFT_AADAccessReviewDefinition","Parameters":[{"CIMType":"String","Description":"Name of the access review series. Supports $select and $orderby. Required on create.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"Description provided by review creators to provide more context of the review to admins. Supports $select.","Name":"DescriptionForAdmins","Option":"Write"},{"CIMType":"String","Description":"Description provided  by review creators to provide more context of the review to reviewers. Reviewers see this description in the email sent to them requesting their review. Email notifications support up to 256 characters. Supports $select.","Name":"DescriptionForReviewers","Option":"Write"},{"CIMType":"MSFT_AADAccessReviewDefinitionReviewer[]","Description":"The fallback reviewers of the access review.","Name":"FallbackReviewers","Option":"Write"},{"CIMType":"MSFT_AADAccessReviewDefinitionReviewer[]","Description":"The reviewers of the access review.","Name":"Reviewers","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphaccessReviewScope","Description":"Defines the entities whose access is reviewed. For supported scopes, see accessReviewScope. Required on create. Supports $select and $filter (contains only). For examples of options for configuring scope, see Configure the scope of your access review definition using the Microsoft Graph API.","Name":"ScopeValue","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphaccessReviewScheduleSettings","Description":"The settings for an access review series, see type definition below. Supports $select. Required on create.","Name":"SettingsValue","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphaccessReviewStageSettings[]","Description":"Required only for a multi-stage access review to define the stages and their settings. You can break down each review instance into up to three sequential stages, where each stage can have a different set of reviewers, fallback reviewers, and settings. Stages are created sequentially based on the dependsOn property. Optional.  When this property is defined, its settings are used instead of the corresponding settings in the accessReviewScheduleDefinition object and its settings, reviewers, and fallbackReviewers properties.","Name":"StageSettings","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Azure AD Access Review Definition"},{"ClassName":"MSFT_AADAccessReviewPolicy","Parameters":[{"CIMType":"String","Description":"Only valid value is 'Yes'.","Name":"IsSingleInstance","Option":"Key","ValueMap":["Yes"],"Values":["Yes"]},{"CIMType":"Boolean","Description":"If true, group owners can create and manage access reviews on groups they own.","Name":"IsGroupOwnerManagementEnabled","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Use this resource to monitor the access review policy object."},{"ClassName":"MSFT_AADActivityBasedTimeoutPolicy","Parameters":[{"CIMType":"String","Description":"Display name for this policy. Required.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"Id of the policy","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"Timeout value in hh:mm:ss for c44b4083-3bb0-49c1-b47d-974e53cbdf3c: applies the policy to the Azure portal.","Name":"AzurePortalTimeOut","Option":"Write"},{"CIMType":"String","Description":"Timeout value in hh:mm:ss for default: applies the policy to all applications that support activity-based timeout functionality but don't have application-specific override.","Name":"DefaultTimeOut","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configure the Azure AD Activity Based Timeout Policy"},{"ClassName":"MSFT_AADAdminConsentRequestPolicyReviewer","Parameters":[{"CIMType":"String","Description":"Type of reviewwer. Can be User, Group or Role","Name":"ReviewerType","Option":"Write"},{"CIMType":"String","Description":"Identifier for the reviewer instance.","Name":"ReviewerId","Option":"Key"},{"CIMType":"String","Description":"Associated query.","Name":"QueryRoot","Option":"Write"}],"Description":"Configures the Admin Consent Request Policy in Entra Id."},{"ClassName":"MSFT_AADAdminConsentRequestPolicy","Parameters":[{"CIMType":"String","Description":"Only valid value is 'Yes'.","Name":"IsSingleInstance","Option":"Key","ValueMap":["Yes"],"Values":["Yes"]},{"CIMType":"Boolean","Description":"Determines if the policy is enabled or not.","Name":"IsEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies whether reviewers will receive notifications.","Name":"NotifyReviewers","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies whether reviewers will receive reminder emails.","Name":"RemindersEnabled","Option":"Write"},{"CIMType":"UInt32","Description":"Specifies the duration the request is active before it automatically expires if no decision is applied.","Name":"RequestDurationInDays","Option":"Write"},{"CIMType":"MSFT_AADAdminConsentRequestPolicyReviewer[]","Description":"The list of reviewers for the admin consent.","Name":"Reviewers","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory application to authenticate with.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Configures the Admin Consent Request Policy in Entra Id."},{"ClassName":"MSFT_MicrosoftGraphMember","Parameters":[{"CIMType":"String","Description":"Identity of member. For users, specify a UserPrincipalName. For groups, devices and serviceprincipals, specify DisplayName","Name":"Identity","Option":"Key"},{"CIMType":"String","Description":"Specify User, Group or Device to interpret the identity for Members. Specify User, Group or ServicePrincipal for ScopedRoleMembers.","Name":"Type","Option":"Key","ValueMap":["User","Group","Device","ServicePrincipal"],"Values":["User","Group","Device","ServicePrincipal"]}],"Description":"This resource configures an Azure AD Administrative Unit."},{"ClassName":"MSFT_MicrosoftGraphScopedRoleMembership","Parameters":[{"CIMType":"String","Description":"Name of the Azure AD Role that is assigned. See https://learn.microsoft.com/en-us/azure/active-directory/roles/admin-units-assign-roles#roles-that-can-be-assigned-with-administrative-unit-scope","Name":"RoleName","Option":"Key"},{"CIMType":"MSFT_MicrosoftGraphMember","Description":"Member that is assigned the scoped role. Note: Any groups must be role-enabled","Name":"RoleMemberInfo","Option":"Write"}],"Description":"This resource configures an Azure AD Administrative Unit."},{"ClassName":"MSFT_AADAdministrativeUnit","Parameters":[{"CIMType":"String","Description":"DisplayName of the Administrative Unit","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"Object-Id of the Administrative Unit","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"Description of the Administrative Unit","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Visibility of the Administrative Unit. Specify HiddenMembership if members of the AU are hidden","Name":"Visibility","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether the management rights on resources in the administrative units should be restricted to ONLY the administrators scoped on the administrative unit object.","Name":"IsMemberManagementRestricted","Option":"Write"},{"CIMType":"String","Description":"Specify membership type. Possible values are Assigned and Dynamic. Note that the functionality is currently in preview.","Name":"MembershipType","Option":"Write"},{"CIMType":"String","Description":"Specify membership rule. Requires that MembershipType is set to Dynamic. Note that the functionality is currently in preview.","Name":"MembershipRule","Option":"Write"},{"CIMType":"String","Description":"Specify dynamic membership-rule processing-state. Valid values are 'On' and 'Paused'. Requires that MembershipType is set to Dynamic. Note that the functionality is currently in preview.","Name":"MembershipRuleProcessingState","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphMember[]","Description":"Specify members. Only specify if MembershipType is NOT set to Dynamic","Name":"Members","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphScopedRoleMembership[]","Description":"Specify Scoped Role Membership. Note: Any groups must be role-enabled","Name":"ScopedRoleMembers","Option":"Write"},{"CIMType":"string","Description":"Present ensures the Administrative Unit exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Intune Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory application to authenticate with.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures an Azure AD Administrative Unit."},{"ClassName":"MSFT_AADAgreement","Parameters":[{"CIMType":"String","Description":"The display name of the agreement.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"The unique identifier of the agreement.","Name":"Id","Option":"Write"},{"CIMType":"Boolean","Description":"Whether the user is required to view the agreement document before accepting.","Name":"IsViewingBeforeAcceptanceRequired","Option":"Write"},{"CIMType":"Boolean","Description":"Whether the agreement is per device or per user.","Name":"IsPerDeviceAcceptanceRequired","Option":"Write"},{"CIMType":"String","Description":"Duration after which the user must re-accept the terms of use. Must be in ISO 8601 duration format.","Name":"UserReacceptRequiredFrequency","Option":"Write"},{"CIMType":"String","Description":"The acceptance statement included in the agreement.","Name":"AcceptanceStatement","Option":"Write"},{"CIMType":"String","Description":"The content of the agreement file.","Name":"FileData","Option":"Write"},{"CIMType":"String","Description":"The name of the agreement file.","Name":"FileName","Option":"Write"},{"CIMType":"String","Description":"The language of the agreement file.","Name":"Language","Option":"Write"},{"CIMType":"String","Description":"Specify if the agreement should exist or not.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory application to authenticate with.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures Azure AD Terms of Use Agreements in Entra ID."},{"ClassName":"MSFT_AADApplicationOnPremisesPublishingSegmentCORS","Parameters":[{"CIMType":"String[]","Description":"The request headers that the origin domain may specify on the CORS request. The wildcard character * indicates that any header beginning with the specified prefix is allowed.","Name":"allowedHeaders","Option":"Write"},{"CIMType":"UInt32","Description":"The maximum amount of time that a browser should cache the response to the preflight OPTIONS request.","Name":"maxAgeInSeconds","Option":"Write"},{"CIMType":"String","Description":"Resource within the application segment for which CORS permissions are granted. / grants permission for whole app segment.","Name":"resource","Option":"Write"},{"CIMType":"String[]","Description":"The HTTP request methods that the origin domain may use for a CORS request.","Name":"allowedMethods","Option":"Write"},{"CIMType":"String[]","Description":"The origin domains that are permitted to make a request against the service via CORS. The origin domain is the domain from which the request originates. The origin must be an exact case-sensitive match with the origin that the user age sends to the service.","Name":"allowedOrigins","Option":"Write"}],"Description":"This resource configures an Azure Active Directory Application."},{"ClassName":"MSFT_AADApplicationOnPremisesPublishingSegment","Parameters":[{"CIMType":"String","Description":"If you're configuring a traffic manager in front of multiple App Proxy application segments, contains the user-friendly URL that will point to the traffic manager.","Name":"alternateUrl","Option":"Write"},{"CIMType":"MSFT_AADApplicationOnPremisesPublishingSegmentCORS[]","Description":"CORS Rule definition for a particular application segment.","Name":"corsConfigurations","Option":"Write"},{"CIMType":"String","Description":"The published external URL for the application segment; for example, https://intranet.contoso.com./","Name":"externalUrl","Option":"Write"},{"CIMType":"String","Description":"The internal URL of the application segment; for example, https://intranet/.","Name":"internalUrl","Option":"Write"}],"Description":"This resource configures an Azure Active Directory Application."},{"ClassName":"MSFT_AADApplicationOnPremisesPublishingSingleSignOnSettingKerberos","Parameters":[{"CIMType":"String","Description":"The Internal Application SPN of the application server. This SPN needs to be in the list of services to which the connector can present delegated credentials.","Name":"kerberosServicePrincipalName","Option":"Write"},{"CIMType":"String","Description":"The Delegated Login Identity for the connector to use on behalf of your users. For more information, see Working with different on-premises and cloud identities . Possible values are: userPrincipalName, onPremisesUserPrincipalName, userPrincipalUsername, onPremisesUserPrincipalUsername, onPremisesSAMAccountName.","Name":"kerberosSignOnMappingAttributeType","Option":"Write"}],"Description":"This resource configures an Azure Active Directory Application."},{"ClassName":"MSFT_AADApplicationOnPremisesPublishingSingleSignOnSetting","Parameters":[{"CIMType":"String","Description":"The preferred single-sign on mode for the application. Possible values are: none, onPremisesKerberos, aadHeaderBased,pingHeaderBased, oAuthToken.","Name":"singleSignOnMode","Option":"Write"},{"CIMType":"MSFT_AADApplicationOnPremisesPublishingSingleSignOnSettingKerberos","Description":"The Kerberos Constrained Delegation settings for applications that use Integrated Window Authentication.","Name":"kerberosSignOnSettings","Option":"Write"}],"Description":"This resource configures an Azure Active Directory Application."},{"ClassName":"MSFT_AADApplicationOnPremisesPublishing","Parameters":[{"CIMType":"String","Description":"If you're configuring a traffic manager in front of multiple App Proxy applications, the alternateUrl is the user-friendly URL that points to the traffic manager.","Name":"alternateUrl","Option":"Write"},{"CIMType":"String","Description":"The duration the connector waits for a response from the backend application before closing the connection. Possible values are default, long.","Name":"applicationServerTimeout","Option":"Write"},{"CIMType":"String","Description":"Details the pre-authentication setting for the application. Pre-authentication enforces that users must authenticate before accessing the app. Pass through doesn't require authentication. Possible values are: passthru, aadPreAuthentication.","Name":"externalAuthenticationType","Option":"Write"},{"CIMType":"String","Description":"The published external url for the application. For example, https://intranet-contoso.msappproxy.net/.","Name":"externalUrl","Option":"Write"},{"CIMType":"String","Description":"The internal url of the application. For example, https://intranet/.","Name":"internalUrl","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether backend SSL certificate validation is enabled for the application. For all new Application Proxy apps, the property is set to true by default. For all existing apps, the property is set to false.","Name":"isBackendCertificateValidationEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates if the HTTPOnly cookie flag should be set in the HTTP response headers. Set this value to true to have Application Proxy cookies include the HTTPOnly flag in the HTTP response headers. If using Remote Desktop Services, set this value to False. Default value is false.","Name":"isHttpOnlyCookieEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates if the Persistent cookie flag should be set in the HTTP response headers. Keep this value set to false. Only use this setting for applications that can't share cookies between processes. For more information about cookie settings, see Cookie settings for accessing on-premises applications in Microsoft Entra ID. Default value is false.","Name":"isPersistentCookieEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates if the Secure cookie flag should be set in the HTTP response headers. Set this value to true to transmit cookies over a secure channel such as an encrypted HTTPS request. Default value is true.","Name":"isSecureCookieEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether validation of the state parameter when the client uses the OAuth 2.0 authorization code grant flow is enabled. This setting allows admins to specify whether they want to enable CSRF protection for their apps.","Name":"isStateSessionEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates if the application should translate urls in the response headers. Keep this value as true unless your application required the original host header in the authentication request. Default value is true.","Name":"isTranslateHostHeaderEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates if the application should translate urls in the application body. Keep this value as false unless you have hardcoded HTML links to other on-premises applications and don't use custom domains. For more information, see Link translation with Application Proxy. Default value is false.","Name":"isTranslateLinksInBodyEnabled","Option":"Write"},{"CIMType":"MSFT_AADApplicationOnPremisesPublishingSegment[]","Description":"Represents the collection of application segments for an on-premises wildcard application that's published through Microsoft Entra application proxy.","Name":"onPremisesApplicationSegments","Option":"Write"},{"CIMType":"MSFT_AADApplicationOnPremisesPublishingSingleSignOnSetting","Description":"Represents the single sign-on configuration for the on-premises application.","Name":"singleSignOnSettings","Option":"Write"}],"Description":"This resource configures an Azure Active Directory Application."},{"ClassName":"MSFT_AADApplicationPermission","Parameters":[{"CIMType":"String","Description":"Name of the requested permission.","Name":"Name","Option":"Key"},{"CIMType":"String","Description":"Name of the API from which the permission comes from.","Name":"SourceAPI","Option":"Key"},{"CIMType":"String","Description":"Type of permission.","Name":"Type","Option":"Key","ValueMap":["AppOnly","Delegated"],"Values":["AppOnly","Delegated"]},{"CIMType":"Boolean","Description":"Represented whether or not the Admin consent been granted on the app.","Name":"AdminConsentGranted","Option":"Write"}],"Description":"This resource configures an Azure Active Directory Application."},{"ClassName":"MSFT_MicrosoftGraphOptionalClaims","Parameters":[{"CIMType":"MSFT_MicrosoftGraphOptionalClaim[]","Description":"The optional claims returned in the JWT access token.","Name":"AccessToken","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphOptionalClaim[]","Description":"The optional claims returned in the JWT ID token.","Name":"IdToken","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphOptionalClaim[]","Description":"The optional claims returned in the SAML token.","Name":"Saml2Token","Option":"Write"}],"Description":"This resource configures an Azure Active Directory Application."},{"ClassName":"MSFT_MicrosoftGraphOptionalClaim","Parameters":[{"CIMType":"Boolean","Description":"If the value is true, the claim specified by the client is necessary to ensure a smooth authorization experience for the specific task requested by the end user. The default value is false.","Name":"Essential","Option":"Write"},{"CIMType":"String","Description":"The name of the optional claim.","Name":"Name","Option":"Key"},{"CIMType":"String","Description":"The source (directory object) of the claim. There are predefined claims and user-defined claims from extension properties. If the source value is null, the claim is a predefined optional claim. If the source value is user, the value in the name property is the extension property from the user object.","Name":"Source","Option":"Write"}],"Description":"This resource configures an Azure Active Directory Application."},{"ClassName":"MSFT_MicrosoftGraphPreAuthorizedApplication","Parameters":[{"CIMType":"String","Description":"The unique identifier for the client application.","Name":"AppId","Option":"Key"},{"CIMType":"String[]","Description":"The unique identifier for the scopes the client application is granted.","Name":"PermissionIds","Option":"Required"}],"Description":"This resource configures an Azure Active Directory Application."},{"ClassName":"MSFT_MicrosoftGraphApiOauth2PermissionScopes","Parameters":[{"CIMType":"String","Description":"A description of the delegated permissions, intended to be read by an administrator granting the permission on behalf of all users. This text appears in tenant-wide admin consent experiences.","Name":"adminConsentDescription","Option":"Write"},{"CIMType":"String","Description":"The permission's title, intended to be read by an administrator granting the permission on behalf of all users.","Name":"adminConsentDisplayName","Option":"Write"},{"CIMType":"String","Description":"A description of the delegated permissions, intended to be read by a user granting the permission on their own behalf. This text appears in consent experiences where the user is consenting only on behalf of themselves.","Name":"userConsentDescription","Option":"Write"},{"CIMType":"String","Description":"A title for the permission, intended to be read by a user granting the permission on their own behalf. This text appears in consent experiences where the user is consenting only on behalf of themselves.","Name":"userConsentDisplayName","Option":"Write"},{"CIMType":"String","Description":"Specifies the value to include in the scp (scope) claim in access tokens. Must not exceed 120 characters in length.","Name":"value","Option":"Key"},{"CIMType":"Boolean","Description":"When you create or update a permission, this property must be set to true (which is the default). To delete a permission, this property must first be set to false. At that point, in a subsequent call, the permission may be removed.","Name":"isEnabled","Option":"Write"},{"CIMType":"String","Description":"The possible values are: User and Admin. Specifies whether this delegated permission should be considered safe for non-admin users to consent to on behalf of themselves, or whether an administrator consent should always be required.","Name":"type","Option":"Write"},{"CIMType":"String","Description":"Unique delegated permission identifier inside the collection of delegated permissions defined for a resource application.","Name":"id","Option":"Write"}],"Description":"This resource configures an Azure Active Directory Application."},{"ClassName":"MSFT_MicrosoftGraphApiApplication","Parameters":[{"CIMType":"MSFT_MicrosoftGraphPreAuthorizedApplication[]","Description":"Lists the client applications that are preauthorized with the specified delegated permissions to access this application's APIs. Users aren't required to consent to any preauthorized application (for the permissions specified). However, any other permissions not listed in preAuthorizedApplications (requested through incremental consent for example) will require user consent.","Name":"PreAuthorizedApplications","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphAPIOauth2PermissionScopes[]","Description":"List of associated API scopes.","Name":"Oauth2PermissionScopes","Option":"Write"}],"Description":"This resource configures an Azure Active Directory Application."},{"ClassName":"MSFT_MicrosoftGraphAuthenticationBehaviors","Parameters":[{"CIMType":"String","Description":"If false, allows the app to have extended access to Azure AD Graph until June 30, 2025 when Azure AD Graph is fully retired. For more information on Azure AD retirement updates, see June 2024 update on Azure AD Graph API retirement. Use 'Null' to ensure the value is not configured.","Name":"BlockAzureADGraphAccess","Option":"Write","ValueMap":["True","False","Null"],"Values":["True","False","Null"]},{"CIMType":"String","Description":"If true, removes the email claim from tokens sent to an application when the email address's domain can't be verified. Use 'Null' to ensure the value is not configured.","Name":"RemoveUnverifiedEmailClaim","Option":"Write","ValueMap":["True","False","Null"],"Values":["True","False","Null"]}],"Description":"This resource configures an Azure Active Directory Application."},{"ClassName":"MSFT_MicrosoftGraphKeyCredential","Parameters":[{"CIMType":"String","Description":"A 40-character binary type that can be used to identify the credential. Optional. When not provided in the payload, defaults to the thumbprint of the certificate.","Name":"CustomKeyIdentifier","Option":"Write"},{"CIMType":"String","Description":"Friendly name for the key. Optional.","Name":"DisplayName","Option":"Write"},{"CIMType":"String","Description":"The date and time at which the credential expires. The DateTimeOffset type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.","Name":"EndDateTime","Option":"Write"},{"CIMType":"String","Description":"The unique identifier (GUID) for the key.","Name":"KeyId","Option":"Write"},{"CIMType":"String","Description":"The certificate's raw data in byte array converted to Base64 string.","Name":"Key","Option":"Write"},{"CIMType":"String","Description":"The date and time at which the credential becomes valid.The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.","Name":"StartDateTime","Option":"Write"},{"CIMType":"String","Description":"The type of key credential for example, Symmetric, AsymmetricX509Cert.","Name":"Type","Option":"Write"},{"CIMType":"String","Description":"A string that describes the purpose for which the key can be used for example, Verify.","Name":"Usage","Option":"Write"}],"Description":"This resource configures an Azure Active Directory Application."},{"ClassName":"MSFT_MicrosoftGraphPasswordCredential","Parameters":[{"CIMType":"String","Description":"Friendly name for the password. Optional.","Name":"DisplayName","Option":"Write"},{"CIMType":"String","Description":"The date and time at which the password expires represented using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. Optional.","Name":"EndDateTime","Option":"Write"},{"CIMType":"String","Description":"Contains the first three characters of the password. Read-only.","Name":"Hint","Option":"Write"},{"CIMType":"String","Description":"The unique identifier for the password.","Name":"KeyId","Option":"Write"},{"CIMType":"String","Description":"The date and time at which the password becomes valid. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. Optional.","Name":"StartDateTime","Option":"Write"}],"Description":"This resource configures an Azure Active Directory Application."},{"ClassName":"MSFT_MicrosoftGraphAppRole","Parameters":[{"CIMType":"String[]","Description":"Specifies whether this app role can be assigned to users and groups (by setting to 'User'), to other application's (by setting to 'Application', or both (by setting to 'User', 'Application')). App roles supporting assignment to other applications' service principals are also known as application permissions. The 'Application' value is only supported for app roles defined on application entities.","Name":"AllowedMemberTypes","Option":"Write"},{"CIMType":"String","Description":"The description for the app role. This is displayed when the app role is being assigned and, if the app role functions as an application permission, during  consent experiences.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Display name for the permission that appears in the app role assignment and consent experiences.","Name":"DisplayName","Option":"Write"},{"CIMType":"String","Description":"Unique role identifier inside the appRoles collection. When creating a new app role, a new GUID identifier must be provided.","Name":"Id","Option":"Write"},{"CIMType":"Boolean","Description":"When creating or updating an app role, this must be set to true (which is the default). To delete a role, this must first be set to false.  At that point, in a subsequent call, this role may be removed.","Name":"IsEnabled","Option":"Write"},{"CIMType":"String","Description":"Specifies if the app role is defined on the application object or on the servicePrincipal entity. Must not be included in any POST or PATCH requests. Read-only.","Name":"Origin","Option":"Write"},{"CIMType":"String","Description":"Specifies the value to include in the roles claim in ID tokens and access tokens authenticating an assigned user or service principal. Must not exceed 120 characters in length. Allowed characters are : ! # $ % & ' ( ) * + , - . / :   =       + _    } , and characters in the ranges 0-9, A-Z and a-z. Any other character, including the space character, aren't allowed. May not begin with ..","Name":"Value","Option":"Key"}],"Description":"This resource configures an Azure Active Directory Application."},{"ClassName":"MSFT_AADApplicationSPA","Parameters":[{"CIMType":"String[]","Description":"Single page application redirect URIs.","Name":"RedirectUris","Option":"Write"}],"Description":"This resource configures an Azure Active Directory Application."},{"ClassName":"MSFT_AADApplication","Parameters":[{"CIMType":"string","Description":"DisplayName of the app","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"ObjectID of the app.","Name":"ObjectId","Option":"Write"},{"CIMType":"String","Description":"AppId for the app.","Name":"AppId","Option":"Write"},{"CIMType":"String","Description":"A free text field to provide a description of the application object to end users. The maximum allowed size is 1024 characters.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"A bitmask that configures the groups claim issued in a user or OAuth 2.0 access token that the application expects.","Name":"GroupMembershipClaims","Option":"Write"},{"CIMType":"String","Description":"The URL to the application's homepage.","Name":"Homepage","Option":"Write"},{"CIMType":"string[]","Description":"User-defined URI(s) that uniquely identify a Web application within its Azure AD tenant, or within a verified custom domain.","Name":"IdentifierUris","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies the fallback application type as public client, such as an installed application running on a mobile device. The default value is false, which means the fallback application type is confidential client such as web app. There are certain scenarios where Microsoft Entra ID cannot determine the client application type (for example, ROPC flow where it is configured without specifying a redirect URI). In those cases, Microsoft Entra ID will interpret the application type based on the value of this property.","Name":"IsFallbackPublicClient","Option":"Write"},{"CIMType":"string[]","Description":"Client applications that are tied to this resource application.","Name":"KnownClientApplications","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphoptionalClaims","Description":"Application developers can configure optional claims in their Microsoft Entra applications to specify the claims that are sent to their application by the Microsoft security token service. For more information, see How to: Provide optional claims to your app.","Name":"OptionalClaims","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphapiApplication","Description":"Specifies settings for an application that implements a web API.","Name":"Api","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphauthenticationBehaviors","Description":"The collection of breaking change behaviors related to token issuance that are configured for the application. Authentication behaviors are unset by default (null) and must be explicitly enabled or disabled. Nullable. Returned only on $select.  For more information about authentication behaviors, see Manage application authenticationBehaviors to avoid unverified use of email claims for user identification or authorization.","Name":"AuthenticationBehaviors","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphpasswordCredential[]","Description":"The collection of password credentials associated with the application. Not nullable.","Name":"PasswordCredentials","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphkeyCredential[]","Description":"The collection of key credentials associated with the application. Not nullable. Supports $filter (eq, not, ge, le).","Name":"KeyCredentials","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphappRole[]","Description":"The collection of roles defined for the application. With app role assignments, these roles can be assigned to users, groups, or service principals associated with other applications. Not nullable.","Name":"AppRoles","Option":"Write"},{"CIMType":"string","Description":"The logout url for this application.","Name":"LogoutURL","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies whether this application is a public client (such as an installed application running on a mobile device). Default is false.","Name":"PublicClient","Option":"Write"},{"CIMType":"String[]","Description":"Specifies the URLs that user tokens are sent to for sign in, or the redirect URIs that OAuth 2.0 authorization codes and access tokens are sent to.","Name":"ReplyURLs","Option":"Write"},{"CIMType":"String[]","Description":"UPN or ObjectID values of the app's owners.","Name":"Owners","Option":"Write"},{"CIMType":"MSFT_AADApplicationOnPremisesPublishing","Description":"Represents the set of properties required for configuring Application Proxy for this application. Configuring these properties allows you to publish your on-premises application for secure remote access.","Name":"OnPremisesPublishing","Option":"Write"},{"CIMType":"String","Description":"Identifier of the associated Application Template.","Name":"ApplicationTemplateId","Option":"Write"},{"CIMType":"String[]","Description":"List of public clients redirect URIs.","Name":"PublicClientRedirectUris","Option":"Write"},{"CIMType":"MSFT_AADApplicationSpa","Description":"List of single page application settings.","Name":"Spa","Option":"Write"},{"CIMType":"String","Description":"Specifies the Microsoft accounts that are supported for the current application. The possible values are: AzureADMyOrg (default), AzureADMultipleOrgs, AzureADandPersonalMicrosoftAccount, and PersonalMicrosoftAccount","Name":"SignInAudience","Option":"Write","ValueMap":["AzureADandPersonalMicrosoftAccount","AzureADMultipleOrgs","AzureADMyOrg","PersonalMicrosoftAccount"],"Values":["AzureADandPersonalMicrosoftAccount","AzureADMultipleOrgs","AzureADMyOrg","PersonalMicrosoftAccount"]},{"CIMType":"String","Description":"The Token Lifetime Policy assigned to the application with its DisplayName.","Name":"TokenLifetimePolicy","Option":"Write"},{"CIMType":"String","Description":"Specify if the Azure AD App should exist or not.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials for the Microsoft Graph delegated permissions.","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory application to authenticate with.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_AADApplicationPermission[]","Description":"API permissions for the Azure Active Directory Application.","Name":"Permissions","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures an Azure Active Directory Application."},{"ClassName":"MSFT_AADAppManagementPolicyRestrictionsCredential","Parameters":[{"CIMType":"string[]","Description":"Collection of GUIDs of certificateBasedApplicationConfiguration objects that represent trusted certificate authorities. Used when restrictionType is set to trustedCertificateAuthority for keyCredentials.","Name":"CertificateBasedApplicationConfigurationIds","Option":"Write"},{"CIMType":"string","Description":"String value that indicates the maximum lifetime for password expiration, defined as an ISO 8601 duration. For example, P4DT12H30M5S represents four days, 12 hours, 30 minutes, and five seconds. This property is required when restrictionType is set to passwordLifetime.","Name":"MaxLifetime","Option":"Write"},{"CIMType":"string","Description":"Specifies the date from which the policy restriction applies to newly created applications. For existing applications, the enforcement date can be retroactively applied.","Name":"RestrictForAppsCreatedAfterDateTime","Option":"Write"},{"CIMType":"string","Description":"The type of restriction being applied. The possible values are: passwordAddition, passwordLifetime, symmetricKeyAddition, symmetricKeyLifetime, customPasswordAddition, asymmetricKeyLifetime, trustedCertificateAuthority, and unknownFutureValue. Each value of restrictionType can be used only once per policy.","Name":"RestrictionType","Option":"Key"},{"CIMType":"string","Description":"Indicates whether the restriction is evaluated. The possible values are: enabled, disabled, unknownFutureValue. If enabled, the restriction is evaluated. If disabled, the restriction isn't evaluated or enforced.","Name":"State","Option":"Write"}],"Description":"Manages an app management policy that can be assigned to an application or service principal object."},{"ClassName":"MSFT_AADAppManagementPolicyRestrictions","Parameters":[{"CIMType":"MSFT_AADAppManagementPolicyRestrictionsCredential[]","Description":"Collection of keyCredential restrictions settings to be applied to an application or service principal.","Name":"KeyCredentials","Option":"Write"},{"CIMType":"MSFT_AADAppManagementPolicyRestrictionsCredential[]","Description":"Collection of password restrictions settings to be applied to an application or service principal.","Name":"PasswordCredentials","Option":"Write"}],"Description":"Manages an app management policy that can be assigned to an application or service principal object."},{"ClassName":"MSFT_AADAppManagementPolicy","Parameters":[{"CIMType":"String","Description":"The display name of the policy.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"Id of the policy.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"The description of the policy.","Name":"Description","Option":"Required"},{"CIMType":"Boolean","Description":"Denotes whether the policy is enabled.","Name":"IsEnabled","Option":"Write"},{"CIMType":"MSFT_AADAppManagementPolicyRestrictions","Description":"Restrictions that apply to an application or service principal object.","Name":"Restrictions","Option":"Write"},{"CIMType":"string","Description":"Present ensures the instance exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Absent","Present"],"Values":["Absent","Present"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Manages an app management policy that can be assigned to an application or service principal object."},{"ClassName":"MSFT_AADAttributeSet","Parameters":[{"CIMType":"String","Description":"Identifier for the attribute set that is unique within a tenant. Can be up to 32 characters long and include Unicode characters. Cannot contain spaces or special characters. Cannot be changed later. Case insensitive","Name":"Id","Option":"Key"},{"CIMType":"String","Description":"Identifier for the attribute set that is unique within a tenant. Can be up to 32 characters long and include Unicode characters. Cannot contain spaces or special characters. Cannot be changed later. Case insensitive","Name":"Description","Option":"Write"},{"CIMType":"UInt32","Description":"Maximum number of custom security attributes that can be defined in this attribute set. Default value is null. If not specified, the administrator can add up to the maximum of 500 active attributes per tenant. Can be changed later.","Name":"MaxAttributesPerSet","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present"],"Values":["Present"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Represents a group of related custom security attribute definitions."},{"ClassName":"MSFT_AADAuthenticationContextClassReference","Parameters":[{"CIMType":"String","Description":"Identifier used to reference the authentication context class. The id is used to trigger step-up authentication for the referenced authentication requirements and is the value that will be issued in the acrs claim of an access token. This value in the claim is used to verify that the required authentication context has been satisfied. The allowed values are c1 through c25.","Name":"Id","Option":"Key","ValueMap":["c1","c2","c3","c4","c5","c6","c7","c8","c9","c10","c11","c12","c13","c14","c15","c16","c17","c18","c19","c20","c21","c22","c23","c24","c25"],"Values":["c1","c2","c3","c4","c5","c6","c7","c8","c9","c10","c11","c12","c13","c14","c15","c16","c17","c18","c19","c20","c21","c22","c23","c24","c25"]},{"CIMType":"String","Description":"A friendly name that identifies the authenticationContextClassReference object when building user-facing admin experiences. For example, a selection UX","Name":"DisplayName","Option":"Write"},{"CIMType":"String","Description":"A short explanation of the policies that are enforced by authenticationContextClassReference. This value should be used to provide secondary text to describe the authentication context class reference when building user-facing admin experiences. For example, a selection UX.","Name":"Description","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether the authenticationContextClassReference has been published by the security admin and is ready for use by apps. When it's set to false, it shouldn't be shown in admin UX experiences because the value isn't currently available for selection.","Name":"IsAvailable","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Represents a Microsoft Entra authentication context class reference. Authentication context class references are custom values that define a Conditional Access authentication requirement"},{"ClassName":"MSFT_AADAuthenticationFlowPolicy","Parameters":[{"CIMType":"String","Description":"Only valid value is 'Yes'.","Name":"IsSingleInstance","Option":"Key","ValueMap":["Yes"],"Values":["Yes"]},{"CIMType":"String","Description":"Unique identifier of the Authentication Flow Policy.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"Display name of the Authentication Flow Policy.","Name":"DisplayName","Option":"Write"},{"CIMType":"String","Description":"Description of the Authentication Flow Policy.","Name":"Description","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether self-service sign-up flow is enabled or disabled. The default value is false. This property isn't a key. Required.","Name":"SelfServiceSignUpEnabled","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Credentials of the Azure Active Directory Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory application to authenticate with.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Represents the policy configuration of self-service sign-up experience at a tenant level that lets external users request to sign up for approval. It contains information, such as the identifier, display name, and description, and indicates whether self-service sign-up is enabled for the policy."},{"ClassName":"MSFT_MicrosoftGraphRegistrationEnforcement","Parameters":[{"CIMType":"MSFT_MicrosoftGraphAuthenticationMethodsRegistrationCampaign","Description":"Run campaigns to remind users to setup targeted authentication methods.","Name":"AuthenticationMethodsRegistrationCampaign","Option":"Write"}],"Description":"Azure AD Authentication Method Policy"},{"ClassName":"MSFT_MicrosoftGraphAuthenticationMethodsRegistrationCampaign","Parameters":[{"CIMType":"MSFT_MicrosoftGraphExcludeTarget[]","Description":"Users and groups of users that are excluded from being prompted to set up the authentication method.","Name":"ExcludeTargets","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphAuthenticationMethodsRegistrationCampaignIncludeTarget[]","Description":"Users and groups of users that are prompted to set up the authentication method.","Name":"IncludeTargets","Option":"Write"},{"CIMType":"UInt32","Description":"Specifies the number of days that the user sees a prompt again if they select 'Not now' and snoozes the prompt. Minimum 0 days. Maximum: 14 days. If the value is '0'  The user is prompted during every MFA attempt.","Name":"SnoozeDurationInDays","Option":"Write"},{"CIMType":"String","Description":"Enable or disable the feature. Possible values are: default, enabled, disabled, unknownFutureValue. The default value is used when the configuration hasn't been explicitly set and uses the default behavior of Azure AD for the setting. The default value is disabled.","Name":"State","Option":"Write","ValueMap":["default","enabled","disabled","unknownFutureValue"],"Values":["default","enabled","disabled","unknownFutureValue"]}],"Description":"Azure AD Authentication Method Policy"},{"ClassName":"MSFT_AADAuthenticationMethodPolicyExcludeTarget","Parameters":[{"CIMType":"String","Description":"The object identifier of an Azure AD group.","Name":"Id","Option":"Key"},{"CIMType":"String","Description":"The type of the authentication method target. Possible values are: group and unknownFutureValue.","Name":"TargetType","Option":"Key","ValueMap":["user","group","unknownFutureValue"],"Values":["user","group","unknownFutureValue"]}],"Description":"Azure AD Authentication Method Policy"},{"ClassName":"MSFT_AADAuthenticationMethodPolicyIncludeTarget","Parameters":[{"CIMType":"String","Description":"The ID of the entity targeted.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"The kind of entity targeted. Possible values are: user, group.","Name":"TargetType","Option":"Write","ValueMap":["user","group","unknownFutureValue"],"Values":["user","group","unknownFutureValue"]}],"Description":"Azure AD Authentication Method Policy"},{"ClassName":"MSFT_MicrosoftGraphExcludeTarget","Parameters":[{"CIMType":"String","Description":"The object identifier of an Azure AD user or group.","Name":"Id","Option":"Key"},{"CIMType":"String","Description":"The type of the authentication method target. Possible values are: user, group, unknownFutureValue.","Name":"TargetType","Option":"Key","ValueMap":["user","group","unknownFutureValue"],"Values":["user","group","unknownFutureValue"]}],"Description":"Azure AD Authentication Method Policy"},{"ClassName":"MSFT_MicrosoftGraphAuthenticationMethodsRegistrationCampaignIncludeTarget","Parameters":[{"CIMType":"String","Description":"The object identifier of an Azure AD user or group.","Name":"Id","Option":"Key"},{"CIMType":"String","Description":"The authentication method that the user is prompted to register. The value must be microsoftAuthenticator.","Name":"TargetedAuthenticationMethod","Option":"Required"},{"CIMType":"String","Description":"The type of the authentication method target. Possible values are: user, group, unknownFutureValue.","Name":"TargetType","Option":"Key","ValueMap":["user","group","unknownFutureValue"],"Values":["user","group","unknownFutureValue"]}],"Description":"Azure AD Authentication Method Policy"},{"ClassName":"MSFT_MicrosoftGraphSystemCredentialPreferences","Parameters":[{"CIMType":"MSFT_AADAuthenticationMethodPolicyExcludeTarget[]","Description":"Users and groups excluded from the preferred authentication method experience of the system.","Name":"ExcludeTargets","Option":"Write"},{"CIMType":"MSFT_AADAuthenticationMethodPolicyIncludeTarget[]","Description":"Users and groups included in the preferred authentication method experience of the system.","Name":"IncludeTargets","Option":"Write"},{"CIMType":"String","Description":"Indicates whether the feature is enabled or disabled. Possible values are: default, enabled, disabled, unknownFutureValue. The default value is used when the configuration hasn't been explicitly set, and uses the default behavior of Azure Active Directory for the setting. The default value is disabled.","Name":"State","Option":"Write","ValueMap":["default","enabled","disabled","unknownFutureValue"],"Values":["default","enabled","disabled","unknownFutureValue"]}],"Description":"Azure AD Authentication Method Policy"},{"ClassName":"MSFT_MicrosoftGraphReportSuspiciousActivitySettings","Parameters":[{"CIMType":"MSFT_AADAuthenticationMethodPolicyIncludeTarget","Description":"Group IDs in scope for report suspicious activity.","Name":"IncludeTarget","Option":"Write"},{"CIMType":"String","Description":"Specifies the state of the reportSuspiciousActivitySettings object.","Name":"State","Option":"Write","ValueMap":["default","enabled","disabled","unknownFutureValue"],"Values":["default","enabled","disabled","unknownFutureValue"]},{"CIMType":"UInt32","Description":"Specifies the number the user enters on their phone to report the MFA prompt as suspicious.","Name":"VoiceReportingCode","Option":"Write"}],"Description":"Azure AD Authentication Method Policy"},{"ClassName":"MSFT_AADAuthenticationMethodPolicy","Parameters":[{"CIMType":"UInt32","Description":"Days before the user will be asked to reconfirm their method.","Name":"ReconfirmationInDays","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphregistrationEnforcement","Description":"Enforce registration at sign-in time. This property can be used to remind users to set up targeted authentication methods.","Name":"RegistrationEnforcement","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphreportSuspiciousActivitySettings","Description":"Allows users to report suspicious activities if they receive an authentication request that they did not initiate.","Name":"ReportSuspiciousActivitySettings","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphsystemCredentialPreferences","Description":"Prompt users with their most-preferred credential for multifactor authentication.","Name":"SystemCredentialPreferences","Option":"Write"},{"CIMType":"String","Description":"Only valid value is 'Yes'.","Name":"IsSingleInstance","Option":"Key","ValueMap":["Yes"],"Values":["Yes"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Azure AD Authentication Method Policy"},{"ClassName":"MSFT_MicrosoftGraphMicrosoftAuthenticatorFeatureSettings","Parameters":[{"CIMType":"MSFT_MicrosoftGraphAuthenticationMethodFeatureConfiguration","Description":"Determines whether users will be able to approve push notifications on other Microsoft applications such as Outlook Mobile.","Name":"CompanionAppAllowedState","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphAuthenticationMethodFeatureConfiguration","Description":"Determines whether the user's Authenticator app will show them the client app they are signing into.","Name":"DisplayAppInformationRequiredState","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphAuthenticationMethodFeatureConfiguration","Description":"Determines whether the user's Authenticator app will show them the geographic location of where the authentication request originated from.","Name":"DisplayLocationInformationRequiredState","Option":"Write"}],"Description":"Azure AD Authentication Method Policy Authenticator"},{"ClassName":"MSFT_MicrosoftGraphAuthenticationMethodFeatureConfiguration","Parameters":[{"CIMType":"MSFT_AADAuthenticationMethodPolicyAuthenticatorFeatureTarget","Description":"A single entity that's excluded from using this feature.","Name":"ExcludeTarget","Option":"Write"},{"CIMType":"MSFT_AADAuthenticationMethodPolicyAuthenticatorFeatureTarget","Description":"A single entity that's allowed to use this feature.","Name":"IncludeTarget","Option":"Write"},{"CIMType":"String","Description":"Enable or disable the feature. Possible values are: default, enabled, disabled, unknownFutureValue. The default value is used when the configuration hasn't been explicitly set and uses the default behavior of Azure AD for the setting. The default value is disabled.","Name":"State","Option":"Write","ValueMap":["default","enabled","disabled","unknownFutureValue"],"Values":["default","enabled","disabled","unknownFutureValue"]}],"Description":"Azure AD Authentication Method Policy Authenticator"},{"ClassName":"MSFT_AADAuthenticationMethodPolicyAuthenticatorFeatureTarget","Parameters":[{"CIMType":"String","Description":"The ID of the entity that's targeted in the include or exclude rule or all_users to target all users.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"The kind of entity that's targeted. The possible values are: group, administrativeUnit, role, unknownFutureValue.","Name":"TargetType","Option":"Write","ValueMap":["group","administrativeUnit","role","unknownFutureValue"],"Values":["group","administrativeUnit","role","unknownFutureValue"]}],"Description":"Azure AD Authentication Method Policy Authenticator"},{"ClassName":"MSFT_AADAuthenticationMethodPolicyAuthenticatorExcludeTarget","Parameters":[{"CIMType":"String","Description":"The object identifier of an Azure AD group.","Name":"Id","Option":"Key"},{"CIMType":"String","Description":"The type of the authentication method target. Possible values are: group and unknownFutureValue.","Name":"TargetType","Option":"Key","ValueMap":["group","unknownFutureValue"],"Values":["group","unknownFutureValue"]}],"Description":"Azure AD Authentication Method Policy Authenticator"},{"ClassName":"MSFT_AADAuthenticationMethodPolicyAuthenticatorIncludeTarget","Parameters":[{"CIMType":"String","Description":"The object identifier of an Azure AD group.","Name":"Id","Option":"Key"},{"CIMType":"String","Description":"The type of the authentication method target. Possible values are: group and unknownFutureValue.","Name":"TargetType","Option":"Key","ValueMap":["group","unknownFutureValue"],"Values":["group","unknownFutureValue"]}],"Description":"Azure AD Authentication Method Policy Authenticator"},{"ClassName":"MSFT_AADAuthenticationMethodPolicyAuthenticator","Parameters":[{"CIMType":"MSFT_MicrosoftGraphMicrosoftAuthenticatorFeatureSettings","Description":"A collection of Microsoft Authenticator settings such as number matching and location context, and whether they are enabled for all users or specific users only.","Name":"FeatureSettings","Option":"Write"},{"CIMType":"Boolean","Description":"true if users can use the OTP code generated by the Microsoft Authenticator app, false otherwise.","Name":"IsSoftwareOathEnabled","Option":"Write"},{"CIMType":"MSFT_AADAuthenticationMethodPolicyAuthenticatorExcludeTarget[]","Description":"Displayname of the groups of users that are excluded from a policy.","Name":"ExcludeTargets","Option":"Write"},{"CIMType":"MSFT_AADAuthenticationMethodPolicyAuthenticatorIncludeTarget[]","Description":"Displayname of the groups of users that are included from a policy.","Name":"IncludeTargets","Option":"Write"},{"CIMType":"String","Description":"The state of the policy. Possible values are: enabled, disabled.","Name":"State","Option":"Write","ValueMap":["enabled","disabled"],"Values":["enabled","disabled"]},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Key"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Azure AD Authentication Method Policy Authenticator"},{"ClassName":"MSFT_AADAuthenticationMethodPolicyEmailExcludeTarget","Parameters":[{"CIMType":"String","Description":"The object identifier of an Azure AD group.","Name":"Id","Option":"Key"},{"CIMType":"String","Description":"The type of the authentication method target. Possible values are: group and unknownFutureValue.","Name":"TargetType","Option":"Key","ValueMap":["group","unknownFutureValue"],"Values":["group","unknownFutureValue"]}],"Description":"Azure AD Authentication Method Policy Email"},{"ClassName":"MSFT_AADAuthenticationMethodPolicyEmailIncludeTarget","Parameters":[{"CIMType":"String","Description":"The object identifier of an Azure AD group.","Name":"Id","Option":"Key"},{"CIMType":"String","Description":"The type of the authentication method target. Possible values are: group and unknownFutureValue.","Name":"TargetType","Option":"Key","ValueMap":["group","unknownFutureValue"],"Values":["group","unknownFutureValue"]}],"Description":"Azure AD Authentication Method Policy Email"},{"ClassName":"MSFT_AADAuthenticationMethodPolicyEmail","Parameters":[{"CIMType":"String","Description":"Determines whether email OTP is usable by external users for authentication. Possible values are: default, enabled, disabled, unknownFutureValue. Tenants in the default state who did not use public preview will automatically have email OTP enabled beginning in October 2021.","Name":"AllowExternalIdToUseEmailOtp","Option":"Write","ValueMap":["default","enabled","disabled","unknownFutureValue"],"Values":["default","enabled","disabled","unknownFutureValue"]},{"CIMType":"MSFT_AADAuthenticationMethodPolicyEmailExcludeTarget[]","Description":"Displayname of the groups of users that are excluded from a policy.","Name":"ExcludeTargets","Option":"Write"},{"CIMType":"MSFT_AADAuthenticationMethodPolicyEmailIncludeTarget[]","Description":"Displayname of the groups of users that are included from a policy.","Name":"IncludeTargets","Option":"Write"},{"CIMType":"String","Description":"The state of the policy. Possible values are: enabled, disabled.","Name":"State","Option":"Write","ValueMap":["enabled","disabled"],"Values":["enabled","disabled"]},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Key"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Azure AD Authentication Method Policy Email"},{"ClassName":"MSFT_AADAuthenticationMethodPolicyExternalExcludeTarget","Parameters":[{"CIMType":"String","Description":"The object identifier of an Azure AD group.","Name":"Id","Option":"Key"},{"CIMType":"String","Description":"The type of the authentication method target. Possible values are: group and unknownFutureValue.","Name":"TargetType","Option":"Key","ValueMap":["group","unknownFutureValue"],"Values":["group","unknownFutureValue"]}],"Description":"Azure AD Authentication Method Policy External"},{"ClassName":"MSFT_AADAuthenticationMethodPolicyExternalIncludeTarget","Parameters":[{"CIMType":"String","Description":"The object identifier of an Azure AD group.","Name":"Id","Option":"Key"},{"CIMType":"String","Description":"The type of the authentication method target. Possible values are: group and unknownFutureValue.","Name":"TargetType","Option":"Key","ValueMap":["group","unknownFutureValue"],"Values":["group","unknownFutureValue"]}],"Description":"Azure AD Authentication Method Policy External"},{"ClassName":"MSFT_AADAuthenticationMethodPolicyExternalOpenIdConnectSetting","Parameters":[{"CIMType":"String","Description":"The Microsoft Entra ID's client ID as generated by the provider or admin to identify Microsoft Entra ID.","Name":"ClientId","Option":"Write"},{"CIMType":"String","Description":"The host URL of the external identity provider's OIDC discovery endpoint.","Name":"DiscoveryUrl","Option":"Write"}],"Description":"Azure AD Authentication Method Policy External"},{"ClassName":"MSFT_AADAuthenticationMethodPolicyExternal","Parameters":[{"CIMType":"MSFT_AADAuthenticationMethodPolicyExternalExcludeTarget[]","Description":"Displayname of the groups of users that are excluded from a policy.","Name":"ExcludeTargets","Option":"Write"},{"CIMType":"MSFT_AADAuthenticationMethodPolicyExternalIncludeTarget[]","Description":"Displayname of the groups of users that are included from a policy.","Name":"IncludeTargets","Option":"Write"},{"CIMType":"MSFT_AADAuthenticationMethodPolicyExternalOpenIdConnectSetting","Description":"Open ID Connection settings used by this external authentication method.","Name":"OpenIdConnectSetting","Option":"Write"},{"CIMType":"String","Description":"The state of the policy. Possible values are: enabled, disabled.","Name":"State","Option":"Write","ValueMap":["enabled","disabled"],"Values":["enabled","disabled"]},{"CIMType":"String","Description":"The appId for the app registration in Microsoft Entra ID representing the integration with the external provider.","Name":"AppId","Option":"Write"},{"CIMType":"String","Description":"The displayName of the authentication policy configuration. Read-only.","Name":"DisplayName","Option":"Key"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Azure AD Authentication Method Policy External"},{"ClassName":"MSFT_MicrosoftGraphFido2KeyRestrictions","Parameters":[{"CIMType":"String[]","Description":"A collection of Authenticator Attestation GUIDs. AADGUIDs define key types and manufacturers.","Name":"AaGuids","Option":"Write"},{"CIMType":"String","Description":"Enforcement type. Possible values are: allow, block.","Name":"EnforcementType","Option":"Write","ValueMap":["allow","block","unknownFutureValue"],"Values":["allow","block","unknownFutureValue"]},{"CIMType":"Boolean","Description":"Determines if the configured key enforcement is enabled.","Name":"IsEnforced","Option":"Write"}],"Description":"Azure AD Authentication Method Policy Fido2"},{"ClassName":"MSFT_AADAuthenticationMethodPolicyFido2ExcludeTarget","Parameters":[{"CIMType":"String","Description":"The object identifier of an Azure AD group.","Name":"Id","Option":"Key"},{"CIMType":"String","Description":"The type of the authentication method target. Possible values are: group and unknownFutureValue.","Name":"TargetType","Option":"Key","ValueMap":["group","unknownFutureValue"],"Values":["group","unknownFutureValue"]},{"CIMType":"Boolean","Description":"Determines if registration is required for the authentication method.","Name":"IsRegistrationRequired","Option":"Write"},{"CIMType":"String[]","Description":"Collection of allowed passkey profile IDs for this target.","Name":"AllowedPasskeyProfiles","Option":"Write"}],"Description":"Azure AD Authentication Method Policy Fido2"},{"ClassName":"MSFT_AADAuthenticationMethodPolicyFido2IncludeTarget","Parameters":[{"CIMType":"String","Description":"The object identifier of an Azure AD group.","Name":"Id","Option":"Key"},{"CIMType":"String","Description":"The type of the authentication method target. Possible values are: group and unknownFutureValue.","Name":"TargetType","Option":"Key","ValueMap":["group","unknownFutureValue"],"Values":["group","unknownFutureValue"]},{"CIMType":"Boolean","Description":"Determines if registration is required for the authentication method.","Name":"IsRegistrationRequired","Option":"Write"},{"CIMType":"String[]","Description":"Collection of allowed passkey profile IDs for this target.","Name":"AllowedPasskeyProfiles","Option":"Write"}],"Description":"Azure AD Authentication Method Policy Fido2"},{"ClassName":"MSFT_AADAuthenticationMethodPolicyFido2PasskeyProfile","Parameters":[{"CIMType":"String","Description":"The unique identifier for the passkey profile.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"The display name for the passkey profile.","Name":"Name","Option":"Key"},{"CIMType":"String","Description":"The passkey types supported by this profile.","Name":"PasskeyTypes","Option":"Write","ValueMap":["deviceBound","deviceBound","synced","crossDevice","synced"],"Values":["deviceBound","deviceBound","synced","crossDevice","synced"]},{"CIMType":"String","Description":"The attestation enforcement level for this profile.","Name":"AttestationEnforcement","Option":"Write","ValueMap":["disabled","registrationOnly","registrationAndSignIn"],"Values":["disabled","registrationOnly","registrationAndSignIn"]},{"CIMType":"MSFT_MicrosoftGraphFido2KeyRestrictions","Description":"Key restrictions for this passkey profile.","Name":"KeyRestrictions","Option":"Write"}],"Description":"Azure AD Authentication Method Policy Fido2"},{"ClassName":"MSFT_AADAuthenticationMethodPolicyFido2","Parameters":[{"CIMType":"Boolean","Description":"Determines whether attestation must be enforced for FIDO2 security key registration.","Name":"IsAttestationEnforced","Option":"Write"},{"CIMType":"Boolean","Description":"Determines if users can register new FIDO2 security keys.","Name":"IsSelfServiceRegistrationAllowed","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphFido2KeyRestrictions","Description":"Controls whether key restrictions are enforced on FIDO2 security keys, either allowing or disallowing certain key types as defined by Authenticator Attestation GUID (AAGUID), an identifier that indicates the type (e.g. make and model) of the authenticator.","Name":"KeyRestrictions","Option":"Write"},{"CIMType":"MSFT_AADAuthenticationMethodPolicyFido2ExcludeTarget[]","Description":"Displayname of the groups of users that are excluded from a policy.","Name":"ExcludeTargets","Option":"Write"},{"CIMType":"MSFT_AADAuthenticationMethodPolicyFido2IncludeTarget[]","Description":"Displayname of the groups of users that are included from a policy.","Name":"IncludeTargets","Option":"Write"},{"CIMType":"MSFT_AADAuthenticationMethodPolicyFido2PasskeyProfile[]","Description":"Passkey profiles configuration for FIDO2 authentication.","Name":"PasskeyProfiles","Option":"Write"},{"CIMType":"String","Description":"The state of the policy. Possible values are: enabled, disabled.","Name":"State","Option":"Write","ValueMap":["enabled","disabled"],"Values":["enabled","disabled"]},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Key"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Azure AD Authentication Method Policy Fido2"},{"ClassName":"MSFT_AADAuthenticationMethodPolicyHardwareExcludeTarget","Parameters":[{"CIMType":"String","Description":"The object identifier of an Azure AD group.","Name":"Id","Option":"Key"},{"CIMType":"String","Description":"The type of the authentication method target. Possible values are: group and unknownFutureValue.","Name":"TargetType","Option":"Key","ValueMap":["group","unknownFutureValue"],"Values":["group","unknownFutureValue"]}],"Description":"Azure AD Authentication Method Policy Hardware"},{"ClassName":"MSFT_AADAuthenticationMethodPolicyHardwareIncludeTarget","Parameters":[{"CIMType":"String","Description":"The object identifier of an Azure AD group.","Name":"Id","Option":"Key"},{"CIMType":"String","Description":"The type of the authentication method target. Possible values are: group and unknownFutureValue.","Name":"TargetType","Option":"Key","ValueMap":["group","unknownFutureValue"],"Values":["group","unknownFutureValue"]}],"Description":"Azure AD Authentication Method Policy Hardware"},{"ClassName":"MSFT_AADAuthenticationMethodPolicyHardware","Parameters":[{"CIMType":"MSFT_AADAuthenticationMethodPolicyHardwareExcludeTarget[]","Description":"Displayname of the groups of users that are excluded from a policy.","Name":"ExcludeTargets","Option":"Write"},{"CIMType":"MSFT_AADAuthenticationMethodPolicyHardwareIncludeTarget[]","Description":"Displayname of the groups of users that are included from a policy.","Name":"IncludeTargets","Option":"Write"},{"CIMType":"String","Description":"The state of the policy. Possible values are: enabled, disabled.","Name":"State","Option":"Write","ValueMap":["enabled","disabled"],"Values":["enabled","disabled"]},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Key"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Azure AD Authentication Method Policy Hardware"},{"ClassName":"MSFT_AADAuthenticationMethodPolicyQRCodeImageExcludeTarget","Parameters":[{"CIMType":"String","Description":"The object identifier of an Azure AD group.","Name":"Id","Option":"Key"},{"CIMType":"String","Description":"The type of the authentication method target. Possible values are: group and unknownFutureValue.","Name":"TargetType","Option":"Key","ValueMap":["group","unknownFutureValue"],"Values":["group","unknownFutureValue"]}],"Description":"This resource configures an Azure AD Authentication Method Policy QR Code Image."},{"ClassName":"MSFT_AADAuthenticationMethodPolicyQRCodeImageIncludeTarget","Parameters":[{"CIMType":"String","Description":"The object identifier of an Azure AD group.","Name":"Id","Option":"Key"},{"CIMType":"String","Description":"The type of the authentication method target. Possible values are: group and unknownFutureValue.","Name":"TargetType","Option":"Key","ValueMap":["group","unknownFutureValue"],"Values":["group","unknownFutureValue"]}],"Description":"This resource configures an Azure AD Authentication Method Policy QR Code Image."},{"ClassName":"MSFT_AADAuthenticationMethodPolicyQRCodeImage","Parameters":[{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Key"},{"CIMType":"MSFT_AADAuthenticationMethodPolicyQRCodeImageExcludeTarget[]","Description":"Displayname of the groups of users that are excluded from a policy.","Name":"ExcludeTargets","Option":"Write"},{"CIMType":"MSFT_AADAuthenticationMethodPolicyQRCodeImageIncludeTarget[]","Description":"Displayname of the groups of users that are included from a policy.","Name":"IncludeTargets","Option":"Write"},{"CIMType":"String","Description":"The state of the policy. Possible values are: enabled, disabled.","Name":"State","Option":"Write","ValueMap":["enabled","disabled"],"Values":["enabled","disabled"]},{"CIMType":"UInt32","Description":"Lifetime in days of the qr code.","Name":"StandardQRCodeLifetimeInDays","Option":"Write"},{"CIMType":"UInt32","Description":"Length of the PIN.","Name":"PinLength","Option":"Write"},{"CIMType":"string","Description":"Present ensures the instance exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Absent","Present"],"Values":["Absent","Present"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures an Azure AD Authentication Method Policy QR Code Image."},{"ClassName":"MSFT_AADAuthenticationMethodPolicySmsExcludeTarget","Parameters":[{"CIMType":"String","Description":"The object identifier of an Azure AD group.","Name":"Id","Option":"Key"},{"CIMType":"String","Description":"The type of the authentication method target. Possible values are: group and unknownFutureValue.","Name":"TargetType","Option":"Key","ValueMap":["group","unknownFutureValue"],"Values":["group","unknownFutureValue"]}],"Description":"Azure AD Authentication Method Policy Sms"},{"ClassName":"MSFT_AADAuthenticationMethodPolicySmsIncludeTarget","Parameters":[{"CIMType":"String","Description":"The object identifier of an Azure AD group.","Name":"Id","Option":"Key"},{"CIMType":"String","Description":"The type of the authentication method target. Possible values are: group and unknownFutureValue.","Name":"TargetType","Option":"Key","ValueMap":["group","unknownFutureValue"],"Values":["group","unknownFutureValue"]}],"Description":"Azure AD Authentication Method Policy Sms"},{"ClassName":"MSFT_AADAuthenticationMethodPolicySms","Parameters":[{"CIMType":"MSFT_AADAuthenticationMethodPolicySmsExcludeTarget[]","Description":"Displayname of the groups of users that are excluded from a policy.","Name":"ExcludeTargets","Option":"Write"},{"CIMType":"MSFT_AADAuthenticationMethodPolicySmsIncludeTarget[]","Description":"Displayname of the groups of users that are included from a policy.","Name":"IncludeTargets","Option":"Write"},{"CIMType":"String","Description":"The state of the policy. Possible values are: enabled, disabled.","Name":"State","Option":"Write","ValueMap":["enabled","disabled"],"Values":["enabled","disabled"]},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Key"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Azure AD Authentication Method Policy Sms"},{"ClassName":"MSFT_AADAuthenticationMethodPolicySoftwareExcludeTarget","Parameters":[{"CIMType":"String","Description":"The object identifier of an Azure AD group.","Name":"Id","Option":"Key"},{"CIMType":"String","Description":"The type of the authentication method target. Possible values are: group and unknownFutureValue.","Name":"TargetType","Option":"Key","ValueMap":["group","unknownFutureValue"],"Values":["group","unknownFutureValue"]}],"Description":"Azure AD Authentication Method Policy Software"},{"ClassName":"MSFT_AADAuthenticationMethodPolicySoftwareIncludeTarget","Parameters":[{"CIMType":"String","Description":"The object identifier of an Azure AD group.","Name":"Id","Option":"Key"},{"CIMType":"String","Description":"The type of the authentication method target. Possible values are: group and unknownFutureValue.","Name":"TargetType","Option":"Key","ValueMap":["group","unknownFutureValue"],"Values":["group","unknownFutureValue"]}],"Description":"Azure AD Authentication Method Policy Software"},{"ClassName":"MSFT_AADAuthenticationMethodPolicySoftware","Parameters":[{"CIMType":"MSFT_AADAuthenticationMethodPolicySoftwareExcludeTarget[]","Description":"Displayname of the groups of users that are excluded from a policy.","Name":"ExcludeTargets","Option":"Write"},{"CIMType":"MSFT_AADAuthenticationMethodPolicySoftwareIncludeTarget[]","Description":"Displayname of the groups of users that are included from a policy.","Name":"IncludeTargets","Option":"Write"},{"CIMType":"String","Description":"The state of the policy. Possible values are: enabled, disabled.","Name":"State","Option":"Write","ValueMap":["enabled","disabled"],"Values":["enabled","disabled"]},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Key"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Azure AD Authentication Method Policy Software"},{"ClassName":"MSFT_AADAuthenticationMethodPolicyTemporaryExcludeTarget","Parameters":[{"CIMType":"String","Description":"The object identifier of an Azure AD group.","Name":"Id","Option":"Key"},{"CIMType":"String","Description":"The type of the authentication method target. Possible values are: group and unknownFutureValue.","Name":"TargetType","Option":"Key","ValueMap":["group","unknownFutureValue"],"Values":["group","unknownFutureValue"]}],"Description":"Azure AD Authentication Method Policy Temporary"},{"ClassName":"MSFT_AADAuthenticationMethodPolicyTemporaryIncludeTarget","Parameters":[{"CIMType":"String","Description":"The object identifier of an Azure AD group.","Name":"Id","Option":"Key"},{"CIMType":"String","Description":"The type of the authentication method target. Possible values are: group and unknownFutureValue.","Name":"TargetType","Option":"Key","ValueMap":["group","unknownFutureValue"],"Values":["group","unknownFutureValue"]}],"Description":"Azure AD Authentication Method Policy Temporary"},{"ClassName":"MSFT_AADAuthenticationMethodPolicyTemporary","Parameters":[{"CIMType":"UInt32","Description":"Default length in characters of a Temporary Access Pass object. Must be between 8 and 48 characters.","Name":"DefaultLength","Option":"Write"},{"CIMType":"UInt32","Description":"Default lifetime in minutes for a Temporary Access Pass. Value can be any integer between the minimumLifetimeInMinutes and maximumLifetimeInMinutes.","Name":"DefaultLifetimeInMinutes","Option":"Write"},{"CIMType":"Boolean","Description":"If true, all the passes in the tenant will be restricted to one-time use. If false, passes in the tenant can be created to be either one-time use or reusable.","Name":"IsUsableOnce","Option":"Write"},{"CIMType":"UInt32","Description":"Maximum lifetime in minutes for any Temporary Access Pass created in the tenant. Value can be between 10 and 43200 minutes (equivalent to 30 days).","Name":"MaximumLifetimeInMinutes","Option":"Write"},{"CIMType":"UInt32","Description":"Minimum lifetime in minutes for any Temporary Access Pass created in the tenant. Value can be between 10 and 43200 minutes (equivalent to 30 days).","Name":"MinimumLifetimeInMinutes","Option":"Write"},{"CIMType":"MSFT_AADAuthenticationMethodPolicyTemporaryExcludeTarget[]","Description":"Displayname of the groups of users that are excluded from a policy.","Name":"ExcludeTargets","Option":"Write"},{"CIMType":"MSFT_AADAuthenticationMethodPolicyTemporaryIncludeTarget[]","Description":"Displayname of the groups of users that are included from a policy.","Name":"IncludeTargets","Option":"Write"},{"CIMType":"String","Description":"The state of the policy. Possible values are: enabled, disabled.","Name":"State","Option":"Write","ValueMap":["enabled","disabled"],"Values":["enabled","disabled"]},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Key"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Azure AD Authentication Method Policy Temporary"},{"ClassName":"MSFT_AADAuthenticationMethodPolicyVoiceExcludeTarget","Parameters":[{"CIMType":"String","Description":"The object identifier of an Azure AD group.","Name":"Id","Option":"Key"},{"CIMType":"String","Description":"The type of the authentication method target. Possible values are: group and unknownFutureValue.","Name":"TargetType","Option":"Key","ValueMap":["group","unknownFutureValue"],"Values":["group","unknownFutureValue"]}],"Description":"Azure AD Authentication Method Policy Voice"},{"ClassName":"MSFT_AADAuthenticationMethodPolicyVoiceIncludeTarget","Parameters":[{"CIMType":"String","Description":"The object identifier of an Azure AD group.","Name":"Id","Option":"Key"},{"CIMType":"String","Description":"The type of the authentication method target. Possible values are: group and unknownFutureValue.","Name":"TargetType","Option":"Key","ValueMap":["group","unknownFutureValue"],"Values":["group","unknownFutureValue"]}],"Description":"Azure AD Authentication Method Policy Voice"},{"ClassName":"MSFT_AADAuthenticationMethodPolicyVoice","Parameters":[{"CIMType":"Boolean","Description":"true if users can register office phones, otherwise, false.","Name":"IsOfficePhoneAllowed","Option":"Write"},{"CIMType":"MSFT_AADAuthenticationMethodPolicyVoiceExcludeTarget[]","Description":"Displayname of the groups of users that are excluded from a policy.","Name":"ExcludeTargets","Option":"Write"},{"CIMType":"MSFT_AADAuthenticationMethodPolicyVoiceIncludeTarget[]","Description":"Displayname of the groups of users that are included from a policy.","Name":"IncludeTargets","Option":"Write"},{"CIMType":"String","Description":"The state of the policy. Possible values are: enabled, disabled.","Name":"State","Option":"Write","ValueMap":["enabled","disabled"],"Values":["enabled","disabled"]},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Key"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Azure AD Authentication Method Policy Voice"},{"ClassName":"MSFT_MicrosoftGraphX509CertificateAuthenticationModeConfiguration","Parameters":[{"CIMType":"MSFT_MicrosoftGraphX509CertificateRule[]","Description":"Rules are configured in addition to the authentication mode to bind a specific x509CertificateRuleType to an x509CertificateAuthenticationMode. For example, bind the policyOID with identifier 1.32.132.343 to x509CertificateMultiFactor authentication mode.","Name":"Rules","Option":"Write"},{"CIMType":"String","Description":"The type of strong authentication mode. The possible values are: x509CertificateSingleFactor, x509CertificateMultiFactor, unknownFutureValue.","Name":"X509CertificateAuthenticationDefaultMode","Option":"Write","ValueMap":["x509CertificateSingleFactor","x509CertificateMultiFactor","unknownFutureValue"],"Values":["x509CertificateSingleFactor","x509CertificateMultiFactor","unknownFutureValue"]}],"Description":"Azure AD Authentication Method Policy X509"},{"ClassName":"MSFT_MicrosoftGraphX509CertificateRule","Parameters":[{"CIMType":"String","Description":"The identifier of the X.509 certificate. Required.","Name":"Identifier","Option":"Key"},{"CIMType":"String","Description":"The type of strong authentication mode. The possible values are: x509CertificateSingleFactor, x509CertificateMultiFactor, unknownFutureValue. Required.","Name":"X509CertificateAuthenticationMode","Option":"Required","ValueMap":["x509CertificateSingleFactor","x509CertificateMultiFactor","unknownFutureValue"],"Values":["x509CertificateSingleFactor","x509CertificateMultiFactor","unknownFutureValue"]},{"CIMType":"String","Description":"The type of the X.509 certificate mode configuration rule. The possible values are: issuerSubject, policyOID, unknownFutureValue. Required.","Name":"X509CertificateRuleType","Option":"Write","ValueMap":["issuerSubject","policyOID","unknownFutureValue"],"Values":["issuerSubject","policyOID","unknownFutureValue"]}],"Description":"Azure AD Authentication Method Policy X509"},{"ClassName":"MSFT_MicrosoftGraphX509CertificateUserBinding","Parameters":[{"CIMType":"UInt32","Description":"The priority of the binding. Azure AD uses the binding with the highest priority. This value must be a non-negative integer and unique in the collection of objects in the certificateUserBindings property of an x509CertificateAuthenticationMethodConfiguration object. Required","Name":"Priority","Option":"Write"},{"CIMType":"String","Description":"Defines the Azure AD user property of the user object to use for the binding. The possible values are: userPrincipalName, onPremisesUserPrincipalName, email. Required.","Name":"UserProperty","Option":"Required"},{"CIMType":"String","Description":"The field on the X.509 certificate to use for the binding. The possible values are: PrincipalName, RFC822Name.","Name":"X509CertificateField","Option":"Write"}],"Description":"Azure AD Authentication Method Policy X509"},{"ClassName":"MSFT_AADAuthenticationMethodPolicyX509ExcludeTarget","Parameters":[{"CIMType":"String","Description":"The object identifier of an Azure AD group.","Name":"Id","Option":"Key"},{"CIMType":"String","Description":"The type of the authentication method target. Possible values are: group and unknownFutureValue.","Name":"TargetType","Option":"Key","ValueMap":["group","unknownFutureValue"],"Values":["group","unknownFutureValue"]}],"Description":"Azure AD Authentication Method Policy X509"},{"ClassName":"MSFT_AADAuthenticationMethodPolicyX509IncludeTarget","Parameters":[{"CIMType":"String","Description":"The object identifier of an Azure AD group.","Name":"Id","Option":"Key"},{"CIMType":"Boolean","Description":"Determines if the user is enforced to register the authentication method.","Name":"isRegistrationRequired","Option":"Write"},{"CIMType":"String","Description":"The type of the authentication method target. Possible values are: group and unknownFutureValue.","Name":"TargetType","Option":"Key","ValueMap":["group","unknownFutureValue"],"Values":["group","unknownFutureValue"]}],"Description":"Azure AD Authentication Method Policy X509"},{"ClassName":"MSFT_AADAuthenticationMethodPolicyX509","Parameters":[{"CIMType":"MSFT_MicrosoftGraphx509CertificateAuthenticationModeConfiguration","Description":"Defines strong authentication configurations. This configuration includes the default authentication mode and the different rules for strong authentication bindings.","Name":"AuthenticationModeConfiguration","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphx509CertificateUserBinding[]","Description":"Defines fields in the X.509 certificate that map to attributes of the Azure AD user object in order to bind the certificate to the user. The priority of the object determines the order in which the binding is carried out. The first binding that matches will be used and the rest ignored.","Name":"CertificateUserBindings","Option":"Write"},{"CIMType":"MSFT_AADAuthenticationMethodPolicyX509ExcludeTarget[]","Description":"Displayname of the groups of users that are excluded from a policy.","Name":"ExcludeTargets","Option":"Write"},{"CIMType":"MSFT_AADAuthenticationMethodPolicyX509IncludeTarget[]","Description":"Displayname of the groups of users that are included from a policy.","Name":"IncludeTargets","Option":"Write"},{"CIMType":"String","Description":"The state of the policy. Possible values are: enabled, disabled.","Name":"State","Option":"Write","ValueMap":["enabled","disabled"],"Values":["enabled","disabled"]},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Key"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Azure AD Authentication Method Policy X509"},{"ClassName":"MSFT_AADAuthenticationRequirement","Parameters":[{"CIMType":"String","Description":"The state of the MFA enablement for the user. Possible values are: enabled, disabled.","Name":"PerUserMfaState","Option":"Write","ValueMap":["enabled","disabled"],"Values":["enabled","disabled"]},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"UserPrincipalName","Option":"Key"},{"CIMType":"String","Description":"Only valid value is 'Yes'.","Name":"IsSingleInstance","Option":"Key","ValueMap":["Yes"],"Values":["Yes"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Azure AD Authentication Requirement Resource to set up Per-User MFA settings"},{"ClassName":"MSFT_AADAuthenticationStrengthPolicy","Parameters":[{"CIMType":"String","Description":"The name of the policy.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"A description of the policy.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"The unique identifier of the policy.","Name":"Id","Option":"Write"},{"CIMType":"String[]","Description":"The authentication method combinations allowed by this authentication strength policy.","Name":"AllowedCombinations","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Azure AD Authentication Strength Policy"},{"ClassName":"MSFT_AADAuthorizationPolicy","Parameters":[{"CIMType":"String","Description":"Only valid value is 'Yes'.","Name":"IsSingleInstance","Option":"Key","ValueMap":["Yes"],"Values":["Yes"]},{"CIMType":"String","Description":"Display name for this policy.","Name":"DisplayName","Option":"Write"},{"CIMType":"String","Description":"Description of this policy.","Name":"Description","Option":"Write"},{"CIMType":"Boolean","Description":"Boolean Indicates whether users can sign up for email based subscriptions.","Name":"AllowedToSignUpEmailBasedSubscriptions","Option":"Write"},{"CIMType":"Boolean","Description":"Boolean Indicates whether the Self-Serve Password Reset feature can be used by users on the tenant.","Name":"AllowedToUseSSPR","Option":"Write"},{"CIMType":"Boolean","Description":"Boolean Indicates whether a user can join the tenant by email validation.","Name":"AllowEmailVerifiedUsersToJoinOrganization","Option":"Write"},{"CIMType":"String","Description":"Indicates who can invite external users to the organization. Possible values are: None, AdminsAndGuestInviters, AdminsGuestInvitersAndAllMembers, Everyone. Everyone is the default setting for all cloud environments except US Government.","Name":"AllowInvitesFrom","Option":"Write","ValueMap":["None","AdminsAndGuestInviters","AdminsGuestInvitersAndAllMembers","Everyone"],"Values":["None","AdminsAndGuestInviters","AdminsGuestInvitersAndAllMembers","Everyone"]},{"CIMType":"Boolean","Description":"Indicates whether user consent for risky apps is allowed.","Name":"AllowUserConsentForRiskyApps","Option":"Write"},{"CIMType":"Boolean","Description":"Boolean To disable the use of MSOL PowerShell, set this property to true. This will also disable user-based access to the legacy service endpoint used by MSOL PowerShell. This does not affect Azure AD Connect or Microsoft Graph.","Name":"BlockMsolPowershell","Option":"Write"},{"CIMType":"Boolean","Description":"Boolean Indicates whether the default user role can create applications.","Name":"DefaultUserRoleAllowedToCreateApps","Option":"Write"},{"CIMType":"Boolean","Description":"Boolean Indicates whether the default user role can create security groups.","Name":"DefaultUserRoleAllowedToCreateSecurityGroups","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether the registered owners of a device can read their own BitLocker recovery keys with default user role.","Name":"DefaultUserRoleAllowedToReadBitlockerKeysForOwnedDevice","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether the default user role can create tenants. This setting corresponds to the Restrict non-admin users from creating tenants setting in the User settings menu in the Azure portal. When this setting is false, users assigned the Tenant Creator role can still create tenants.","Name":"DefaultUserRoleAllowedToCreateTenants","Option":"Write"},{"CIMType":"Boolean","Description":"Boolean Indicates whether the default user role can read other users.","Name":"DefaultUserRoleAllowedToReadOtherUsers","Option":"Write"},{"CIMType":"String","Description":"The role that should be granted to guest users. Refer to List unifiedRoleDefinitions to find the list of available role templates. Only supported roles today are User, Guest User, and Restricted Guest User (2af84b1e-32c8-42b7-82bc-daa82404023b).","Name":"GuestUserRole","Option":"Write","ValueMap":["Guest","RestrictedGuest","User"],"Values":["Guest","RestrictedGuest","User"]},{"CIMType":"String[]","Description":"String collection Indicates if user consent to apps is allowed, and if it is, which permission to grant consent and which app consent policy (permissionGrantPolicy) govern the permission for users to grant consent. Value should be in the format managePermissionGrantsForSelf.{id}, where {id} is the id of a built-in or custom app consent policy. An empty list indicates user consent to apps is disabled.","Name":"PermissionGrantPolicyIdsAssignedToDefaultUserRole","Option":"Write"},{"CIMType":"String","Description":"Specify that the Azure Authorization Policy should exist.","Name":"Ensure","Option":"Write","ValueMap":["Present"],"Values":["Present"]},{"CIMType":"MSFT_Credential","Description":"Credentials for the Microsoft Graph delegated permissions.","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory application to authenticate with.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures AAD Authorization Policies."},{"ClassName":"MSFT_AADB2CAuthenticationMethodsPolicy","Parameters":[{"CIMType":"String","Description":"Only valid value is 'Yes'.","Name":"IsSingleInstance","Option":"Key","ValueMap":["Yes"],"Values":["Yes"]},{"CIMType":"Boolean","Description":"The tenant admin can configure local accounts using email if the email and password authentication method is enabled.","Name":"IsEmailPasswordAuthenticationEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The tenant admin can configure local accounts using username if the username and password authentication method is enabled.","Name":"IsUserNameAuthenticationEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The tenant admin can configure local accounts using phone number if the phone number and one-time password authentication method is enabled.","Name":"IsPhoneOneTimePasswordAuthenticationEnabled","Option":"Write"},{"CIMType":"string","Description":"Present ensures the instance exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Absent","Present"],"Values":["Absent","Present"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"B2C allows tenant admins to choose a mechanism for letting end users register via local accounts."},{"ClassName":"MSFT_AADCertificateBasedApplicationConfigurationTrustedCertificateAuthority","Parameters":[{"CIMType":"String","Description":"The certificate data in base64 encoded format.","Name":"Certificate","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates if the certificate is a root authority.","Name":"IsRootAuthority","Option":"Write"},{"CIMType":"String","Description":"The issuer of the certificate.","Name":"Issuer","Option":"Write"},{"CIMType":"String","Description":"The subject key identifier of the issuer.","Name":"IssuerSubjectKeyIdentifier","Option":"Write"}],"Description":"Manages certificate-based application configurations that define trusted certificate authorities for application authentication in Azure AD. These configurations are global tenant-wide objects that can be referenced by multiple app management policies."},{"ClassName":"MSFT_AADCertificateBasedApplicationConfiguration","Parameters":[{"CIMType":"String","Description":"Display name for the configuration.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"The unique identifier for the configuration.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"Description for the configuration.","Name":"Description","Option":"Write"},{"CIMType":"MSFT_AADCertificateBasedApplicationConfigurationTrustedCertificateAuthority[]","Description":"Collection of trusted certificate authorities.","Name":"TrustedCertificateAuthorities","Option":"Write"},{"CIMType":"String","Description":"Present ensures the instance exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Absent","Present"],"Values":["Absent","Present"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Manages certificate-based application configurations that define trusted certificate authorities for application authentication in Azure AD. These configurations are global tenant-wide objects that can be referenced by multiple app management policies."},{"ClassName":"MSFT_AADClaimsMappingPolicyDefinitionMappingPolicyClaimsTransformationInputParameter","Parameters":[{"CIMType":"String","Description":"The value of the input parameters of the claims transformation in the claims mapping policy.","Name":"Value","Option":"Write"},{"CIMType":"String","Description":"The object identifier of the input parameters of the claims transformation in the claims mapping policy.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"The data type of the input parameters of the claims transformation in the claims mapping policy.","Name":"DataType","Option":"Write"}],"Description":"Azure AD Claims Mapping Policy"},{"ClassName":"MSFT_AADClaimsMappingPolicyDefinitionMappingPolicyClaimsTransformationOutputClaims","Parameters":[{"CIMType":"String","Description":"The claim type reference ID of the output claims of the claims transformation in the claims mapping policy.","Name":"ClaimTypeReferenceId","Option":"Write"},{"CIMType":"String","Description":"The transformation type of the output claims of the claims transformation in the claims mapping policy.","Name":"TransformationClaimType","Option":"Write"}],"Description":"Azure AD Claims Mapping Policy"},{"ClassName":"MSFT_AADClaimsMappingPolicyDefinitionMappingPolicyClaimsTransformation","Parameters":[{"CIMType":"String","Description":"The object identifier of the claims transformation in the claims mapping policy.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"The transformation method of the claims transformation in the claims mapping policy.","Name":"TransformationMethod","Option":"Write"},{"CIMType":"MSFT_AADClaimsMappingPolicyDefinitionMappingPolicyClaimsTransformationInputParameter[]","Description":"The list of input parameters of the claims transformation in the claims mapping policy.","Name":"InputParameters","Option":"Write"},{"CIMType":"MSFT_AADClaimsMappingPolicyDefinitionMappingPolicyClaimsTransformationOutputClaims[]","Description":"The list of output claims of the claims transformation in the claims mapping policy.","Name":"OutputClaims","Option":"Write"}],"Description":"Azure AD Claims Mapping Policy"},{"ClassName":"MSFT_AADClaimsMappingPolicyDefinitionMappingPolicyClaimsSchema","Parameters":[{"CIMType":"String","Description":"The source name of the claims schema in the claims mapping policy.","Name":"Source","Option":"Write"},{"CIMType":"String","Description":"The object identifier of the claims schema in the claims mapping policy.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"The SAML claims type of the claims schema in the claims mapping policy.","Name":"SamlClaimType","Option":"Write"}],"Description":"Azure AD Claims Mapping Policy"},{"ClassName":"MSFT_AADClaimsMappingPolicyDefinitionMappingPolicy","Parameters":[{"CIMType":"uint32","Description":"Set value of 1. Required.","Name":"Version","Option":"Write"},{"CIMType":"Boolean","Description":"If set to true, all claims in the basic claim set are emitted in tokens affected by the policy. If set to false, claims in the basic claim set are not in the tokens, unless they are individually added in the ClaimsSchema property of the same policy.","Name":"IncludeBasicClaimSet","Option":"Write"},{"CIMType":"MSFT_AADClaimsMappingPolicyDefinitionMappingPolicyClaimsSchema[]","Description":"Defines which claims are present in the tokens affected by the policy, in addition to the basic claim set and the core claim set.","Name":"ClaimsSchema","Option":"Write"},{"CIMType":"MSFT_AADClaimsMappingPolicyDefinitionMappingPolicyClaimsTransformation[]","Description":"Defines common transformations that can be applied to source data, to generate the output data for claims specified in the ClaimsSchema.","Name":"ClaimsTransformation","Option":"Write"}],"Description":"Azure AD Claims Mapping Policy"},{"ClassName":"MSFT_AADClaimsMappingPolicyDefinition","Parameters":[{"CIMType":"MSFT_AADClaimsMappingPolicyDefinitionMappingPolicy","Description":"Rules and settings of the policy.","Name":"ClaimsMappingPolicy","Option":"Write"}],"Description":"Azure AD Claims Mapping Policy"},{"ClassName":"MSFT_AADClaimsMappingPolicy","Parameters":[{"CIMType":"MSFT_AADClaimsMappingPolicyDefinition[]","Description":"A string collection containing a JSON string that defines the rules and settings for a policy. The syntax for the definition differs for each derived policy type. Required.","Name":"Definition","Option":"Write"},{"CIMType":"Boolean","Description":"If set to true, activates this policy. There can be many policies for the same policy type, but only one can be activated as the organization default. Optional, default value is false.","Name":"IsOrganizationDefault","Option":"Write"},{"CIMType":"String","Description":"Description for this policy. Required.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Display name for this policy. Required.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Azure AD Claims Mapping Policy"},{"ClassName":"MSFT_AADConditionalAccessPolicy","Parameters":[{"CIMType":"String","Description":"DisplayName of the AAD CA Policy","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"Specifies the GUID for the Policy.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"Specifies the State of the Policy.","Name":"State","Option":"Write","ValueMap":["disabled","enabled","enabledForReportingButNotEnforced"],"Values":["disabled","enabled","enabledForReportingButNotEnforced"]},{"CIMType":"String[]","Description":"Cloud Apps in scope of the Policy.","Name":"IncludeApplications","Option":"Write"},{"CIMType":"String","Description":"Rule syntax is similar to that used for membership rules for groups in Microsoft Entra ID.","Name":"ApplicationsFilter","Option":"Write"},{"CIMType":"String","Description":"Mode to use for the filter. Possible values are include or exclude.","Name":"ApplicationsFilterMode","Option":"Write","ValueMap":["include","exclude"],"Values":["include","exclude"]},{"CIMType":"String[]","Description":"Cloud Apps out of scope of the Policy.","Name":"ExcludeApplications","Option":"Write"},{"CIMType":"String[]","Description":"User Actions in scope of the Policy.","Name":"IncludeUserActions","Option":"Write"},{"CIMType":"String[]","Description":"Users in scope of the Policy.","Name":"IncludeUsers","Option":"Write"},{"CIMType":"String[]","Description":"Users out of scope of the Policy.","Name":"ExcludeUsers","Option":"Write"},{"CIMType":"String[]","Description":"Groups in scope of the Policy.","Name":"IncludeGroups","Option":"Write"},{"CIMType":"String[]","Description":"Groups out of scope of the Policy.","Name":"ExcludeGroups","Option":"Write"},{"CIMType":"String[]","Description":"AAD Admin Roles in scope of the Policy.","Name":"IncludeRoles","Option":"Write"},{"CIMType":"String[]","Description":"AAD Admin Roles out of scope of the Policy.","Name":"ExcludeRoles","Option":"Write"},{"CIMType":"String[]","Description":"Represents the Included internal guests or external user types. This is a multi-valued property. Supported values are: b2bCollaborationGuest, b2bCollaborationMember, b2bDirectConnectUser, internalGuest, OtherExternalUser, serviceProvider and unknownFutureValue.","Name":"IncludeGuestOrExternalUserTypes","Option":"Write","ValueMap":["none","internalGuest","b2bCollaborationGuest","b2bCollaborationMember","b2bDirectConnectUser","otherExternalUser","serviceProvider","unknownFutureValue"],"Values":["none","internalGuest","b2bCollaborationGuest","b2bCollaborationMember","b2bDirectConnectUser","otherExternalUser","serviceProvider","unknownFutureValue"]},{"CIMType":"String","Description":"Represents the Included Tenants membership kind. The possible values are: all, enumerated, unknownFutureValue. enumerated references an object of conditionalAccessEnumeratedExternalTenants derived type.","Name":"IncludeExternalTenantsMembershipKind","Option":"Write","ValueMap":["","all","enumerated","unknownFutureValue"],"Values":["","all","enumerated","unknownFutureValue"]},{"CIMType":"String[]","Description":"Represents the Included collection of tenant ids in the scope of Conditional Access for guests and external users policy targeting.","Name":"IncludeExternalTenantsMembers","Option":"Write"},{"CIMType":"String[]","Description":"Represents the Excluded internal guests or external user types. This is a multi-valued property. Supported values are: b2bCollaborationGuest, b2bCollaborationMember, b2bDirectConnectUser, internalGuest, OtherExternalUser, serviceProvider and unknownFutureValue.","Name":"ExcludeGuestOrExternalUserTypes","Option":"Write","ValueMap":["none","internalGuest","b2bCollaborationGuest","b2bCollaborationMember","b2bDirectConnectUser","otherExternalUser","serviceProvider","unknownFutureValue"],"Values":["none","internalGuest","b2bCollaborationGuest","b2bCollaborationMember","b2bDirectConnectUser","otherExternalUser","serviceProvider","unknownFutureValue"]},{"CIMType":"String","Description":"Represents the Excluded Tenants membership kind. The possible values are: all, enumerated, unknownFutureValue. enumerated references an object of conditionalAccessEnumeratedExternalTenants derived type.","Name":"ExcludeExternalTenantsMembershipKind","Option":"Write","ValueMap":["","all","enumerated","unknownFutureValue"],"Values":["","all","enumerated","unknownFutureValue"]},{"CIMType":"String[]","Description":"Represents the Excluded collection of tenant ids in the scope of Conditional Access for guests and external users policy targeting.","Name":"ExcludeExternalTenantsMembers","Option":"Write"},{"CIMType":"String[]","Description":"Service Principals in scope of the Policy. 'Attribute Definition Reader' role is needed.","Name":"IncludeServicePrincipals","Option":"Write"},{"CIMType":"String[]","Description":"Service Principals out of scope of the Policy. 'Attribute Definition Reader' role is needed.","Name":"ExcludeServicePrincipals","Option":"Write"},{"CIMType":"String","Description":"Mode to use for the Service Principal filter. Possible values are include or exclude. 'Attribute Definition Reader' role is needed.","Name":"ServicePrincipalFilterMode","Option":"Write","ValueMap":["include","exclude"],"Values":["include","exclude"]},{"CIMType":"String","Description":"Rule syntax for the Service Principal filter. 'Attribute Definition Reader' role is needed.","Name":"ServicePrincipalFilterRule","Option":"Write"},{"CIMType":"String[]","Description":"Client Device Platforms in scope of the Policy.","Name":"IncludePlatforms","Option":"Write"},{"CIMType":"String[]","Description":"Client Device Platforms out of scope of the Policy.","Name":"ExcludePlatforms","Option":"Write"},{"CIMType":"String[]","Description":"AAD Named Locations in scope of the Policy.","Name":"IncludeLocations","Option":"Write"},{"CIMType":"String[]","Description":"AAD Named Locations out of scope of the Policy.","Name":"ExcludeLocations","Option":"Write"},{"CIMType":"String","Description":"Client Device Filter mode of the Policy.","Name":"DeviceFilterMode","Option":"Write","ValueMap":["include","exclude"],"Values":["include","exclude"]},{"CIMType":"String","Description":"Client Device Filter rule of the Policy.","Name":"DeviceFilterRule","Option":"Write"},{"CIMType":"String[]","Description":"AAD Identity Protection User Risk Levels in scope of the Policy.","Name":"UserRiskLevels","Option":"Write"},{"CIMType":"String[]","Description":"AAD Identity Protection Sign-in Risk Levels in scope of the Policy.","Name":"SignInRiskLevels","Option":"Write"},{"CIMType":"String[]","Description":"Client App types in scope of the Policy.","Name":"ClientAppTypes","Option":"Write"},{"CIMType":"String","Description":"Operator to be used for Grant Controls.","Name":"GrantControlOperator","Option":"Write","ValueMap":["AND","OR"],"Values":["AND","OR"]},{"CIMType":"String[]","Description":"List of built-in Grant Controls to be applied by the Policy.","Name":"BuiltInControls","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies, whether Application Enforced Restrictions are enabled in the Policy.","Name":"ApplicationEnforcedRestrictionsIsEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies, whether Cloud App Security is enforced by the Policy.","Name":"CloudAppSecurityIsEnabled","Option":"Write"},{"CIMType":"String","Description":"Specifies, what Cloud App Security control is enforced by the Policy.","Name":"CloudAppSecurityType","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies if token protection for sign-in sessions is to be enforced by the policy.","Name":"SecureSignInSessionIsEnabled","Option":"Write"},{"CIMType":"UInt32","Description":"Sign in frequency time in the given unit to be enforced by the policy.","Name":"SignInFrequencyValue","Option":"Write"},{"CIMType":"String","Description":"Display name of the terms of use to assign.","Name":"TermsOfUse","Option":"Write"},{"CIMType":"String[]","Description":"Custom Controls assigned to the grant property of this policy.","Name":"CustomAuthenticationFactors","Option":"Write"},{"CIMType":"String","Description":"Sign in frequency unit (days/hours) to be interpreted by the policy.","Name":"SignInFrequencyType","Option":"Write","ValueMap":["Days","Hours",""],"Values":["Days","Hours",""]},{"CIMType":"Boolean","Description":"Specifies, whether sign-in frequency is enforced by the Policy.","Name":"SignInFrequencyIsEnabled","Option":"Write"},{"CIMType":"String","Description":"Sign in frequency interval. Possible values are: 'timeBased', 'everyTime' and 'unknownFutureValue'.","Name":"SignInFrequencyInterval","Option":"Write","ValueMap":["timeBased","everyTime","unknownFutureValue"],"Values":["timeBased","everyTime","unknownFutureValue"]},{"CIMType":"Boolean","Description":"Specifies, whether Browser Persistence is controlled by the Policy.","Name":"PersistentBrowserIsEnabled","Option":"Write"},{"CIMType":"String","Description":"Specifies, what Browser Persistence control is enforced by the Policy.","Name":"PersistentBrowserMode","Option":"Write","ValueMap":["Always","Never",""],"Values":["Always","Never",""]},{"CIMType":"Boolean","Description":"Specifies, if DisableResilienceDefaults is enabled.","Name":"DisableResilienceDefaultsIsEnabled","Option":"Write"},{"CIMType":"String","Description":"Name of the associated authentication strength policy.","Name":"AuthenticationStrength","Option":"Write"},{"CIMType":"String","Description":"Names of the associated authentication flow transfer methods. Possible values are '', 'deviceCodeFlow', 'authenticationTransfer', or 'deviceCodeFlow,authenticationTransfer'.","Name":"TransferMethods","Option":"Write"},{"CIMType":"String[]","Description":"Authentication context class references.","Name":"AuthenticationContexts","Option":"Write"},{"CIMType":"String[]","Description":"Insider risk levels conditions.","Name":"InsiderRiskLevels","Option":"Write","ValueMap":["minor","moderate","elevated","unknownFutureValue"],"Values":["minor","moderate","elevated","unknownFutureValue"]},{"CIMType":"String[]","Description":"Service principal risk levels included in the policy.","Name":"ServicePrincipalRiskLevels","Option":"Write","ValueMap":["low","medium","high","none","unknownFutureValue"],"Values":["low","medium","high","none","unknownFutureValue"]},{"CIMType":"String[]","Description":"Specifies the protocol flows to block.","Name":"ProtocolFlows","Option":"Write"},{"CIMType":"String","Description":"Specify if the Azure AD CA Policy should exist or not.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials for the Microsoft Graph delegated permissions.","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory application to authenticate with.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures an Azure Active Directory Conditional Access Policy."},{"ClassName":"MSFT_AADConnectorGroupApplicationProxy","Parameters":[{"CIMType":"String","Description":"The name associated with the connectorGroup.","Name":"Name","Option":"Key"},{"CIMType":"String","Description":"The region the connectorGroup is assigned to and will optimize traffic for. This region can only be set if no connectors or applications are assigned to the connectorGroup. The possible values are: nam (for North America), eur (for Europe), aus (for Australia), asia (for Asia), ind (for India), and unknownFutureValue.","Name":"Region","Option":"Write","ValueMap":["nam","eur","aus","asia","ind","unknownFutureValue"],"Values":["nam","eur","aus","asia","ind","unknownFutureValue"]},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Azure AD Connector Group Application Proxy"},{"ClassName":"MSFT_AADCrossTenantAccessPolicy","Parameters":[{"CIMType":"String","Description":"Only valid value is 'Yes'.","Name":"IsSingleInstance","Option":"Key","ValueMap":["Yes"],"Values":["Yes"]},{"CIMType":"String","Description":"The name of the policy.","Name":"DisplayName","Option":"Write"},{"CIMType":"String[]","Description":"Used to specify which Microsoft clouds an organization would like to collaborate with. By default, this value is empty.","Name":"AllowedCloudEndpoints","Option":"Write","ValueMap":["microsoftonline.com","microsoftonline.us","partner.microsoftonline.cn"],"Values":["microsoftonline.com","microsoftonline.us","partner.microsoftonline.cn"]},{"CIMType":"String","Description":"Specify if the policy should exist or not.","Name":"Ensure","Option":"Write","ValueMap":["Present"],"Values":["Present"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource manages Azure AD Cross Tenant Access Policies."},{"ClassName":"MSFT_AADCrossTenantAccessPolicyTarget","Parameters":[{"CIMType":"String","Description":"The unique identifier of the user, group, or application; one of the following keywords: AllUsers and AllApplications; or for targets that are applications, you may use reserved values.","Name":"Target","Option":"Write"},{"CIMType":"String","Description":"The type of resource that you want to target. The possible values are: user, group, application, unknownFutureValue.","Name":"TargetType","Option":"Write","ValueMap":["user","group","application","unknownFutureValue"],"Values":["user","group","application","unknownFutureValue"]}],"Description":"This resource manages Azure AD Cross Tenant Access Policies Configuration Default."},{"ClassName":"MSFT_AADCrossTenantAccessPolicyTargetConfiguration","Parameters":[{"CIMType":"String","Description":"Defines whether access is allowed or blocked. The possible values are: allowed, blocked, unknownFutureValue.","Name":"AccessType","Option":"Write","ValueMap":["allowed","blocked","unknownFutureValue"],"Values":["allowed","blocked","unknownFutureValue"]},{"CIMType":"MSFT_AADCrossTenantAccessPolicyTarget[]","Description":"Specifies whether to target users, groups, or applications with this rule.","Name":"Targets","Option":"Write"}],"Description":"This resource manages Azure AD Cross Tenant Access Policies Configuration Default."},{"ClassName":"MSFT_AADCrossTenantAccessPolicyB2BSetting","Parameters":[{"CIMType":"MSFT_AADCrossTenantAccessPolicyTargetConfiguration","Description":"The list of applications targeted with your cross-tenant access policy.","Name":"Applications","Option":"Write"},{"CIMType":"MSFT_AADCrossTenantAccessPolicyTargetConfiguration","Description":"The list of users and groups targeted with your cross-tenant access policy.","Name":"UsersAndGroups","Option":"Write"}],"Description":"This resource manages Azure AD Cross Tenant Access Policies Configuration Default."},{"ClassName":"MSFT_AADCrossTenantAccessPolicyInboundTrust","Parameters":[{"CIMType":"Boolean","Description":"Specifies whether compliant devices from external Azure AD organizations are trusted.","Name":"IsCompliantDeviceAccepted","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies whether hybrid Azure AD joined devices from external Azure AD organizations are trusted.","Name":"IsHybridAzureADJoinedDeviceAccepted","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies whether MFA from external Azure AD organizations is trusted.","Name":"IsMfaAccepted","Option":"Write"}],"Description":"This resource manages Azure AD Cross Tenant Access Policies Configuration Default."},{"ClassName":"MSFT_AADDefaultInvitationRedemptionIdentityProviderConfiguration","Parameters":[{"CIMType":"String[]","Description":"Collection of identity providers in priority order of preference to be used for guest invitation redemption. The possible values are: azureActiveDirectory, externalFederation, or socialIdentityProviders.","Name":"PrimaryIdentityProviderPrecedenceOrder","Option":"Write","ValueMap":["azureActiveDirectory","externalFederation","socialIdentityProviders"],"Values":["azureActiveDirectory","externalFederation","socialIdentityProviders"]},{"CIMType":"String","Description":"The fallback identity provider to be used in case no primary identity provider can be used for guest invitation redemption. The possible values are: defaultConfiguredIdp, emailOneTimePasscode, or microsoftAccount.","Name":"FallbackIdentityProvider","Option":"Write","ValueMap":["defaultConfiguredIdp","emailOneTimePasscode","microsoftAccount"],"Values":["defaultConfiguredIdp","emailOneTimePasscode","microsoftAccount"]}],"Description":"This resource manages Azure AD Cross Tenant Access Policies Configuration Default."},{"ClassName":"MSFT_AADDevicesFilter","Parameters":[{"CIMType":"String","Description":"Determines whether devices that satisfy the rule should be allowed or blocked. The possible values are: allowed, blocked.","Name":"Mode","Option":"Write","ValueMap":["allowed","blocked"],"Values":["allowed","blocked"]},{"CIMType":"String","Description":"Defines the rule to filter the devices. For example, 'device.deviceAttribute2 -eq 'PrivilegedAccessWorkstation'.","Name":"Rule","Option":"Write"}],"Description":"This resource manages Azure AD Cross Tenant Access Policies Configuration Default."},{"ClassName":"MSFT_AADCrossTenantAccessPolicyTenantRestrictions","Parameters":[{"CIMType":"MSFT_AADCrossTenantAccessPolicyTargetConfiguration","Description":"The list of applications targeted with your cross-tenant access policy.","Name":"Applications","Option":"Write"},{"CIMType":"MSFT_AADDevicesFilter","Description":"Defines the rule for filtering devices and whether devices satisfying the rule should be allowed or blocked. This property isn't supported on the server side yet.","Name":"Devices","Option":"Write"},{"CIMType":"MSFT_AADCrossTenantAccessPolicyTargetConfiguration","Description":"The list of users and groups targeted with your cross-tenant access policy.","Name":"UsersAndGroups","Option":"Write"}],"Description":"This resource manages Azure AD Cross Tenant Access Policies Configuration Default."},{"ClassName":"MSFT_AADCrossTenantAccessPolicyConfigurationDefault","Parameters":[{"CIMType":"String","Description":"Only valid value is 'Yes'.","Name":"IsSingleInstance","Option":"Key","ValueMap":["Yes"],"Values":["Yes"]},{"CIMType":"MSFT_AADCrossTenantAccessPolicyB2BSetting","Description":"Defines your partner-specific configuration for users from other organizations accessing your resources via Azure AD B2B collaboration.","Name":"B2BCollaborationInbound","Option":"Write"},{"CIMType":"MSFT_AADCrossTenantAccessPolicyB2BSetting","Description":"Defines your partner-specific configuration for users in your organization going outbound to access resources in another organization via Azure AD B2B collaboration.","Name":"B2BCollaborationOutbound","Option":"Write"},{"CIMType":"MSFT_AADCrossTenantAccessPolicyB2BSetting","Description":"Defines your partner-specific configuration for users from other organizations accessing your resources via Azure AD B2B direct connect.","Name":"B2BDirectConnectInbound","Option":"Write"},{"CIMType":"MSFT_AADCrossTenantAccessPolicyB2BSetting","Description":"Defines your partner-specific configuration for users in your organization going outbound to access resources in another organization via Azure AD B2B direct connect.","Name":"B2BDirectConnectOutbound","Option":"Write"},{"CIMType":"MSFT_AADCrossTenantAccessPolicyInboundTrust","Description":"Determines the partner-specific configuration for trusting other Conditional Access claims from external Azure AD organizations.","Name":"InboundTrust","Option":"Write"},{"CIMType":"MSFT_AADDefaultInvitationRedemptionIdentityProviderConfiguration","Description":"Defines the priority order based on which an identity provider is selected during invitation redemption for a guest user.","Name":"InvitationRedemptionIdentityProviderConfiguration","Option":"Write"},{"CIMType":"MSFT_AADCrossTenantAccessPolicyTenantRestrictions","Description":"Defines the default tenant restrictions configuration for users in your organization who access an external organization on your network or devices.","Name":"TenantRestrictions","Option":"Write"},{"CIMType":"String","Description":"Specify if the instance should exist or not.","Name":"Ensure","Option":"Write","ValueMap":["Present"],"Values":["Present"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource manages Azure AD Cross Tenant Access Policies Configuration Default."},{"ClassName":"MSFT_AADCrossTenantAccessPolicyAutomaticUserConsentSettings","Parameters":[{"CIMType":"Boolean","Description":"Specifies whether you want to automatically trust Inbound invitations.","Name":"InboundAllowed","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies whether you want to automatically trust Outbound invitations.","Name":"OutboundAllowed","Option":"Write"}],"Description":"This resource manages Azure AD Cross Tenant Access Policies Configuration Partner."},{"ClassName":"MSFT_AADCrossTenantGroupSyncInbound","Parameters":[{"CIMType":"Boolean","Description":"Defines whether group objects should be synchronized from the partner tenant. false stops any current group synchronization from the source tenant to the target tenant. This property has no impact on existing groups that were synchronized.","Name":"IsSyncAllowed","Option":"Write"}],"Description":"This resource manages Azure AD Cross Tenant Access Policies Configuration Partner."},{"ClassName":"MSFT_AADCrossTenantUserSyncInbound","Parameters":[{"CIMType":"Boolean","Description":"Defines whether user objects should be synchronized from the partner tenant. false causes any current user synchronization from the source tenant to the target tenant to stop. This property has no impact on existing users who have already been synchronized.","Name":"IsSyncAllowed","Option":"Write"}],"Description":"This resource manages Azure AD Cross Tenant Access Policies Configuration Partner."},{"ClassName":"MSFT_AADCrossTenantIdentitySyncPolicyPartner","Parameters":[{"CIMType":"MSFT_AADCrossTenantGroupSyncInbound","Description":"Defines whether groups can be synchronized from a partner tenant. Key.","Name":"GroupSyncInbound","Option":"Write"},{"CIMType":"MSFT_AADCrossTenantUserSyncInbound","Description":"Specifies whether you want to automatically trust Outbound invitations.","Name":"UserSyncInbound","Option":"Write"}],"Description":"This resource manages Azure AD Cross Tenant Access Policies Configuration Partner."},{"ClassName":"MSFT_AADCrossTenantAccessPolicyConfigurationPartner","Parameters":[{"CIMType":"String","Description":"The tenant identifier for the partner Azure Active Directory (Azure AD) organization.","Name":"PartnerTenantId","Option":"Key"},{"CIMType":"MSFT_AADCrossTenantAccessPolicyB2BSetting","Description":"Defines your partner-specific configuration for users from other organizations accessing your resources via Azure AD B2B collaboration.","Name":"B2BCollaborationInbound","Option":"Write"},{"CIMType":"MSFT_AADCrossTenantAccessPolicyB2BSetting","Description":"Defines your partner-specific configuration for users in your organization going outbound to access resources in another organization via Azure AD B2B collaboration.","Name":"B2BCollaborationOutbound","Option":"Write"},{"CIMType":"MSFT_AADCrossTenantAccessPolicyB2BSetting","Description":"Defines your partner-specific configuration for users from other organizations accessing your resources via Azure AD B2B direct connect.","Name":"B2BDirectConnectInbound","Option":"Write"},{"CIMType":"MSFT_AADCrossTenantAccessPolicyB2BSetting","Description":"Defines your partner-specific configuration for users in your organization going outbound to access resources in another organization via Azure AD B2B direct connect.","Name":"B2BDirectConnectOutbound","Option":"Write"},{"CIMType":"MSFT_AADCrossTenantAccessPolicyAutomaticUserConsentSettings","Description":"Determines the partner-specific configuration for accepting trust claims from other tenant invitations.","Name":"AutomaticUserConsentSettings","Option":"Write"},{"CIMType":"MSFT_AADCrossTenantIdentitySyncPolicyPartner","Description":"Defines the identity synchronization settings.","Name":"IdentitySynchronization","Option":"Write"},{"CIMType":"MSFT_AADCrossTenantAccessPolicyInboundTrust","Description":"Determines the partner-specific configuration for trusting other Conditional Access claims from external Azure AD organizations.","Name":"InboundTrust","Option":"Write"},{"CIMType":"String","Description":"Specify if the policy should exist or not.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource manages Azure AD Cross Tenant Access Policies Configuration Partner."},{"ClassName":"MSFT_AADCustomAuthenticationExtensionEndPointConfiguration","Parameters":[{"CIMType":"String","Description":"Defines the type of the endpoint configuration","Name":"EndpointType","Option":"Write"},{"CIMType":"String","Description":"Defines the workflow name for the logic app","Name":"LogicAppWorkflowName","Option":"Write"},{"CIMType":"String","Description":"Defines the resource group name for the logic app","Name":"ResourceGroupName","Option":"Write"},{"CIMType":"String","Description":"Defines the subscription id for the logic app","Name":"SubscriptionId","Option":"Write"},{"CIMType":"String","Description":"Defines the target url for the http endpoint","Name":"TargetUrl","Option":"Write"}],"Description":"Custom authentication extensions define interactions with external systems during a user authentication session."},{"ClassName":"MSFT_AADCustomAuthenticationExtensionClaimForTokenConfiguration","Parameters":[{"CIMType":"String","Description":"Defines the claim id in api response.","Name":"ClaimIdInApiResponse","Option":"Write"}],"Description":"Custom authentication extensions define interactions with external systems during a user authentication session."},{"ClassName":"MSFT_AADCustomAuthenticationExtension","Parameters":[{"CIMType":"String","Description":"Display Name of the custom security attribute. Must be unique within an attribute set. Can be up to 32 characters long and include Unicode characters. Can't contain spaces or special characters. Can't be changed later. Case sensitive.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"Unique identifier of the Attribute Definition.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"Defines the custom authentication extension type.","Name":"CustomAuthenticationExtensionType","Option":"Write"},{"CIMType":"String","Description":"Description of the custom security attribute. Can be up to 128 characters long and include Unicode characters. Can't contain spaces or special characters. Can be changed later. ","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Defines the authentication configuration type","Name":"AuthenticationConfigurationType","Option":"Write"},{"CIMType":"String","Description":"Defines the authentication configuration resource id","Name":"AuthenticationConfigurationResourceId","Option":"Write"},{"CIMType":"UInt32","Description":"Defines the client configuration timeout in milliseconds","Name":"ClientConfigurationTimeoutMilliseconds","Option":"Write"},{"CIMType":"UInt32","Description":"Defines the client configuration max retries","Name":"ClientConfigurationMaximumRetries","Option":"Write"},{"CIMType":"MSFT_AADCustomAuthenticationExtensionEndPointConfiguration","Description":"Defines the endpoint configuration","Name":"EndpointConfiguration","Option":"Write"},{"CIMType":"MSFT_AADCustomAuthenticationExtensionClaimForTokenConfiguration[]","Description":"Defines the list of claims for token configurations","Name":"ClaimsForTokenConfiguration","Option":"Write"},{"CIMType":"string","Description":"Present ensures the instance exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Absent","Present"],"Values":["Absent","Present"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Custom authentication extensions define interactions with external systems during a user authentication session."},{"ClassName":"MSFT_CustomSecurityAttributeAllowedValue","Parameters":[{"CIMType":"String","Description":"The id of the allowed value. Must be unique in the set of allowed values.","Name":"ValueId","Option":"Key"},{"CIMType":"Boolean","Description":"If the allowed value is active.","Name":"IsActive","Option":"Required"}],"Description":"Configures custom security attribute definitions in Entra Id."},{"ClassName":"MSFT_AADCustomSecurityAttributeDefinition","Parameters":[{"CIMType":"String","Description":"Name of the custom security attribute. Must be unique within an attribute set. Can be up to 32 characters long and include Unicode characters. Can't contain spaces or special characters. Can't be changed later. Case sensitive.","Name":"Name","Option":"Key"},{"CIMType":"String","Description":"Name of the attribute set. Case sensitive.","Name":"AttributeSet","Option":"Key"},{"CIMType":"MSFT_CustomSecurityAttributeAllowedValue[]","Description":"The allowed values of the attribute definition.","Name":"AllowedValues","Option":"Write"},{"CIMType":"String","Description":"Unique identifier of the Attribute Definition.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"Description of the custom security attribute. Can be up to 128 characters long and include Unicode characters. Can't contain spaces or special characters. Can be changed later. ","Name":"Description","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether multiple values can be assigned to the custom security attribute. Can't be changed later. If type is set to Boolean, isCollection can't be set to true.","Name":"IsCollection","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether custom security attribute values are indexed for searching on objects that are assigned attribute values. Can't be changed later.","Name":"IsSearchable","Option":"Write"},{"CIMType":"String","Description":"Specifies whether the custom security attribute is active or deactivated. Acceptable values are Available and Deprecated. Can be changed later.","Name":"Status","Option":"Write","ValueMap":["Available","Deprecated"],"Values":["Available","Deprecated"]},{"CIMType":"String","Description":"Data type for the custom security attribute values. Supported types are: Boolean, Integer, and String. Can't be changed later.","Name":"Type","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether only predefined values can be assigned to the custom security attribute. If set to false, free-form values are allowed. Can later be changed from true to false, but can't be changed from false to true. If type is set to Boolean, usePreDefinedValuesOnly can't be set to true.","Name":"UsePreDefinedValuesOnly","Option":"Write"},{"CIMType":"string","Description":"Present ensures the instance exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Absent","Present"],"Values":["Absent","Present"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Configures custom security attribute definitions in Entra Id."},{"ClassName":"MSFT_AADDeviceRegistrationPolicy","Parameters":[{"CIMType":"String","Description":"Only valid value is 'Yes'.","Name":"IsSingleInstance","Option":"Key","ValueMap":["Yes"],"Values":["Yes"]},{"CIMType":"Boolean","Description":"Determines whether or not administrators can configure Azure AD Join.","Name":"AzureADJoinIsAdminConfigurable","Option":"Write"},{"CIMType":"UInt32","Description":"Specifies the maximum number of devices that a user can have within your organization before blocking new device registrations. The default value is set to 50. If this property isn't specified during the policy update operation, it's automatically reset to 0 to indicate that users aren't allowed to join any devices.","Name":"UserDeviceQuota","Option":"Write"},{"CIMType":"String","Description":"Scope that a device registration policy applies to.","Name":"AzureADAllowedToJoin","Option":"Write","ValueMap":["All","Selected","None"],"Values":["All","Selected","None"]},{"CIMType":"String[]","Description":"List of users that this policy applies to.","Name":"AzureADAllowedToJoinUsers","Option":"Write"},{"CIMType":"String[]","Description":"List of groups that this policy applies to.","Name":"AzureADAllowedToJoinGroups","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies the authentication policy for a user to complete registration using Microsoft Entra join or Microsoft Entra registered within your organization.","Name":"MultiFactorAuthConfiguration","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether global administrators are local administrators on all Microsoft Entra-joined devices. This setting only applies to future registrations. Default is true.","Name":"LocalAdminsEnableGlobalAdmins","Option":"Write"},{"CIMType":"String","Description":"Scope that a device registration policy applies to for local admins.","Name":"AzureAdJoinLocalAdminsRegisteringMode","Option":"Write","ValueMap":["All","Selected","None"],"Values":["All","Selected","None"]},{"CIMType":"String[]","Description":"List of groups that this policy applies to.","Name":"AzureAdJoinLocalAdminsRegisteringGroups","Option":"Write"},{"CIMType":"String[]","Description":"List of users that this policy applies to.","Name":"AzureAdJoinLocalAdminsRegisteringUsers","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies whether this policy scope is configurable by the admin. The default value is false. An admin can set it to true to enable Local Admin Password Solution (LAPS) within their organzation.","Name":"LocalAdminPasswordIsEnabled","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Represents the policy scope that controls quota restrictions, additional authentication, and authorization policies to register device identities to your organization."},{"ClassName":"MSFT_AADDomain","Parameters":[{"CIMType":"String","Description":"Custom domain name.","Name":"Id","Option":"Key"},{"CIMType":"String","Description":"Indicates the configured authentication type for the domain. The value is either Managed or Federated. Managed indicates a cloud managed domain where Microsoft Entra ID performs user authentication. Federated indicates authentication is federated with an identity provider such as the tenant's on-premises Active Directory via Active Directory Federation Services.","Name":"AuthenticationType","Option":"Write"},{"CIMType":"String","Description":"This property is always null except when the verify action is used. When the verify action is used, a domain entity is returned in the response. The availabilityStatus property of the domain entity in the response is either AvailableImmediately or EmailVerifiedDomainTakeoverScheduled.","Name":"AvailabilityStatus","Option":"Write"},{"CIMType":"Boolean","Description":"The value of the property is false if the DNS record management of the domain is delegated to Microsoft 365. Otherwise, the value is true. Not nullable","Name":"IsAdminManaged","Option":"Write"},{"CIMType":"Boolean","Description":"True if this is the default domain that is used for user creation. There's only one default domain per company. Not nullable.","Name":"IsDefault","Option":"Write"},{"CIMType":"Boolean","Description":"True if the domain is a verified root domain. Otherwise, false if the domain is a subdomain or unverified. Not nullable.","Name":"IsRoot","Option":"Write"},{"CIMType":"Boolean","Description":"True if the domain completed domain ownership verification. Not nullable.","Name":"IsVerified","Option":"Write"},{"CIMType":"UInt32","Description":"Specifies the number of days before a user receives notification that their password expires. If the property isn't set, a default value of 14 days is used.","Name":"PasswordNotificationWindowInDays","Option":"Write"},{"CIMType":"UInt32","Description":"Specifies the length of time that a password is valid before it must be changed. If the property isn't set, a default value of 90 days is used.","Name":"PasswordValidityPeriodInDays","Option":"Write"},{"CIMType":"String[]","Description":"The capabilities assigned to the domain. Can include 0, 1 or more of following values: Email, Sharepoint, EmailInternalRelayOnly, OfficeCommunicationsOnline, SharePointDefaultDomain, FullRedelegation, SharePointPublic, OrgIdAuthentication, Yammer, Intune. The values that you can add or remove using the API include: Email, OfficeCommunicationsOnline, Yammer. Not nullable.","Name":"SupportedServices","Option":"Write"},{"CIMType":"string","Description":"Present ensures the instance exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Absent","Present"],"Values":["Absent","Present"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory application to authenticate with.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Configures custom domain names in Entra Id."},{"ClassName":"MSFT_AccessPackageResourceRoleScope","Parameters":[{"CIMType":"String","Description":"The Id of the resource roleScope.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"The origine Id of the resource.","Name":"AccessPackageResourceOriginId","Option":"Write"},{"CIMType":"String","Description":"The display name of the resource role.","Name":"AccessPackageResourceRoleDisplayName","Option":"Write"}],"Description":"This resource configures an Azure AD Entitlement Management Access Package."},{"ClassName":"MSFT_AADEntitlementManagementAccessPackage","Parameters":[{"CIMType":"String","Description":"The display name of the access package.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"The Id of the access package.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"Identifier of the access package catalog referencing this access package.","Name":"CatalogId","Option":"Write"},{"CIMType":"String","Description":"The description of the access package.","Name":"Description","Option":"Write"},{"CIMType":"Boolean","Description":"Whether the access package is hidden from the requestor.","Name":"IsHidden","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether role scopes are visible.","Name":"IsRoleScopesVisible","Option":"Write"},{"CIMType":"MSFT_AccessPackageResourceRoleScope[]","Description":"The resources and roles included in the access package.","Name":"AccessPackageResourceRoleScopes","Option":"Write"},{"CIMType":"String[]","Description":"The access packages whose assigned users are ineligible to be assigned this access package.","Name":"IncompatibleAccessPackages","Option":"Write"},{"CIMType":"String[]","Description":"The access packages that are incompatible with this package.","Name":"AccessPackagesIncompatibleWith","Option":"Write"},{"CIMType":"String[]","Description":"The groups whose members are ineligible to be assigned this access package.","Name":"IncompatibleGroups","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Intune Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures an Azure AD Entitlement Management Access Package."},{"ClassName":"MSFT_MicrosoftGraphassignmentreviewsettings","Parameters":[{"CIMType":"String","Description":"The default decision to apply if the request is not reviewed within the period specified in durationInDays.","Name":"AccessReviewTimeoutBehavior","Option":"Write","ValueMap":["acceptAccessRecommendation","keepAccess","removeAccess","unknownFutureValue"],"Values":["acceptAccessRecommendation","keepAccess","removeAccess","unknownFutureValue"]},{"CIMType":"UInt32","Description":"The number of days within which reviewers should provide input.","Name":"DurationInDays","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies whether to display recommendations to the reviewer. The default value is true","Name":"IsAccessRecommendationEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies whether the agentic experience is enabled for this policy.","Name":"IsAgenticExperienceEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies whether the reviewer must provide justification for the approval. The default value is true.","Name":"IsApprovalJustificationRequired","Option":"Write"},{"CIMType":"Boolean","Description":"If true, access reviews are required for assignments from this policy.","Name":"IsEnabled","Option":"Write"},{"CIMType":"String","Description":"The interval for recurrence, such as monthly or quarterly.","Name":"RecurrenceType","Option":"Write"},{"CIMType":"String","Description":"Who should be asked to do the review, either Self or Reviewers.","Name":"ReviewerType","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphuserset[]","Description":"If the reviewerType is Reviewers, this collection specifies the users who will be reviewers, either by ID or as members of a group, using a collection of singleUser and groupMembers.","Name":"Reviewers","Option":"Write"},{"CIMType":"String","Description":"When the first review should start.","Name":"StartDateTime","Option":"Write"}],"Description":"This resource configures an Azure AD Entitlement Management Access Package Assignment Policy."},{"ClassName":"MSFT_MicrosoftGraphuserset","Parameters":[{"CIMType":"String","Description":"The type of the resource","Name":"odataType","Option":"Write","ValueMap":["#microsoft.graph.singleUser","#microsoft.graph.groupMembers","#microsoft.graph.requestorManager","#microsoft.graph.internalSponsors","#microsoft.graph.externalSponsors","#microsoft.graph.connectedOrganizationMembers"],"Values":["#microsoft.graph.singleUser","#microsoft.graph.groupMembers","#microsoft.graph.requestorManager","#microsoft.graph.internalSponsors","#microsoft.graph.externalSponsors","#microsoft.graph.connectedOrganizationMembers"]},{"CIMType":"String","Description":"The id of the resource.","Name":"Id","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether the resource is a backup fallback approver.","Name":"IsBackup","Option":"Write"},{"CIMType":"UInt32","Description":"The hierarchical level of the manager with respect to the requestor. For example, the direct manager of a requestor would have a managerLevel of 1, while the manager of the requestor's manager would have a managerLevel of 2. Default value for managerLevel is 1. Possible values for this property range from 1 to 2.","Name":"ManagerLevel","Option":"Write"}],"Description":"This resource configures an Azure AD Entitlement Management Access Package Assignment Policy."},{"ClassName":"MSFT_MicrosoftGraphaccesspackagequestion","Parameters":[{"CIMType":"String","Description":"The type of the resource","Name":"odataType","Option":"Write","ValueMap":["#microsoft.graph.accessPackageMultipleChoiceQuestion","#microsoft.graph.accessPackageTextInputQuestion"],"Values":["#microsoft.graph.accessPackageMultipleChoiceQuestion","#microsoft.graph.accessPackageTextInputQuestion"]},{"CIMType":"String","Description":"ID of the question.","Name":"Id","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies whether the requestor is allowed to edit answers to questions.","Name":"IsAnswerEditable","Option":"Write"},{"CIMType":"Boolean","Description":"Whether the requestor is required to supply an answer or not.","Name":"IsRequired","Option":"Write"},{"CIMType":"UInt32","Description":"Relative position of this question when displaying a list of questions to the requestor.","Name":"Sequence","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphaccessPackageLocalizedContent","Description":"The text of the question to show to the requestor.","Name":"QuestionText","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphaccessPackageAnswerChoice[]","Description":"List of answer choices.","Name":"Choices","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether requestor can select multiple choices as their answer.","Name":"AllowsMultipleSelection","Option":"Write"},{"CIMType":"String","Description":"This is the regex pattern that the corresponding text answer must follow.","Name":"RegexPattern","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether the answer will be in single or multiple line format.","Name":"IsSingleLineQuestion","Option":"Write"}],"Description":"This resource configures an Azure AD Entitlement Management Access Package Assignment Policy."},{"ClassName":"MSFT_MicrosoftGraphaccessPackageLocalizedContent","Parameters":[{"CIMType":"String","Description":"The fallback string, which is used when a requested localization is not available. Required.","Name":"DefaultText","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphaccessPackageLocalizedText[]","Description":"Content represented in a format for a specific locale.","Name":"LocalizedTexts","Option":"Write"}],"Description":"This resource configures an Azure AD Entitlement Management Access Package Assignment Policy."},{"ClassName":"MSFT_MicrosoftGraphaccessPackageLocalizedText","Parameters":[{"CIMType":"String","Description":"The text in the specific language. Required.","Name":"Text","Option":"Write"},{"CIMType":"String","Description":"The ISO code for the intended language. Required.","Name":"LanguageCode","Option":"Write"}],"Description":"This resource configures an Azure AD Entitlement Management Access Package Assignment Policy."},{"ClassName":"MSFT_MicrosoftGraphaccessPackageAnswerChoice","Parameters":[{"CIMType":"String","Description":"The actual value of the selected choice. This is typically a string value which is understandable by applications. Required.","Name":"ActualValue","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphaccessPackageLocalizedContent","Description":"The localized display values shown to the requestor and approvers. Required.","Name":"displayValue","Option":"Write"}],"Description":"This resource configures an Azure AD Entitlement Management Access Package Assignment Policy."},{"ClassName":"MSFT_MicrosoftGraphapprovalsettings","Parameters":[{"CIMType":"String","Description":"One of SingleStage, Serial, Parallel, NoApproval (default). NoApproval is used when isApprovalRequired is false.","Name":"ApprovalMode","Option":"Write","ValueMap":["SingleStage","Serial","Parallel","NoApproval"],"Values":["SingleStage","Serial","Parallel","NoApproval"]},{"CIMType":"MSFT_MicrosoftGraphapprovalstage1[]","Description":"If approval is required, the one or two elements of this collection define each of the stages of approval. An empty array if no approval is required.","Name":"ApprovalStages","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether approval is required for requests in this policy.","Name":"IsApprovalRequired","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether approval is required for a user to extend their assignment.","Name":"IsApprovalRequiredForExtension","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether the requestor is required to supply a justification in their request.","Name":"IsRequestorJustificationRequired","Option":"Write"}],"Description":"This resource configures an Azure AD Entitlement Management Access Package Assignment Policy."},{"ClassName":"MSFT_MicrosoftGraphapprovalstage1","Parameters":[{"CIMType":"UInt32","Description":"The number of days that a request can be pending a response before it is automatically denied.","Name":"ApprovalStageTimeOutInDays","Option":"Write"},{"CIMType":"String","Description":"Defines whether approver information is visible to the requestor in approval processes within Microsoft Entra entitlement management and related governance scenarios.","Name":"ApproverInformationVisibility","Option":"Write","ValueMap":["default","notVisible","visible","unknownFutureValue"],"Values":["default","notVisible","visible","unknownFutureValue"]},{"CIMType":"UInt32","Description":"Indicates whether the approver is required to provide a justification for approving a request.","Name":"EscalationTimeInMinutes","Option":"Write"},{"CIMType":"Boolean","Description":"If true, then one or more escalation approvers are configured in this approval stage.","Name":"IsApproverJustificationRequired","Option":"Write"},{"CIMType":"Boolean","Description":"If escalation is required, the time a request can be pending a response from a primary approver.","Name":"IsEscalationEnabled","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphuserset[]","Description":"The users who will be asked to approve requests. A collection of singleUser, groupMembers, requestorManager, internalSponsors and externalSponsors. When creating or updating a policy, include at least one userSet in this collection.","Name":"PrimaryApprovers","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphuserset[]","Description":"If escalation is enabled and the primary approvers do not respond before the escalation time, the escalationApprovers are the users who will be asked to approve requests. This can be a collection of singleUser, groupMembers, requestorManager, internalSponsors and externalSponsors. When creating or updating a policy, if there are no escalation approvers, or escalation approvers are not required for the stage, the value of this property should be an empty collection.","Name":"EscalationApprovers","Option":"Write"}],"Description":"This resource configures an Azure AD Entitlement Management Access Package Assignment Policy."},{"ClassName":"MSFT_MicrosoftGraphrequestorsettings","Parameters":[{"CIMType":"Boolean","Description":"Indicates whether new requests are accepted on this policy.","Name":"AcceptRequests","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphuserset[]","Description":"The users who are allowed to request on this policy, which can be singleUser, groupMembers, and connectedOrganizationMembers.","Name":"AllowedRequestors","Option":"Write"},{"CIMType":"String","Description":"Who can request.","Name":"ScopeType","Option":"Write","ValueMap":["NoSubjects","SpecificDirectorySubjects","SpecificConnectedOrganizationSubjects","AllConfiguredConnectedOrganizationSubjects","AllExistingConnectedOrganizationSubjects","AllExistingDirectoryMemberUsers","AllExistingDirectorySubjects","AllExternalSubjects"],"Values":["NoSubjects","SpecificDirectorySubjects","SpecificConnectedOrganizationSubjects","AllConfiguredConnectedOrganizationSubjects","AllExistingConnectedOrganizationSubjects","AllExistingDirectoryMemberUsers","AllExistingDirectorySubjects","AllExternalSubjects"]}],"Description":"This resource configures an Azure AD Entitlement Management Access Package Assignment Policy."},{"ClassName":"MSFT_MicrosoftGraphcustomextensionhandler","Parameters":[{"CIMType":"String","Description":"Indicates which custom workflow extension will be executed at this stage.","Name":"CustomExtensionId","Option":"Write"},{"CIMType":"String","Description":"Indicates the stage of the access package assignment request workflow when the access package custom extension runs.","Name":"Stage","Option":"Write","ValueMap":["assignmentRequestCreated","assignmentRequestApproved","assignmentRequestGranted","assignmentRequestRemoved","assignmentFourteenDaysBeforeExpiration","assignmentOneDayBeforeExpiration","unknownFutureValue"],"Values":["assignmentRequestCreated","assignmentRequestApproved","assignmentRequestGranted","assignmentRequestRemoved","assignmentFourteenDaysBeforeExpiration","assignmentOneDayBeforeExpiration","unknownFutureValue"]},{"CIMType":"String","Description":"Identifier of the stage.","Name":"Id","Option":"Write"}],"Description":"This resource configures an Azure AD Entitlement Management Access Package Assignment Policy."},{"ClassName":"MSFT_AADEntitlementManagementAccessPackageAssignmentPolicy","Parameters":[{"CIMType":"String","Description":"The display name of the policy.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"Id of the access package assignment policy.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"Identifier of the access package.","Name":"AccessPackageId","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphassignmentreviewsettings","Description":"Who must review, and how often, the assignments to the access package from this policy. This property is null if reviews are not required.","Name":"AccessReviewSettings","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether a user can extend the access package assignment duration after approval.","Name":"CanExtend","Option":"Write"},{"CIMType":"String","Description":"The description of the policy.","Name":"Description","Option":"Write"},{"CIMType":"UInt32","Description":"The number of days in which assignments from this policy last until they are expired.","Name":"DurationInDays","Option":"Write"},{"CIMType":"String","Description":"The expiration date for assignments created in this policy. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z","Name":"ExpirationDateTime","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphaccesspackagequestion[]","Description":"Questions that are posed to the requestor.","Name":"Questions","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphapprovalsettings","Description":"Who must approve requests for access package in this policy.","Name":"RequestApprovalSettings","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphrequestorsettings","Description":"Who can request this access package from this policy.","Name":"RequestorSettings","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphcustomextensionhandler[]","Description":"The collection of stages when to execute one or more custom access package workflow extensions.","Name":"CustomExtensionHandlers","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Intune Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures an Azure AD Entitlement Management Access Package Assignment Policy."},{"ClassName":"MSFT_AADEntitlementManagementAccessPackageCatalog","Parameters":[{"CIMType":"String","Description":"The display name of the access package catalog.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"The id of the access package catalog.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"Has the value Published if the access packages are available for management.","Name":"CatalogStatus","Option":"Write"},{"CIMType":"String","Description":"One of UserManaged or ServiceDefault.","Name":"CatalogType","Option":"Write","ValueMap":["UserManaged","ServiceDefault"],"Values":["UserManaged","ServiceDefault"]},{"CIMType":"String","Description":"The description of the access package catalog.","Name":"Description","Option":"Write"},{"CIMType":"Boolean","Description":"Whether the access packages in this catalog can be requested by users outside of the tenant.","Name":"IsExternallyVisible","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Intune Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures an Azure AD Entitlement Management Access Package Catalog."},{"ClassName":"MSFT_MicrosoftGraphaccesspackageresourceattribute","Parameters":[{"CIMType":"MSFT_MicrosoftGraphaccesspackageresourceattributedestination","Description":"Information about how to set the attribute, currently a accessPackageUserDirectoryAttributeStore object type.","Name":"AttributeDestination","Option":"Write"},{"CIMType":"String","Description":"The name of the attribute in the end system.","Name":"AttributeName","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphaccesspackageresourceattributesource","Description":"Information about how to populate the attribute value when an accessPackageAssignmentRequest is being fulfilled, currently a accessPackageResourceAttributeQuestion object type.","Name":"AttributeSource","Option":"Write"},{"CIMType":"String","Description":"Id of the access package resource attribute.","Name":"Id","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies whether or not an existing attribute value can be edited by the requester.","Name":"IsEditable","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies whether the attribute will remain in the end system after an assignment ends.","Name":"IsPersistedOnAssignmentRemoval","Option":"Write"}],"Description":"This resource configures an Azure AD Entitlement Management Access Package Catalog Resource."},{"ClassName":"MSFT_MicrosoftGraphaccesspackageresourceattributedestination","Parameters":[{"CIMType":"String","Description":"Type of the access package resource attribute destination.","Name":"odataType","Option":"Write","ValueMap":["#microsoft.graph.accessPackageUserDirectoryAttributeStore"],"Values":["#microsoft.graph.accessPackageUserDirectoryAttributeStore"]}],"Description":"This resource configures an Azure AD Entitlement Management Access Package Catalog Resource."},{"ClassName":"MSFT_MicrosoftGraphaccesspackageresourceattributesource","Parameters":[{"CIMType":"String","Description":"Type of the access package resource attribute source.","Name":"odataType","Option":"Write","ValueMap":["#microsoft.graph.accessPackageResourceAttributeQuestion"],"Values":["#microsoft.graph.accessPackageResourceAttributeQuestion"]},{"CIMType":"MSFT_MicrosoftGraphaccessPackageResourceAttributeQuestion","Description":"The question asked in order to get the value of the attribute.","Name":"Question","Option":"Write"}],"Description":"This resource configures an Azure AD Entitlement Management Access Package Catalog Resource."},{"ClassName":"MSFT_MicrosoftGraphaccessPackageResourceAttributeQuestion","Parameters":[{"CIMType":"String","Description":"Type of the access package resource attribute question.","Name":"odataType","Option":"Write","ValueMap":["#microsoft.graph.accessPackageTextInputQuestion","#microsoft.graph.accessPackageMultipleChoiceQuestion"],"Values":["#microsoft.graph.accessPackageTextInputQuestion","#microsoft.graph.accessPackageMultipleChoiceQuestion"]},{"CIMType":"String","Description":"Id of the access package resource attribute question.","Name":"Id","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether the requestor is required to supply an answer or not.","Name":"IsRequired","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether the answer will be in single or multiple line format.","Name":"IsSingleLine","Option":"Write"},{"CIMType":"String","Description":"This is the regex pattern that the corresponding text answer must follow.","Name":"RegexPattern","Option":"Write"},{"CIMType":"UInt32","Description":"Relative position of this question when displaying a list of questions to the requestor.","Name":"Sequence","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphaccessPackageLocalizedContent","Description":"The text of the question to show to the requestor.","Name":"QuestionText","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether requestor can select multiple choices as their answer.","Name":"AllowsMultipleSelection","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphaccessPackageAnswerChoice[]","Description":"List of answer choices.","Name":"Choices","Option":"Write"}],"Description":"This resource configures an Azure AD Entitlement Management Access Package Catalog Resource."},{"ClassName":"MSFT_AADEntitlementManagementAccessPackageCatalogResource","Parameters":[{"CIMType":"String","Description":"The display name of the resource, such as the application name, group name or site name.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"Id of the access package catalog resource.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"The unique ID of the access package catalog.","Name":"CatalogId","Option":"Write"},{"CIMType":"String","Description":"The name of the user or application that first added this resource. Read-only.","Name":"AddedBy","Option":"Write"},{"CIMType":"String","Description":"The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. Read-only.","Name":"AddedOn","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphaccesspackageresourceattribute[]","Description":"Contains information about the attributes to be collected from the requestor and sent to the resource application.","Name":"Attributes","Option":"Write"},{"CIMType":"String","Description":"A description for the resource.","Name":"Description","Option":"Write"},{"CIMType":"Boolean","Description":"True if the resource is not yet available for assignment. Read-only.","Name":"IsPendingOnboarding","Option":"Write"},{"CIMType":"String","Description":"The unique identifier of the resource in the origin system. In the case of an Azure AD group, this is the identifier of the group.","Name":"OriginId","Option":"Write"},{"CIMType":"String","Description":"The type of the resource in the origin system.","Name":"OriginSystem","Option":"Write"},{"CIMType":"String","Description":"The type of the resource.","Name":"ResourceType","Option":"Write"},{"CIMType":"String","Description":"A unique resource locator for the resource, such as the URL for signing a user into an application.","Name":"Url","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Intune Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures an Azure AD Entitlement Management Access Package Catalog Resource."},{"ClassName":"MSFT_AADEntitlementManagementConnectedOrganizationIdentitySource","Parameters":[{"CIMType":"String","Description":"Type of the identity source.","Name":"odataType","Option":"Required","ValueMap":["#microsoft.graph.azureActiveDirectoryTenant","#microsoft.graph.crossCloudAzureActiveDirectoryTenant","#microsoft.graph.domainIdentitySource","#microsoft.graph.externalDomainFederation"],"Values":["#microsoft.graph.azureActiveDirectoryTenant","#microsoft.graph.crossCloudAzureActiveDirectoryTenant","#microsoft.graph.domainIdentitySource","#microsoft.graph.externalDomainFederation"]},{"CIMType":"String","Description":"The name of the Azure Active Directory tenant.","Name":"DisplayName","Option":"Write"},{"CIMType":"String","Description":"The ID of the Azure Active Directory tenant.","Name":"ExternalTenantId","Option":"Key"},{"CIMType":"String","Description":"The ID of the cloud where the tenant is located, one of microsoftonline.com, microsoftonline.us or partner.microsoftonline.cn.","Name":"CloudInstance","Option":"Write"},{"CIMType":"String","Description":"The domain name.","Name":"DomainName","Option":"Write"},{"CIMType":"String","Description":"The issuerURI of the incoming federation.","Name":"IssuerUri","Option":"Write"}],"Description":"This resource configures an Azure AD Entitlement Management Connected Organization."},{"ClassName":"MSFT_AADEntitlementManagementConnectedOrganization","Parameters":[{"CIMType":"String","Description":"The display name of the connected organization.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"The Id of the Connected organization object.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"The description of the connected organization.","Name":"Description","Option":"Write"},{"CIMType":"MSFT_AADEntitlementManagementConnectedOrganizationIdentitySource[]","Description":"The identity sources in this connected organization.","Name":"IdentitySources","Option":"Write"},{"CIMType":"String","Description":"The state of a connected organization defines whether assignment policies with requestor scope type AllConfiguredConnectedOrganizationSubjects are applicable or not.","Name":"State","Option":"Write","ValueMap":["configured","proposed","unknownFutureValue"],"Values":["configured","proposed","unknownFutureValue"]},{"CIMType":"String[]","Description":"Collection of objectID of external sponsors. the sponsor can be a user or a group.","Name":"ExternalSponsors","Option":"Write"},{"CIMType":"String[]","Description":"Collection of objectID of internal sponsors. the sponsor can be a user or a group.","Name":"InternalSponsors","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Intune Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures an Azure AD Entitlement Management Connected Organization."},{"ClassName":"MSFT_AADEntitlementManagementRoleAssignment","Parameters":[{"CIMType":"String","Description":"Unique Id of the role assignment.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"Identifier of the principal to which the assignment is granted.","Name":"Principal","Option":"Key"},{"CIMType":"String","Description":"Identifier of the unifiedRoleDefinition the assignment is for.","Name":"RoleDefinition","Option":"Key"},{"CIMType":"String","Description":"Identifier of the app specific scope when the assignment scope is app specific. The scope of an assignment determines the set of resources for which the principal has been granted access. App scopes are scopes that are defined and understood by a resource application only.","Name":"AppScopeId","Option":"Write"},{"CIMType":"String","Description":"Identifier of the directory object representing the scope of the assignment. The scope of an assignment determines the set of resources for which the principal has been granted access. Directory scopes are shared scopes stored in the directory that are understood by multiple applications, unlike app scopes that are defined and understood by a resource application only.","Name":"DirectoryScopeId","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Intune Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures an Azure AD Entitlement Management Role Assignment."},{"ClassName":"MSFT_AADEntitlementManagementSettings","Parameters":[{"CIMType":"String","Description":"Only accepted value is 'Yes'.","Name":"IsSingleInstance","Option":"Key","ValueMap":["Yes"],"Values":["Yes"]},{"CIMType":"UInt32","Description":"If externalUserLifecycleAction is blockSignInAndDelete, the duration, typically many days, after an external user is blocked from sign in before their account is deleted.","Name":"DaysUntilExternalUserDeletedAfterBlocked","Option":"Write"},{"CIMType":"String","Description":"Automatic action that the service should take when an external user's last access package assignment is removed. The possible values are: none, blockSignIn, blockSignInAndDelete, unknownFutureValue.","Name":"ExternalUserLifecycleAction","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Manages Entra Id Entitlement Management settings."},{"ClassName":"MSFT_AADExternalIdentityPolicy","Parameters":[{"CIMType":"String","Description":"Only valid value is 'Yes'.","Name":"IsSingleInstance","Option":"Key","ValueMap":["Yes"],"Values":["Yes"]},{"CIMType":"Boolean","Description":"Reserved for future use.","Name":"AllowDeletedIdentitiesDataRemoval","Option":"Write"},{"CIMType":"Boolean","Description":"Defines whether external users can leave the guest tenant. If set to false, self-service controls are disabled, and the admin of the guest tenant must manually remove the external user from the guest tenant. When the external user leaves the tenant, their data in the guest tenant is first soft-deleted then permanently deleted in 30 days.","Name":"AllowExternalIdentitiesToLeave","Option":"Required"},{"CIMType":"MSFT_Credential","Description":"Credentials for the Microsoft Graph delegated permissions.","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory application to authenticate with.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Represents the tenant-wide policy that controls whether external users can leave the guest Microsoft Entra tenant via self-service controls."},{"ClassName":"MSFT_AADFeatureRolloutPolicy","Parameters":[{"CIMType":"String[]","Description":"Indicates the DisplayName of the groups the policy is assigned to.","Name":"AppliesTo","Option":"Write"},{"CIMType":"String","Description":"A description for this feature rollout policy.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"The display name for this  feature rollout policy.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"Possible values are: passthroughAuthentication, seamlessSso, passwordHashSync, emailAsAlternateId, unknownFutureValue, certificateBasedAuthentication. You must use the Prefer: include-unknown-enum-members request header to get the following value or values in this evolvable enum: certificateBasedAuthentication. For more information about the prerequisites for the enabled features, see Prerequisites for enabled features.","Name":"Feature","Option":"Write","ValueMap":["passthroughAuthentication","seamlessSso","passwordHashSync","emailAsAlternateId","unknownFutureValue","certificateBasedAuthentication"],"Values":["passthroughAuthentication","seamlessSso","passwordHashSync","emailAsAlternateId","unknownFutureValue","certificateBasedAuthentication"]},{"CIMType":"Boolean","Description":"Indicates whether this feature rollout policy should be applied to the entire organization.","Name":"IsAppliedToOrganization","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether the feature rollout is enabled.","Name":"IsEnabled","Option":"Write"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Azure AD Policy Feature Rollout Policy"},{"ClassName":"MSFT_AADFederationConfiguration","Parameters":[{"CIMType":"String","Description":"The display name of the SAML/WS-Fed based identity provider. Inherited from identityProviderBase.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"Unique fientifier","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"Issuer URI of the federation server. Inherited from samlOrWsFedProvider.","Name":"IssuerUri","Option":"Write"},{"CIMType":"String","Description":"URI of the metadata exchange endpoint used for authentication from rich client applications. Inherited from samlOrWsFedProvider.","Name":"MetadataExchangeUri","Option":"Write"},{"CIMType":"String","Description":"URI that web-based clients are directed to when signing in to Microsoft Entra services. Inherited from samlOrWsFedProvider.","Name":"PassiveSignInUri","Option":"Write"},{"CIMType":"String","Description":"Preferred authentication protocol. The possible values are: wsFed, saml. Inherited from samlOrWsFedProvider.","Name":"PreferredAuthenticationProtocol","Option":"Write"},{"CIMType":"String","Description":"Current certificate used to sign tokens passed to the Microsoft identity platform. The certificate is formatted as a Base64 encoded string of the public portion of the federated IdP's token signing certificate and must be compatible with the X509Certificate2 class.","Name":"SigningCertificate","Option":"Write"},{"CIMType":"String[]","Description":"List of associated domains.","Name":"Domains","Option":"Write"},{"CIMType":"string","Description":"Present ensures the instance exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Absent","Present"],"Values":["Absent","Present"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Configures federation in Entra Id."},{"ClassName":"MSFT_AADFilteringPolicy","Parameters":[{"CIMType":"String","Description":"Name of the policy.","Name":"Name","Option":"Key"},{"CIMType":"String","Description":"Unique identifier of the policy.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"Description for the policy.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Action associated with the policy.","Name":"Action","Option":"Write"},{"CIMType":"string","Description":"Present ensures the instance exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Absent","Present"],"Values":["Absent","Present"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Configures filtering policies in Entra Id."},{"ClassName":"MSFT_AADFilteringPolicyRuleDestination","Parameters":[{"CIMType":"String","Description":"Name of the destination.","Name":"name","Option":"Write"},{"CIMType":"String","Description":"FQDN value for the destination.","Name":"value","Option":"Write"}],"Description":"Configures filtering rules in Entra Id."},{"ClassName":"MSFT_AADFilteringPolicyRule","Parameters":[{"CIMType":"String","Description":"Name of the rule.","Name":"Name","Option":"Key"},{"CIMType":"String","Description":"Name of the associated policy.","Name":"Policy","Option":"Key"},{"CIMType":"String","Description":"Unique Id for the rule.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"Type of rule.","Name":"RuleType","Option":"Write"},{"CIMType":"MSFT_AADFilteringPolicyRuleDestination[]","Description":"List of associated destinations with the rule.","Name":"Destinations","Option":"Write"},{"CIMType":"string","Description":"Present ensures the instance exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Absent","Present"],"Values":["Absent","Present"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Configures filtering rules in Entra Id."},{"ClassName":"MSFT_AADFilteringProfilePolicyLink","Parameters":[{"CIMType":"String","Description":"Logging state for the associated policy.","Name":"LoggingState","Option":"Write"},{"CIMType":"UInt32","Description":"Priority of the associated policy.","Name":"Priority","Option":"Write"},{"CIMType":"String","Description":"State of the associated policy.","Name":"State","Option":"Write"},{"CIMType":"String","Description":"Name of the associated policy.","Name":"PolicyName","Option":"Key"}],"Description":"Configures filtering profiles in Entra Id."},{"ClassName":"MSFT_AADFilteringProfile","Parameters":[{"CIMType":"String","Description":"Profile name.","Name":"Name","Option":"Key"},{"CIMType":"String","Description":"Unique identifier for the profile.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"Description of the profile.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"State of the profile.","Name":"State","Option":"Write"},{"CIMType":"UInt32","Description":"Priority level for the profile.","Name":"Priority","Option":"Write"},{"CIMType":"MSFT_AADFilteringProfilePolicyLink[]","Description":"List of filtering policy names associated with the profile.","Name":"Policies","Option":"Write"},{"CIMType":"string","Description":"Present ensures the instance exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Absent","Present"],"Values":["Absent","Present"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Configures filtering profiles in Entra Id."},{"ClassName":"MSFT_AADGroupLicense","Parameters":[{"CIMType":"String[]","Description":"A collection of the unique identifiers for plans that have been disabled.","Name":"DisabledPlans","Option":"Write"},{"CIMType":"String","Description":"The unique identifier for the SKU.","Name":"SkuId","Option":"Key"}],"Description":"This resource configures an Azure Active Directory group. IMPORTANT: It does not support mail enabled security groups or mail enabled groups that are not unified or dynamic groups.\n\nIf using with AADUser, be aware that if AADUser->MemberOf is being specified and the referenced group is configured with AADGroup->Member then a conflict may arise if the two don't match. It is usually best to choose only one of them. See AADUser"},{"ClassName":"MSFT_AADGroup","Parameters":[{"CIMType":"String","Description":"DisplayName of the Azure Active Directory Group","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"Specifies a mail nickname for the group.","Name":"MailNickname","Option":"Key"},{"CIMType":"String","Description":"Specifies a description for the group.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Specifies an ID for the group.","Name":"Id","Option":"Write"},{"CIMType":"String[]","Description":"User Service Principal values for the group's owners.","Name":"Owners","Option":"Write"},{"CIMType":"String[]","Description":"User Service Principal values for the group's members.","Name":"Members","Option":"Write"},{"CIMType":"String[]","Description":"Displayname values for the groups member of the group.","Name":"GroupAsMembers","Option":"Write"},{"CIMType":"String[]","Description":"DisplayName values for the groups that this group is a member of.","Name":"MemberOf","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies if the current group is part of a selected Group Lifecycle Policy configuration. Only applicable for Microsoft 365 Groups.","Name":"GroupLifecyclePolicySelectedEnabled","Option":"Write"},{"CIMType":"String[]","Description":"Specifies that the group is a dynamic group. To create a dynamic group, specify a value of DynamicMembership.","Name":"GroupTypes","Option":"Write"},{"CIMType":"String","Description":"Specifies the membership rule for a dynamic group.","Name":"MembershipRule","Option":"Write"},{"CIMType":"String","Description":"Specifies the rule processing state. The acceptable values for this parameter are: On. Process the group rule or Paused. Stop processing the group rule.","Name":"MembershipRuleProcessingState","Option":"Write","ValueMap":["On","Paused"],"Values":["On","Paused"]},{"CIMType":"Boolean","Description":"Specifies whether the group is security enabled. For security groups, this value must be $True.","Name":"SecurityEnabled","Option":"Required"},{"CIMType":"Boolean","Description":"Specifies whether this group is mail enabled. Currently, you cannot create mail enabled groups in Azure AD.","Name":"MailEnabled","Option":"Required"},{"CIMType":"Boolean","Description":"Specifies whether this group can be assigned a role. Only available when creating a group and can't be modified after group is created.","Name":"IsAssignableToRole","Option":"Write"},{"CIMType":"String[]","Description":"DisplayName values for the roles that the group is assigned to.","Name":"AssignedToRole","Option":"Write"},{"CIMType":"String","Description":"This parameter determines the visibility of the group's content and members list.","Name":"Visibility","Option":"Write","ValueMap":["Public","Private","HiddenMembership"],"Values":["Public","Private","HiddenMembership"]},{"CIMType":"MSFT_AADGroupLicense[]","Description":"List of Licenses assigned to the group.","Name":"AssignedLicenses","Option":"Write"},{"CIMType":"String","Description":"Specify if the Azure AD Group should exist or not.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials for the Microsoft Graph delegated permissions.","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory application to authenticate with.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures an Azure Active Directory group. IMPORTANT: It does not support mail enabled security groups or mail enabled groups that are not unified or dynamic groups.\n\nIf using with AADUser, be aware that if AADUser->MemberOf is being specified and the referenced group is configured with AADGroup->Member then a conflict may arise if the two don't match. It is usually best to choose only one of them. See AADUser"},{"ClassName":"MSFT_MicrosoftGraphRequestSchedule","Parameters":[{"CIMType":"MSFT_MicrosoftGraphExpirationPattern","Description":"When the eligible or active assignment expires.","Name":"Expiration","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphPatternedRecurrence1","Description":"The frequency of the  eligible or active assignment. This property is currently unsupported in PIM.","Name":"Recurrence","Option":"Write"},{"CIMType":"String","Description":"When the  eligible or active assignment becomes active.","Name":"StartDateTime","Option":"Write"}],"Description":"Azure AD Group Eligibility Schedule"},{"ClassName":"MSFT_MicrosoftGraphExpirationPattern","Parameters":[{"CIMType":"String","Description":"The requestor's desired duration of access represented in ISO 8601 format for durations. For example, PT3H refers to three hours.  If specified in a request, endDateTime should not be present and the type property should be set to afterDuration.","Name":"Duration","Option":"Write"},{"CIMType":"String","Description":"Timestamp of date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.","Name":"EndDateTime","Option":"Write"},{"CIMType":"String","Description":"The requestor's desired expiration pattern type. The possible values are: notSpecified, noExpiration, afterDateTime, afterDuration.","Name":"Type","Option":"Write","ValueMap":["notSpecified","noExpiration","afterDateTime","afterDuration"],"Values":["notSpecified","noExpiration","afterDateTime","afterDuration"]}],"Description":"Azure AD Group Eligibility Schedule"},{"ClassName":"MSFT_MicrosoftGraphPatternedRecurrence1","Parameters":[{"CIMType":"MSFT_MicrosoftGraphRecurrencePattern1","Description":"The frequency of an event.  For access reviews: Do not specify this property for a one-time access review.  Only interval, dayOfMonth, and type (weekly, absoluteMonthly) properties of recurrencePattern are supported.","Name":"Pattern","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphRecurrenceRange1","Description":"The duration of an event.","Name":"Range","Option":"Write"}],"Description":"Azure AD Group Eligibility Schedule"},{"ClassName":"MSFT_MicrosoftGraphRecurrencePattern1","Parameters":[{"CIMType":"UInt32","Description":"The day of the month on which the event occurs. Required if type is absoluteMonthly or absoluteYearly.","Name":"DayOfMonth","Option":"Write"},{"CIMType":"String[]","Description":"A collection of the days of the week on which the event occurs. The possible values are: sunday, monday, tuesday, wednesday, thursday, friday, saturday. If type is relativeMonthly or relativeYearly, and daysOfWeek specifies more than one day, the event falls on the first day that satisfies the pattern.  Required if type is weekly, relativeMonthly, or relativeYearly.","Name":"DaysOfWeek","Option":"Write","ValueMap":["sunday","monday","tuesday","wednesday","thursday","friday","saturday"],"Values":["sunday","monday","tuesday","wednesday","thursday","friday","saturday"]},{"CIMType":"String","Description":"The first day of the week. The possible values are: sunday, monday, tuesday, wednesday, thursday, friday, saturday. Default is sunday. Required if type is weekly.","Name":"FirstDayOfWeek","Option":"Write","ValueMap":["sunday","monday","tuesday","wednesday","thursday","friday","saturday"],"Values":["sunday","monday","tuesday","wednesday","thursday","friday","saturday"]},{"CIMType":"String","Description":"Specifies on which instance of the allowed days specified in daysOfWeek the event occurs, counted from the first instance in the month. The possible values are: first, second, third, fourth, last. Default is first. Optional and used if type is relativeMonthly or relativeYearly.","Name":"Index","Option":"Write","ValueMap":["first","second","third","fourth","last"],"Values":["first","second","third","fourth","last"]},{"CIMType":"UInt32","Description":"The number of units between occurrences, where units can be in days, weeks, months, or years, depending on the type. Required.","Name":"Interval","Option":"Write"},{"CIMType":"UInt32","Description":"The month in which the event occurs.  This is a number from 1 to 12.","Name":"Month","Option":"Write"},{"CIMType":"String","Description":"The recurrence pattern type: daily, weekly, absoluteMonthly, relativeMonthly, absoluteYearly, relativeYearly. Required. For more information, see values of type property.","Name":"Type","Option":"Write","ValueMap":["daily","weekly","absoluteMonthly","relativeMonthly","absoluteYearly","relativeYearly"],"Values":["daily","weekly","absoluteMonthly","relativeMonthly","absoluteYearly","relativeYearly"]}],"Description":"Azure AD Group Eligibility Schedule"},{"ClassName":"MSFT_MicrosoftGraphRecurrenceRange1","Parameters":[{"CIMType":"String","Description":"The date to stop applying the recurrence pattern. Depending on the recurrence pattern of the event, the last occurrence of the meeting may not be this date. Required if type is endDate.","Name":"EndDate","Option":"Write"},{"CIMType":"UInt32","Description":"The number of times to repeat the event. Required and must be positive if type is numbered.","Name":"NumberOfOccurrences","Option":"Write"},{"CIMType":"String","Description":"Time zone for the startDate and endDate properties. Optional. If not specified, the time zone of the event is used.","Name":"RecurrenceTimeZone","Option":"Write"},{"CIMType":"String","Description":"The date to start applying the recurrence pattern. The first occurrence of the meeting may be this date or later, depending on the recurrence pattern of the event. Must be the same value as the start property of the recurring event. Required.","Name":"StartDate","Option":"Write"},{"CIMType":"String","Description":"The recurrence range. The possible values are: endDate, noEnd, numbered. Required.","Name":"Type","Option":"Write","ValueMap":["endDate","noEnd","numbered"],"Values":["endDate","noEnd","numbered"]}],"Description":"Azure AD Group Eligibility Schedule"},{"ClassName":"MSFT_AADGroupEligibilitySchedule","Parameters":[{"CIMType":"String","Description":"Displayname if the Principal is group, otherwise UserPrincipalName for user.","Name":"Principal","Option":"Key"},{"CIMType":"String","Description":"The identifier of the membership or ownership eligibility to the group that is governed by PIM. Required. The possible values are: owner, member. Supports $filter (eq).","Name":"AccessId","Option":"Key","ValueMap":["owner","member","unknownFutureValue"],"Values":["owner","member","unknownFutureValue"]},{"CIMType":"String","Description":"Displayname of the group representing the scope of the membership or ownership eligibility through PIM for groups.","Name":"GroupDisplayName","Option":"Key"},{"CIMType":"String","Description":"The identifier of the group representing the scope of the membership or ownership eligibility through PIM for groups. Required. Supports $filter (eq).","Name":"GroupId","Option":"Write"},{"CIMType":"String","Description":"Indicates whether the assignment is derived from a group assignment. It can further imply whether the caller can manage the schedule. Required. The possible values are: direct, group, unknownFutureValue. Supports $filter (eq).","Name":"MemberType","Option":"Write","ValueMap":["direct","group","unknownFutureValue"],"Values":["direct","group","unknownFutureValue"]},{"CIMType":"String","Description":"Principal type user or group","Name":"PrincipalType","Option":"Write","ValueMap":["user","group"],"Values":["user","group"]},{"CIMType":"MSFT_MicrosoftGraphrequestSchedule","Description":"Represents the period of the access assignment or eligibility. The scheduleInfo can represent a single occurrence or multiple recurring instances. Required.","Name":"ScheduleInfo","Option":"Write"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Azure AD Group Eligibility Schedule"},{"ClassName":"MSFT_AADRoleManagementPolicyExpirationRule","Parameters":[{"CIMType":"Boolean","Description":"Specifies if expiration is required.","Name":"isExpirationRequired","Option":"Write"},{"CIMType":"String","Description":"The maximum duration for the expiration.","Name":"maximumDuration","Option":"Write"}],"Description":"Azure AD Group Eligibility Schedule Settings"},{"ClassName":"MSFT_AADRoleManagementPolicyNotificationRule","Parameters":[{"CIMType":"String","Description":"Notification type for the rule.","Name":"notificationType","Option":"Write"},{"CIMType":"String","Description":"Type of the recipient for the notification.","Name":"recipientType","Option":"Write"},{"CIMType":"String","Description":"Level of the notification.","Name":"notificationLevel","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates if default recipients are enabled.","Name":"isDefaultRecipientsEnabled","Option":"Write"},{"CIMType":"String[]","Description":"List of notification recipients.","Name":"notificationRecipients","Option":"Write"}],"Description":"Azure AD Group Eligibility Schedule Settings"},{"ClassName":"MSFT_AADRoleManagementPolicyEnablementRule","Parameters":[{"CIMType":"String[]","Description":"List of enabled rules.","Name":"enabledRules","Option":"Write"}],"Description":"Azure AD Group Eligibility Schedule Settings"},{"ClassName":"MSFT_AADRoleManagementPolicySubjectSet","Parameters":[{"CIMType":"String","Description":"The type of the subject set.","Name":"odataType","Option":"Write"}],"Description":"Azure AD Group Eligibility Schedule Settings"},{"ClassName":"MSFT_AADRoleManagementPolicyApprovalStage","Parameters":[{"CIMType":"UInt32","Description":"The number of days that a request can be pending a response before it is automatically denied.","Name":"approvalStageTimeOutInDays","Option":"Write"},{"CIMType":"UInt32","Description":"The time a request can be pending a response from a primary approver before it can be escalated to the escalation approvers.","Name":"escalationTimeInMinutes","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether the approver must provide justification for their reponse.","Name":"isApproverJustificationRequired","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether escalation if enabled.","Name":"isEscalationEnabled","Option":"Write"},{"CIMType":"MSFT_AADRoleManagementPolicySubjectSet[]","Description":"The escalation approvers for this stage when the primary approvers don't respond.","Name":"escalationApprovers","Option":"Write"},{"CIMType":"MSFT_AADRoleManagementPolicySubjectSet[]","Description":"The primary approvers of this stage.","Name":"primaryApprovers","Option":"Write"}],"Description":"Azure AD Group Eligibility Schedule Settings"},{"ClassName":"MSFT_AADRoleManagementPolicyApprovalSettings","Parameters":[{"CIMType":"String","Description":"One of SingleStage, Serial, Parallel, NoApproval (default). NoApproval is used when isApprovalRequired is false.","Name":"approvalMode","Option":"Write"},{"CIMType":"MSFT_AADRoleManagementPolicyApprovalStage[]","Description":"If approval is required, the one or two elements of this collection define each of the stages of approval. An empty array if no approval is required.","Name":"approvalStages","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether approval is required for requests in this policy.","Name":"isApprovalRequired","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether approval is required for a user to extend their assignment.","Name":"isApprovalRequiredForExtension","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether the requestor is required to supply a justification in their request.","Name":"isRequestorJustificationRequired","Option":"Write"}],"Description":"Azure AD Group Eligibility Schedule Settings"},{"ClassName":"MSFT_AADRoleManagementPolicyApprovalRule","Parameters":[{"CIMType":"MSFT_AADRoleManagementPolicyApprovalSettings","Description":"Settings for approval requirements.","Name":"setting","Option":"Write"}],"Description":"Azure AD Group Eligibility Schedule Settings"},{"ClassName":"MSFT_AADRoleManagementPolicyAuthenticationContextRule","Parameters":[{"CIMType":"Boolean","Description":"Indicates if the authentication context rule is enabled.","Name":"isEnabled","Option":"Write"},{"CIMType":"String","Description":"Claim value associated with the rule.","Name":"claimValue","Option":"Write"}],"Description":"Azure AD Group Eligibility Schedule Settings"},{"ClassName":"MSFT_AADGroupEligibilityScheduleSettings","Parameters":[{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Key"},{"CIMType":"String","Description":"Group display name.","Name":"GroupDisplayName","Option":"Key"},{"CIMType":"String","Description":"Rule Type.","Name":"RuleType","Option":"Write"},{"CIMType":"string","Description":"PIM Group Role.","Name":"PIMGroupRole","Option":"Key","ValueMap":["member","owner"],"Values":["member","owner"]},{"CIMType":"MSFT_AADRoleManagementPolicyExpirationRule","Description":"Expiration Rule.","Name":"ExpirationRule","Option":"Write"},{"CIMType":"MSFT_AADRoleManagementPolicyNotificationRule","Description":"Notification Rule.","Name":"NotificationRule","Option":"Write"},{"CIMType":"MSFT_AADRoleManagementPolicyEnablementRule","Description":"Enablement Rule.","Name":"EnablementRule","Option":"Write"},{"CIMType":"MSFT_AADRoleManagementPolicyApprovalRule","Description":"Approval Rule.","Name":"ApprovalRule","Option":"Write"},{"CIMType":"MSFT_AADRoleManagementPolicyAuthenticationContextRule","Description":"Authentication Context Rule.","Name":"AuthenticationContextRule","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Azure AD Group Eligibility Schedule Settings"},{"ClassName":"MSFT_AADGroupLifecyclePolicy","Parameters":[{"CIMType":"String","Description":"Only valid value is 'Yes'.","Name":"IsSingleInstance","Option":"Key","ValueMap":["Yes"],"Values":["Yes"]},{"CIMType":"UInt32","Description":"The number of days a group can exist before it needs to be renewed.","Name":"GroupLifetimeInDays","Option":"Required"},{"CIMType":"String","Description":"This parameter allows the admin to select which office 365 groups the policy will apply to. 'None' will create the policy in a disabled state. 'All' will apply the policy to every Office 365 group in the tenant. 'Selected' will allow the admin to choose specific Office 365 groups that the policy will apply to.","Name":"ManagedGroupTypes","Option":"Required","ValueMap":["All","None","Selected"],"Values":["All","None","Selected"]},{"CIMType":"String[]","Description":"Notification emails for groups that have no owners will be sent to these email addresses.","Name":"AlternateNotificationEmails","Option":"Required"},{"CIMType":"String","Description":"Specify if the Azure AD Groups Lifecycle Policy should exist or not.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials for the Microsoft Graph delegated permissions.","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory application to authenticate with.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures an Azure Active Directory Group Lifecycle Policy (e.g. Expiration)."},{"ClassName":"MSFT_AADGroupsNamingPolicy","Parameters":[{"CIMType":"String","Description":"Only valid value is 'Yes'.","Name":"IsSingleInstance","Option":"Key","ValueMap":["Yes"],"Values":["Yes"]},{"CIMType":"String","Description":"Prefixes and suffixes to add to the group name.","Name":"PrefixSuffixNamingRequirement","Option":"Write"},{"CIMType":"String[]","Description":"Comma delimited list of words that should be blocked from being included in groups' names.","Name":"CustomBlockedWordsList","Option":"Write"},{"CIMType":"String","Description":"Specify if the Azure AD Groups Naming Policy should exist or not.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials for the Microsoft Graph delegated permissions.","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory application to authenticate with.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures an Azure Active Directory Group Naming Policy."},{"ClassName":"MSFT_AADGroupsSettings","Parameters":[{"CIMType":"String","Description":"Only valid value is 'Yes'.","Name":"IsSingleInstance","Option":"Key","ValueMap":["Yes"],"Values":["Yes"]},{"CIMType":"Boolean","Description":"The flag indicating whether Office 365 group creation is allowed in the directory by non-admin users. This setting does not require an Azure Active Directory Premium P1 license.","Name":"EnableGroupCreation","Option":"Write"},{"CIMType":"Boolean","Description":"Boolean indicating whether or not sensitivity labels can be assigned to M365-groups.","Name":"EnableMIPLabels","Option":"Write"},{"CIMType":"Boolean","Description":"Boolean indicating whether or not a guest user can be an owner of groups.","Name":"AllowGuestsToBeGroupOwner","Option":"Write"},{"CIMType":"Boolean","Description":"Boolean indicating whether or not a guest user can have access to Office 365 groups content. This setting does not require an Azure Active Directory Premium P1 license.","Name":"AllowGuestsToAccessGroups","Option":"Write"},{"CIMType":"String","Description":"The url of a link to the guest usage guidelines.","Name":"GuestUsageGuidelinesUrl","Option":"Write"},{"CIMType":"String","Description":"Name of the security group for which the members are allowed to create Office 365 groups even when EnableGroupCreation == false.","Name":"GroupCreationAllowedGroupName","Option":"Write"},{"CIMType":"Boolean","Description":"A boolean indicating whether or not is allowed to add guests to this directory.","Name":"AllowToAddGuests","Option":"Write"},{"CIMType":"String","Description":"A link to the Group Usage Guidelines.","Name":"UsageGuidelinesUrl","Option":"Write"},{"CIMType":"Boolean","Description":"Boolean, a tenant-wide setting that assigns the default value to the writebackConfiguration/isEnabled property of new groups, if the property isn't specified during group creation. This setting is applicable when group writeback is configured in Microsoft Entra Connect.","Name":"NewUnifiedGroupWritebackDefault","Option":"Write"},{"CIMType":"String","Description":"Specify if the Azure AD Groups Naming Policy should exist or not.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials for the Microsoft Graph delegated permissions.","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory application to authenticate with.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures an Azure Active Directory Groups Settings."},{"ClassName":"MSFT_AADHomeRealDiscoveryPolicyDefinition","Parameters":[{"CIMType":"Boolean","Description":"Accelerate to Federated Domain.","Name":"AccelerateToFederatedDomain","Option":"Write"},{"CIMType":"Boolean","Description":"Allow cloud password validation.","Name":"AllowCloudPasswordValidation","Option":"Write"},{"CIMType":"MSFT_AADHomeRealDiscoveryPolicyDefinitionAlternateIdLogin","Description":"AlternateIdLogin complex object.","Name":"AlternateIdLogin","Option":"Write"},{"CIMType":"String","Description":"Preffered Domain value.","Name":"PreferredDomain","Option":"Write"}],"Description":"Azure AD Home Realm Discovery Policy"},{"ClassName":"MSFT_AADHomeRealDiscoveryPolicyDefinitionAlternateIdLogin","Parameters":[{"CIMType":"Boolean","Description":"Boolean for whether AlternateIdLogin is enabled.","Name":"Enabled","Option":"Write"}],"Description":"Azure AD Home Realm Discovery Policy"},{"ClassName":"MSFT_AADHomeRealmDiscoveryPolicy","Parameters":[{"CIMType":"String","Description":"Display name for this policy. Required.","Name":"DisplayName","Option":"Key"},{"CIMType":"MSFT_AADHomeRealDiscoveryPolicyDefinition[]","Description":"A string collection containing a complex object array that defines the rules and settings for a policy. The syntax for the definition differs for each derived policy type. Required.","Name":"Definition","Option":"Write"},{"CIMType":"Boolean","Description":"If set to true, activates this policy. There can be many policies for the same policy type, but only one can be activated as the organization default. Optional, default value is false.","Name":"IsOrganizationDefault","Option":"Write"},{"CIMType":"String","Description":"Description for this policy. Required.","Name":"Description","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Azure AD Home Realm Discovery Policy"},{"ClassName":"MSFT_AADIdentityAPIConnectionCertificate","Parameters":[{"CIMType":"MSFT_Credential","Description":"Pkcs12Value of the certificate as a secure string in Base64 encoding","Name":"Pkcs12Value","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the certificate in Base64 encoding","Name":"Thumbprint","Option":"Key"},{"CIMType":"MSFT_Credential","Description":"Password of the certificate as a secure string","Name":"Password","Option":"Write"},{"CIMType":"Boolean","Description":"Tells if the certificate is in use or not","Name":"IsActive","Option":"Write"}],"Description":"Azure AD Identity API Connector"},{"ClassName":"MSFT_AADIdentityAPIConnector","Parameters":[{"CIMType":"String","Description":"The name of the API connector.","Name":"DisplayName","Option":"Required"},{"CIMType":"String","Description":"The URL of the API endpoint to call.","Name":"TargetUrl","Option":"Write"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Key"},{"CIMType":"String","Description":"The username of the password","Name":"Username","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"The password of certificate/basic auth","Name":"Password","Option":"Write"},{"CIMType":"MSFT_AADIdentityAPIConnectionCertificate[]","Description":"List of certificates to be used in the API connector","Name":"Certificates","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Azure AD Identity API Connector"},{"ClassName":"MSFT_MicrosoftGraphUserFlowApiConnectorConfiguration","Parameters":[{"CIMType":"String","Description":"The name of the connector used for post federation signup step.","Name":"postFederationSignupConnectorName","Option":"Write"},{"CIMType":"String","Description":"The name of the connector used for post attribute collection step.","Name":"postAttributeCollectionConnectorName","Option":"Write"}],"Description":"Azure AD Identity B2 X User Flow"},{"ClassName":"MSFT_MicrosoftGraphuserFlowUserAttributeAssignmentUserAttributeValues","Parameters":[{"CIMType":"String","Description":"The display name of the property displayed to the end user in the user flow.","Name":"Name","Option":"Key"},{"CIMType":"String","Description":"The value that is set when this item is selected.","Name":"Value","Option":"Write"},{"CIMType":"Boolean","Description":"Used to set the value as the default.","Name":"IsDefault","Option":"Write"}],"Description":"Azure AD Identity B2 X User Flow"},{"ClassName":"MSFT_MicrosoftGraphuserFlowUserAttributeAssignment","Parameters":[{"CIMType":"String","Description":"The unique identifier of identityUserFlowAttributeAssignment.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"The display name of the identityUserFlowAttribute within a user flow.","Name":"DisplayName","Option":"Write"},{"CIMType":"Boolean","Description":"Determines whether the identityUserFlowAttribute is optional.","Name":"IsOptional","Option":"Write"},{"CIMType":"String","Description":"User Flow Attribute Input Type.","Name":"UserInputType","Option":"Write","ValueMap":["textBox","dateTimeDropdown","radioSingleSelect","dropdownSingleSelect","emailBox","checkboxMultiSelect"],"Values":["textBox","dateTimeDropdown","radioSingleSelect","dropdownSingleSelect","emailBox","checkboxMultiSelect"]},{"CIMType":"MSFT_MicrosoftGraphuserFlowUserAttributeAssignmentUserAttributeValues[]","Description":"The list of user attribute values for this assignment.","Name":"UserAttributeValues","Option":"Write"}],"Description":"Azure AD Identity B2 X User Flow"},{"ClassName":"MSFT_AADIdentityB2XUserFlow","Parameters":[{"CIMType":"MSFT_MicrosoftGraphuserFlowApiConnectorConfiguration","Description":"Configuration for enabling an API connector for use as part of the self-service sign-up user flow. You can only obtain the value of this object using Get userFlowApiConnectorConfiguration.","Name":"ApiConnectorConfiguration","Option":"Write"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Key"},{"CIMType":"String[]","Description":"The identity providers included in the user flow.","Name":"IdentityProviders","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphuserFlowUserAttributeAssignment[]","Description":"The user attribute assignments included in the user flow.","Name":"UserAttributeAssignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Azure AD Identity B2 X User Flow"},{"ClassName":"MSFT_IdentityGovernanceScope","Parameters":[{"CIMType":"String","Description":"The @odata.type for the Scope.","Name":"OdataType","Option":"Write"},{"CIMType":"String","Description":"The rule associated with the Scope.","Name":"Rule","Option":"Write"}],"Description":"Use this resource to manage Lifecycle workflows."},{"ClassName":"MSFT_IdentityGovernanceTrigger","Parameters":[{"CIMType":"String","Description":"The @odata.type for the Trigger.","Name":"OdataType","Option":"Write"},{"CIMType":"String","Description":"The time-based attribute for the Trigger.","Name":"TimeBasedAttribute","Option":"Write"},{"CIMType":"SInt32","Description":"The offset in days for the Trigger.","Name":"OffsetInDays","Option":"Write"}],"Description":"Use this resource to manage Lifecycle workflows."},{"ClassName":"MSFT_IdentityGovernanceWorkflowExecutionConditions","Parameters":[{"CIMType":"String","Description":"The @odata.type for the Workflow Execution Conditions.","Name":"OdataType","Option":"Write"},{"CIMType":"MSFT_IdentityGovernanceScope","Description":"The scope for the Workflow Execution Conditions.","Name":"ScopeValue","Option":"Write"},{"CIMType":"MSFT_IdentityGovernanceTrigger","Description":"The trigger for the Workflow Execution Conditions.","Name":"TriggerValue","Option":"Write"}],"Description":"Use this resource to manage Lifecycle workflows."},{"ClassName":"MSFT_AADIdentityGovernanceTaskArguments","Parameters":[{"CIMType":"String","Description":"The name of the key","Name":"Name","Option":"Key"},{"CIMType":"String","Description":"The value associated with the key","Name":"Value","Option":"Write"}],"Description":"Use this resource to manage Lifecycle workflows."},{"ClassName":"MSFT_AADIdentityGovernanceTask","Parameters":[{"CIMType":"String","Description":"Specifies the display name of the Workflow Task","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"Description of the Workflow Task","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Category of the Workflow Task","Name":"Category","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates if the Workflow Task is enabled or not","Name":"IsEnabled","Option":"Write"},{"CIMType":"SInt32","Description":"The sequence in which the task is executed","Name":"ExecutionSequence","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies whether the task should continue on error","Name":"ContinueOnError","Option":"Write"},{"CIMType":"String","Description":"ID of the task definition associated with this Workflow Task","Name":"TaskDefinitionId","Option":"Write"},{"CIMType":"MSFT_AADIdentityGovernanceTaskArguments[]","Description":"Arguments for the Workflow Task","Name":"Arguments","Option":"Write"}],"Description":"Use this resource to manage Lifecycle workflows."},{"ClassName":"MSFT_AADIdentityGovernanceLifecycleWorkflow","Parameters":[{"CIMType":"String","Description":"Specifies the Display Name of the Workflow","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"Description of the Workflow","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Category of the Workflow","Name":"Category","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates if the Workflow is enabled","Name":"IsEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates if scheduling is enabled for the Workflow","Name":"IsSchedulingEnabled","Option":"Write"},{"CIMType":"MSFT_AADIdentityGovernanceTask[]","Description":"Tasks associated with this workflow","Name":"Tasks","Option":"Write"},{"CIMType":"MSFT_IdentityGovernanceWorkflowExecutionConditions","Description":"ExecutionConditions for this workflow","Name":"ExecutionConditions","Option":"Write"},{"CIMType":"string","Description":"Present ensures the instance exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Absent","Present"],"Values":["Absent","Present"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Use this resource to manage Lifecycle workflows."},{"ClassName":"MSFT_AADIdentityGovernanceLifecycleWorkflowCustomTaskExtensionClientConfiguration","Parameters":[{"CIMType":"UInt32","Description":"The max duration in milliseconds that Microsoft Entra ID waits for a response from the external app before it shuts down the connection. The valid range is between 200 and 2000 milliseconds. Default duration is 1000.","Name":"timeoutInMilliseconds","Option":"Write"},{"CIMType":"UInt32","Description":"The max number of retries that Microsoft Entra ID makes to the external API. Values of 0 or 1 are supported. If null, the default for the service applies.","Name":"maximumRetries","Option":"Write"}],"Description":"Configures custom extensions for Lifecycle workflows in Entra id."},{"ClassName":"MSFT_AADIdentityGovernanceLifecycleWorkflowCustomTaskExtensionEndpointConfiguration","Parameters":[{"CIMType":"String","Description":"The name of the logic app.","Name":"logicAppWorkflowName","Option":"Write"},{"CIMType":"String","Description":"The Azure resource group name for the logic app.","Name":"resourceGroupName","Option":"Write"},{"CIMType":"String","Description":"Identifier of the Azure subscription for the logic app.","Name":"subscriptionId","Option":"Write"},{"CIMType":"String","Description":"Url of the logic app.","Name":"url","Option":"Write"}],"Description":"Configures custom extensions for Lifecycle workflows in Entra id."},{"ClassName":"MSFT_AADIdentityGovernanceLifecycleWorkflowCustomTaskExtensionCallbackConfiguration","Parameters":[{"CIMType":"String","Description":"Callback time out in ISO 8601 time duration. Accepted time durations are between five minutes to three hours. For example, PT5M for five minutes and PT3H for three hours. Inherited from customExtensionCallbackConfiguration.","Name":"timeoutDuration","Option":"Write"},{"CIMType":"String[]","Description":"List of apps names that are allowed to resume a task processing result.","Name":"authorizedApps","Option":"Write"}],"Description":"Configures custom extensions for Lifecycle workflows in Entra id."},{"ClassName":"MSFT_AADIdentityGovernanceLifecycleWorkflowCustomTaskExtension","Parameters":[{"CIMType":"String","Description":"Display name of the custom extension.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"Unique Id of the extension.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"Description of the extension.","Name":"Description","Option":"Write"},{"CIMType":"MSFT_AADIdentityGovernanceLifecycleWorkflowCustomTaskExtensionClientConfiguration","Description":"Client configuration for the extension","Name":"ClientConfiguration","Option":"Write"},{"CIMType":"MSFT_AADIdentityGovernanceLifecycleWorkflowCustomTaskExtensionEndpointConfiguration","Description":"Endpoint configuration for the extension","Name":"EndpointConfiguration","Option":"Write"},{"CIMType":"MSFT_AADIdentityGovernanceLifecycleWorkflowCustomTaskExtensionCallbackConfiguration","Description":"Callback configuration for the extension","Name":"CallbackConfiguration","Option":"Write"},{"CIMType":"string","Description":"Present ensures the instance exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Absent","Present"],"Values":["Absent","Present"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Configures custom extensions for Lifecycle workflows in Entra id."},{"ClassName":"MSFT_AADIdentityGovernanceProgram","Parameters":[{"CIMType":"String","Description":"A description for this identity governance program.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"The display name for this identity governance program.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Azure AD Identity Governance Program."},{"ClassName":"MSFT_AADIdentityProtectionPolicySettings","Parameters":[{"CIMType":"String","Description":"Only valid value is 'Yes'.","Name":"IsSingleInstance","Option":"Key","ValueMap":["Yes"],"Values":["Yes"]},{"CIMType":"Boolean","Description":"If true, user risk is cleared on password reset.","Name":"IsUserRiskClearedOnPasswordReset","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Use this resource to monitor the identity protection policy settings in AAD."},{"ClassName":"MSFT_AADLifecycleWorkflowSettings","Parameters":[{"CIMType":"String","Description":"Only valid value is 'Yes'.","Name":"IsSingleInstance","Option":"Key","ValueMap":["Yes"],"Values":["Yes"]},{"CIMType":"String","Description":"Specifies the domain that should be used when sending email notifications. This domain must be verified in order to be used. We recommend that you use a domain that has the appropriate DNS records to facilitate email validation, like SPF, DKIM, DMARC, and MX, because this then complies with the RFC compliance for sending and receiving email. For details, see Learn more about Exchange Online Email Routing.","Name":"SenderDomain","Option":"Write"},{"CIMType":"UInt32","Description":"The interval in hours at which all workflows running in the tenant should be scheduled for execution. This interval has a minimum value of 1 and a maximum value of 24. The default value is 3 hours.","Name":"WorkflowScheduleIntervalInHours","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies if the organization's banner logo should be included in email notifications. The banner logo will replace the Microsoft logo at the top of the email notification. If true the banner logo will be taken from the tenant's branding settings. This value can only be set to true if the organizationalBranding bannerLogo property is set.","Name":"UseCompanyBranding","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Update the properties of a lifecycleManagementSettings object."},{"ClassName":"MSFT_AADMultiTenantOrganizationIdentitySyncPolicyTemplateUserSyncInbound","Parameters":[{"CIMType":"Boolean","Description":"Defines whether user objects should be synchronized from the partner tenant. false causes any current user synchronization from the source tenant to the target tenant to stop. This property has no impact on existing users who have already been synchronized.","Name":"isSyncAllowed","Option":"Write"}],"Description":"Defines an optional cross-tenant access policy template with user synchronization settings for multitenant organization tenants."},{"ClassName":"MSFT_AADMultiTenantOrganizationIdentitySyncPolicyTemplate","Parameters":[{"CIMType":"String","Description":"Only valid value is 'Yes'.","Name":"IsSingleInstance","Option":"Key","ValueMap":["Yes"],"Values":["Yes"]},{"CIMType":"String","Description":"Specifies whether the template will be applied to user synchronization settings of certain tenants. The possible values are: none, newPartners, existingPartners, unknownFutureValue. You can also specify multiple values like newPartners,existingPartners (default). none indicates the template is not applied to any new or existing partner tenants. newPartners indicates the template is applied to new partner tenants. existingPartners indicates the template is applied to existing partner tenants, those who already had partner-specific user synchronization settings in place.","Name":"TemplateApplicationLevel","Option":"Write"},{"CIMType":"MSFT_AADMultiTenantOrganizationIdentitySyncPolicyTemplateUserSyncInbound","Description":"Determines whether users can be synchronized from the partner tenant. false causes any current user synchronization from the source tenant to the target tenant to stop. This property has no impact on existing users who have already been synchronized.","Name":"UserSyncInbound","Option":"Write"},{"CIMType":"string","Description":"Present ensures the instance exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Absent","Present"],"Values":["Absent","Present"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Defines an optional cross-tenant access policy template with user synchronization settings for multitenant organization tenants."},{"ClassName":"MSFT_AADNamedLocationPolicy","Parameters":[{"CIMType":"string","Description":"Specifies the Odata Type of a Named Location object in Azure Active Directory","Name":"OdataType","Option":"Write","ValueMap":["#microsoft.graph.CountryNamedLocation","#microsoft.graph.ipNamedLocation","#microsoft.graph.compliantNetworkNamedLocation"],"Values":["#microsoft.graph.CountryNamedLocation","#microsoft.graph.ipNamedLocation","#microsoft.graph.compliantNetworkNamedLocation"]},{"CIMType":"String","Description":"Specifies the ID of a Named Location in Azure Active Directory.","Name":"Id","Option":"Write"},{"CIMType":"string","Description":"Specifies the Display Name of a Named Location in Azure Active Directory","Name":"DisplayName","Option":"Key"},{"CIMType":"String[]","Description":"Specifies the IP ranges of the Named Location in Azure Active Directory","Name":"IpRanges","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies the isTrusted value for the Named Location (IP ranges only) in Azure Active Directory","Name":"IsTrusted","Option":"Write"},{"CIMType":"String[]","Description":"Specifies the countries and regions for the Named Location in Azure Active Directory","Name":"CountriesAndRegions","Option":"Write"},{"CIMType":"String","Description":"Determines what method is used to decide which country the user is located in. Possible values are clientIpAddress(default) and authenticatorAppGps.","Name":"CountryLookupMethod","Option":"Write","ValueMap":["clientIpAddress","authenticatorAppGps"],"Values":["clientIpAddress","authenticatorAppGps"]},{"CIMType":"Boolean","Description":"Specifies the includeUnknownCountriesAndRegions value for the Named Location in Azure Active Directory","Name":"IncludeUnknownCountriesAndRegions","Option":"Write"},{"CIMType":"String","Description":"Specify if the Azure AD Named Location should exist or not.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials for the Microsoft Graph delegated permissions.","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory application to authenticate with.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures the Azure AD Named Location Policies in Azure Active Directory"},{"ClassName":"MSFT_MicrosoftGraphNetworkAccessForwardingPolicyRule","Parameters":[{"CIMType":"String","Description":"Policy Rule Name. Required","Name":"Name","Option":"Key"},{"CIMType":"String","Description":"Action value.","Name":"ActionValue","Option":"Write"},{"CIMType":"String","Description":"Type of Rule","Name":"RuleType","Option":"Write"},{"CIMType":"UInt32[]","Description":"List of Ports.","Name":"Ports","Option":"Write"},{"CIMType":"String","Description":"Protocol Value","Name":"Protocol","Option":"Write"},{"CIMType":"String[]","Description":"List of destinations.","Name":"Destinations","Option":"Write"}],"Description":"Use this resource to monitor the forwarding policy rules associated with the forwarding policies."},{"ClassName":"MSFT_AADNetworkAccessForwardingPolicy","Parameters":[{"CIMType":"String","Description":"Name of the forwarding policy","Name":"Name","Option":"Key"},{"CIMType":"MSFT_MicrosoftGraphNetworkAccessForwardingPolicyRule[]","Description":"List of rules associated to this forwarding policy.","Name":"PolicyRules","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Use this resource to monitor the forwarding policy rules associated with the forwarding policies."},{"ClassName":"MSFT_MicrosoftGraphNetworkaccessPolicyLink","Parameters":[{"CIMType":"String","Description":"Policy Name. Required","Name":"Name","Option":"Key"},{"CIMType":"String","Description":"Policy Link Id","Name":"PolicyLinkId","Option":"Write"},{"CIMType":"String","Description":"status","Name":"state","Option":"Write"}],"Description":"This resource configure the Azure AD Network Access Forwarding Profile"},{"ClassName":"MSFT_AADNetworkAccessForwardingProfile","Parameters":[{"CIMType":"String","Description":"Profile Name. Required.","Name":"Name","Option":"Key"},{"CIMType":"String","Description":"Id of the profile. Unique Identifier","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"status of the profile","Name":"State","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphNetworkaccessPolicyLink[]","Description":"Traffic forwarding policies associated with this profile.","Name":"Policies","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configure the Azure AD Network Access Forwarding Profile"},{"ClassName":"MSFT_AADNetworkAccessSettingConditionalAccess","Parameters":[{"CIMType":"String","Description":"Only valid value is 'Yes'.","Name":"IsSingleInstance","Option":"Key","ValueMap":["Yes"],"Values":["Yes"]},{"CIMType":"String","Description":"Enable CA Signaling for Entra ID (covering all cloud apps). Accepted values are enabled or disabled.","Name":"SignalingStatus","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Configures the adaptive access settings in Entra Id"},{"ClassName":"MSFT_AADNetworkAccessSettingCrossTenantAccess","Parameters":[{"CIMType":"String","Description":"Only valid value is 'Yes'.","Name":"IsSingleInstance","Option":"Key","ValueMap":["Yes"],"Values":["Yes"]},{"CIMType":"String","Description":"Enable Tenant Restrictions for Entra ID (covering all cloud apps). Accepted values are enabled or disabled.","Name":"NetworkPacketTaggingStatus","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Configures the universal tenant restrictions in Entra Id"},{"ClassName":"MSFT_AADOnPremisesPublishingProfilesSettings","Parameters":[{"CIMType":"String","Description":"Only valid value is 'Yes'.","Name":"IsSingleInstance","Option":"Key","ValueMap":["Yes"],"Values":["Yes"]},{"CIMType":"Boolean","Description":"Enables of disables private net work connectors in Entra Id.","Name":"IsEnabled","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Configures the settings for the on-premises publishing profiles in Entra Id."},{"ClassName":"MSFT_MicrosoftGraphCertificateAuthority","Parameters":[{"CIMType":"String","Description":"Required. The base64 encoded string representing the public certificate.","Name":"Certificate","Option":"Key"},{"CIMType":"String","Description":"The URL of the certificate revocation list.","Name":"CertificateRevocationListUrl","Option":"Write"},{"CIMType":"String","Description":"The URL contains the list of all revoked certificates since the last time a full certificate revocaton list was created.","Name":"DeltaCertificateRevocationListUrl","Option":"Write"},{"CIMType":"Boolean","Description":"Required. true if the trusted certificate is a root authority, false if the trusted certificate is an intermediate authority.","Name":"IsRootAuthority","Option":"Write"}],"Description":"Azure AD Organization Certificate Based Auth Configuration"},{"ClassName":"MSFT_AADOrganizationCertificateBasedAuthConfiguration","Parameters":[{"CIMType":"MSFT_MicrosoftGraphcertificateAuthority[]","Description":"Collection of certificate authorities which creates a trusted certificate chain.","Name":"CertificateAuthorities","Option":"Write"},{"CIMType":"String","Description":"The Organization ID. Read-only.","Name":"OrganizationId","Option":"Key"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Azure AD Organization Certificate Based Auth Configuration"},{"ClassName":"MSFT_AADPasswordRuleSettings","Parameters":[{"CIMType":"String","Description":"Only valid value is 'Yes'.","Name":"IsSingleInstance","Option":"Key","ValueMap":["Yes"],"Values":["Yes"]},{"CIMType":"UInt32","Description":"The number of failed login attempts before the first lockout period begins.","Name":"LockoutThreshold","Option":"Write"},{"CIMType":"UInt32","Description":"The duration in seconds of the initial lockout period.","Name":"LockoutDurationInSeconds","Option":"Write"},{"CIMType":"Boolean","Description":"Boolean indicating if the banned password check for tenant specific banned password list is turned on or not.","Name":"EnableBannedPasswordCheck","Option":"Write"},{"CIMType":"String[]","Description":"A list of banned words in passwords.","Name":"BannedPasswordList","Option":"Write"},{"CIMType":"String","Description":"How should we enforce password policy check in on-premises system.","Name":"BannedPasswordCheckOnPremisesMode","Option":"Write","ValueMap":["Enforce","Audit"],"Values":["Enforce","Audit"]},{"CIMType":"Boolean","Description":"Boolean indicating if the banned password check is turned on or not for on-premises system.","Name":"EnableBannedPasswordCheckOnPremises","Option":"Write"},{"CIMType":"String","Description":"Specify if the Azure AD Password Rule Settings should exist or not.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials for the Microsoft Graph delegated permissions.","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory application to authenticate with.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures the Azure Active Directory Password Rule Settings."},{"ClassName":"MSFT_AADPermissionGrantConditionSet","Parameters":[{"CIMType":"String","Description":"The unique identifier for the condition set.","Name":"Id","Option":"Write"},{"CIMType":"Boolean","Description":"Set to true to only match on client applications that are from a Microsoft Partner Network verified publisher. Set to false to match on any client app.","Name":"CertifiedClientApplicationsOnly","Option":"Write"},{"CIMType":"String[]","Description":"A list of appId values for the client applications to match with, or a list with the single value all to match any client application.","Name":"ClientApplicationIds","Option":"Write"},{"CIMType":"String[]","Description":"A list of Microsoft Partner Network (MPN) IDs for verified publishers of the client application, or a list with the single value all to match with client apps from any publisher.","Name":"ClientApplicationPublisherIds","Option":"Write"},{"CIMType":"String[]","Description":"A list of Entra ID tenant IDs in which the client application is registered, or a list with the single value all to match with client apps registered in any tenant.","Name":"ClientApplicationTenantIds","Option":"Write"},{"CIMType":"Boolean","Description":"Set to true to only match on client applications with a verified publisher. Set to false to match on any client app. Default is false.","Name":"ClientApplicationsFromVerifiedPublisherOnly","Option":"Write"},{"CIMType":"String","Description":"The permission classification for the permission being granted, or all to match with any permission classification (including permissions which are not classified). Default is all.","Name":"PermissionClassification","Option":"Write"},{"CIMType":"String[]","Description":"The list of permission display names to match with (e.g. 'User.Read', 'Mail.Send'), or a list with the single value all to match with any permission. Do not use permission GUIDs.","Name":"Permissions","Option":"Write"},{"CIMType":"String","Description":"The permission type of the permission being granted. Possible values: application for application permissions, or delegated for delegated permissions.","Name":"PermissionType","Option":"Write"},{"CIMType":"String","Description":"The appId of the resource application (e.g. '00000003-0000-0000-c000-000000000000' for Microsoft Graph) for which a permission is being granted, or 'any' to match any resource application. Use the AppId GUID, not the display name.","Name":"ResourceApplication","Option":"Write"}],"Description":"This resource configures an Entra Permission Grant Policy with its associated include and exclude condition sets.\n\nPermission Grant Policies allow organizations to delegate admin consent capabilities for specific Microsoft Graph permissions to non-Global Administrator users and groups.\n\nThis resource combines the parent policy and its condition sets into a single configuration, managing:\n- The parent permission grant policy properties (Id, DisplayName, Description)\n- Include condition sets as an embedded CIM instance array\n- Exclude condition sets as an embedded CIM instance array\n\n## Example\n\n```powershell\nAADPermissionGrantPolicy 'CustomConsentPolicy'\n{\n    Id           = \"my-custom-consent-policy\"\n    DisplayName  = \"My Custom Consent Policy\"\n    Description  = \"Custom policy for app consent with specific conditions\"\n    Includes     = @(\n        MSFT_AADPermissionGrantConditionSet {\n            Id                              = \"include-low-risk-delegated\"\n            PermissionType                  = \"delegated\"\n            PermissionClassification        = \"low\"\n            ClientApplicationIds            = @(\"all\")\n            ClientApplicationTenantIds      = @($TenantId)\n            ClientApplicationPublisherIds   = @(\"all\")\n            ClientApplicationsFromVerifiedPublisherOnly = $false\n            ResourceApplication             = \"00000003-0000-0000-c000-000000000000\"\n            Permissions                     = @(\"User.Read\", \"openid\", \"profile\")\n        }\n    )\n    Excludes     = @(\n        MSFT_AADPermissionGrantConditionSet {\n            Id                       = \"exclude-high-risk-permissions\"\n            PermissionType           = \"delegated\"\n            PermissionClassification = \"high\"\n            ClientApplicationIds     = @(\"all\")\n            ResourceApplication      = \"any\"\n            Permissions              = @(\"all\")\n        }\n    )\n    Ensure                = \"Present\"\n    ApplicationId         = $ApplicationId\n    TenantId              = $TenantId\n    CertificateThumbprint = $CertificateThumbprint\n}\n```"},{"ClassName":"MSFT_AADPermissionGrantPolicy","Parameters":[{"CIMType":"String","Description":"The unique identifier for the permission grant policy.","Name":"Id","Option":"Key"},{"CIMType":"String","Description":"The display name for the permission grant policy.","Name":"DisplayName","Option":"Write"},{"CIMType":"String","Description":"The description for the permission grant policy.","Name":"Description","Option":"Write"},{"CIMType":"MSFT_AADPermissionGrantConditionSet[]","Description":"Condition sets which are included in this permission grant policy. Automatically constructed as part of the permission grant policy.","Name":"Includes","Option":"Write"},{"CIMType":"MSFT_AADPermissionGrantConditionSet[]","Description":"Condition sets which are excluded in this permission grant policy. Automatically constructed as part of the permission grant policy.","Name":"Excludes","Option":"Write"},{"CIMType":"String","Description":"Specify if the policy should exist.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials for the Microsoft Graph delegated permissions.","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Entra ID application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Entra ID tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Entra ID application to authenticate with.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Entra ID application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures an Entra Permission Grant Policy with its associated include and exclude condition sets.\n\nPermission Grant Policies allow organizations to delegate admin consent capabilities for specific Microsoft Graph permissions to non-Global Administrator users and groups.\n\nThis resource combines the parent policy and its condition sets into a single configuration, managing:\n- The parent permission grant policy properties (Id, DisplayName, Description)\n- Include condition sets as an embedded CIM instance array\n- Exclude condition sets as an embedded CIM instance array\n\n## Example\n\n```powershell\nAADPermissionGrantPolicy 'CustomConsentPolicy'\n{\n    Id           = \"my-custom-consent-policy\"\n    DisplayName  = \"My Custom Consent Policy\"\n    Description  = \"Custom policy for app consent with specific conditions\"\n    Includes     = @(\n        MSFT_AADPermissionGrantConditionSet {\n            Id                              = \"include-low-risk-delegated\"\n            PermissionType                  = \"delegated\"\n            PermissionClassification        = \"low\"\n            ClientApplicationIds            = @(\"all\")\n            ClientApplicationTenantIds      = @($TenantId)\n            ClientApplicationPublisherIds   = @(\"all\")\n            ClientApplicationsFromVerifiedPublisherOnly = $false\n            ResourceApplication             = \"00000003-0000-0000-c000-000000000000\"\n            Permissions                     = @(\"User.Read\", \"openid\", \"profile\")\n        }\n    )\n    Excludes     = @(\n        MSFT_AADPermissionGrantConditionSet {\n            Id                       = \"exclude-high-risk-permissions\"\n            PermissionType           = \"delegated\"\n            PermissionClassification = \"high\"\n            ClientApplicationIds     = @(\"all\")\n            ResourceApplication      = \"any\"\n            Permissions              = @(\"all\")\n        }\n    )\n    Ensure                = \"Present\"\n    ApplicationId         = $ApplicationId\n    TenantId              = $TenantId\n    CertificateThumbprint = $CertificateThumbprint\n}\n```"},{"ClassName":"MSFT_AADPIMGroupSetting","Parameters":[{"CIMType":"String","Description":"RuleDefinition DisplayName","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"The identifier of the membership or ownership eligibility to the group that is governed by PIM. Required. The possible values are: owner, member. Supports $filter (eq).","Name":"RoleDefinitionId","Option":"Key","ValueMap":["owner","member"],"Values":["owner","member"]},{"CIMType":"String","Description":"Specifies the Group Policy Id.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"Activation maximum duration (hours).","Name":"ActivationMaxDuration","Option":"Write"},{"CIMType":"Boolean","Description":"Require justification on activation (True/False)","Name":"ActivationReqJustification","Option":"Write"},{"CIMType":"Boolean","Description":"Require ticket information on activation (True/False)","Name":"ActivationReqTicket","Option":"Write"},{"CIMType":"Boolean","Description":"Require MFA on activation (True/False)","Name":"ActivationReqMFA","Option":"Write"},{"CIMType":"Boolean","Description":"Require approval to activate (True/False)","Name":"ApprovaltoActivate","Option":"Write"},{"CIMType":"String[]","Description":"Approver User UPN and/or Group Displayname","Name":"ActivateApprover","Option":"Write"},{"CIMType":"Boolean","Description":"Allow permanent eligible assignment (True/False)","Name":"PermanentEligibleAssignmentisExpirationRequired","Option":"Write"},{"CIMType":"String","Description":"Expire eligible assignments after (Days)","Name":"ExpireEligibleAssignment","Option":"Write"},{"CIMType":"Boolean","Description":"Allow permanent active assignment (True/False)","Name":"PermanentActiveAssignmentisExpirationRequired","Option":"Write"},{"CIMType":"String","Description":"Expire active assignments after (Days)","Name":"ExpireActiveAssignment","Option":"Write"},{"CIMType":"Boolean","Description":"Require Azure Multi-Factor Authentication on active assignment (True/False)","Name":"AssignmentReqMFA","Option":"Write"},{"CIMType":"Boolean","Description":"Require justification on active assignment (True/False)","Name":"AssignmentReqJustification","Option":"Write"},{"CIMType":"Boolean","Description":"Require Azure Multi-Factor Authentication on eligible assignment (True/False)","Name":"ElegibilityAssignmentReqMFA","Option":"Write"},{"CIMType":"Boolean","Description":"Require justification on eligible assignment (True/False)","Name":"ElegibilityAssignmentReqJustification","Option":"Write"},{"CIMType":"Boolean","Description":"Send notifications when members are assigned as eligible to this group: Group assignment alert, default recipient (True/False)","Name":"EligibleAlertNotificationDefaultRecipient","Option":"Write"},{"CIMType":"String[]","Description":"Send notifications when members are assigned as eligible to this group: Group assignment alert, additional recipient (UPN)","Name":"EligibleAlertNotificationAdditionalRecipient","Option":"Write"},{"CIMType":"Boolean","Description":"Send notifications when members are assigned as eligible to this group: Group assignment alert, only critical Email (True/False)","Name":"EligibleAlertNotificationOnlyCritical","Option":"Write"},{"CIMType":"Boolean","Description":"Send notifications when members are assigned as eligible to this group: Notification to the assigned user (assignee), default recipient (True/False)","Name":"EligibleAssigneeNotificationDefaultRecipient","Option":"Write"},{"CIMType":"String[]","Description":"Send notifications when members are assigned as eligible to this group: Notification to the assigned user (assignee), additional recipient (UPN)","Name":"EligibleAssigneeNotificationAdditionalRecipient","Option":"Write"},{"CIMType":"Boolean","Description":"Send notifications when members are assigned as eligible to this group: Notification to the assigned user (assignee), only critical Email (True/False)","Name":"EligibleAssigneeNotificationOnlyCritical","Option":"Write"},{"CIMType":"Boolean","Description":"Send notifications when members are assigned as eligible to this group: Request to approve a group assignment renewal/extension, default recipient (True/False)","Name":"EligibleApproveNotificationDefaultRecipient","Option":"Write"},{"CIMType":"String[]","Description":"Send notifications when members are assigned as eligible to this group: Request to approve a group assignment renewal/extension, additional recipient (UPN)","Name":"EligibleApproveNotificationAdditionalRecipient","Option":"Write"},{"CIMType":"Boolean","Description":"Send notifications when members are assigned as eligible to this group: Request to approve a group assignment renewal/extension, only critical Email (True/False)","Name":"EligibleApproveNotificationOnlyCritical","Option":"Write"},{"CIMType":"Boolean","Description":"Send notifications when members are assigned as active to this group: Group assignment alert, default recipient (True/False)","Name":"ActiveAlertNotificationDefaultRecipient","Option":"Write"},{"CIMType":"String[]","Description":"Send notifications when members are assigned as active to this group: Group assignment alert, additional recipient (UPN)","Name":"ActiveAlertNotificationAdditionalRecipient","Option":"Write"},{"CIMType":"Boolean","Description":"Send notifications when members are assigned as active to this group: Group assignment alert, only critical Email (True/False)","Name":"ActiveAlertNotificationOnlyCritical","Option":"Write"},{"CIMType":"Boolean","Description":"Send notifications when members are assigned as active to this group: Notification to the assigned user (assignee), default recipient (True/False)","Name":"ActiveAssigneeNotificationDefaultRecipient","Option":"Write"},{"CIMType":"String[]","Description":"Send notifications when members are assigned as active to this group: Notification to the assigned user (assignee), additional recipient (UPN)","Name":"ActiveAssigneeNotificationAdditionalRecipient","Option":"Write"},{"CIMType":"Boolean","Description":"Send notifications when members are assigned as active to this group: Notification to the assigned user (assignee), only critical Email (True/False)","Name":"ActiveAssigneeNotificationOnlyCritical","Option":"Write"},{"CIMType":"Boolean","Description":"Send notifications when members are assigned as active to this group: Request to approve a group assignment renewal/extension, default recipient (True/False)","Name":"ActiveApproveNotificationDefaultRecipient","Option":"Write"},{"CIMType":"String[]","Description":"Send notifications when members are assigned as active to this group: Request to approve a group assignment renewal/extension, additional recipient (UPN)","Name":"ActiveApproveNotificationAdditionalRecipient","Option":"Write"},{"CIMType":"Boolean","Description":"Send notifications when members are assigned as active to this group: Request to approve a group assignment renewal/extension, only critical Email (True/False)","Name":"ActiveApproveNotificationOnlyCritical","Option":"Write"},{"CIMType":"Boolean","Description":"Send notifications when eligible members activate this group: Group assignment alert, default recipient (True/False)","Name":"EligibleAssignmentAlertNotificationDefaultRecipient","Option":"Write"},{"CIMType":"String[]","Description":"Send notifications when eligible members activate this group: Group assignment alert, additional recipient (UPN)","Name":"EligibleAssignmentAlertNotificationAdditionalRecipient","Option":"Write"},{"CIMType":"Boolean","Description":"Send notifications when eligible members activate this group: Group assignment alert, only critical Email (True/False)","Name":"EligibleAssignmentAlertNotificationOnlyCritical","Option":"Write"},{"CIMType":"Boolean","Description":"Send notifications when eligible members activate this group: Notification to activated user (requestor), default recipient (True/False)","Name":"EligibleAssignmentAssigneeNotificationDefaultRecipient","Option":"Write"},{"CIMType":"String[]","Description":"Send notifications when eligible members activate this group: Notification to activated user (requestor), additional recipient (UPN)","Name":"EligibleAssignmentAssigneeNotificationAdditionalRecipient","Option":"Write"},{"CIMType":"Boolean","Description":"Send notifications when eligible members activate this group: Notification to activated user (requestor), only critical Email (True/False)","Name":"EligibleAssignmentAssigneeNotificationOnlyCritical","Option":"Write"},{"CIMType":"Boolean","Description":"Authorization context is required (True/False)","Name":"AuthenticationContextRequired","Option":"Write"},{"CIMType":"String","Description":"Descriptive name of associated authorization context","Name":"AuthenticationContextName","Option":"Write"},{"CIMType":"String","Description":"Authorization context id","Name":"AuthenticationContextId","Option":"Write"},{"CIMType":"String","Description":"Specify if the Azure AD group setting should exist or not.","Name":"Ensure","Option":"Write","ValueMap":["Present"],"Values":["Present"]},{"CIMType":"MSFT_Credential","Description":"Credentials for the Microsoft Graph delegated permissions.","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory application to authenticate with.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures AAD PIM Group Settings."},{"ClassName":"MSFT_AADRemoteNetworkDeviceLinkbgpConfiguration","Parameters":[{"CIMType":"String","Description":"LocalIpAddress.","Name":"LocalIPAddress","Option":"Write"},{"CIMType":"String","Description":"PeerIpAddress.","Name":"PeerIPAddress","Option":"Write"},{"CIMType":"UInt32","Description":"Asn.","Name":"Asn","Option":"Write"}],"Description":"Use this resource to manage the Entra's Network Access Remote Networks, and related Device links."},{"ClassName":"MSFT_AADRemoteNetworkDeviceLinkRedundancyConfiguration","Parameters":[{"CIMType":"String","Description":"ZoneLocalIpAddress.","Name":"ZoneLocalIPAddress","Option":"Write"},{"CIMType":"String","Description":"RedundancyTier.","Name":"RedundancyTier","Option":"Write"}],"Description":"Use this resource to manage the Entra's Network Access Remote Networks, and related Device links."},{"ClassName":"MSFT_AADRemoteNetworkDeviceLinkTunnelConfiguration","Parameters":[{"CIMType":"String","Description":"PreSharedKey","Name":"PreSharedKey","Option":"Write"},{"CIMType":"String","Description":"ZoneRedundancyPreSharedKey","Name":"ZoneRedundancyPreSharedKey","Option":"Write"},{"CIMType":"UInt32","Description":"SaLifeTimeSeconds","Name":"SaLifeTimeSeconds","Option":"Write"},{"CIMType":"String","Description":"IpSecEncryption","Name":"IPSecEncryption","Option":"Write"},{"CIMType":"String","Description":"IpSecIntegrity","Name":"IPSecIntegrity","Option":"Write"},{"CIMType":"String","Description":"IkeEncryption","Name":"IKEEncryption","Option":"Write"},{"CIMType":"String","Description":"IkeIntegrity","Name":"IKEIntegrity","Option":"Write"},{"CIMType":"String","Description":"DhGroup","Name":"DHGroup","Option":"Write"},{"CIMType":"String","Description":"PfsGroup","Name":"PFSGroup","Option":"Write"},{"CIMType":"String","Description":"ODataType","Name":"ODataType","Option":"Write"}],"Description":"Use this resource to manage the Entra's Network Access Remote Networks, and related Device links."},{"ClassName":"MSFT_AADRemoteNetworkDeviceLink","Parameters":[{"CIMType":"String","Description":"Name of the Device Link","Name":"Name","Option":"Key"},{"CIMType":"String","Description":"IP Address","Name":"IPAddress","Option":"Write"},{"CIMType":"String","Description":"Bandwidth Capacity in Mbps","Name":"BandwidthCapacityInMbps","Option":"Write"},{"CIMType":"String","Description":"Device Vendor","Name":"DeviceVendor","Option":"Write"},{"CIMType":"MSFT_AADRemoteNetworkDeviceLinkbgpConfiguration","Description":"BgpConfiguration.","Name":"BgpConfiguration","Option":"Write"},{"CIMType":"MSFT_AADRemoteNetworkDeviceLinkRedundancyConfiguration","Description":"redundancyConfiguration.","Name":"RedundancyConfiguration","Option":"Write"},{"CIMType":"MSFT_AADRemoteNetworkDeviceLinkTunnelConfiguration","Description":"tunnelConfiguration","Name":"TunnelConfiguration","Option":"Write"}],"Description":"Use this resource to manage the Entra's Network Access Remote Networks, and related Device links."},{"ClassName":"MSFT_AADRemoteNetwork","Parameters":[{"CIMType":"String","Description":"Name of the remote network.","Name":"Name","Option":"Key"},{"CIMType":"String","Description":"Id of the remote network","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"Region","Name":"Region","Option":"Write"},{"CIMType":"String[]","Description":"List of the forwarding profile names associated to this remote network","Name":"ForwardingProfiles","Option":"Write"},{"CIMType":"MSFT_AADRemoteNetworkDeviceLink[]","Description":"Device Links associated to this remote network","Name":"DeviceLinks","Option":"Write"},{"CIMType":"string","Description":"Present ensures the instance exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Absent","Present"],"Values":["Absent","Present"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Use this resource to manage the Entra's Network Access Remote Networks, and related Device links."},{"ClassName":"MSFT_AADRoleAssignmentScheduleRequestScheduleRecurrenceRange","Parameters":[{"CIMType":"DATETIME","Description":"The date to stop applying the recurrence pattern. Depending on the recurrence pattern of the event, the last occurrence of the meeting may not be this date.","Name":"endDate","Option":"Required"},{"CIMType":"UInt32","Description":"The number of times to repeat the event. Required and must be positive if type is numbered.","Name":"numberOfOccurrences","Option":"Write"},{"CIMType":"String","Description":"Time zone for the startDate and endDate properties.","Name":"recurrenceTimeZone","Option":"Write"},{"CIMType":"DATETIME","Description":"The date to start applying the recurrence pattern. The first occurrence of the meeting may be this date or later, depending on the recurrence pattern of the event. Must be the same value as the start property of the recurring event.","Name":"startDate","Option":"Required"},{"CIMType":"String","Description":"The recurrence range. The possible values are: endDate, noEnd, numbered.","Name":"type","Option":"Required","ValueMap":["endDate","noEnd","numbered"],"Values":["endDate","noEnd","numbered"]}],"Description":"This resource configures an Azure Active Directory Privilege Identity Management assignment.\n\n**Please note:** The difference between start and end times of assignments must be at least 5 minutes. Lower assignment times will result in an error.\nAlso, if you attempt to remove or update an assignment less than 5 minutes after the last modification, it will fail as well."},{"ClassName":"MSFT_AADRoleAssignmentScheduleRequestScheduleRecurrencePattern","Parameters":[{"CIMType":"UInt32","Description":"The day of the month on which the event occurs.","Name":"dayOfMonth","Option":"Write"},{"CIMType":"String[]","Description":"A collection of the days of the week on which the event occurs. The possible values are: sunday, monday, tuesday, wednesday, thursday, friday, saturday","Name":"daysOfWeek","Option":"Write","ValueMap":["sunday","monday","tuesday","wednesday","thursday","friday","saturday"],"Values":["sunday","monday","tuesday","wednesday","thursday","friday","saturday"]},{"CIMType":"String","Description":"The first day of the week.","Name":"firstDayOfWeek","Option":"Write","ValueMap":["sunday","monday","tuesday","wednesday","thursday","friday","saturday"],"Values":["sunday","monday","tuesday","wednesday","thursday","friday","saturday"]},{"CIMType":"String","Description":"Specifies on which instance of the allowed days specified in daysOfWeek the event occurs, counted from the first instance in the month. The possible values are: first, second, third, fourth, last.","Name":"index","Option":"Write","ValueMap":["first","second","third","fourth","last"],"Values":["first","second","third","fourth","last"]},{"CIMType":"UInt32","Description":"The number of units between occurrences, where units can be in days, weeks, months, or years, depending on the type.","Name":"interval","Option":"Write"},{"CIMType":"UInt32","Description":"The month in which the event occurs. This is a number from 1 to 12.","Name":"month","Option":"Write"},{"CIMType":"String","Description":"The recurrence pattern type: daily, weekly, absoluteMonthly, relativeMonthly, absoluteYearly, relativeYearly.","Name":"type","Option":"Write","ValueMap":["daily","weekly","absoluteMonthly","relativeMonthly","absoluteYearly","relativeYearly"],"Values":["daily","weekly","absoluteMonthly","relativeMonthly","absoluteYearly","relativeYearly"]}],"Description":"This resource configures an Azure Active Directory Privilege Identity Management assignment.\n\n**Please note:** The difference between start and end times of assignments must be at least 5 minutes. Lower assignment times will result in an error.\nAlso, if you attempt to remove or update an assignment less than 5 minutes after the last modification, it will fail as well."},{"ClassName":"MSFT_AADRoleAssignmentScheduleRequestScheduleRecurrence","Parameters":[{"CIMType":"MSFT_AADRoleAssignmentScheduleRequestScheduleRecurrencePattern","Description":"The frequency of an event.","Name":"pattern","Option":"Write"},{"CIMType":"MSFT_AADRoleAssignmentScheduleRequestScheduleRecurrenceRange","Description":"The duration of an event.","Name":"range","Option":"Write"}],"Description":"This resource configures an Azure Active Directory Privilege Identity Management assignment.\n\n**Please note:** The difference between start and end times of assignments must be at least 5 minutes. Lower assignment times will result in an error.\nAlso, if you attempt to remove or update an assignment less than 5 minutes after the last modification, it will fail as well."},{"ClassName":"MSFT_AADRoleAssignmentScheduleRequestScheduleExpiration","Parameters":[{"CIMType":"String","Description":"The requestor's desired duration of access represented in ISO 8601 format for durations. For example, PT3H refers to three hours. If specified in a request, endDateTime should not be present and the type property should be set to afterDuration.","Name":"duration","Option":"Write"},{"CIMType":"String","Description":"Timestamp of date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.","Name":"endDateTime","Option":"Write"},{"CIMType":"String","Description":"The requestor's desired expiration pattern type. The possible values are: notSpecified, noExpiration, afterDateTime, afterDuration.","Name":"type","Option":"Write","ValueMap":["notSpecified","noExpiration","afterDateTime","afterDuration"],"Values":["notSpecified","noExpiration","afterDateTime","afterDuration"]}],"Description":"This resource configures an Azure Active Directory Privilege Identity Management assignment.\n\n**Please note:** The difference between start and end times of assignments must be at least 5 minutes. Lower assignment times will result in an error.\nAlso, if you attempt to remove or update an assignment less than 5 minutes after the last modification, it will fail as well."},{"ClassName":"MSFT_AADRoleAssignmentScheduleRequestSchedule","Parameters":[{"CIMType":"MSFT_AADRoleAssignmentScheduleRequestScheduleExpiration","Description":"When the eligible or active assignment expires.","Name":"expiration","Option":"Write"},{"CIMType":"MSFT_AADRoleAssignmentScheduleRequestScheduleRecurrence","Description":"The frequency of the eligible or active assignment. This property is currently unsupported in PIM.","Name":"recurrence","Option":"Write"},{"CIMType":"String","Description":"When the eligible or active assignment becomes active.","Name":"startDateTime","Option":"Write"}],"Description":"This resource configures an Azure Active Directory Privilege Identity Management assignment.\n\n**Please note:** The difference between start and end times of assignments must be at least 5 minutes. Lower assignment times will result in an error.\nAlso, if you attempt to remove or update an assignment less than 5 minutes after the last modification, it will fail as well."},{"ClassName":"MSFT_AADRoleAssignmentScheduleRequestTicketInfo","Parameters":[{"CIMType":"String","Description":"The ticket number.","Name":"ticketNumber","Option":"Write"},{"CIMType":"String","Description":"The description of the ticket system.","Name":"ticketSystem","Option":"Write"}],"Description":"This resource configures an Azure Active Directory Privilege Identity Management assignment.\n\n**Please note:** The difference between start and end times of assignments must be at least 5 minutes. Lower assignment times will result in an error.\nAlso, if you attempt to remove or update an assignment less than 5 minutes after the last modification, it will fail as well."},{"ClassName":"MSFT_AADRoleAssignmentScheduleRequest","Parameters":[{"CIMType":"String","Description":"User Principal Name of the assignment request.","Name":"Principal","Option":"Key"},{"CIMType":"String","Description":"Role associated with the assignment request.","Name":"RoleDefinition","Option":"Key"},{"CIMType":"String","Description":"Represented the type of principal to assign the request to. Accepted values are: Group and User.","Name":"PrincipalType","Option":"Write","ValueMap":["Group","User","ServicePrincipal"],"Values":["Group","User","ServicePrincipal"]},{"CIMType":"String","Description":"Identifier of the directory object representing the scope of the role assignment. The scope of an role assignment determines the set of resources for which the principal has been granted access. Directory scopes are shared scopes stored in the directory that are understood by multiple applications. Use / for tenant-wide scope. Use appScopeId to limit the scope to an application only. Either directoryScopeId or appScopeId is required.","Name":"DirectoryScopeId","Option":"Key"},{"CIMType":"String","Description":"Identifier for the Role Assignment Schedule Request.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"Identifier of the app-specific scope when the role assignment is scoped to an app. The scope of a role assignment determines the set of resources for which the principal is eligible to access. App scopes are scopes that are defined and understood by this application only. Use / for tenant-wide app scopes. Use directoryScopeId to limit the scope to particular directory objects, for example, administrative units. Either directoryScopeId or appScopeId is required.","Name":"AppScopeId","Option":"Write"},{"CIMType":"String","Description":"This parameter is deprecated and will be removed in a future release. Represents the type of operation on the role assignment request.The possible values are: adminAssign, adminUpdate, adminRemove, selfActivate, selfDeactivate, adminExtend, adminRenew, selfExtend, selfRenew, unknownFutureValue.","Name":"Action","Option":"Write","ValueMap":["adminAssign","adminUpdate","adminRemove","selfActivate","selfDeactivate","adminExtend","adminRenew","selfExtend","selfRenew","unknownFutureValue"],"Values":["adminAssign","adminUpdate","adminRemove","selfActivate","selfDeactivate","adminExtend","adminRenew","selfExtend","selfRenew","unknownFutureValue"]},{"CIMType":"Boolean","Description":"This parameter is deprecated and will be removed in a future release. Determines whether the call is a validation or an actual call. Only set this property if you want to check whether an activation is subject to additional rules like MFA before actually submitting the request.","Name":"IsValidationOnly","Option":"Write"},{"CIMType":"String","Description":"A message provided by users and administrators when create they create the unifiedRoileAssignmentScheduleRequest object. Optional when action is adminRemove. Whether this property is required or optional is also dependent on the settings for the Azure AD role.","Name":"Justification","Option":"Write"},{"CIMType":"MSFT_AADRoleAssignmentScheduleRequestSchedule","Description":"The period of the role assignment. Optional when action is adminRemove. The period of assignment is dependent on the settings of the Azure AD role.","Name":"ScheduleInfo","Option":"Write"},{"CIMType":"MSFT_AADRoleAssignmentScheduleRequestTicketInfo","Description":"This parameter is deprecated and will be removed in a future release. Ticket details linked to the role assignment request including details of the ticket number and ticket system.","Name":"TicketInfo","Option":"Write"},{"CIMType":"string","Description":"Present ensures the instance exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Intune Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory application to authenticate with.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures an Azure Active Directory Privilege Identity Management assignment.\n\n**Please note:** The difference between start and end times of assignments must be at least 5 minutes. Lower assignment times will result in an error.\nAlso, if you attempt to remove or update an assignment less than 5 minutes after the last modification, it will fail as well."},{"ClassName":"MSFT_AADRoleDefinition","Parameters":[{"CIMType":"String","Description":"Specifies a display name for the role definition.","Name":"DisplayName","Option":"Key"},{"CIMType":"string","Description":"Specifies Id for the role definition.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"Specifies a description for the role definition.","Name":"Description","Option":"Write"},{"CIMType":"String[]","Description":"Specifies the resource scopes for the role definition.","Name":"ResourceScopes","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies whether the role definition is enabled.","Name":"IsEnabled","Option":"Required"},{"CIMType":"String[]","Description":"Specifies permissions for the role definition.","Name":"RolePermissions","Option":"Required"},{"CIMType":"String","Description":"Specifies template id for the role definition.","Name":"TemplateId","Option":"Write"},{"CIMType":"String","Description":"Specifies version for the role definition.","Name":"Version","Option":"Write"},{"CIMType":"String","Description":"Specify if the Azure AD Role definition should exist or not.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Azure AD Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory application to authenticate with.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures an Azure Active Directory role definition.\nTo configure custom roles you require an Azure AD Premium P1 license.\nThe account used to configure role definitions based on this resource needs either to be a\n\"Global Administrator\" or a \"Privileged role administrator\"."},{"ClassName":"MSFT_AADRoleEligibilityScheduleRequestScheduleRecurrenceRange","Parameters":[{"CIMType":"String","Description":"The date to stop applying the recurrence pattern. Depending on the recurrence pattern of the event, the last occurrence of the meeting may not be this date.","Name":"endDate","Option":"Required"},{"CIMType":"UInt32","Description":"The number of times to repeat the event. Required and must be positive if type is numbered.","Name":"numberOfOccurrences","Option":"Write"},{"CIMType":"String","Description":"Time zone for the startDate and endDate properties.","Name":"recurrenceTimeZone","Option":"Write"},{"CIMType":"String","Description":"The date to start applying the recurrence pattern. The first occurrence of the meeting may be this date or later, depending on the recurrence pattern of the event. Must be the same value as the start property of the recurring event.","Name":"startDate","Option":"Required"},{"CIMType":"String","Description":"The recurrence range. The possible values are: endDate, noEnd, numbered.","Name":"type","Option":"Required","ValueMap":["endDate","noEnd","numbered"],"Values":["endDate","noEnd","numbered"]}],"Description":"Represents a request for a role eligibility for a principal through PIM. The role eligibility can be permanently eligible without an expiry date or temporarily eligible with an expiry date.\n\n**Please note:** The difference between start and end times of assignments must be at least 5 minutes. Lower assignment times will result in an error.\nAlso, if you attempt to remove or update an assignment less than 5 minutes after the last modification, it will fail as well."},{"ClassName":"MSFT_AADRoleEligibilityScheduleRequestScheduleRecurrencePattern","Parameters":[{"CIMType":"UInt32","Description":"The day of the month on which the event occurs.","Name":"dayOfMonth","Option":"Write"},{"CIMType":"String[]","Description":"A collection of the days of the week on which the event occurs. The possible values are: sunday, monday, tuesday, wednesday, thursday, friday, saturday","Name":"daysOfWeek","Option":"Write","ValueMap":["sunday","monday","tuesday","wednesday","thursday","friday","saturday"],"Values":["sunday","monday","tuesday","wednesday","thursday","friday","saturday"]},{"CIMType":"String","Description":"The first day of the week.","Name":"firstDayOfWeek","Option":"Write","ValueMap":["sunday","monday","tuesday","wednesday","thursday","friday","saturday"],"Values":["sunday","monday","tuesday","wednesday","thursday","friday","saturday"]},{"CIMType":"String","Description":"Specifies on which instance of the allowed days specified in daysOfWeek the event occurs, counted from the first instance in the month. The possible values are: first, second, third, fourth, last.","Name":"index","Option":"Write","ValueMap":["first","second","third","fourth","last"],"Values":["first","second","third","fourth","last"]},{"CIMType":"UInt32","Description":"The number of units between occurrences, where units can be in days, weeks, months, or years, depending on the type.","Name":"interval","Option":"Write"},{"CIMType":"UInt32","Description":"The month in which the event occurs. This is a number from 1 to 12.","Name":"month","Option":"Write"},{"CIMType":"String","Description":"The recurrence pattern type: daily, weekly, absoluteMonthly, relativeMonthly, absoluteYearly, relativeYearly.","Name":"type","Option":"Write","ValueMap":["daily","weekly","absoluteMonthly","relativeMonthly","absoluteYearly","relativeYearly"],"Values":["daily","weekly","absoluteMonthly","relativeMonthly","absoluteYearly","relativeYearly"]}],"Description":"Represents a request for a role eligibility for a principal through PIM. The role eligibility can be permanently eligible without an expiry date or temporarily eligible with an expiry date.\n\n**Please note:** The difference between start and end times of assignments must be at least 5 minutes. Lower assignment times will result in an error.\nAlso, if you attempt to remove or update an assignment less than 5 minutes after the last modification, it will fail as well."},{"ClassName":"MSFT_AADRoleEligibilityScheduleRequestScheduleRecurrence","Parameters":[{"CIMType":"MSFT_AADRoleEligibilityScheduleRequestScheduleRecurrencePattern","Description":"The frequency of an event.","Name":"pattern","Option":"Write"},{"CIMType":"MSFT_AADRoleEligibilityScheduleRequestScheduleRecurrenceRange","Description":"The duration of an event.","Name":"range","Option":"Write"}],"Description":"Represents a request for a role eligibility for a principal through PIM. The role eligibility can be permanently eligible without an expiry date or temporarily eligible with an expiry date.\n\n**Please note:** The difference between start and end times of assignments must be at least 5 minutes. Lower assignment times will result in an error.\nAlso, if you attempt to remove or update an assignment less than 5 minutes after the last modification, it will fail as well."},{"ClassName":"MSFT_AADRoleEligibilityScheduleRequestScheduleExpiration","Parameters":[{"CIMType":"String","Description":"The requestor's desired duration of access represented in ISO 8601 format for durations. For example, PT3H refers to three hours. If specified in a request, endDateTime should not be present and the type property should be set to afterDuration.","Name":"duration","Option":"Write"},{"CIMType":"String","Description":"Timestamp of date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.","Name":"endDateTime","Option":"Write"},{"CIMType":"String","Description":"The requestor's desired expiration pattern type. The possible values are: notSpecified, noExpiration, afterDateTime, afterDuration.","Name":"type","Option":"Write","ValueMap":["notSpecified","noExpiration","afterDateTime","afterDuration"],"Values":["notSpecified","noExpiration","afterDateTime","afterDuration"]}],"Description":"Represents a request for a role eligibility for a principal through PIM. The role eligibility can be permanently eligible without an expiry date or temporarily eligible with an expiry date.\n\n**Please note:** The difference between start and end times of assignments must be at least 5 minutes. Lower assignment times will result in an error.\nAlso, if you attempt to remove or update an assignment less than 5 minutes after the last modification, it will fail as well."},{"ClassName":"MSFT_AADRoleEligibilityScheduleRequestSchedule","Parameters":[{"CIMType":"MSFT_AADRoleEligibilityScheduleRequestScheduleExpiration","Description":"When the eligible or active assignment expires.","Name":"expiration","Option":"Write"},{"CIMType":"MSFT_AADRoleEligibilityScheduleRequestScheduleRecurrence","Description":"The frequency of the eligible or active assignment. This property is currently unsupported in PIM.","Name":"recurrence","Option":"Write"},{"CIMType":"String","Description":"When the eligible or active assignment becomes active.","Name":"startDateTime","Option":"Write"}],"Description":"Represents a request for a role eligibility for a principal through PIM. The role eligibility can be permanently eligible without an expiry date or temporarily eligible with an expiry date.\n\n**Please note:** The difference between start and end times of assignments must be at least 5 minutes. Lower assignment times will result in an error.\nAlso, if you attempt to remove or update an assignment less than 5 minutes after the last modification, it will fail as well."},{"ClassName":"MSFT_AADRoleEligibilityScheduleRequest","Parameters":[{"CIMType":"String","Description":"User Principal Name of the eligibility request.","Name":"Principal","Option":"Key"},{"CIMType":"String","Description":"Role associated with the eligibility request.","Name":"RoleDefinition","Option":"Key"},{"CIMType":"String","Description":"Represented the type of principal to assign the request to. Accepted values are: Group and User.","Name":"PrincipalType","Option":"Write","ValueMap":["Group","User"],"Values":["Group","User"]},{"CIMType":"String","Description":"Identifier of the directory object representing the scope of the role eligibility. The scope of an role eligibility determines the set of resources for which the principal has been granted access. Directory scopes are shared scopes stored in the directory that are understood by multiple applications. Use / for tenant-wide scope. Use appScopeId to limit the scope to an application only. Either directoryScopeId or appScopeId is required.","Name":"DirectoryScopeId","Option":"Key"},{"CIMType":"String","Description":"Identifier for the Role Eligibility Schedule Request.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"Identifier of the app-specific scope when the role eligibility is scoped to an app. The scope of a role eligibility determines the set of resources for which the principal is eligible to access. App scopes are scopes that are defined and understood by this application only. Use / for tenant-wide app scopes. Use directoryScopeId to limit the scope to particular directory objects, for example, administrative units. Either directoryScopeId or appScopeId is required.","Name":"AppScopeId","Option":"Write"},{"CIMType":"String","Description":"This parameter is deprecated and will be removed in a future release. Represents the type of operation on the role eligibility request.The possible values are: adminAssign, adminUpdate, adminRemove, selfActivate, selfDeactivate, adminExtend, adminRenew, selfExtend, selfRenew, unknownFutureValue.","Name":"Action","Option":"Write","ValueMap":["adminAssign","adminUpdate","adminRemove","selfActivate","selfDeactivate","adminExtend","adminRenew","selfExtend","selfRenew","unknownFutureValue"],"Values":["adminAssign","adminUpdate","adminRemove","selfActivate","selfDeactivate","adminExtend","adminRenew","selfExtend","selfRenew","unknownFutureValue"]},{"CIMType":"Boolean","Description":"This parameter is deprecated and will be removed in a future release. Determines whether the call is a validation or an actual call. Only set this property if you want to check whether an activation is subject to additional rules like MFA before actually submitting the request.","Name":"IsValidationOnly","Option":"Write"},{"CIMType":"String","Description":"A message provided by users and administrators when create they create the unifiedRoleEligibilityScheduleRequest object. Optional when action is adminRemove. Whether this property is required or optional is also dependent on the settings for the Azure AD role.","Name":"Justification","Option":"Write"},{"CIMType":"MSFT_AADRoleEligibilityScheduleRequestSchedule","Description":"The period of the role eligibility. Optional when action is adminRemove. The period of eligibility is dependent on the settings of the Azure AD role.","Name":"ScheduleInfo","Option":"Write"},{"CIMType":"string","Description":"Present ensures the instance exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Intune Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory application to authenticate with.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Represents a request for a role eligibility for a principal through PIM. The role eligibility can be permanently eligible without an expiry date or temporarily eligible with an expiry date.\n\n**Please note:** The difference between start and end times of assignments must be at least 5 minutes. Lower assignment times will result in an error.\nAlso, if you attempt to remove or update an assignment less than 5 minutes after the last modification, it will fail as well."},{"ClassName":"MSFT_AADRoleManagementPolicyRule","Parameters":[{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Key"},{"CIMType":"String","Description":"Role display name.","Name":"RoleDisplayName","Option":"Key"},{"CIMType":"String","Description":"Rule Type.","Name":"RuleType","Option":"Write"},{"CIMType":"String","Description":"Policy Id.","Name":"PolicyId","Option":"Write"},{"CIMType":"MSFT_AADRoleManagementPolicyExpirationRule","Description":"Expiration Rule.","Name":"ExpirationRule","Option":"Write"},{"CIMType":"MSFT_AADRoleManagementPolicyNotificationRule","Description":"Notification Rule.","Name":"NotificationRule","Option":"Write"},{"CIMType":"MSFT_AADRoleManagementPolicyEnablementRule","Description":"Enablement Rule.","Name":"EnablementRule","Option":"Write"},{"CIMType":"MSFT_AADRoleManagementPolicyApprovalRule","Description":"Approval Rule.","Name":"ApprovalRule","Option":"Write"},{"CIMType":"MSFT_AADRoleManagementPolicyAuthenticationContextRule","Description":"Authentication Context Rule.","Name":"AuthenticationContextRule","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Azure AD Role Management Policy Rule"},{"ClassName":"MSFT_AADRoleSetting","Parameters":[{"CIMType":"String","Description":"RuleDefinition DisplayName","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"Specifies the RoleId.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"Activation maximum duration (hours).","Name":"ActivationMaxDuration","Option":"Write"},{"CIMType":"Boolean","Description":"Require justification on activation (True/False)","Name":"ActivationReqJustification","Option":"Write"},{"CIMType":"Boolean","Description":"Require ticket information on activation (True/False)","Name":"ActivationReqTicket","Option":"Write"},{"CIMType":"Boolean","Description":"Require MFA on activation (True/False)","Name":"ActivationReqMFA","Option":"Write"},{"CIMType":"Boolean","Description":"Require approval to activate (True/False)","Name":"ApprovaltoActivate","Option":"Write"},{"CIMType":"String[]","Description":"Approver User UPN and/or Group Displayname","Name":"ActivateApprover","Option":"Write"},{"CIMType":"Boolean","Description":"Allow permanent eligible assignment (True/False)","Name":"PermanentEligibleAssignmentisExpirationRequired","Option":"Write"},{"CIMType":"String","Description":"Expire eligible assignments after (Days)","Name":"ExpireEligibleAssignment","Option":"Write"},{"CIMType":"Boolean","Description":"Allow permanent active assignment (True/False)","Name":"PermanentActiveAssignmentisExpirationRequired","Option":"Write"},{"CIMType":"String","Description":"Expire active assignments after (Days)","Name":"ExpireActiveAssignment","Option":"Write"},{"CIMType":"Boolean","Description":"Require Azure Multi-Factor Authentication on active assignment (True/False)","Name":"AssignmentReqMFA","Option":"Write"},{"CIMType":"Boolean","Description":"Require justification on active assignment (True/False)","Name":"AssignmentReqJustification","Option":"Write"},{"CIMType":"Boolean","Description":"Require Azure Multi-Factor Authentication on eligible assignment (True/False)","Name":"ElegibilityAssignmentReqMFA","Option":"Write"},{"CIMType":"Boolean","Description":"Require justification on eligible assignment (True/False)","Name":"ElegibilityAssignmentReqJustification","Option":"Write"},{"CIMType":"Boolean","Description":"Send notifications when members are assigned as eligible to this role: Role assignment alert, default recipient (True/False)","Name":"EligibleAlertNotificationDefaultRecipient","Option":"Write"},{"CIMType":"String[]","Description":"Send notifications when members are assigned as eligible to this role: Role assignment alert, additional recipient (UPN)","Name":"EligibleAlertNotificationAdditionalRecipient","Option":"Write"},{"CIMType":"Boolean","Description":"Send notifications when members are assigned as eligible to this role: Role assignment alert, only critical Email (True/False)","Name":"EligibleAlertNotificationOnlyCritical","Option":"Write"},{"CIMType":"Boolean","Description":"Send notifications when members are assigned as eligible to this role: Notification to the assigned user (assignee), default recipient (True/False)","Name":"EligibleAssigneeNotificationDefaultRecipient","Option":"Write"},{"CIMType":"String[]","Description":"Send notifications when members are assigned as eligible to this role: Notification to the assigned user (assignee), additional recipient (UPN)","Name":"EligibleAssigneeNotificationAdditionalRecipient","Option":"Write"},{"CIMType":"Boolean","Description":"Send notifications when members are assigned as eligible to this role: Notification to the assigned user (assignee), only critical Email (True/False)","Name":"EligibleAssigneeNotificationOnlyCritical","Option":"Write"},{"CIMType":"Boolean","Description":"Send notifications when members are assigned as eligible to this role: Request to approve a role assignment renewal/extension, default recipient (True/False)","Name":"EligibleApproveNotificationDefaultRecipient","Option":"Write"},{"CIMType":"String[]","Description":"Send notifications when members are assigned as eligible to this role: Request to approve a role assignment renewal/extension, additional recipient (UPN)","Name":"EligibleApproveNotificationAdditionalRecipient","Option":"Write"},{"CIMType":"Boolean","Description":"Send notifications when members are assigned as eligible to this role: Request to approve a role assignment renewal/extension, only critical Email (True/False)","Name":"EligibleApproveNotificationOnlyCritical","Option":"Write"},{"CIMType":"Boolean","Description":"Send notifications when members are assigned as active to this role: Role assignment alert, default recipient (True/False)","Name":"ActiveAlertNotificationDefaultRecipient","Option":"Write"},{"CIMType":"String[]","Description":"Send notifications when members are assigned as active to this role: Role assignment alert, additional recipient (UPN)","Name":"ActiveAlertNotificationAdditionalRecipient","Option":"Write"},{"CIMType":"Boolean","Description":"Send notifications when members are assigned as active to this role: Role assignment alert, only critical Email (True/False)","Name":"ActiveAlertNotificationOnlyCritical","Option":"Write"},{"CIMType":"Boolean","Description":"Send notifications when members are assigned as active to this role: Notification to the assigned user (assignee), default recipient (True/False)","Name":"ActiveAssigneeNotificationDefaultRecipient","Option":"Write"},{"CIMType":"String[]","Description":"Send notifications when members are assigned as active to this role: Notification to the assigned user (assignee), additional recipient (UPN)","Name":"ActiveAssigneeNotificationAdditionalRecipient","Option":"Write"},{"CIMType":"Boolean","Description":"Send notifications when members are assigned as active to this role: Notification to the assigned user (assignee), only critical Email (True/False)","Name":"ActiveAssigneeNotificationOnlyCritical","Option":"Write"},{"CIMType":"Boolean","Description":"Send notifications when members are assigned as active to this role: Request to approve a role assignment renewal/extension, default recipient (True/False)","Name":"ActiveApproveNotificationDefaultRecipient","Option":"Write"},{"CIMType":"String[]","Description":"Send notifications when members are assigned as active to this role: Request to approve a role assignment renewal/extension, additional recipient (UPN)","Name":"ActiveApproveNotificationAdditionalRecipient","Option":"Write"},{"CIMType":"Boolean","Description":"Send notifications when members are assigned as active to this role: Request to approve a role assignment renewal/extension, only critical Email (True/False)","Name":"ActiveApproveNotificationOnlyCritical","Option":"Write"},{"CIMType":"Boolean","Description":"Send notifications when eligible members activate this role: Role assignment alert, default recipient (True/False)","Name":"EligibleAssignmentAlertNotificationDefaultRecipient","Option":"Write"},{"CIMType":"String[]","Description":"Send notifications when eligible members activate this role: Role assignment alert, additional recipient (UPN)","Name":"EligibleAssignmentAlertNotificationAdditionalRecipient","Option":"Write"},{"CIMType":"Boolean","Description":"Send notifications when eligible members activate this role: Role assignment alert, only critical Email (True/False)","Name":"EligibleAssignmentAlertNotificationOnlyCritical","Option":"Write"},{"CIMType":"Boolean","Description":"Send notifications when eligible members activate this role: Notification to activated user (requestor), default recipient (True/False)","Name":"EligibleAssignmentAssigneeNotificationDefaultRecipient","Option":"Write"},{"CIMType":"String[]","Description":"Send notifications when eligible members activate this role: Notification to activated user (requestor), additional recipient (UPN)","Name":"EligibleAssignmentAssigneeNotificationAdditionalRecipient","Option":"Write"},{"CIMType":"Boolean","Description":"Send notifications when eligible members activate this role: Notification to activated user (requestor), only critical Email (True/False)","Name":"EligibleAssignmentAssigneeNotificationOnlyCritical","Option":"Write"},{"CIMType":"Boolean","Description":"Authorization context is required (True/False)","Name":"AuthenticationContextRequired","Option":"Write"},{"CIMType":"String","Description":"Descriptive name of associated authorization context","Name":"AuthenticationContextName","Option":"Write"},{"CIMType":"String","Description":"Authorization context id","Name":"AuthenticationContextId","Option":"Write"},{"CIMType":"String","Description":"Specify if the Azure AD role setting should exist or not.","Name":"Ensure","Option":"Write","ValueMap":["Present"],"Values":["Present"]},{"CIMType":"MSFT_Credential","Description":"Credentials for the Microsoft Graph delegated permissions.","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory application to authenticate with.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures AAD Role Settings."},{"ClassName":"MSFT_AADSecurityDefaults","Parameters":[{"CIMType":"String","Description":"Only valid value is 'Yes'.","Name":"IsSingleInstance","Option":"Key","ValueMap":["Yes"],"Values":["Yes"]},{"CIMType":"String","Description":"Display name of the security defaults.","Name":"DisplayName","Option":"Write"},{"CIMType":"String","Description":"Description of the security defaults.","Name":"Description","Option":"Write"},{"CIMType":"Boolean","Description":"Represents whether or not security defaults are enabled.","Name":"IsEnabled","Option":"Write"},{"CIMType":"String","Description":"Specify if the Azure AD App should exist or not.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory application to authenticate with.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Credentials of the Azure AD Admin","Name":"Credential","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures the Security Defaults in Azure Active Directory."},{"ClassName":"MSFT_AADServicePrincipalRoleAssignment","Parameters":[{"CIMType":"String","Description":"Type of principal. Accepted values are User or Group","Name":"PrincipalType","Option":"Key","ValueMap":["Group","User"],"Values":["Group","User"]},{"CIMType":"String","Description":"Unique identity representing the principal.","Name":"Identity","Option":"Key"}],"Description":"This resource configures an Azure Active Directory ServicePrincipal."},{"ClassName":"MSFT_AADServicePrincipalDelegatedPermissionClassification","Parameters":[{"CIMType":"String","Description":"Classification of the delegated permission","Name":"Classification","Option":"Write","ValueMap":["low","medium","high"],"Values":["low","medium","high"]},{"CIMType":"String","Description":"Name of the permission","Name":"PermissionName","Option":"Key"}],"Description":"This resource configures an Azure Active Directory ServicePrincipal."},{"ClassName":"MSFT_AADServicePrincipalAttributeValue","Parameters":[{"CIMType":"String","Description":"Name of the Attribute","Name":"AttributeName","Option":"Key"},{"CIMType":"String[]","Description":"If the attribute has a string array value","Name":"StringArrayValue","Option":"Write"},{"CIMType":"UInt32[]","Description":"If the attribute has a int array value","Name":"IntArrayValue","Option":"Write"},{"CIMType":"String","Description":"If the attribute has a string value","Name":"StringValue","Option":"Write"},{"CIMType":"UInt32","Description":"If the attribute has a int value","Name":"IntValue","Option":"Write"},{"CIMType":"Boolean","Description":"If the attribute has a boolean value","Name":"BoolValue","Option":"Write"}],"Description":"This resource configures an Azure Active Directory ServicePrincipal."},{"ClassName":"MSFT_AADServicePrincipalAttributeSet","Parameters":[{"CIMType":"String","Description":"Attribute Set Name.","Name":"AttributeSetName","Option":"Key"},{"CIMType":"MSFT_AADServicePrincipalAttributeValue[]","Description":"List of attribute values.","Name":"AttributeValues","Option":"Write"}],"Description":"This resource configures an Azure Active Directory ServicePrincipal."},{"ClassName":"MSFT_AADServicePrincipal","Parameters":[{"CIMType":"String","Description":"The unique identifier for the associated application.","Name":"AppId","Option":"Key"},{"CIMType":"MSFT_AADServicePrincipalRoleAssignment[]","Description":"App role assignments for this app or service, granted to users, groups, and other service principals.","Name":"AppRoleAssignedTo","Option":"Write"},{"CIMType":"String","Description":"The ObjectID of the ServicePrincipal","Name":"ObjectID","Option":"Write"},{"CIMType":"String","Description":"Displayname of the ServicePrincipal.","Name":"DisplayName","Option":"Write"},{"CIMType":"String[]","Description":"The alternative names for this service principal","Name":"AlternativeNames","Option":"Write"},{"CIMType":"Boolean","Description":"True if the service principal account is enabled; otherwise, false.","Name":"AccountEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether an application role assignment is required.","Name":"AppRoleAssignmentRequired","Option":"Write"},{"CIMType":"String","Description":"Specifies the error URL of the ServicePrincipal.","Name":"ErrorUrl","Option":"Write"},{"CIMType":"String","Description":"Specifies the homepage of the ServicePrincipal.","Name":"Homepage","Option":"Write"},{"CIMType":"String","Description":"Specifies the LogoutURL of the ServicePrincipal.","Name":"LogoutUrl","Option":"Write"},{"CIMType":"String","Description":"Notes associated with the ServicePrincipal.","Name":"Notes","Option":"Write"},{"CIMType":"String","Description":"Specifies the PublisherName of the ServicePrincipal.","Name":"PublisherName","Option":"Write"},{"CIMType":"String[]","Description":"List of the owners of the service principal.","Name":"Owners","Option":"Write"},{"CIMType":"String","Description":"Specifies the signle sign-on mode configured for this application.","Name":"PreferredSingleSignOnMode","Option":"Write"},{"CIMType":"String[]","Description":"The URLs that user tokens are sent to for sign in with the associated application, or the redirect URIs that OAuth 2.0 authorization codes and access tokens are sent to for the associated application.","Name":"ReplyUrls","Option":"Write"},{"CIMType":"String","Description":"The URL for the SAML metadata of the ServicePrincipal.","Name":"SamlMetadataUrl","Option":"Write"},{"CIMType":"String[]","Description":"Specifies an array of service principal names. Based on the identifierURIs collection, plus the application's appId property, these URIs are used to reference an application's service principal.","Name":"ServicePrincipalNames","Option":"Write"},{"CIMType":"String","Description":"The type of the service principal.","Name":"ServicePrincipalType","Option":"Write"},{"CIMType":"String[]","Description":"Tags linked to this service principal.Note that if you intend for this service principal to show up in the All Applications list in the admin portal, you need to set this value to {WindowsAzureActiveDirectoryIntegratedApp}","Name":"Tags","Option":"Write"},{"CIMType":"MSFT_AADServicePrincipalDelegatedPermissionClassification[]","Description":"The permission classifications for delegated permissions exposed by the app that this service principal represents.","Name":"DelegatedPermissionClassifications","Option":"Write"},{"CIMType":"MSFT_AADServicePrincipalAttributeSet[]","Description":"The list of custom security attributes attached to this SPN","Name":"CustomSecurityAttributes","Option":"Write"},{"CIMType":"String","Description":"Specify if the Azure AD App should exist or not.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory application to authenticate with.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Credentials of the Azure AD Admin","Name":"Credential","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphpasswordCredential[]","Description":"The collection of password credentials associated with the service principal. Not nullable.","Name":"PasswordCredentials","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphkeyCredential[]","Description":"The collection of key credentials associated with the service principal. Not nullable. Supports $filter (eq, NOT, ge, le).","Name":"KeyCredentials","Option":"Write"}],"Description":"This resource configures an Azure Active Directory ServicePrincipal."},{"ClassName":"MSFT_AADSocialIdentityProvider","Parameters":[{"CIMType":"String","Description":"The client identifier for the application obtained when registering the application with the identity provider.","Name":"ClientId","Option":"Key"},{"CIMType":"String","Description":"The client secret for the application that is obtained when the application is registered with the identity provider. This is write-only. A read operation returns ****.","Name":"ClientSecret","Option":"Write"},{"CIMType":"String","Description":"The display name of the identity provider.","Name":"DisplayName","Option":"Write"},{"CIMType":"String","Description":"For a B2B scenario, possible values: Google, Facebook. For a B2C scenario, possible values: Microsoft, Google, Amazon, LinkedIn, Facebook, GitHub, Twitter, Weibo, QQ, WeChat.","Name":"IdentityProviderType","Option":"Write","ValueMap":["AADSignup","EmailOTP","Microsoft","MicrosoftAccount","Google","Amazon","LinkedIn","Facebook","GitHub","Twitter","Weibo","QQ","WeChat"],"Values":["AADSignup","EmailOTP","Microsoft","MicrosoftAccount","Google","Amazon","LinkedIn","Facebook","GitHub","Twitter","Weibo","QQ","WeChat"]},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Represents identity providers with External Identities for both Microsoft Entra ID and Azure AD B2C tenants. For Microsoft Entra B2B scenarios in a Microsoft Entra tenant, the identity provider type can be Google or Facebook."},{"ClassName":"MSFT_AADTenantAppManagementPolicyRestrictionsCredential","Parameters":[{"CIMType":"string[]","Description":"Collection of GUIDs of certificateBasedApplicationConfiguration objects that represent trusted certificate authorities. Used when restrictionType is set to trustedCertificateAuthority for keyCredentials.","Name":"CertificateBasedApplicationConfigurationIds","Option":"Write"},{"CIMType":"string","Description":"String value that indicates the maximum lifetime for password expiration, defined as an ISO 8601 duration. For example, P4DT12H30M5S represents four days, 12 hours, 30 minutes, and five seconds. This property is required when restrictionType is set to passwordLifetime.","Name":"MaxLifetime","Option":"Write"},{"CIMType":"string","Description":"Specifies the date from which the policy restriction applies to newly created applications. For existing applications, the enforcement date can be retroactively applied.","Name":"RestrictForAppsCreatedAfterDateTime","Option":"Write"},{"CIMType":"string","Description":"The type of restriction being applied. The possible values are: passwordAddition, passwordLifetime, symmetricKeyAddition, symmetricKeyLifetime, customPasswordAddition, asymmetricKeyLifetime, trustedCertificateAuthority, and unknownFutureValue. Each value of restrictionType can be used only once per policy.","Name":"RestrictionType","Option":"Key"},{"CIMType":"string","Description":"Indicates whether the restriction is evaluated. The possible values are: enabled, disabled, unknownFutureValue. If enabled, the restriction is evaluated. If disabled, the restriction isn't evaluated or enforced.","Name":"State","Option":"Write"}],"Description":"Tenant-wide application authentication method policy to enforce app management restrictions for all applications and service principals."},{"ClassName":"MSFT_AADTenantAppManagementPolicyRestrictions","Parameters":[{"CIMType":"MSFT_AADTenantAppManagementPolicyRestrictionsCredential[]","Description":"Collection of keyCredential restrictions settings to be applied to an application or service principal.","Name":"KeyCredentials","Option":"Write"},{"CIMType":"MSFT_AADTenantAppManagementPolicyRestrictionsCredential[]","Description":"Collection of password restrictions settings to be applied to an application or service principal.","Name":"PasswordCredentials","Option":"Write"}],"Description":"Tenant-wide application authentication method policy to enforce app management restrictions for all applications and service principals."},{"ClassName":"MSFT_AADTenantAppManagementPolicy","Parameters":[{"CIMType":"String","Description":"The display name of the policy.","Name":"DisplayName","Option":"Write"},{"CIMType":"String","Description":"Only valid value is 'Yes'.","Name":"IsSingleInstance","Option":"Key","ValueMap":["Yes"],"Values":["Yes"]},{"CIMType":"String","Description":"The description of the policy.","Name":"Description","Option":"Write"},{"CIMType":"Boolean","Description":"Denotes whether the policy is enabled.","Name":"IsEnabled","Option":"Write"},{"CIMType":"MSFT_AADTenantAppManagementPolicyRestrictions","Description":"Restrictions that apply to an application  object.","Name":"ApplicationRestrictions","Option":"Write"},{"CIMType":"MSFT_AADTenantAppManagementPolicyRestrictions","Description":"Restrictions that apply to a service principal  object.","Name":"ServicePrincipalRestrictions","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Tenant-wide application authentication method policy to enforce app management restrictions for all applications and service principals."},{"ClassName":"MSFT_AADTenantDetails","Parameters":[{"CIMType":"String","Description":"Only valid value is 'Yes'.","Name":"IsSingleInstance","Option":"Key","ValueMap":["Yes"],"Values":["Yes"]},{"CIMType":"String[]","Description":"Email-addresses from the people who should receive Marketing Notifications","Name":"MarketingNotificationEmails","Option":"Write"},{"CIMType":"String[]","Description":"Email-addresses from the people who should receive Security Compliance Notifications","Name":"SecurityComplianceNotificationMails","Option":"Write"},{"CIMType":"String[]","Description":"Phone Numbers from the people who should receive Security Notifications","Name":"SecurityComplianceNotificationPhones","Option":"Write"},{"CIMType":"String[]","Description":"Email-addresses from the people who should receive Technical Notifications","Name":"TechnicalNotificationMails","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Credentials of the Azure Active Directory Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory application to authenticate with.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures the Azure AD Tenant Details"},{"ClassName":"MSFT_AADTokenIssuancePolicy","Parameters":[{"CIMType":"String","Description":"Display name for this policy. Required.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"Unique identifier for this policy. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"Boolean","Description":"The token-issuance policy can only be applied to service principals and can't be set globally for the organization.","Name":"IsOrganizationDefault","Option":"Write"},{"CIMType":"String","Description":"Description for this policy.","Name":"Description","Option":"Write"},{"CIMType":"String[]","Description":"A string collection containing a JSON string that defines the rules and settings for this policy. See below for more details about the JSON schema for this property. Required.","Name":"Definition","Option":"Write"},{"CIMType":"string","Description":"Present ensures the instance exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Absent","Present"],"Values":["Absent","Present"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Represents the policy to specify the characteristics of SAML tokens issued by Microsoft Entra ID."},{"ClassName":"MSFT_AADTokenLifetimePolicy","Parameters":[{"CIMType":"string","Description":"DisplayName of the Policy","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"ObjectID of the Policy.","Name":"Id","Option":"Write"},{"CIMType":"string","Description":"Description of the Policy.","Name":"Description","Option":"Write"},{"CIMType":"String[]","Description":"Definition of the Policy.","Name":"Definition","Option":"Write"},{"CIMType":"Boolean","Description":"IsOrganizationDefault of the Policy.","Name":"IsOrganizationDefault","Option":"Write"},{"CIMType":"String","Description":"Specify if the Azure AD Policy should exist or not.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials for the Microsoft Graph delegated permissions.","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory application to authenticate with.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures the Azure AD Token Lifetime Policies"},{"ClassName":"MSFT_AADUser","Parameters":[{"CIMType":"String","Description":"The login name of the user","Name":"UserPrincipalName","Option":"Key"},{"CIMType":"Boolean","Description":"Specifies whether the user account is enabled or not. Required when a user is created.","Name":"AccountEnabled","Option":"Write"},{"CIMType":"String","Description":"The display name for the user","Name":"DisplayName","Option":"Write"},{"CIMType":"String","Description":"The first name of the user","Name":"FirstName","Option":"Write"},{"CIMType":"String","Description":"The last name of the user","Name":"LastName","Option":"Write"},{"CIMType":"String[]","Description":"The list of Azure Active Directory roles assigned to the user.","Name":"Roles","Option":"Write"},{"CIMType":"String","Description":"The country code the user will be assigned to","Name":"UsageLocation","Option":"Write"},{"CIMType":"String[]","Description":"The account SKU Id for the license to be assigned to the user","Name":"LicenseAssignment","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"The password for the account. The parameter is a PSCredential object, but only the Password component will be used. If Password is not supplied for a new resource a new random password will be generated. Property will only be used when creating the user and not on subsequent updates.","Name":"Password","Option":"Write"},{"CIMType":"String","Description":"The City name of the user","Name":"City","Option":"Write"},{"CIMType":"String","Description":"The Country name of the user","Name":"Country","Option":"Write"},{"CIMType":"String","Description":"The Department name of the user","Name":"Department","Option":"Write"},{"CIMType":"String","Description":"The Fax Number of the user","Name":"Fax","Option":"Write"},{"CIMType":"String[]","Description":"The Groups that the user is a direct member of","Name":"MemberOf","Option":"Write"},{"CIMType":"String","Description":"The Mobile Phone Number of the user","Name":"MobilePhone","Option":"Write"},{"CIMType":"String","Description":"The Office Name of the user","Name":"Office","Option":"Write"},{"CIMType":"String","Description":"The mail address of the user","Name":"Mail","Option":"Write"},{"CIMType":"String[]","Description":"The other mails assigned to the user","Name":"OtherMails","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies whether the user password expires periodically. Default value is false","Name":"PasswordNeverExpires","Option":"Write"},{"CIMType":"String","Description":"Specifies password policies for the user.","Name":"PasswordPolicies","Option":"Write"},{"CIMType":"String","Description":"The Phone Number of the user","Name":"PhoneNumber","Option":"Write"},{"CIMType":"String","Description":"The Postal Code of the user","Name":"PostalCode","Option":"Write"},{"CIMType":"String","Description":"The Preferred Language of the user","Name":"PreferredLanguage","Option":"Write"},{"CIMType":"String","Description":"Specifies the state or province where the user is located","Name":"State","Option":"Write"},{"CIMType":"String","Description":"Specifies the street address of the user","Name":"StreetAddress","Option":"Write"},{"CIMType":"String","Description":"Specifies the title of the user","Name":"Title","Option":"Write"},{"CIMType":"String","Description":"Specifies the title of the user","Name":"UserType","Option":"Write","ValueMap":["Guest","Member","Other","Viral"],"Values":["Guest","Member","Other","Viral"]},{"CIMType":"String","Description":"Present ensures the user exists, absent ensures it is removed","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Name of the Azure Active Directory tenant used for authentication. Format contoso.onmicrosoft.com","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory application used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource allows users to create Azure AD Users and assign them licenses, roles and/or groups.\n\nIf using with AADGroup, be aware that if AADUser->MemberOf is being specified and the referenced group is configured with AADGroup->Member then a conflict may arise if the two don't match. It is usually best to choose only one of them. See AADGroup"},{"ClassName":"MSFT_AADUserFlowAttribute","Parameters":[{"CIMType":"String","Description":"User flow attribute Id.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"Display name of the user flow attribute.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"Description of the user flow attribute.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Defines the user flow attribute data type.","Name":"DataType","Option":"Write"},{"CIMType":"String","Description":"Specify if the Azure AD role setting should exist or not.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials for the Microsoft Graph delegated permissions.","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory application to authenticate with.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configure User flow attributes which are custom attributes that you can define and use in your user flows, which are predefined, configurable policies that control the user experience during sign-up, sign-in, and profile editing processes."},{"ClassName":"MSFT_AADVerifiedIdAuthorityKeyVaultMetadata","Parameters":[{"CIMType":"String","Description":"Subscription ID of the Key Vault.","Name":"SubscriptionId","Option":"Write"},{"CIMType":"String","Description":"Resource group of the Key Vault.","Name":"ResourceGroup","Option":"Write"},{"CIMType":"String","Description":"Resource name of the Key Vault.","Name":"ResourceName","Option":"Write"},{"CIMType":"String","Description":"Resource URL of the Key Vault.","Name":"ResourceUrl","Option":"Write"}],"Description":"Azure AD Verified Identity Authority\n\nUse the VerifiableCredential.Authority.ReadWrite permission to read and write the authority.\n\nDocumentation Link: <https://learn.microsoft.com/en-us/entra/verified-id/admin-api#authorities/>"},{"ClassName":"MSFT_AADVerifiedIdAuthority","Parameters":[{"CIMType":"String","Description":"Name of the Verified ID Authority.","Name":"Name","Option":"Write"},{"CIMType":"String","Description":"Id of the Verified ID Authority.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"URL of the linked domain.","Name":"LinkedDomainUrl","Option":"Key"},{"CIMType":"String","Description":"DID method used by the Verified ID Authority.","Name":"DidMethod","Option":"Write"},{"CIMType":"MSFT_AADVerifiedIdAuthorityKeyVaultMetadata","Description":"Key Vault metadata for the Verified ID Authority.","Name":"KeyVaultMetadata","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Azure AD Verified Identity Authority\n\nUse the VerifiableCredential.Authority.ReadWrite permission to read and write the authority.\n\nDocumentation Link: <https://learn.microsoft.com/en-us/entra/verified-id/admin-api#authorities/>"},{"ClassName":"MSFT_AADVerifiedIdAuthorityContractDisplayCredentialLogo","Parameters":[{"CIMType":"String","Description":"URI of the logo. If this is a URL, it must be reachable over the public internet anonymously.","Name":"uri","Option":"Write"},{"CIMType":"String","Description":"Description of the logo.","Name":"description","Option":"Write"}],"Description":"Azure AD Verified Identity Authority Contract\nUse the VerifiableCredential.Contract.ReadWrite permission to read and write the authority contract.\nDocumentation Link: <https://learn.microsoft.com/en-us/entra/verified-id/admin-api#contracts/>"},{"ClassName":"MSFT_AADVerifiedIdAuthorityContractDisplayCard","Parameters":[{"CIMType":"String","Description":"Title of the credential.","Name":"title","Option":"Write"},{"CIMType":"String","Description":"The name of the issuer of the credential.","Name":"issuedBy","Option":"Write"},{"CIMType":"String","Description":"Background color of the credential in hex, for example, #FFAABB.","Name":"backgroundColor","Option":"Write"},{"CIMType":"String","Description":"Text color of the credential in hex, for example, #FFAABB.","Name":"textColor","Option":"Write"},{"CIMType":"String","Description":"Supplemental text displayed alongside each credential.","Name":"description","Option":"Write"}],"Description":"Azure AD Verified Identity Authority Contract\nUse the VerifiableCredential.Contract.ReadWrite permission to read and write the authority contract.\nDocumentation Link: <https://learn.microsoft.com/en-us/entra/verified-id/admin-api#contracts/>"},{"ClassName":"MSFT_AADVerifiedIdAuthorityContractDisplayConsent","Parameters":[{"CIMType":"String","Description":"Title of the consent.","Name":"title","Option":"Write"},{"CIMType":"String","Description":"Supplemental text to use when displaying consent.","Name":"instructions","Option":"Write"}],"Description":"Azure AD Verified Identity Authority Contract\nUse the VerifiableCredential.Contract.ReadWrite permission to read and write the authority contract.\nDocumentation Link: <https://learn.microsoft.com/en-us/entra/verified-id/admin-api#contracts/>"},{"ClassName":"MSFT_AADVerifiedIdAuthorityContractDisplayClaims","Parameters":[{"CIMType":"String","Description":"The label of the claim in display.","Name":"label","Option":"Write"},{"CIMType":"String","Description":"The name of the claim to which the label applies.","Name":"claim","Option":"Write"},{"CIMType":"String","Description":"The type of the claim.","Name":"type","Option":"Write"},{"CIMType":"String","Description":"The description of the claim.","Name":"description","Option":"Write"}],"Description":"Azure AD Verified Identity Authority Contract\nUse the VerifiableCredential.Contract.ReadWrite permission to read and write the authority contract.\nDocumentation Link: <https://learn.microsoft.com/en-us/entra/verified-id/admin-api#contracts/>"},{"ClassName":"MSFT_AADVerifiedIdAuthorityContractDisplayModel","Parameters":[{"CIMType":"String","Description":"The locale of this display.","Name":"locale","Option":"Write"}],"Description":"Azure AD Verified Identity Authority Contract\nUse the VerifiableCredential.Contract.ReadWrite permission to read and write the authority contract.\nDocumentation Link: <https://learn.microsoft.com/en-us/entra/verified-id/admin-api#contracts/>"},{"ClassName":"MSFT_AADVerifiedIdAuthorityContractClaimMapping","Parameters":[{"CIMType":"String","Description":"The name of the claim to use from the input.","Name":"inputClaim","Option":"Write"},{"CIMType":"String","Description":"The name of the claim in the verifiable credential.","Name":"outputClaim","Option":"Write"},{"CIMType":"Boolean","Description":"Indicating whether the value of this claim is used for searching.","Name":"indexed","Option":"Write"},{"CIMType":"Boolean","Description":"Indicating whether this mapping is required or not.","Name":"required","Option":"Write"},{"CIMType":"String","Description":"Type of claim.","Name":"type","Option":"Write"}],"Description":"Azure AD Verified Identity Authority Contract\nUse the VerifiableCredential.Contract.ReadWrite permission to read and write the authority contract.\nDocumentation Link: <https://learn.microsoft.com/en-us/entra/verified-id/admin-api#contracts/>"},{"ClassName":"MSFT_AADVerifiedIdAuthorityContractAttestationValues","Parameters":[{"CIMType":"Boolean","Description":"Indicating whether this attestation is required or not.","Name":"required","Option":"Write"},{"CIMType":"String[]","Description":"A list of DIDs allowed to issue the verifiable credential for this contract.","Name":"trustedIssuers","Option":"Write"},{"CIMType":"String","Description":"Required credential type of the input.","Name":"credentialType","Option":"Write"},{"CIMType":"String","Description":"Location of the identity provider's configuration document.","Name":"configuration","Option":"Write"},{"CIMType":"String","Description":"Client ID to use when obtaining the ID token.","Name":"clientId","Option":"Write"},{"CIMType":"String","Description":"Redirect URI to use when obtaining the ID token. MUST BE vcclient://openid/","Name":"redirectUri","Option":"Write"},{"CIMType":"String","Description":"Space delimited list of scopes to use when obtaining the ID token.","Name":"scopeValue","Option":"Write"}],"Description":"Azure AD Verified Identity Authority Contract\nUse the VerifiableCredential.Contract.ReadWrite permission to read and write the authority contract.\nDocumentation Link: <https://learn.microsoft.com/en-us/entra/verified-id/admin-api#contracts/>"},{"ClassName":"MSFT_AADVerifiedIdAuthorityContractAttestations","Parameters":[],"Description":"Azure AD Verified Identity Authority Contract\nUse the VerifiableCredential.Contract.ReadWrite permission to read and write the authority contract.\nDocumentation Link: <https://learn.microsoft.com/en-us/entra/verified-id/admin-api#contracts/>"},{"ClassName":"MSFT_AADVerifiedIdAuthorityContractCustomStatusEndpoint","Parameters":[{"CIMType":"String","Description":"The URL of the custom status endpoint.","Name":"url","Option":"Write"},{"CIMType":"String","Description":"The type of the endpoint.","Name":"type","Option":"Write"}],"Description":"Azure AD Verified Identity Authority Contract\nUse the VerifiableCredential.Contract.ReadWrite permission to read and write the authority contract.\nDocumentation Link: <https://learn.microsoft.com/en-us/entra/verified-id/admin-api#contracts/>"},{"ClassName":"MSFT_AADVerifiedIdAuthorityContractVcType","Parameters":[{"CIMType":"String[]","Description":"The type of the vc.","Name":"type","Option":"Write"}],"Description":"Azure AD Verified Identity Authority Contract\nUse the VerifiableCredential.Contract.ReadWrite permission to read and write the authority contract.\nDocumentation Link: <https://learn.microsoft.com/en-us/entra/verified-id/admin-api#contracts/>"},{"ClassName":"MSFT_AADVerifiedIdAuthorityContractRulesModel","Parameters":[{"CIMType":"UInt32","Description":"This value shows the lifespan of the credential.","Name":"validityInterval","Option":"Write"}],"Description":"Azure AD Verified Identity Authority Contract\nUse the VerifiableCredential.Contract.ReadWrite permission to read and write the authority contract.\nDocumentation Link: <https://learn.microsoft.com/en-us/entra/verified-id/admin-api#contracts/>"},{"ClassName":"MSFT_AADVerifiedIdAuthorityContract","Parameters":[{"CIMType":"String","Description":"Id of the Verified ID Authority Contract.","Name":"id","Option":"Write"},{"CIMType":"String","Description":"URL of the linked domain of the authority.","Name":"linkedDomainUrl","Option":"Key"},{"CIMType":"String","Description":"Id of the Verified ID Authority.","Name":"authorityId","Option":"Write"},{"CIMType":"String","Description":"Name of the Verified ID Authority Contract.","Name":"name","Option":"Key"},{"CIMType":"MSFT_AADVerifiedIdAuthorityContractDisplayModel[]","Description":"Display settings of the Authority Contract.","Name":"displays","Option":"Write"},{"CIMType":"MSFT_AADVerifiedIdAuthorityContractRulesModel","Description":"Rules settings of the Authority Contract.","Name":"rules","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Azure AD Verified Identity Authority Contract\nUse the VerifiableCredential.Contract.ReadWrite permission to read and write the authority contract.\nDocumentation Link: <https://learn.microsoft.com/en-us/entra/verified-id/admin-api#contracts/>"},{"ClassName":"MSFT_ADOOrganizationOwner","Parameters":[{"CIMType":"String","Description":"NAme of the Azure DevOPS Organization","Name":"OrganizationName","Option":"Key"},{"CIMType":"String","Description":"User principal of the organization's owner","Name":"Owner","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Configures the owner of an Azure DevOPS organization."},{"ClassName":"MSFT_ADOPermissionGroup","Parameters":[{"CIMType":"String","Description":"The name of the Azure DevOPS Organization.","Name":"OrganizationName","Option":"Key"},{"CIMType":"String","Description":"Principal name to identify the group.","Name":"PrincipalName","Option":"Key"},{"CIMType":"String","Description":"Display name for the group.","Name":"DisplayName","Option":"Write"},{"CIMType":"String","Description":"Description of the group.","Name":"Description","Option":"Write"},{"CIMType":"String[]","Description":"List of principal names of the members of the group.","Name":"Members","Option":"Write"},{"CIMType":"String","Description":"Unique identifier for the group.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"Unique descriptor for the group.","Name":"Descriptor","Option":"Write"},{"CIMType":"String","Description":"Determines at what level in the hierarchy the group exists. Valid values are Project or Organization.","Name":"Level","Option":"Write","ValueMap":["Organization","Project"],"Values":["Organization","Project"]},{"CIMType":"string","Description":"Present ensures the instance exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Manages Azure DevOPS permission groups."},{"ClassName":"MSFT_ADOPermission","Parameters":[{"CIMType":"String","Description":"Id of the associate security namespace.","Name":"NamespaceId","Option":"Key"},{"CIMType":"String","Description":"Display name of the permission scope.","Name":"DisplayName","Option":"Key"},{"CIMType":"UInt32","Description":"Bit mask for the permission","Name":"Bit","Option":"Write"},{"CIMType":"String","Description":"Token value","Name":"Token","Option":"Key"}],"Description":"Manages permissions in Azure DevOPS."},{"ClassName":"MSFT_ADOPermissionGroupSettings","Parameters":[{"CIMType":"String","Description":"Name of the group.","Name":"GroupName","Option":"Key"},{"CIMType":"String","Description":"Name of the DevOPS Organization.","Name":"OrganizationName","Option":"Write"},{"CIMType":"String","Description":"Descriptor for the group.","Name":"Descriptor","Option":"Write"},{"CIMType":"MSFT_ADOPermission[]","Description":"Allow permissions.","Name":"AllowPermissions","Option":"Write"},{"CIMType":"MSFT_ADOPermission[]","Description":"Deny permissions","Name":"DenyPermissions","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Manages permissions in Azure DevOPS."},{"ClassName":"MSFT_ADOSecurityPolicy","Parameters":[{"CIMType":"String","Description":"The name of the Azure DevOPS Organization.","Name":"OrganizationName","Option":"Key"},{"CIMType":"Boolean","Description":"Controls the external guest access.","Name":"DisallowAadGuestUserAccess","Option":"Write"},{"CIMType":"Boolean","Description":"Controls the Third-party application access via OAuth.","Name":"DisallowOAuthAuthentication","Option":"Write"},{"CIMType":"Boolean","Description":"Controls SSH Authentication.","Name":"DisallowSecureShell","Option":"Write"},{"CIMType":"Boolean","Description":"Controls Log Audit Events.","Name":"LogAuditEvents","Option":"Write"},{"CIMType":"Boolean","Description":"Controls the Allow public projects setting.","Name":"AllowAnonymousAccess","Option":"Write"},{"CIMType":"Boolean","Description":"Controls the Additional protections when using public package registries setting.","Name":"ArtifactsExternalPackageProtectionToken","Option":"Write"},{"CIMType":"Boolean","Description":"Controls the Enable IP Conditional Access policy validation setting.","Name":"EnforceAADConditionalAccess","Option":"Write"},{"CIMType":"Boolean","Description":"Controls the Allow team and project administrators to invite new user setting.","Name":"AllowTeamAdminsInvitationsAccessToken","Option":"Write"},{"CIMType":"Boolean","Description":"Controls the Request access setting.","Name":"AllowRequestAccessToken","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Configures Azure DevOPS Security Policies."},{"ClassName":"MSFT_AzureBillingAccountPolicyEnterpriseAgreementPolicy","Parameters":[{"CIMType":"String","Description":"The policy that controls whether account owner can view charges.","Name":"accountOwnerViewCharges","Option":"Write"},{"CIMType":"String","Description":"The state showing the enrollment auth level.","Name":"authenticationType","Option":"Write"},{"CIMType":"String","Description":"The policy that controls whether department admin can view charges.","Name":"departmentAdminViewCharges","Option":"Write"}],"Description":"Configures policies settings for an Azure billing account."},{"ClassName":"MSFT_AzureBillingAccountPolicy","Parameters":[{"CIMType":"String","Description":"Unique identifier of the associated billing account.","Name":"BillingAccount","Option":"Key"},{"CIMType":"String","Description":"Name of the policy.","Name":"Name","Option":"Write"},{"CIMType":"MSFT_AzureBillingAccountPolicyEnterpriseAgreementPolicy","Description":"The policies for Enterprise Agreement enrollments.","Name":"EnterpriseAgreementPolicies","Option":"Write"},{"CIMType":"String","Description":"The policy that controls whether Azure marketplace purchases are allowed.","Name":"MarketplacePurchases","Option":"Write"},{"CIMType":"String","Description":"The policy that controls whether Azure reservation purchases are allowed.","Name":"ReservationPurchases","Option":"Write"},{"CIMType":"String","Description":"The policy that controls whether users with Azure savings plan purchase are allowed.","Name":"SavingsPlanPurchases","Option":"Write"},{"CIMType":"string","Description":"Present ensures the instance exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Absent","Present"],"Values":["Absent","Present"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Configures policies settings for an Azure billing account."},{"ClassName":"MSFT_AzureBillingAccountsAssociatedTenant","Parameters":[{"CIMType":"String","Description":"The ID that uniquely identifies a tenant.","Name":"AssociatedTenantId","Option":"Key"},{"CIMType":"String","Description":"The name of the associated tenant.","Name":"DisplayName","Option":"Write"},{"CIMType":"String","Description":"Name of the billing account.","Name":"BillingAccount","Option":"Write"},{"CIMType":"String","Description":"The state determines whether users from the associated tenant can be assigned roles for commerce activities like viewing and downloading invoices, managing payments, and making purchases.","Name":"BillingManagementState","Option":"Write"},{"CIMType":"String","Description":"The state determines whether subscriptions and licenses can be provisioned in the associated tenant. It can be set to 'Pending' to initiate a billing request.","Name":"ProvisioningManagementState","Option":"Write"},{"CIMType":"string","Description":"Present ensures the instance exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Absent","Present"],"Values":["Absent","Present"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Configures associated tenants to billing accounts in the Microsoft Admin Center."},{"ClassName":"MSFT_AzureBillingAccountScheduledActionNotification","Parameters":[{"CIMType":"String","Description":"Subject of the email. Length is limited to 70 characters.","Name":"subject","Option":"Write"},{"CIMType":"String","Description":"Optional message to be added in the email. Length is limited to 250 characters.","Name":"message","Option":"Write"},{"CIMType":"String[]","Description":"Array of email addresses.","Name":"to","Option":"Write"}],"Description":"Manages scheduled actions for Azure billing accounts."},{"ClassName":"MSFT_AzureBillingAccountScheduledActionSchedule","Parameters":[{"CIMType":"UInt32","Description":"UTC day on which cost analysis data will be emailed. Must be between 1 and 31. This property is applicable when frequency is Monthly and overrides weeksOfMonth or daysOfWeek.","Name":"dayOfMonth","Option":"Write"},{"CIMType":"String[]","Description":"Day names in english on which cost analysis data will be emailed. This property is applicable when frequency is Weekly or Monthly.","Name":"daysOfWeek","Option":"Write"},{"CIMType":"String","Description":"The start date and time of the scheduled action (UTC).","Name":"startDate","Option":"Write"},{"CIMType":"String","Description":"The end date and time of the scheduled action (UTC).","Name":"endDate","Option":"Write"},{"CIMType":"String[]","Description":"Weeks in which cost analysis data will be emailed. This property is applicable when frequency is Monthly and used in combination with daysOfWeek.","Name":"weeksOfMonth","Option":"Write"},{"CIMType":"String","Description":"Frequency of the schedule.","Name":"frequency","Option":"Write"},{"CIMType":"UInt32","Description":"UTC time at which cost analysis data will be emailed.","Name":"hourOfDay","Option":"Write"}],"Description":"Manages scheduled actions for Azure billing accounts."},{"ClassName":"MSFT_AzureBillingAccountScheduledAction","Parameters":[{"CIMType":"String","Description":"Display name of the scheduled action.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"Associated billing account id.","Name":"BillingAccount","Option":"Write"},{"CIMType":"String","Description":"Status of the scheduled action.","Name":"Status","Option":"Write"},{"CIMType":"String","Description":"Associated view id.","Name":"View","Option":"Write"},{"CIMType":"MSFT_AzureBillingAccountScheduledActionNotification","Description":"Notification properties based on scheduled action kind.","Name":"Notification","Option":"Write"},{"CIMType":"String","Description":"Email address of the point of contact that should get the unsubscribe requests and notification emails.","Name":"NotificationEmail","Option":"Write"},{"CIMType":"MSFT_AzureBillingAccountScheduledActionSchedule","Description":"Schedule of the scheduled action.","Name":"Schedule","Option":"Write"},{"CIMType":"string","Description":"Present ensures the instance exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Absent","Present"],"Values":["Absent","Present"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Manages scheduled actions for Azure billing accounts."},{"ClassName":"MSFT_AzureBillingaccountsRoleAssignment","Parameters":[{"CIMType":"String","Description":"Name of the principal associated to the role assignment.","Name":"PrincipalName","Option":"Key"},{"CIMType":"String","Description":"Name of the role assigned to the principal.","Name":"RoleDefinition","Option":"Key"},{"CIMType":"String","Description":"Principal type. Can be User, Group or ServicePrincipal.","Name":"PrincipalType","Option":"Write"},{"CIMType":"String","Description":"Name of the billing account.","Name":"BillingAccount","Option":"Write"},{"CIMType":"String","Description":"The principal tenant id of the user to whom the role was assigned.","Name":"PrincipalTenantId","Option":"Write"},{"CIMType":"string","Description":"Present ensures the instance exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Absent","Present"],"Values":["Absent","Present"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Manages roles on billing accounts."},{"ClassName":"MSFT_AzureDiagnosticSettingsCategory","Parameters":[{"CIMType":"String","Description":"Name of the category.","Name":"Category","Option":"Key"},{"CIMType":"Boolean","Description":"Is the log category enabled or not.","Name":"enabled","Option":"Write"}],"Description":"Configures Diagnostics settings in Azure.\n\nUsers will need to grant permissions to the associated scope by running the following command in Azure Cloud Shell:\n\n```powershell\nNew-AzRoleAssignment -ObjectId \"<Service Principal Object ID>\" -Scope \"/providers/Microsoft.aadiam\" -RoleDefinitionName 'Contributor' -ObjectType 'ServicePrincipal'\n```"},{"ClassName":"MSFT_AzureDiagnosticSettings","Parameters":[{"CIMType":"String","Description":"Diagnostic setting name.","Name":"Name","Option":"Key"},{"CIMType":"MSFT_AzureDiagnosticSettingsCategory[]","Description":"List of log categories.","Name":"Categories","Option":"Write"},{"CIMType":"String","Description":"Storage account id.","Name":"StorageAccountId","Option":"Write"},{"CIMType":"String","Description":"Service bus id.","Name":"ServiceBusRuleId","Option":"Write"},{"CIMType":"String","Description":"Event hub id.","Name":"EventHubAuthorizationRuleId","Option":"Write"},{"CIMType":"String","Description":"Event hub name.","Name":"EventHubName","Option":"Write"},{"CIMType":"String","Description":"Workspace id.","Name":"WorkspaceId","Option":"Write"},{"CIMType":"string","Description":"Present ensures the instance exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Absent","Present"],"Values":["Absent","Present"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Configures Diagnostics settings in Azure.\n\nUsers will need to grant permissions to the associated scope by running the following command in Azure Cloud Shell:\n\n```powershell\nNew-AzRoleAssignment -ObjectId \"<Service Principal Object ID>\" -Scope \"/providers/Microsoft.aadiam\" -RoleDefinitionName 'Contributor' -ObjectType 'ServicePrincipal'\n```"},{"ClassName":"MSFT_AzureDiagnosticSettingsCustomSecurityAttributeCategory","Parameters":[{"CIMType":"String","Description":"Name of the category.","Name":"Category","Option":"Key"},{"CIMType":"Boolean","Description":"Is the log category enabled or not.","Name":"enabled","Option":"Write"}],"Description":"Configures Diagnostics settings custom security attributes in Azure.\n\nUsers will need to grant permissions to the associated scope by running the following command in Azure Cloud Shell:\n\n```powershell\nNew-AzRoleAssignment -ObjectId \"<Service Principal Object ID>\" -Scope \"/providers/microsoft.AadCustomSecurityAttributesDiagnosticSettings\" -RoleDefinitionName 'Contributor' -ObjectType 'ServicePrincipal'\n```"},{"ClassName":"MSFT_AzureDiagnosticSettingsCustomSecurityAttribute","Parameters":[{"CIMType":"String","Description":"Diagnostic setting name.","Name":"Name","Option":"Key"},{"CIMType":"MSFT_AzureDiagnosticSettingsCustomSecurityAttributeCategory[]","Description":"List of log categories.","Name":"Categories","Option":"Write"},{"CIMType":"String","Description":"Storage account id.","Name":"StorageAccountId","Option":"Write"},{"CIMType":"String","Description":"Service bus id.","Name":"ServiceBusRuleId","Option":"Write"},{"CIMType":"String","Description":"Event hub id.","Name":"EventHubAuthorizationRuleId","Option":"Write"},{"CIMType":"String","Description":"Event hub name.","Name":"EventHubName","Option":"Write"},{"CIMType":"String","Description":"Workspace id.","Name":"WorkspaceId","Option":"Write"},{"CIMType":"string","Description":"Present ensures the instance exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Absent","Present"],"Values":["Absent","Present"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Configures Diagnostics settings custom security attributes in Azure.\n\nUsers will need to grant permissions to the associated scope by running the following command in Azure Cloud Shell:\n\n```powershell\nNew-AzRoleAssignment -ObjectId \"<Service Principal Object ID>\" -Scope \"/providers/microsoft.AadCustomSecurityAttributesDiagnosticSettings\" -RoleDefinitionName 'Contributor' -ObjectType 'ServicePrincipal'\n```"},{"ClassName":"MSFT_AzureRoleAssignmentScheduleRequestScheduleRecurrenceRange","Parameters":[{"CIMType":"String","Description":"The date to stop applying the recurrence pattern. Depending on the recurrence pattern of the event, the last occurrence of the meeting may not be this date.","Name":"endDate","Option":"Required"},{"CIMType":"UInt32","Description":"The number of times to repeat the event. Required and must be positive if type is numbered.","Name":"numberOfOccurrences","Option":"Write"},{"CIMType":"String","Description":"Time zone for the startDate and endDate properties.","Name":"recurrenceTimeZone","Option":"Write"},{"CIMType":"String","Description":"The date to start applying the recurrence pattern. The first occurrence of the meeting may be this date or later, depending on the recurrence pattern of the event. Must be the same value as the start property of the recurring event.","Name":"startDate","Option":"Required"},{"CIMType":"String","Description":"The recurrence range. The possible values are: endDate, noEnd, numbered.","Name":"type","Option":"Required","ValueMap":["endDate","noEnd","numbered"],"Values":["endDate","noEnd","numbered"]}],"Description":"This resource manages Azure PIM (Privileged Identity Management) role assignment schedule requests for Azure RBAC roles. It supports role assignments at all scope levels including subscription, management group, resource group, and resource-specific scopes.\n\n## Key Differences from AADRoleAssignmentScheduleRequest\n\n- **AADRoleAssignmentScheduleRequest**: Manages Entra ID (Azure AD) directory roles via Microsoft Graph API\n- **AzureRoleAssignmentScheduleRequest**: Manages Azure RBAC roles via Azure Resource Manager API\n\n## Key Differences from AzureRoleEligibilityScheduleRequest\n\n- **AzureRoleEligibilityScheduleRequest**: Manages role eligibility (makes principal eligible to activate the role via PIM)\n- **AzureRoleAssignmentScheduleRequest**: Manages active role assignments (principal has the role actively assigned)\n\n## Supported Scope Levels\n\n### Subscription Scope\nFormat: `/subscriptions/{subscriptionId}`\n\nExample: Assign \"Owner\" role on subscription\n\n### Management Group Scope\nFormat: `/providers/Microsoft.Management/managementGroups/{managementGroupId}`\n\nExample: Assign \"Reader\" role on management group\n\n### Resource Group Scope\nFormat: `/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}`\n\nExample: Assign \"Contributor\" role on resource group\n\n### Resource Scope\nFormat: `/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}`\n\nExample: Assign \"Key Vault Administrator\" role on specific key vault\n\n## Azure Government Cloud Support\n\nThis resource automatically detects the tenant region and uses the appropriate Azure Management endpoint:\n\n- **Global Azure**: `https://management.azure.com`\n- **Azure US Government**: `https://management.usgovcloudapi.net`\n- **Azure US Government DoD**: `https://management.usgovcloudapi.net`\n\n## Required Permissions\n\nTo manage Azure PIM role assignment schedules, you need one of the following:\n\n- **Privileged Role Administrator** role in Azure AD\n- **Owner** or **User Access Administrator** role at the appropriate Azure scope\n- Custom role with permissions:\n  - `Microsoft.Authorization/roleAssignmentScheduleRequests/write`\n  - `Microsoft.Authorization/roleAssignmentSchedules/read`\n  - `Microsoft.Authorization/roleDefinitions/read`\n\n## Known Limitations\n\n- The resource creates new schedule requests rather than directly modifying existing schedules\n- Schedule changes may take a few minutes to propagate\n- Some built-in roles may have restrictions on assignments\n- Management group scope requires appropriate permissions at the management group level\n\n## Examples\n\nSee the Examples folder for comprehensive usage scenarios."},{"ClassName":"MSFT_AzureRoleAssignmentScheduleRequestScheduleRecurrencePattern","Parameters":[{"CIMType":"UInt32","Description":"The day of the month on which the event occurs.","Name":"dayOfMonth","Option":"Write"},{"CIMType":"String[]","Description":"A collection of the days of the week on which the event occurs. The possible values are: sunday, monday, tuesday, wednesday, thursday, friday, saturday","Name":"daysOfWeek","Option":"Write","ValueMap":["sunday","monday","tuesday","wednesday","thursday","friday","saturday"],"Values":["sunday","monday","tuesday","wednesday","thursday","friday","saturday"]},{"CIMType":"String","Description":"The first day of the week.","Name":"firstDayOfWeek","Option":"Write","ValueMap":["sunday","monday","tuesday","wednesday","thursday","friday","saturday"],"Values":["sunday","monday","tuesday","wednesday","thursday","friday","saturday"]},{"CIMType":"String","Description":"Specifies on which instance of the allowed days specified in daysOfWeek the event occurs, counted from the first instance in the month. The possible values are: first, second, third, fourth, last.","Name":"index","Option":"Write","ValueMap":["first","second","third","fourth","last"],"Values":["first","second","third","fourth","last"]},{"CIMType":"UInt32","Description":"The number of units between occurrences, where units can be in days, weeks, months, or years, depending on the type.","Name":"interval","Option":"Write"},{"CIMType":"UInt32","Description":"The month in which the event occurs. This is a number from 1 to 12.","Name":"month","Option":"Write"},{"CIMType":"String","Description":"The recurrence pattern type: daily, weekly, absoluteMonthly, relativeMonthly, absoluteYearly, relativeYearly.","Name":"type","Option":"Write","ValueMap":["daily","weekly","absoluteMonthly","relativeMonthly","absoluteYearly","relativeYearly"],"Values":["daily","weekly","absoluteMonthly","relativeMonthly","absoluteYearly","relativeYearly"]}],"Description":"This resource manages Azure PIM (Privileged Identity Management) role assignment schedule requests for Azure RBAC roles. It supports role assignments at all scope levels including subscription, management group, resource group, and resource-specific scopes.\n\n## Key Differences from AADRoleAssignmentScheduleRequest\n\n- **AADRoleAssignmentScheduleRequest**: Manages Entra ID (Azure AD) directory roles via Microsoft Graph API\n- **AzureRoleAssignmentScheduleRequest**: Manages Azure RBAC roles via Azure Resource Manager API\n\n## Key Differences from AzureRoleEligibilityScheduleRequest\n\n- **AzureRoleEligibilityScheduleRequest**: Manages role eligibility (makes principal eligible to activate the role via PIM)\n- **AzureRoleAssignmentScheduleRequest**: Manages active role assignments (principal has the role actively assigned)\n\n## Supported Scope Levels\n\n### Subscription Scope\nFormat: `/subscriptions/{subscriptionId}`\n\nExample: Assign \"Owner\" role on subscription\n\n### Management Group Scope\nFormat: `/providers/Microsoft.Management/managementGroups/{managementGroupId}`\n\nExample: Assign \"Reader\" role on management group\n\n### Resource Group Scope\nFormat: `/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}`\n\nExample: Assign \"Contributor\" role on resource group\n\n### Resource Scope\nFormat: `/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}`\n\nExample: Assign \"Key Vault Administrator\" role on specific key vault\n\n## Azure Government Cloud Support\n\nThis resource automatically detects the tenant region and uses the appropriate Azure Management endpoint:\n\n- **Global Azure**: `https://management.azure.com`\n- **Azure US Government**: `https://management.usgovcloudapi.net`\n- **Azure US Government DoD**: `https://management.usgovcloudapi.net`\n\n## Required Permissions\n\nTo manage Azure PIM role assignment schedules, you need one of the following:\n\n- **Privileged Role Administrator** role in Azure AD\n- **Owner** or **User Access Administrator** role at the appropriate Azure scope\n- Custom role with permissions:\n  - `Microsoft.Authorization/roleAssignmentScheduleRequests/write`\n  - `Microsoft.Authorization/roleAssignmentSchedules/read`\n  - `Microsoft.Authorization/roleDefinitions/read`\n\n## Known Limitations\n\n- The resource creates new schedule requests rather than directly modifying existing schedules\n- Schedule changes may take a few minutes to propagate\n- Some built-in roles may have restrictions on assignments\n- Management group scope requires appropriate permissions at the management group level\n\n## Examples\n\nSee the Examples folder for comprehensive usage scenarios."},{"ClassName":"MSFT_AzureRoleAssignmentScheduleRequestScheduleRecurrence","Parameters":[{"CIMType":"MSFT_AzureRoleAssignmentScheduleRequestScheduleRecurrencePattern","Description":"The frequency of an event.","Name":"pattern","Option":"Write"},{"CIMType":"MSFT_AzureRoleAssignmentScheduleRequestScheduleRecurrenceRange","Description":"The duration of an event.","Name":"range","Option":"Write"}],"Description":"This resource manages Azure PIM (Privileged Identity Management) role assignment schedule requests for Azure RBAC roles. It supports role assignments at all scope levels including subscription, management group, resource group, and resource-specific scopes.\n\n## Key Differences from AADRoleAssignmentScheduleRequest\n\n- **AADRoleAssignmentScheduleRequest**: Manages Entra ID (Azure AD) directory roles via Microsoft Graph API\n- **AzureRoleAssignmentScheduleRequest**: Manages Azure RBAC roles via Azure Resource Manager API\n\n## Key Differences from AzureRoleEligibilityScheduleRequest\n\n- **AzureRoleEligibilityScheduleRequest**: Manages role eligibility (makes principal eligible to activate the role via PIM)\n- **AzureRoleAssignmentScheduleRequest**: Manages active role assignments (principal has the role actively assigned)\n\n## Supported Scope Levels\n\n### Subscription Scope\nFormat: `/subscriptions/{subscriptionId}`\n\nExample: Assign \"Owner\" role on subscription\n\n### Management Group Scope\nFormat: `/providers/Microsoft.Management/managementGroups/{managementGroupId}`\n\nExample: Assign \"Reader\" role on management group\n\n### Resource Group Scope\nFormat: `/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}`\n\nExample: Assign \"Contributor\" role on resource group\n\n### Resource Scope\nFormat: `/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}`\n\nExample: Assign \"Key Vault Administrator\" role on specific key vault\n\n## Azure Government Cloud Support\n\nThis resource automatically detects the tenant region and uses the appropriate Azure Management endpoint:\n\n- **Global Azure**: `https://management.azure.com`\n- **Azure US Government**: `https://management.usgovcloudapi.net`\n- **Azure US Government DoD**: `https://management.usgovcloudapi.net`\n\n## Required Permissions\n\nTo manage Azure PIM role assignment schedules, you need one of the following:\n\n- **Privileged Role Administrator** role in Azure AD\n- **Owner** or **User Access Administrator** role at the appropriate Azure scope\n- Custom role with permissions:\n  - `Microsoft.Authorization/roleAssignmentScheduleRequests/write`\n  - `Microsoft.Authorization/roleAssignmentSchedules/read`\n  - `Microsoft.Authorization/roleDefinitions/read`\n\n## Known Limitations\n\n- The resource creates new schedule requests rather than directly modifying existing schedules\n- Schedule changes may take a few minutes to propagate\n- Some built-in roles may have restrictions on assignments\n- Management group scope requires appropriate permissions at the management group level\n\n## Examples\n\nSee the Examples folder for comprehensive usage scenarios."},{"ClassName":"MSFT_AzureRoleAssignmentScheduleRequestScheduleExpiration","Parameters":[{"CIMType":"String","Description":"The requestor's desired duration of access represented in ISO 8601 format for durations. For example, PT3H refers to three hours. If specified in a request, endDateTime should not be present and the type property should be set to afterDuration.","Name":"duration","Option":"Write"},{"CIMType":"String","Description":"Timestamp of date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.","Name":"endDateTime","Option":"Write"},{"CIMType":"String","Description":"The requestor's desired expiration pattern type. The possible values are: notSpecified, noExpiration, afterDateTime, afterDuration.","Name":"type","Option":"Write","ValueMap":["notSpecified","noExpiration","afterDateTime","afterDuration"],"Values":["notSpecified","noExpiration","afterDateTime","afterDuration"]}],"Description":"This resource manages Azure PIM (Privileged Identity Management) role assignment schedule requests for Azure RBAC roles. It supports role assignments at all scope levels including subscription, management group, resource group, and resource-specific scopes.\n\n## Key Differences from AADRoleAssignmentScheduleRequest\n\n- **AADRoleAssignmentScheduleRequest**: Manages Entra ID (Azure AD) directory roles via Microsoft Graph API\n- **AzureRoleAssignmentScheduleRequest**: Manages Azure RBAC roles via Azure Resource Manager API\n\n## Key Differences from AzureRoleEligibilityScheduleRequest\n\n- **AzureRoleEligibilityScheduleRequest**: Manages role eligibility (makes principal eligible to activate the role via PIM)\n- **AzureRoleAssignmentScheduleRequest**: Manages active role assignments (principal has the role actively assigned)\n\n## Supported Scope Levels\n\n### Subscription Scope\nFormat: `/subscriptions/{subscriptionId}`\n\nExample: Assign \"Owner\" role on subscription\n\n### Management Group Scope\nFormat: `/providers/Microsoft.Management/managementGroups/{managementGroupId}`\n\nExample: Assign \"Reader\" role on management group\n\n### Resource Group Scope\nFormat: `/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}`\n\nExample: Assign \"Contributor\" role on resource group\n\n### Resource Scope\nFormat: `/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}`\n\nExample: Assign \"Key Vault Administrator\" role on specific key vault\n\n## Azure Government Cloud Support\n\nThis resource automatically detects the tenant region and uses the appropriate Azure Management endpoint:\n\n- **Global Azure**: `https://management.azure.com`\n- **Azure US Government**: `https://management.usgovcloudapi.net`\n- **Azure US Government DoD**: `https://management.usgovcloudapi.net`\n\n## Required Permissions\n\nTo manage Azure PIM role assignment schedules, you need one of the following:\n\n- **Privileged Role Administrator** role in Azure AD\n- **Owner** or **User Access Administrator** role at the appropriate Azure scope\n- Custom role with permissions:\n  - `Microsoft.Authorization/roleAssignmentScheduleRequests/write`\n  - `Microsoft.Authorization/roleAssignmentSchedules/read`\n  - `Microsoft.Authorization/roleDefinitions/read`\n\n## Known Limitations\n\n- The resource creates new schedule requests rather than directly modifying existing schedules\n- Schedule changes may take a few minutes to propagate\n- Some built-in roles may have restrictions on assignments\n- Management group scope requires appropriate permissions at the management group level\n\n## Examples\n\nSee the Examples folder for comprehensive usage scenarios."},{"ClassName":"MSFT_AzureRoleAssignmentScheduleRequestSchedule","Parameters":[{"CIMType":"MSFT_AzureRoleAssignmentScheduleRequestScheduleExpiration","Description":"When the eligible or active assignment expires.","Name":"expiration","Option":"Write"},{"CIMType":"MSFT_AzureRoleAssignmentScheduleRequestScheduleRecurrence","Description":"The frequency of the eligible or active assignment. This property is currently unsupported in PIM.","Name":"recurrence","Option":"Write"},{"CIMType":"String","Description":"When the eligible or active assignment becomes active.","Name":"startDateTime","Option":"Write"}],"Description":"This resource manages Azure PIM (Privileged Identity Management) role assignment schedule requests for Azure RBAC roles. It supports role assignments at all scope levels including subscription, management group, resource group, and resource-specific scopes.\n\n## Key Differences from AADRoleAssignmentScheduleRequest\n\n- **AADRoleAssignmentScheduleRequest**: Manages Entra ID (Azure AD) directory roles via Microsoft Graph API\n- **AzureRoleAssignmentScheduleRequest**: Manages Azure RBAC roles via Azure Resource Manager API\n\n## Key Differences from AzureRoleEligibilityScheduleRequest\n\n- **AzureRoleEligibilityScheduleRequest**: Manages role eligibility (makes principal eligible to activate the role via PIM)\n- **AzureRoleAssignmentScheduleRequest**: Manages active role assignments (principal has the role actively assigned)\n\n## Supported Scope Levels\n\n### Subscription Scope\nFormat: `/subscriptions/{subscriptionId}`\n\nExample: Assign \"Owner\" role on subscription\n\n### Management Group Scope\nFormat: `/providers/Microsoft.Management/managementGroups/{managementGroupId}`\n\nExample: Assign \"Reader\" role on management group\n\n### Resource Group Scope\nFormat: `/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}`\n\nExample: Assign \"Contributor\" role on resource group\n\n### Resource Scope\nFormat: `/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}`\n\nExample: Assign \"Key Vault Administrator\" role on specific key vault\n\n## Azure Government Cloud Support\n\nThis resource automatically detects the tenant region and uses the appropriate Azure Management endpoint:\n\n- **Global Azure**: `https://management.azure.com`\n- **Azure US Government**: `https://management.usgovcloudapi.net`\n- **Azure US Government DoD**: `https://management.usgovcloudapi.net`\n\n## Required Permissions\n\nTo manage Azure PIM role assignment schedules, you need one of the following:\n\n- **Privileged Role Administrator** role in Azure AD\n- **Owner** or **User Access Administrator** role at the appropriate Azure scope\n- Custom role with permissions:\n  - `Microsoft.Authorization/roleAssignmentScheduleRequests/write`\n  - `Microsoft.Authorization/roleAssignmentSchedules/read`\n  - `Microsoft.Authorization/roleDefinitions/read`\n\n## Known Limitations\n\n- The resource creates new schedule requests rather than directly modifying existing schedules\n- Schedule changes may take a few minutes to propagate\n- Some built-in roles may have restrictions on assignments\n- Management group scope requires appropriate permissions at the management group level\n\n## Examples\n\nSee the Examples folder for comprehensive usage scenarios."},{"ClassName":"MSFT_AzureRoleAssignmentScheduleRequest","Parameters":[{"CIMType":"String","Description":"User Principal Name of the Azure role assignment request.","Name":"Principal","Option":"Key"},{"CIMType":"String","Description":"Azure role associated with the assignment request (e.g., 'Owner', 'Contributor').","Name":"RoleDefinition","Option":"Key"},{"CIMType":"String","Description":"Represented the type of principal to assign the request to. Accepted values are: Group, User and ServicePrincipal.","Name":"PrincipalType","Option":"Write","ValueMap":["Group","User","ServicePrincipal"],"Values":["Group","User","ServicePrincipal"]},{"CIMType":"String","Description":"Identifier of the scope representing the Azure resource (e.g., /subscriptions/{id}, /providers/Microsoft.Management/managementGroups/{id}). The scope determines the set of Azure resources for which the principal has been granted access.","Name":"DirectoryScopeId","Option":"Key"},{"CIMType":"String","Description":"Identifier for the Role Assignment Schedule Request.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"Identifier of the app-specific scope when the role assignment is scoped to an app. Not commonly used for Azure RBAC roles.","Name":"AppScopeId","Option":"Write"},{"CIMType":"String","Description":"A message provided by users and administrators when they create the role assignment schedule request.","Name":"Justification","Option":"Write"},{"CIMType":"MSFT_AzureRoleAssignmentScheduleRequestSchedule","Description":"The period of the role assignment. The period of assignment is dependent on the settings of the Azure role.","Name":"ScheduleInfo","Option":"Write"},{"CIMType":"string","Description":"Present ensures the instance exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory application to authenticate with.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource manages Azure PIM (Privileged Identity Management) role assignment schedule requests for Azure RBAC roles. It supports role assignments at all scope levels including subscription, management group, resource group, and resource-specific scopes.\n\n## Key Differences from AADRoleAssignmentScheduleRequest\n\n- **AADRoleAssignmentScheduleRequest**: Manages Entra ID (Azure AD) directory roles via Microsoft Graph API\n- **AzureRoleAssignmentScheduleRequest**: Manages Azure RBAC roles via Azure Resource Manager API\n\n## Key Differences from AzureRoleEligibilityScheduleRequest\n\n- **AzureRoleEligibilityScheduleRequest**: Manages role eligibility (makes principal eligible to activate the role via PIM)\n- **AzureRoleAssignmentScheduleRequest**: Manages active role assignments (principal has the role actively assigned)\n\n## Supported Scope Levels\n\n### Subscription Scope\nFormat: `/subscriptions/{subscriptionId}`\n\nExample: Assign \"Owner\" role on subscription\n\n### Management Group Scope\nFormat: `/providers/Microsoft.Management/managementGroups/{managementGroupId}`\n\nExample: Assign \"Reader\" role on management group\n\n### Resource Group Scope\nFormat: `/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}`\n\nExample: Assign \"Contributor\" role on resource group\n\n### Resource Scope\nFormat: `/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}`\n\nExample: Assign \"Key Vault Administrator\" role on specific key vault\n\n## Azure Government Cloud Support\n\nThis resource automatically detects the tenant region and uses the appropriate Azure Management endpoint:\n\n- **Global Azure**: `https://management.azure.com`\n- **Azure US Government**: `https://management.usgovcloudapi.net`\n- **Azure US Government DoD**: `https://management.usgovcloudapi.net`\n\n## Required Permissions\n\nTo manage Azure PIM role assignment schedules, you need one of the following:\n\n- **Privileged Role Administrator** role in Azure AD\n- **Owner** or **User Access Administrator** role at the appropriate Azure scope\n- Custom role with permissions:\n  - `Microsoft.Authorization/roleAssignmentScheduleRequests/write`\n  - `Microsoft.Authorization/roleAssignmentSchedules/read`\n  - `Microsoft.Authorization/roleDefinitions/read`\n\n## Known Limitations\n\n- The resource creates new schedule requests rather than directly modifying existing schedules\n- Schedule changes may take a few minutes to propagate\n- Some built-in roles may have restrictions on assignments\n- Management group scope requires appropriate permissions at the management group level\n\n## Examples\n\nSee the Examples folder for comprehensive usage scenarios."},{"ClassName":"MSFT_AzureRoleEligibilityScheduleRequestScheduleRecurrenceRange","Parameters":[{"CIMType":"String","Description":"The date to stop applying the recurrence pattern. Depending on the recurrence pattern of the event, the last occurrence of the meeting may not be this date.","Name":"endDate","Option":"Required"},{"CIMType":"UInt32","Description":"The number of times to repeat the event. Required and must be positive if type is numbered.","Name":"numberOfOccurrences","Option":"Write"},{"CIMType":"String","Description":"Time zone for the startDate and endDate properties.","Name":"recurrenceTimeZone","Option":"Write"},{"CIMType":"String","Description":"The date to start applying the recurrence pattern. The first occurrence of the meeting may be this date or later, depending on the recurrence pattern of the event. Must be the same value as the start property of the recurring event.","Name":"startDate","Option":"Required"},{"CIMType":"String","Description":"The recurrence range. The possible values are: endDate, noEnd, numbered.","Name":"type","Option":"Required","ValueMap":["endDate","noEnd","numbered"],"Values":["endDate","noEnd","numbered"]}],"Description":"This resource manages Azure PIM (Privileged Identity Management) role eligibility schedule requests for Azure RBAC roles. It supports role assignments and eligibility at all scope levels including subscription, management group, resource group, and resource-specific scopes.\n\n## Key Differences from AADRoleEligibilityScheduleRequest\n\n- **AADRoleEligibilityScheduleRequest**: Manages Entra ID (Azure AD) directory roles via Microsoft Graph API\n- **AzureRoleEligibilityScheduleRequest**: Manages Azure RBAC roles via Azure Resource Manager API\n\n## Supported Scope Levels\n\n### Subscription Scope\nFormat: `/subscriptions/{subscriptionId}`\n\nExample: Assign \"Owner\" eligibility on subscription\n\n### Management Group Scope\nFormat: `/providers/Microsoft.Management/managementGroups/{managementGroupId}`\n\nExample: Assign \"Reader\" eligibility on management group\n\n### Resource Group Scope\nFormat: `/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}`\n\nExample: Assign \"Contributor\" eligibility on resource group\n\n### Resource Scope\nFormat: `/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}`\n\nExample: Assign \"Key Vault Administrator\" eligibility on specific key vault\n\n## Azure Government Cloud Support\n\nThis resource automatically detects the tenant region and uses the appropriate Azure Management endpoint:\n\n- **Global Azure**: `https://management.azure.com`\n- **Azure US Government**: `https://management.usgovcloudapi.net`\n- **Azure US Government DoD**: `https://management.usgovcloudapi.net`\n\n## Required Permissions\n\nTo manage Azure PIM role eligibility schedules, you need one of the following:\n\n- **Privileged Role Administrator** role in Azure AD\n- **Owner** or **User Access Administrator** role at the appropriate Azure scope\n- Custom role with permissions:\n  - `Microsoft.Authorization/roleEligibilityScheduleRequests/write`\n  - `Microsoft.Authorization/roleEligibilitySchedules/read`\n  - `Microsoft.Authorization/roleDefinitions/read`\n\n## Known Limitations\n\n- The resource creates new schedule requests rather than directly modifying existing schedules\n- Schedule changes may take a few minutes to propagate\n- Some built-in roles may have restrictions on eligibility assignments\n- Management group scope requires appropriate permissions at the management group level\n\n## Examples\n\nSee the Examples folder for comprehensive usage scenarios."},{"ClassName":"MSFT_AzureRoleEligibilityScheduleRequestScheduleRecurrencePattern","Parameters":[{"CIMType":"UInt32","Description":"The day of the month on which the event occurs.","Name":"dayOfMonth","Option":"Write"},{"CIMType":"String[]","Description":"A collection of the days of the week on which the event occurs. The possible values are: sunday, monday, tuesday, wednesday, thursday, friday, saturday","Name":"daysOfWeek","Option":"Write","ValueMap":["sunday","monday","tuesday","wednesday","thursday","friday","saturday"],"Values":["sunday","monday","tuesday","wednesday","thursday","friday","saturday"]},{"CIMType":"String","Description":"The first day of the week.","Name":"firstDayOfWeek","Option":"Write","ValueMap":["sunday","monday","tuesday","wednesday","thursday","friday","saturday"],"Values":["sunday","monday","tuesday","wednesday","thursday","friday","saturday"]},{"CIMType":"String","Description":"Specifies on which instance of the allowed days specified in daysOfWeek the event occurs, counted from the first instance in the month. The possible values are: first, second, third, fourth, last.","Name":"index","Option":"Write","ValueMap":["first","second","third","fourth","last"],"Values":["first","second","third","fourth","last"]},{"CIMType":"UInt32","Description":"The number of units between occurrences, where units can be in days, weeks, months, or years, depending on the type.","Name":"interval","Option":"Write"},{"CIMType":"UInt32","Description":"The month in which the event occurs. This is a number from 1 to 12.","Name":"month","Option":"Write"},{"CIMType":"String","Description":"The recurrence pattern type: daily, weekly, absoluteMonthly, relativeMonthly, absoluteYearly, relativeYearly.","Name":"type","Option":"Write","ValueMap":["daily","weekly","absoluteMonthly","relativeMonthly","absoluteYearly","relativeYearly"],"Values":["daily","weekly","absoluteMonthly","relativeMonthly","absoluteYearly","relativeYearly"]}],"Description":"This resource manages Azure PIM (Privileged Identity Management) role eligibility schedule requests for Azure RBAC roles. It supports role assignments and eligibility at all scope levels including subscription, management group, resource group, and resource-specific scopes.\n\n## Key Differences from AADRoleEligibilityScheduleRequest\n\n- **AADRoleEligibilityScheduleRequest**: Manages Entra ID (Azure AD) directory roles via Microsoft Graph API\n- **AzureRoleEligibilityScheduleRequest**: Manages Azure RBAC roles via Azure Resource Manager API\n\n## Supported Scope Levels\n\n### Subscription Scope\nFormat: `/subscriptions/{subscriptionId}`\n\nExample: Assign \"Owner\" eligibility on subscription\n\n### Management Group Scope\nFormat: `/providers/Microsoft.Management/managementGroups/{managementGroupId}`\n\nExample: Assign \"Reader\" eligibility on management group\n\n### Resource Group Scope\nFormat: `/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}`\n\nExample: Assign \"Contributor\" eligibility on resource group\n\n### Resource Scope\nFormat: `/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}`\n\nExample: Assign \"Key Vault Administrator\" eligibility on specific key vault\n\n## Azure Government Cloud Support\n\nThis resource automatically detects the tenant region and uses the appropriate Azure Management endpoint:\n\n- **Global Azure**: `https://management.azure.com`\n- **Azure US Government**: `https://management.usgovcloudapi.net`\n- **Azure US Government DoD**: `https://management.usgovcloudapi.net`\n\n## Required Permissions\n\nTo manage Azure PIM role eligibility schedules, you need one of the following:\n\n- **Privileged Role Administrator** role in Azure AD\n- **Owner** or **User Access Administrator** role at the appropriate Azure scope\n- Custom role with permissions:\n  - `Microsoft.Authorization/roleEligibilityScheduleRequests/write`\n  - `Microsoft.Authorization/roleEligibilitySchedules/read`\n  - `Microsoft.Authorization/roleDefinitions/read`\n\n## Known Limitations\n\n- The resource creates new schedule requests rather than directly modifying existing schedules\n- Schedule changes may take a few minutes to propagate\n- Some built-in roles may have restrictions on eligibility assignments\n- Management group scope requires appropriate permissions at the management group level\n\n## Examples\n\nSee the Examples folder for comprehensive usage scenarios."},{"ClassName":"MSFT_AzureRoleEligibilityScheduleRequestScheduleRecurrence","Parameters":[{"CIMType":"MSFT_AzureRoleEligibilityScheduleRequestScheduleRecurrencePattern","Description":"The frequency of an event.","Name":"pattern","Option":"Write"},{"CIMType":"MSFT_AzureRoleEligibilityScheduleRequestScheduleRecurrenceRange","Description":"The duration of an event.","Name":"range","Option":"Write"}],"Description":"This resource manages Azure PIM (Privileged Identity Management) role eligibility schedule requests for Azure RBAC roles. It supports role assignments and eligibility at all scope levels including subscription, management group, resource group, and resource-specific scopes.\n\n## Key Differences from AADRoleEligibilityScheduleRequest\n\n- **AADRoleEligibilityScheduleRequest**: Manages Entra ID (Azure AD) directory roles via Microsoft Graph API\n- **AzureRoleEligibilityScheduleRequest**: Manages Azure RBAC roles via Azure Resource Manager API\n\n## Supported Scope Levels\n\n### Subscription Scope\nFormat: `/subscriptions/{subscriptionId}`\n\nExample: Assign \"Owner\" eligibility on subscription\n\n### Management Group Scope\nFormat: `/providers/Microsoft.Management/managementGroups/{managementGroupId}`\n\nExample: Assign \"Reader\" eligibility on management group\n\n### Resource Group Scope\nFormat: `/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}`\n\nExample: Assign \"Contributor\" eligibility on resource group\n\n### Resource Scope\nFormat: `/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}`\n\nExample: Assign \"Key Vault Administrator\" eligibility on specific key vault\n\n## Azure Government Cloud Support\n\nThis resource automatically detects the tenant region and uses the appropriate Azure Management endpoint:\n\n- **Global Azure**: `https://management.azure.com`\n- **Azure US Government**: `https://management.usgovcloudapi.net`\n- **Azure US Government DoD**: `https://management.usgovcloudapi.net`\n\n## Required Permissions\n\nTo manage Azure PIM role eligibility schedules, you need one of the following:\n\n- **Privileged Role Administrator** role in Azure AD\n- **Owner** or **User Access Administrator** role at the appropriate Azure scope\n- Custom role with permissions:\n  - `Microsoft.Authorization/roleEligibilityScheduleRequests/write`\n  - `Microsoft.Authorization/roleEligibilitySchedules/read`\n  - `Microsoft.Authorization/roleDefinitions/read`\n\n## Known Limitations\n\n- The resource creates new schedule requests rather than directly modifying existing schedules\n- Schedule changes may take a few minutes to propagate\n- Some built-in roles may have restrictions on eligibility assignments\n- Management group scope requires appropriate permissions at the management group level\n\n## Examples\n\nSee the Examples folder for comprehensive usage scenarios."},{"ClassName":"MSFT_AzureRoleEligibilityScheduleRequestScheduleExpiration","Parameters":[{"CIMType":"String","Description":"The requestor's desired duration of access represented in ISO 8601 format for durations. For example, PT3H refers to three hours. If specified in a request, endDateTime should not be present and the type property should be set to afterDuration.","Name":"duration","Option":"Write"},{"CIMType":"String","Description":"Timestamp of date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.","Name":"endDateTime","Option":"Write"},{"CIMType":"String","Description":"The requestor's desired expiration pattern type. The possible values are: notSpecified, noExpiration, afterDateTime, afterDuration.","Name":"type","Option":"Write","ValueMap":["notSpecified","noExpiration","afterDateTime","afterDuration"],"Values":["notSpecified","noExpiration","afterDateTime","afterDuration"]}],"Description":"This resource manages Azure PIM (Privileged Identity Management) role eligibility schedule requests for Azure RBAC roles. It supports role assignments and eligibility at all scope levels including subscription, management group, resource group, and resource-specific scopes.\n\n## Key Differences from AADRoleEligibilityScheduleRequest\n\n- **AADRoleEligibilityScheduleRequest**: Manages Entra ID (Azure AD) directory roles via Microsoft Graph API\n- **AzureRoleEligibilityScheduleRequest**: Manages Azure RBAC roles via Azure Resource Manager API\n\n## Supported Scope Levels\n\n### Subscription Scope\nFormat: `/subscriptions/{subscriptionId}`\n\nExample: Assign \"Owner\" eligibility on subscription\n\n### Management Group Scope\nFormat: `/providers/Microsoft.Management/managementGroups/{managementGroupId}`\n\nExample: Assign \"Reader\" eligibility on management group\n\n### Resource Group Scope\nFormat: `/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}`\n\nExample: Assign \"Contributor\" eligibility on resource group\n\n### Resource Scope\nFormat: `/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}`\n\nExample: Assign \"Key Vault Administrator\" eligibility on specific key vault\n\n## Azure Government Cloud Support\n\nThis resource automatically detects the tenant region and uses the appropriate Azure Management endpoint:\n\n- **Global Azure**: `https://management.azure.com`\n- **Azure US Government**: `https://management.usgovcloudapi.net`\n- **Azure US Government DoD**: `https://management.usgovcloudapi.net`\n\n## Required Permissions\n\nTo manage Azure PIM role eligibility schedules, you need one of the following:\n\n- **Privileged Role Administrator** role in Azure AD\n- **Owner** or **User Access Administrator** role at the appropriate Azure scope\n- Custom role with permissions:\n  - `Microsoft.Authorization/roleEligibilityScheduleRequests/write`\n  - `Microsoft.Authorization/roleEligibilitySchedules/read`\n  - `Microsoft.Authorization/roleDefinitions/read`\n\n## Known Limitations\n\n- The resource creates new schedule requests rather than directly modifying existing schedules\n- Schedule changes may take a few minutes to propagate\n- Some built-in roles may have restrictions on eligibility assignments\n- Management group scope requires appropriate permissions at the management group level\n\n## Examples\n\nSee the Examples folder for comprehensive usage scenarios."},{"ClassName":"MSFT_AzureRoleEligibilityScheduleRequestSchedule","Parameters":[{"CIMType":"MSFT_AzureRoleEligibilityScheduleRequestScheduleExpiration","Description":"When the eligible or active assignment expires.","Name":"expiration","Option":"Write"},{"CIMType":"MSFT_AzureRoleEligibilityScheduleRequestScheduleRecurrence","Description":"The frequency of the eligible or active assignment. This property is currently unsupported in PIM.","Name":"recurrence","Option":"Write"},{"CIMType":"String","Description":"When the eligible or active assignment becomes active.","Name":"startDateTime","Option":"Write"}],"Description":"This resource manages Azure PIM (Privileged Identity Management) role eligibility schedule requests for Azure RBAC roles. It supports role assignments and eligibility at all scope levels including subscription, management group, resource group, and resource-specific scopes.\n\n## Key Differences from AADRoleEligibilityScheduleRequest\n\n- **AADRoleEligibilityScheduleRequest**: Manages Entra ID (Azure AD) directory roles via Microsoft Graph API\n- **AzureRoleEligibilityScheduleRequest**: Manages Azure RBAC roles via Azure Resource Manager API\n\n## Supported Scope Levels\n\n### Subscription Scope\nFormat: `/subscriptions/{subscriptionId}`\n\nExample: Assign \"Owner\" eligibility on subscription\n\n### Management Group Scope\nFormat: `/providers/Microsoft.Management/managementGroups/{managementGroupId}`\n\nExample: Assign \"Reader\" eligibility on management group\n\n### Resource Group Scope\nFormat: `/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}`\n\nExample: Assign \"Contributor\" eligibility on resource group\n\n### Resource Scope\nFormat: `/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}`\n\nExample: Assign \"Key Vault Administrator\" eligibility on specific key vault\n\n## Azure Government Cloud Support\n\nThis resource automatically detects the tenant region and uses the appropriate Azure Management endpoint:\n\n- **Global Azure**: `https://management.azure.com`\n- **Azure US Government**: `https://management.usgovcloudapi.net`\n- **Azure US Government DoD**: `https://management.usgovcloudapi.net`\n\n## Required Permissions\n\nTo manage Azure PIM role eligibility schedules, you need one of the following:\n\n- **Privileged Role Administrator** role in Azure AD\n- **Owner** or **User Access Administrator** role at the appropriate Azure scope\n- Custom role with permissions:\n  - `Microsoft.Authorization/roleEligibilityScheduleRequests/write`\n  - `Microsoft.Authorization/roleEligibilitySchedules/read`\n  - `Microsoft.Authorization/roleDefinitions/read`\n\n## Known Limitations\n\n- The resource creates new schedule requests rather than directly modifying existing schedules\n- Schedule changes may take a few minutes to propagate\n- Some built-in roles may have restrictions on eligibility assignments\n- Management group scope requires appropriate permissions at the management group level\n\n## Examples\n\nSee the Examples folder for comprehensive usage scenarios."},{"ClassName":"MSFT_AzureRoleEligibilityScheduleRequest","Parameters":[{"CIMType":"String","Description":"User Principal Name of the Azure role eligibility request.","Name":"Principal","Option":"Key"},{"CIMType":"String","Description":"Azure role associated with the eligibility request (e.g., 'Owner', 'Contributor').","Name":"RoleDefinition","Option":"Key"},{"CIMType":"String","Description":"Represented the type of principal to assign the request to. Accepted values are: Group, User and ServicePrincipal.","Name":"PrincipalType","Option":"Write","ValueMap":["Group","User","ServicePrincipal"],"Values":["Group","User","ServicePrincipal"]},{"CIMType":"String","Description":"Identifier of the scope representing the Azure resource (e.g., /subscriptions/{id}, /providers/Microsoft.Management/managementGroups/{id}). The scope determines the set of Azure resources for which the principal is eligible to access.","Name":"DirectoryScopeId","Option":"Key"},{"CIMType":"String","Description":"Identifier for the Role Eligibility Schedule Request.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"Identifier of the app-specific scope when the role eligibility is scoped to an app. Not commonly used for Azure RBAC roles.","Name":"AppScopeId","Option":"Write"},{"CIMType":"String","Description":"A message provided by users and administrators when they create the role eligibility schedule request.","Name":"Justification","Option":"Write"},{"CIMType":"MSFT_AzureRoleEligibilityScheduleRequestSchedule","Description":"The period of the role eligibility. The period of eligibility is dependent on the settings of the Azure role.","Name":"ScheduleInfo","Option":"Write"},{"CIMType":"string","Description":"Present ensures the instance exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory application to authenticate with.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource manages Azure PIM (Privileged Identity Management) role eligibility schedule requests for Azure RBAC roles. It supports role assignments and eligibility at all scope levels including subscription, management group, resource group, and resource-specific scopes.\n\n## Key Differences from AADRoleEligibilityScheduleRequest\n\n- **AADRoleEligibilityScheduleRequest**: Manages Entra ID (Azure AD) directory roles via Microsoft Graph API\n- **AzureRoleEligibilityScheduleRequest**: Manages Azure RBAC roles via Azure Resource Manager API\n\n## Supported Scope Levels\n\n### Subscription Scope\nFormat: `/subscriptions/{subscriptionId}`\n\nExample: Assign \"Owner\" eligibility on subscription\n\n### Management Group Scope\nFormat: `/providers/Microsoft.Management/managementGroups/{managementGroupId}`\n\nExample: Assign \"Reader\" eligibility on management group\n\n### Resource Group Scope\nFormat: `/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}`\n\nExample: Assign \"Contributor\" eligibility on resource group\n\n### Resource Scope\nFormat: `/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}`\n\nExample: Assign \"Key Vault Administrator\" eligibility on specific key vault\n\n## Azure Government Cloud Support\n\nThis resource automatically detects the tenant region and uses the appropriate Azure Management endpoint:\n\n- **Global Azure**: `https://management.azure.com`\n- **Azure US Government**: `https://management.usgovcloudapi.net`\n- **Azure US Government DoD**: `https://management.usgovcloudapi.net`\n\n## Required Permissions\n\nTo manage Azure PIM role eligibility schedules, you need one of the following:\n\n- **Privileged Role Administrator** role in Azure AD\n- **Owner** or **User Access Administrator** role at the appropriate Azure scope\n- Custom role with permissions:\n  - `Microsoft.Authorization/roleEligibilityScheduleRequests/write`\n  - `Microsoft.Authorization/roleEligibilitySchedules/read`\n  - `Microsoft.Authorization/roleDefinitions/read`\n\n## Known Limitations\n\n- The resource creates new schedule requests rather than directly modifying existing schedules\n- Schedule changes may take a few minutes to propagate\n- Some built-in roles may have restrictions on eligibility assignments\n- Management group scope requires appropriate permissions at the management group level\n\n## Examples\n\nSee the Examples folder for comprehensive usage scenarios."},{"ClassName":"MSFT_AzureSubscription","Parameters":[{"CIMType":"String","Description":"The display name of the subscription.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"The unique identifier of the subscription.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"The unique identifier of the invoice section associated with the subscription.","Name":"InvoiceSectionId","Option":"Write"},{"CIMType":"String","Description":"Status of the subscription.","Name":"Status","Option":"Write"},{"CIMType":"string","Description":"Present ensures the instance exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource controls the properties of an Azure subscription.\n\nTo grant permissions, go to the Cost Management + Billing blade in Azure Portal --> Billing Scopes --> Select your desired billing account --> then Access Control (IAM) to grant 'Billing Account Contributor' permissions to manage billing accounts.\nIf the resource is only used for backup, the `Billing Account Reader` role is sufficient."},{"ClassName":"MSFT_AzureVerifiedIdFaceCheck","Parameters":[{"CIMType":"String","Description":"Id of the Azure subscription.","Name":"SubscriptionId","Option":"Key"},{"CIMType":"String","Description":"Name of the associated resource group.","Name":"ResourceGroupName","Option":"Key"},{"CIMType":"String","Description":"Id of the verified ID authority.","Name":"VerifiedIdAuthorityId","Option":"Key"},{"CIMType":"Boolean","Description":"Represents whether or not FaceCheck is enabled for the authrotiy.","Name":"FaceCheckEnabled","Option":"Write"},{"CIMType":"String","Description":"Location of the Verified ID Authority.","Name":"VerifiedIdAuthorityLocation","Option":"Write"},{"CIMType":"string","Description":"Present ensures the instance exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Absent","Present"],"Values":["Absent","Present"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Configures Azure Verified Id FaceCheck."},{"ClassName":"MSFT_CommerceSelfServicePurchase","Parameters":[{"CIMType":"String","Description":"Unique ID of the product.","Name":"ProductId","Option":"Key"},{"CIMType":"String","Description":"Name of the product","Name":"ProductName","Option":"Write"},{"CIMType":"String","Description":"Can be Enabled or Disabled.","Name":"PolicyValue","Option":"Write","ValueMap":["Enabled","Disabled","OnlyTrialsWithoutPaymentMethod"],"Values":["Enabled","Disabled","OnlyTrialsWithoutPaymentMethod"]},{"CIMType":"string","Description":"Present ensures the instance exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Absent","Present"],"Values":["Absent","Present"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Manages the Self Purchase policies in commerce."},{"ClassName":"MSFT_DefenderDeviceAuthenticatedScanDefinitionAuthenticationParams","Parameters":[{"CIMType":"String","Description":"Odata type associated with the request.","Name":"DataType","Option":"Write"},{"CIMType":"String","Description":"Type of scan.","Name":"Type","Option":"Write"},{"CIMType":"String","Description":"An optional property that specifies from which KeyVault the scanner should retrieve credentials. If KeyVault is specified there's no need to specify username, password.","Name":"KeyVaultUrl","Option":"Write"},{"CIMType":"String","Description":"An optional property that specifies KeyVault secret name from which the scanner should retrieve credentials. If KeyVault is specified there's no need to specify username, password.","Name":"KeyVaultSecretName","Option":"Write"},{"CIMType":"String","Description":"Domain name when using WindowsAuthParams.","Name":"Domain","Option":"Write"},{"CIMType":"String","Description":"Username when using WindowsAuthParams or the username when choosing SnmpAuthParams with any type other than CommunityString.","Name":"Username","Option":"Write"},{"CIMType":"Boolean","Description":"Must be set to true when choosing WindowsAuthParams.","Name":"IsGMSAUser","Option":"Write"},{"CIMType":"String","Description":"Community string to use when choosing SnmpAuthParams with CommunityString.","Name":"CommunityString","Option":"Write"},{"CIMType":"String","Description":"Auth protocol to use with SnmpAuthParams and AuthNoPriv or AuthPriv. Possible values are MD5, SHA1.","Name":"AuthProtocol","Option":"Write"},{"CIMType":"String","Description":"Auth password to use with SnmpAuthParams and AuthNoPriv or AuthPriv.","Name":"AuthPassword","Option":"Write"},{"CIMType":"String","Description":"Priv protocol to use with SnmpAuthParams and AuthPriv. Possible values are DES, 3DES, AES.","Name":"PrivProtocol","Option":"Write"},{"CIMType":"String","Description":"Priv password to use with SnmpAuthParams and AuthPriv.","Name":"PrivPassword","Option":"Write"}],"Description":"Configures device authenticated scan definitions in Defender."},{"ClassName":"MSFT_DefenderDeviceAuthenticatedScanDefinitionScanAgent","Parameters":[{"CIMType":"String","Description":"Unique identified for the scan agent.","Name":"id","Option":"Write"},{"CIMType":"String","Description":"Id of the machine associated with the agent.","Name":"machineId","Option":"Write"},{"CIMType":"String","Description":"Name of the machine associated with the agent.","Name":"machineName","Option":"Write"}],"Description":"Configures device authenticated scan definitions in Defender."},{"ClassName":"MSFT_DefenderDeviceAuthenticatedScanDefinition","Parameters":[{"CIMType":"String","Description":"Name of the scan definition.","Name":"Name","Option":"Key"},{"CIMType":"String","Description":"Unique identified for the scan definition.","Name":"Id","Option":"Write"},{"CIMType":"UInt32","Description":"Interval in hours to run the scan.","Name":"IntervalInHours","Option":"Write"},{"CIMType":"String","Description":"Target of the scan definition.","Name":"Target","Option":"Write"},{"CIMType":"Boolean","Description":"Determines if the scan definition is active or not.","Name":"IsActive","Option":"Write"},{"CIMType":"String","Description":"Type of scan.","Name":"ScanType","Option":"Write"},{"CIMType":"MSFT_DefenderDeviceAuthenticatedScanDefinitionScanAgent","Description":"Information about the associated scan agent.","Name":"ScannerAgent","Option":"Write"},{"CIMType":"MSFT_DefenderDeviceAuthenticatedScanDefinitionAuthenticationParams","Description":"Authentication parameters.","Name":"ScanAuthenticationParams","Option":"Write"},{"CIMType":"string","Description":"Present ensures the instance exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Absent","Present"],"Values":["Absent","Present"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Configures device authenticated scan definitions in Defender."},{"ClassName":"MSFT_DefenderRoleDefinitionRolePermissions","Parameters":[{"CIMType":"String[]","Description":"Set of tasks that can be performed on a resource.","Name":"allowedResourceActions","Option":"Write"}],"Description":"## Managed custom roles in Defender"},{"ClassName":"MSFT_DefenderRoleDefinition","Parameters":[{"CIMType":"String","Description":"The display name for the role definition.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"The id of the role definition.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"The description of the role definition.","Name":"Description","Option":"Write"},{"CIMType":"MSFT_DefenderRoleDefinitionRolePermissions[]","Description":"List of permissions included in the role.","Name":"RolePermissions","Option":"Write"},{"CIMType":"string","Description":"Present ensures the instance exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Absent","Present"],"Values":["Absent","Present"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"## Managed custom roles in Defender"},{"ClassName":"MSFT_DefenderSubscriptionPlan","Parameters":[{"CIMType":"String","Description":"The display name of the subscription.","Name":"SubscriptionName","Option":"Key"},{"CIMType":"String","Description":"The Defender plan name, for the list all of possible Defender plans refer to Defender for Cloud documentation","Name":"PlanName","Option":"Key"},{"CIMType":"String","Description":"The unique identifier of the Azure subscription.","Name":"SubscriptionId","Option":"Write"},{"CIMType":"String","Description":"The pricing tier ('Standard' or 'Free')","Name":"PricingTier","Option":"Write"},{"CIMType":"String","Description":"The Defender sub plan name, for the list all of possible sub plans refer to Defender for Cloud documentation","Name":"SubPlanName","Option":"Write"},{"CIMType":"String","Description":"The extensions offered under the plan, for more information refer to Defender for Cloud documentation","Name":"Extensions","Option":"Write"},{"CIMType":"string","Description":"Present ensures the instance exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present"],"Values":["Present"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Enables or disables Microsoft Defender plans for a subscription in Microsoft Defender for Cloud.\nFor more information about the available Defender plans, sub plans and plan extensions refer to Defender for Cloud onboarding API documentation.\n<https://learn.microsoft.com/en-us/rest/api/defenderforcloud/pricings/update?view=rest-defenderforcloud-2024-01-01&tabs=HTTP/>\n\nTo have all security features enabled during plan enablement, make sure to assign the required Azure RBAC permissions to the application running this module.\nFor more information about the required permissions refer to the documentation <https://learn.microsoft.com/en-us/azure/defender-for-cloud/permissions/>."},{"ClassName":"MSFT_EXOAcceptedDomain","Parameters":[{"CIMType":"String","Description":"Specify the Fully Qualified Domain Name for the AcceptedDomain.","Name":"Identity","Option":"Key"},{"CIMType":"String","Description":"Specify if the AcceptedDomain should exist or not.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"String","Description":"The type of AcceptedDomain. Currently the EXOAcceptedDomain DSC Resource accepts a value of 'Authoritative' and 'InternalRelay'.","Name":"DomainType","Option":"Write","ValueMap":["Authoritative","InternalRelay"],"Values":["Authoritative","InternalRelay"]},{"CIMType":"Boolean","Description":"The MatchSubDomains parameter must be false on Authoritative domains. The default value is false.","Name":"MatchSubDomains","Option":"Write"},{"CIMType":"Boolean","Description":"OutboundOnly can only be enabled if the DomainType parameter is set to Authoritative or InternalRelay. The default value is false.","Name":"OutboundOnly","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures the Accepted Email Domains in Exchange Online."},{"ClassName":"MSFT_EXOActiveSyncDeviceAccessRule","Parameters":[{"CIMType":"String","Description":"The Identity parameter specifies the identity of the device access rule.","Name":"Identity","Option":"Key"},{"CIMType":"String","Description":"The AccessLevel parameter specifies whether the devices are allowed, blocked or quarantined.","Name":"AccessLevel","Option":"Write","ValueMap":["Allow","Block","Quarantine"],"Values":["Allow","Block","Quarantine"]},{"CIMType":"String","Description":"The Characteristic parameter specifies the device characteristic or category that's used by the rule.","Name":"Characteristic","Option":"Write","ValueMap":["DeviceModel","DeviceType","DeviceOS","UserAgent","XMSWLHeader"],"Values":["DeviceModel","DeviceType","DeviceOS","UserAgent","XMSWLHeader"]},{"CIMType":"String","Description":"The QueryString parameter specifies the device identifier that's used by the rule. This parameter uses a text value that's used with Characteristic parameter value to define the device.","Name":"QueryString","Option":"Write"},{"CIMType":"String","Description":"Specify if the Active Sync Device Access Rule should exist or not.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures Active Sync Device Access Rules in Exchange Online."},{"ClassName":"MSFT_EXOActiveSyncMailboxPolicy","Parameters":[{"CIMType":"String","Description":"Specifies the name of the policy.","Name":"Name","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies whether push notifications are allowed for Apple mobile devices.","Name":"AllowApplePushNotifications","Option":"Write"},{"CIMType":"String","Description":"Specifies whether the Bluetooth capabilities of the mobile phone are allowed.","Name":"AllowBluetooth","Option":"Write","ValueMap":["Disable","HandsfreeOnly","Allow"],"Values":["Disable","HandsfreeOnly","Allow"]},{"CIMType":"Boolean","Description":"Specifies whether Microsoft Pocket Internet Explorer is allowed on the mobile phone.","Name":"AllowBrowser","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies whether the mobile phone's camera is allowed.","Name":"AllowCamera","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies whether the mobile phone user can configure a personal email account on the device.","Name":"AllowConsumerEmail","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies whether the mobile phone can synchronize with a desktop computer through a cable.","Name":"AllowDesktopSync","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies whether an external device management program is allowed to manage the device.","Name":"AllowExternalDeviceManagement","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies whether HTML email is enabled on the device.","Name":"AllowHTMLEmail","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies whether the mobile phone can be used as a modem to connect a computer to the Internet.","Name":"AllowInternetSharing","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies whether infrared connections are allowed to the mobile phone.","Name":"AllowIrDA","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies whether certain updates are seen by devices that implemented support for this restricting functionality.","Name":"AllowMobileOTAUpdate","Option":"Write"},{"CIMType":"Boolean","Description":"Enables all devices to synchronize with the computer running Exchange, regardless of whether the device can enforce all the specific settings established in the Mobile Device mailbox policy.","Name":"AllowNonProvisionableDevices","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies whether the user can configure a POP3 or IMAP4 email account on the device.","Name":"AllowPOPIMAPEmail","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies whether the mobile phone can initiate a remote desktop connection.","Name":"AllowRemoteDesktop","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies whether a simple device password is allowed.","Name":"AllowSimpleDevicePassword","Option":"Write"},{"CIMType":"String","Description":"Specifies whether the messaging application on the device can negotiate the encryption algorithm in case a recipient's certificate doesn't support the specified encryption algorithm.","Name":"AllowSMIMEEncryptionAlgorithmNegotiation","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies whether S/MIME software certificates are allowed.","Name":"AllowSMIMESoftCerts","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies whether the device can access information stored on a storage card.","Name":"AllowStorageCard","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies whether text messaging is allowed from the device.","Name":"AllowTextMessaging","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies whether unsigned applications can be installed on the device.","Name":"AllowUnsignedApplications","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies whether unsigned installation packages can be run on the device.","Name":"AllowUnsignedInstallationPackages","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies whether wireless Internet access is allowed on the device.","Name":"AllowWiFi","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies whether the device password must be alphanumeric.","Name":"AlphanumericDevicePasswordRequired","Option":"Write"},{"CIMType":"String[]","Description":"Specifies a list of approved applications for the device.","Name":"ApprovedApplicationList","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies whether the user can download attachments.","Name":"AttachmentsEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"Enables device encryption on the mobile phone.","Name":"DeviceEncryptionEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies that the user set a password for the device.","Name":"DevicePasswordEnabled","Option":"Write"},{"CIMType":"String","Description":"Specifies the length of time, in days, that a password can be used.","Name":"DevicePasswordExpiration","Option":"Write"},{"CIMType":"Sint32","Description":"Specifies the number of previously used passwords to store.","Name":"DevicePasswordHistory","Option":"Write"},{"CIMType":"String","Description":"Specifies how often the policy is sent from the server to the mobile phone","Name":"DevicePolicyRefreshInterval","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies whether Information Rights Management (IRM) is enabled for the mailbox policy.","Name":"IrmEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies whether this policy is the default Mobile Device mailbox policy.","Name":"IsDefault","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies whether this policy is the default Mobile Device mailbox policy.","Name":"IsDefaultPolicy","Option":"Write"},{"CIMType":"String","Description":"Specifies the maximum size of attachments that can be downloaded to the mobile phone.","Name":"MaxAttachmentSize","Option":"Write"},{"CIMType":"String","Description":"Specifies the maximum range of calendar days that can be synchronized to the device.","Name":"MaxCalendarAgeFilter","Option":"Write","ValueMap":["All","TwoWeeks","OneMonth","ThreeMonths","SixMonths"],"Values":["All","TwoWeeks","OneMonth","ThreeMonths","SixMonths"]},{"CIMType":"String","Description":"Specifies the number of attempts a user can make to enter the correct password for the device.","Name":"MaxDevicePasswordFailedAttempts","Option":"Write"},{"CIMType":"String","Description":"Specifies the maximum number of days of email items to synchronize to the device.","Name":"MaxEmailAgeFilter","Option":"Write","ValueMap":["All","OneDay","ThreeDays","OneWeek","TwoWeeks","OneMonth","ThreeMonths","SixMonths"],"Values":["All","OneDay","ThreeDays","OneWeek","TwoWeeks","OneMonth","ThreeMonths","SixMonths"]},{"CIMType":"String","Description":"Specifies the maximum size at which email messages are truncated when synchronized to the device.","Name":"MaxEmailBodyTruncationSize","Option":"Write"},{"CIMType":"String","Description":"Specifies the maximum size at which HTML-formatted email messages are synchronized to the device.","Name":"MaxEmailHTMLBodyTruncationSize","Option":"Write"},{"CIMType":"String","Description":"Specifies the length of time that the device can be inactive before the password is required to reactivate the device.","Name":"MaxInactivityTimeDeviceLock","Option":"Write"},{"CIMType":"Sint32","Description":"Specifies the minimum number of complex characters required in a device password.","Name":"MinDevicePasswordComplexCharacters","Option":"Write"},{"CIMType":"Sint32","Description":"Specifies the minimum number of characters in the device password.","Name":"MinDevicePasswordLength","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies whether you can store the recovery password for the device on an Exchange server.","Name":"PasswordRecoveryEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies whether encryption is required on the device.","Name":"RequireDeviceEncryption","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies whether you must encrypt S/MIME messages.","Name":"RequireEncryptedSMIMEMessages","Option":"Write"},{"CIMType":"String","Description":"Specifies what required algorithm must be used when encrypting a message.","Name":"RequireEncryptionSMIMEAlgorithm","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies whether the device must synchronize manually while roaming.","Name":"RequireManualSyncWhenRoaming","Option":"Write"},{"CIMType":"String","Description":"Specifies what required algorithm must be used when signing a message.","Name":"RequireSignedSMIMEAlgorithm","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies whether the device must send signed S/MIME messages.","Name":"RequireSignedSMIMEMessages","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies whether encryption of a storage card is required.","Name":"RequireStorageCardEncryption","Option":"Write"},{"CIMType":"String[]","Description":"Specifies a list of applications that can't be run in ROM.","Name":"UnapprovedInROMApplicationList","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies whether access to Microsoft Windows file shares is enabled.","Name":"UNCAccessEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies whether access to Microsoft Windows SharePoint Services is enabled.","Name":"WSSAccessEnabled","Option":"Write"},{"CIMType":"String","Description":"Specifies the Mobile Device mailbox policy.","Name":"Identity","Option":"Key"},{"CIMType":"String","Description":"Specifies if this AddressList should exist.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource manages Mobile Device mailbox policy for mailboxes accessed by mobile devices."},{"ClassName":"MSFT_EXOAddressBookPolicy","Parameters":[{"CIMType":"String","Description":"The Name parameter specifies the name that you want this address book policy to be called.","Name":"Name","Option":"Key"},{"CIMType":"String[]","Description":"The AddressLists parameter specifies the address lists that will be used by mailbox users who are assigned this address book policy. This parameter accepts multiple values.","Name":"AddressLists","Option":"Write"},{"CIMType":"String","Description":"The GlobalAddressList parameter specifies the identity of the global address list (GAL) that will be used by mailbox users who are assigned this address book policy. You can specify only one GAL for each address book policy.","Name":"GlobalAddressList","Option":"Write"},{"CIMType":"String","Description":"The OfflineAddressBook parameter specifies the identity of the offline address book (OAB) that will be used by mailbox users who are assigned this address book policy. You can specify only one OAB for each address book policy.","Name":"OfflineAddressBook","Option":"Write"},{"CIMType":"String","Description":"The RoomList parameter specifies the name of the room address list.","Name":"RoomList","Option":"Write"},{"CIMType":"String","Description":"Specify if the Address Book Policy should exist or not.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures Address Book Policies in Exchange Online."},{"ClassName":"MSFT_EXOAddressList","Parameters":[{"CIMType":"String","Description":"The Name parameter specifies a unique name for the address list.","Name":"Name","Option":"Key"},{"CIMType":"String[]","Description":"The ConditionalCompany parameter specifies a precanned filter that's based on the value of the recipient's Company property.","Name":"ConditionalCompany","Option":"Write"},{"CIMType":"String[]","Description":"The ConditionalCustomAttribute1 parameter specifies a precanned filter that's based on the value of the recipient's CustomAttribute1 property.","Name":"ConditionalCustomAttribute1","Option":"Write"},{"CIMType":"String[]","Description":"The ConditionalCustomAttribute10 parameter specifies a precanned filter that's based on the value of the recipient's CustomAttribute10 property.","Name":"ConditionalCustomAttribute10","Option":"Write"},{"CIMType":"String[]","Description":"The ConditionalCustomAttribute11 parameter specifies a precanned filter that's based on the value of the recipient's CustomAttribute11 property.","Name":"ConditionalCustomAttribute11","Option":"Write"},{"CIMType":"String[]","Description":"The ConditionalCustomAttribute12 parameter specifies a precanned filter that's based on the value of the recipient's CustomAttribute12 property.","Name":"ConditionalCustomAttribute12","Option":"Write"},{"CIMType":"String[]","Description":"The ConditionalCustomAttribute13 parameter specifies a precanned filter that's based on the value of the recipient's CustomAttribute13 property.","Name":"ConditionalCustomAttribute13","Option":"Write"},{"CIMType":"String[]","Description":"The ConditionalCustomAttribute14 parameter specifies a precanned filter that's based on the value of the recipient's CustomAttribute14 property.","Name":"ConditionalCustomAttribute14","Option":"Write"},{"CIMType":"String[]","Description":"The ConditionalCustomAttribute15 parameter specifies a precanned filter that's based on the value of the recipient's CustomAttribute15 property.","Name":"ConditionalCustomAttribute15","Option":"Write"},{"CIMType":"String[]","Description":"The ConditionalCustomAttribute2 parameter specifies a precanned filter that's based on the value of the recipient's CustomAttribute2 property.","Name":"ConditionalCustomAttribute2","Option":"Write"},{"CIMType":"String[]","Description":"The ConditionalCustomAttribute3 parameter specifies a precanned filter that's based on the value of the recipient's CustomAttribute3 property.","Name":"ConditionalCustomAttribute3","Option":"Write"},{"CIMType":"String[]","Description":"The ConditionalCustomAttribute4 parameter specifies a precanned filter that's based on the value of the recipient's CustomAttribute4 property.","Name":"ConditionalCustomAttribute4","Option":"Write"},{"CIMType":"String[]","Description":"The ConditionalCustomAttribute5 parameter specifies a precanned filter that's based on the value of the recipient's CustomAttribute5 property.","Name":"ConditionalCustomAttribute5","Option":"Write"},{"CIMType":"String[]","Description":"The ConditionalCustomAttribute6 parameter specifies a precanned filter that's based on the value of the recipient's CustomAttribute6 property.","Name":"ConditionalCustomAttribute6","Option":"Write"},{"CIMType":"String[]","Description":"The ConditionalCustomAttribute7 parameter specifies a precanned filter that's based on the value of the recipient's CustomAttribute7 property.","Name":"ConditionalCustomAttribute7","Option":"Write"},{"CIMType":"String[]","Description":"The ConditionalCustomAttribute8 parameter specifies a precanned filter that's based on the value of the recipient's CustomAttribute8 property.","Name":"ConditionalCustomAttribute8","Option":"Write"},{"CIMType":"String[]","Description":"The ConditionalCustomAttribute9 parameter specifies a precanned filter that's based on the value of the recipient's CustomAttribute9 property.","Name":"ConditionalCustomAttribute9","Option":"Write"},{"CIMType":"String[]","Description":"The ConditionalDepartment parameter specifies a precanned filter that's based on the value of the recipient's Department property.","Name":"ConditionalDepartment","Option":"Write"},{"CIMType":"String[]","Description":"The ConditionalStateOrProvince parameter specifies a precanned filter that's based on the value of the recipient's StateOrProvince property.","Name":"ConditionalStateOrProvince","Option":"Write"},{"CIMType":"String","Description":"The DisplayName parameter specifies the display name of the address list.","Name":"DisplayName","Option":"Write"},{"CIMType":"String[]","Description":"The IncludedRecipients parameter specifies a precanned filter that's based on the recipient type.","Name":"IncludedRecipients","Option":"Write","ValueMap":["AllRecipients","MailboxUsers","MailContacts","MailGroups","MailUsers","Resources"],"Values":["AllRecipients","MailboxUsers","MailContacts","MailGroups","MailUsers","Resources"]},{"CIMType":"String","Description":"The RecipientFilter parameter specifies a custom OPath filter that's based on the value of any available recipient property.","Name":"RecipientFilter","Option":"Write"},{"CIMType":"String","Description":"Specifies if this AddressList should exist.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures Exchange Online address lists."},{"ClassName":"MSFT_EXOAntiPhishPolicy","Parameters":[{"CIMType":"String","Description":"The Identity parameter specifies the name of the antiphishing policy that you want to modify.","Name":"Identity","Option":"Key"},{"CIMType":"String","Description":"Specify if this policy should exist or not.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"String","Description":"The AdminDisplayName parameter specifies a description for the policy.","Name":"AdminDisplayName","Option":"Write"},{"CIMType":"UInt32","Description":"The PhishThresholdLevel parameter specifies the tolerance level that's used by machine learning in the handling of phishing messages.","Name":"PhishThresholdLevel","Option":"Write","ValueMap":[1,2,3,4],"Values":[1,2,3,4]},{"CIMType":"String","Description":"The AuthenticationFailAction parameter specifies the action to take when the message fails composite authentication.","Name":"AuthenticationFailAction","Option":"Write","ValueMap":["MoveToJmf","Quarantine"],"Values":["MoveToJmf","Quarantine"]},{"CIMType":"String","Description":"The TargetedUserProtectionAction parameter specifies the action to take on detected user impersonation messages for the users specified by the TargetedUsersToProtect parameter.","Name":"TargetedUserProtectionAction","Option":"Write","ValueMap":["BccMessage","Delete","MoveToJmf","NoAction","Quarantine","Redirect"],"Values":["BccMessage","Delete","MoveToJmf","NoAction","Quarantine","Redirect"]},{"CIMType":"Boolean","Description":"Specify if this policy should be enabled. Default is $true.","Name":"Enabled","Option":"Write"},{"CIMType":"Boolean","Description":"The EnableFirstContactSafetyTips parameter specifies whether to enable or disable the safety tip that's shown when recipients first receive an email from a sender or do not often receive email from a sender.","Name":"EnableFirstContactSafetyTips","Option":"Write"},{"CIMType":"Boolean","Description":"The EnableMailboxIntelligence parameter specifies whether to enable or disable mailbox intelligence (the first contact graph) in domain and user impersonation protection.","Name":"EnableMailboxIntelligence","Option":"Write"},{"CIMType":"Boolean","Description":"The EnableMailboxIntelligenceProtection specifies whether to enable or disable enhanced impersonation results based on each user's individual sender map. This intelligence allows Microsoft 365 to customize user impersonation detection and better handle false positives.","Name":"EnableMailboxIntelligenceProtection","Option":"Write"},{"CIMType":"Boolean","Description":"The EnableOrganizationDomainsProtection parameter specifies whether to enable domain impersonation protection for all registered domains in the Office 365 organization.","Name":"EnableOrganizationDomainsProtection","Option":"Write"},{"CIMType":"Boolean","Description":"The EnableSimilarDomainsSafetyTips parameter specifies whether to enable safety tips that are shown to recipients in messages for domain impersonation detections.","Name":"EnableSimilarDomainsSafetyTips","Option":"Write"},{"CIMType":"Boolean","Description":"The EnableSimilarUsersSafetyTips parameter specifies whether to enable safety tips that are shown to recipients in messages for user impersonation detections.","Name":"EnableSimilarUsersSafetyTips","Option":"Write"},{"CIMType":"Boolean","Description":"The EnableSpoofIntelligence parameter specifies whether to enable or disable antispoofing protection for the policy.","Name":"EnableSpoofIntelligence","Option":"Write"},{"CIMType":"Boolean","Description":"The EnableTargetedDomainsProtection parameter specifies whether to enable domain impersonation protection for a list of specified domains.","Name":"EnableTargetedDomainsProtection","Option":"Write"},{"CIMType":"Boolean","Description":"The EnableTargetedUserProtection parameter specifies whether to enable user impersonation protection for the users specified by the TargetedUsersToProtect parameter","Name":"EnableTargetedUserProtection","Option":"Write"},{"CIMType":"Boolean","Description":"The EnableUnauthenticatedSender parameter enables or disables unauthenticated sender identification in Outlook.","Name":"EnableUnauthenticatedSender","Option":"Write"},{"CIMType":"Boolean","Description":"The EnableUnusualCharactersSafetyTips parameter specifies whether to enable safety tips that are shown to recipients in messages for unusual characters in domain and user impersonation detections.","Name":"EnableUnusualCharactersSafetyTips","Option":"Write"},{"CIMType":"Boolean","Description":"This setting is part of spoof protection. The EnableViaTag parameter enables or disables adding the via tag to the From address in Outlook.","Name":"EnableViaTag","Option":"Write"},{"CIMType":"Boolean","Description":"Make this the default antiphishing policy","Name":"MakeDefault","Option":"Write"},{"CIMType":"String[]","Description":"The ExcludedDomains parameter specifies trusted domains that are excluded from scanning by antiphishing protection. You can specify multiple domains separated by commas.","Name":"ExcludedDomains","Option":"Write"},{"CIMType":"String[]","Description":"The ExcludedSenders parameter specifies a list of trusted sender email addresses that are excluded from scanning by antiphishing protection. You can specify multiple email addresses separated by commas.","Name":"ExcludedSenders","Option":"Write"},{"CIMType":"Boolean","Description":"The HonorDmarcPolicy enables or disables using the sender's DMARC policy to determine what to do to messages that fail DMARC checks.","Name":"HonorDmarcPolicy","Option":"Write"},{"CIMType":"String","Description":"The ImpersonationProtectionState parameter specifies the configuration of impersonation protection.","Name":"ImpersonationProtectionState","Option":"Write"},{"CIMType":"String","Description":"The MailboxIntelligenceProtectionAction parameter specifies what to do with messages that fail mailbox intelligence protection.","Name":"MailboxIntelligenceProtectionAction","Option":"Write"},{"CIMType":"String[]","Description":"The MailboxIntelligenceProtectionActionRecipients parameter specifies the recipients to add to detected messages when the MailboxIntelligenceProtectionAction parameter is set to the value Redirect or BccMessage.","Name":"MailboxIntelligenceProtectionActionRecipients","Option":"Write"},{"CIMType":"String","Description":"The MailboxIntelligenceQuarantineTag specifies the quarantine policy that's used on messages that are quarantined by mailbox intelligence.","Name":"MailboxIntelligenceQuarantineTag","Option":"Write"},{"CIMType":"String","Description":"The SpoofQuarantineTag specifies the quarantine policy that's used on messages that are quarantined by spoof intelligence.","Name":"SpoofQuarantineTag","Option":"Write"},{"CIMType":"String[]","Description":"The TargetedDomainActionRecipients parameter specifies the recipients to add to detected domain impersonation messages when the TargetedDomainProtectionAction parameter is set to the value Redirect or BccMessage. A valid value for this parameter is an email address. You can specify multiple email addresses separated by commas.","Name":"TargetedDomainActionRecipients","Option":"Write"},{"CIMType":"String","Description":"The TargetedDomainProtectionAction parameter specifies the action to take on detected domain impersonation messages.","Name":"TargetedDomainProtectionAction","Option":"Write","ValueMap":["BccMessage","Delete","MoveToJmf","NoAction","Quarantine","Redirect"],"Values":["BccMessage","Delete","MoveToJmf","NoAction","Quarantine","Redirect"]},{"CIMType":"String[]","Description":"The TargetedDomainsToProtect parameter specifies the domains that are included in domain impersonation protection when the EnableTargetedDomainsProtection parameter is set to $true.","Name":"TargetedDomainsToProtect","Option":"Write"},{"CIMType":"String","Description":"The TargetedDomainQuarantineTag specifies the quarantine policy that's used on messages that are quarantined by domain impersonation protection.","Name":"TargetedDomainQuarantineTag","Option":"Write"},{"CIMType":"String[]","Description":"The TargetedUserActionRecipients parameter specifies the replacement or additional recipients for detected user impersonation messages when the TargetedUserProtectionAction parameter is set to the value Redirect or BccMessage. A valid value for this parameter is an email address. You can specify multiple email addresses separated by commas.","Name":"TargetedUserActionRecipients","Option":"Write"},{"CIMType":"String[]","Description":"The TargetedUsersToProtect parameter specifies the users that are included in user impersonation protection when the EnableTargetedUserProtection parameter is set to $true.","Name":"TargetedUsersToProtect","Option":"Write"},{"CIMType":"String","Description":"The TargetedUserQuarantineTag specifies the quarantine policy that's used on messages that are quarantined by user impersonation protection.","Name":"TargetedUserQuarantineTag","Option":"Write"},{"CIMType":"String","Description":"The DmarcQuarantineAction parameter specifies the action to take when a message fails DMARC checks and the sender's DMARC policy is p=quarantine","Name":"DmarcQuarantineAction","Option":"Write","ValueMap":["MoveToJmf","Quarantine"],"Values":["MoveToJmf","Quarantine"]},{"CIMType":"String","Description":"The DmarcRejectAction parameter specifies the action to take when a message fails DMARC checks and the sender's DMARC policy is p=reject.","Name":"DmarcRejectAction","Option":"Write","ValueMap":["Quarantine","Reject"],"Values":["Quarantine","Reject"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures an Anti-Phish Policy in Exchange Online."},{"ClassName":"MSFT_EXOAntiPhishRule","Parameters":[{"CIMType":"String","Description":"The Identity parameter specifies the name of the antiphishing rule that you want to modify.","Name":"Identity","Option":"Key"},{"CIMType":"String","Description":"Specify if this rule should exist or not.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"String","Description":"The AntiPhishPolicy parameter specifies the name of the antiphishing policy that's associated with the antiphishing rule.","Name":"AntiPhishPolicy","Option":"Required"},{"CIMType":"Boolean","Description":"Specify if this rule should be enabled. Default is $true.","Name":"Enabled","Option":"Write"},{"CIMType":"uint32","Description":"The Priority parameter specifies a priority value for the rule that determines the order of rule processing. A lower integer value indicates a higher priority, the value 0 is the highest priority, and rules can't have the same priority value.","Name":"Priority","Option":"Write"},{"CIMType":"String","Description":"The Comments parameter specifies informative comments for the rule, such as what the rule is used for or how it has changed over time. The length of the comment can't exceed 1024 characters.","Name":"Comments","Option":"Write"},{"CIMType":"String[]","Description":"The ExceptIfRecipientDomainIs parameter specifies an exception that looks for recipients with email address in the specified domains. You can specify multiple domains separated by commas.","Name":"ExceptIfRecipientDomainIs","Option":"Write"},{"CIMType":"String[]","Description":"The ExceptIfSentTo parameter specifies an exception that looks for recipients in messages. You can use any value that uniquely identifies the recipient.","Name":"ExceptIfSentTo","Option":"Write"},{"CIMType":"String[]","Description":"The ExceptIfSentToMemberOf parameter specifies an exception that looks for messages sent to members of groups. You can use any value that uniquely identifies the group.","Name":"ExceptIfSentToMemberOf","Option":"Write"},{"CIMType":"String[]","Description":"The RecipientDomainIs parameter specifies a condition that looks for recipients with email address in the specified domains. You can specify multiple domains separated by commas.","Name":"RecipientDomainIs","Option":"Write"},{"CIMType":"String[]","Description":"The SentTo parameter specifies a condition that looks for recipients in messages. You can use any value that uniquely identifies the recipient.","Name":"SentTo","Option":"Write"},{"CIMType":"String[]","Description":"The SentToMemberOf parameter looks for messages sent to members of groups. You can use any value that uniquely identifies the group.","Name":"SentToMemberOf","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures an Anti-Phish Rule in Exchange Online."},{"ClassName":"MSFT_EXOApplicationAccessPolicy","Parameters":[{"CIMType":"String","Description":"The Identity parameter specifies the application access policy that you want to modify.","Name":"Identity","Option":"Key"},{"CIMType":"String","Description":"The AccessRight parameter specifies the permission that you want to assign in the application access policy.","Name":"AccessRight","Option":"Write","ValueMap":["RestrictAccess","DenyAccess"],"Values":["RestrictAccess","DenyAccess"]},{"CIMType":"String[]","Description":"The AppID parameter specifies the GUID of the apps to include in the policy.","Name":"AppID","Option":"Write"},{"CIMType":"String","Description":"The PolicyScopeGroupID parameter specifies the recipient to define in the policy. You can use any value that uniquely identifies the recipient.","Name":"PolicyScopeGroupId","Option":"Write"},{"CIMType":"String","Description":"The Description parameter specifies a description for the policy.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Specify if the Application Access Policy should exist or not.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures Applications Access Policies in Exchange Online."},{"ClassName":"MSFT_EXOArcConfig","Parameters":[{"CIMType":"String","Description":"Only valid value is 'Yes'.","Name":"IsSingleInstance","Option":"Key","ValueMap":["Yes"],"Values":["Yes"]},{"CIMType":"String[]","Description":"The domain names of the ARC sealers.","Name":"ArcTrustedSealers","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource manages the list of trusted Authenticated Received Chain (ARC) sealers that are configured in the organization."},{"ClassName":"MSFT_EXOATPBuiltInProtectionRule","Parameters":[{"CIMType":"String","Description":"The Identity parameter specifies the rule that you want to modify. You can use any value that uniquely identifies the rule. ","Name":"Identity","Option":"Key"},{"CIMType":"String","Description":"The Comments parameter specifies informative comments for the rule, such as what the rule is used for or how it has changed over time. The length of the comment can't exceed 1024 characters.","Name":"Comments","Option":"Write"},{"CIMType":"String[]","Description":"The ExceptIfRecipientDomainIs parameter specifies an exception that looks for recipients with email addresses in the specified domains. You can specify multiple domains separated by commas.","Name":"ExceptIfRecipientDomainIs","Option":"Write"},{"CIMType":"String[]","Description":"The ExceptIfSentTo parameter specifies an exception that looks for recipients in messages. You can use any value that uniquely identifies the recipient.","Name":"ExceptIfSentTo","Option":"Write"},{"CIMType":"String[]","Description":"The ExceptIfSentToMemberOf parameter specifies an exception that looks for messages sent to members of groups. You can use any value that uniquely identifies the group.","Name":"ExceptIfSentToMemberOf","Option":"Write"},{"CIMType":"string","Description":"Present ensures the instance exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Absent","Present"],"Values":["Absent","Present"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Configures Defender ATP built-in protection rules."},{"ClassName":"MSFT_EXOAtpPolicyForO365","Parameters":[{"CIMType":"String","Description":"Specifies the resource is a single instance, the value must be 'Yes'","Name":"IsSingleInstance","Option":"Key","ValueMap":["Yes"],"Values":["Yes"]},{"CIMType":"String","Description":"The Identity parameter specifies the ATP policy that you want to modify. There's only one policy named Default.","Name":"Identity","Option":"Write"},{"CIMType":"Boolean","Description":"The AllowSafeDocsOpen parameter specifies whether users can click through and bypass the Protected View container even when Safe Documents identifies a file as malicious.","Name":"AllowSafeDocsOpen","Option":"Write"},{"CIMType":"Boolean","Description":"The EnableATPForSPOTeamsODB parameter specifies whether ATP is enabled for SharePoint Online, OneDrive for Business and Microsoft Teams. Default is $false.","Name":"EnableATPForSPOTeamsODB","Option":"Write"},{"CIMType":"Boolean","Description":"The EnableSafeDocs parameter specifies whether to enable the Safe Documents feature in the organization. Default is $false.","Name":"EnableSafeDocs","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures the Advanced Threat Protection (ATP) policy in Office 365. Tenant must be subscribed to ATP."},{"ClassName":"MSFT_EXOAtpProtectionPolicyRule","Parameters":[{"CIMType":"String","Description":"Identifier for the rule","Name":"Identity","Option":"Key"},{"CIMType":"Boolean","Description":"Specifies whether the rule is enabled","Name":"Enabled","Option":"Write"},{"CIMType":"String","Description":"Informative comments for the rule, such as what the rule is used for or how it has changed over time. The length of the comment can't exceed 1024 characters.","Name":"Comments","Option":"Write"},{"CIMType":"String[]","Description":"Specifies an exception that looks for recipients with email addresses in the specified domains.","Name":"ExceptIfRecipientDomainIs","Option":"Write"},{"CIMType":"String[]","Description":"Specifies an exception that looks for recipients in messages. You can use any value that uniquely identifies the recipient","Name":"ExceptIfSentTo","Option":"Write"},{"CIMType":"String[]","Description":"Specifies an exception that looks for messages sent to members of groups. You can use any value that uniquely identifies the group.","Name":"ExceptIfSentToMemberOf","Option":"Write"},{"CIMType":"String","Description":"Unique name for the rule. The maximum length is 64 characters.","Name":"Name","Option":"Write"},{"CIMType":"UInt32","Description":"Specifies a priority value for the rule that determines the order of rule processing. A lower integer value indicates a higher priority, the value 0 is the highest priority, and rules can't have the same priority value.","Name":"Priority","Option":"Write"},{"CIMType":"String[]","Description":"Specifies a condition that looks for recipients with email addresses in the specified domains.","Name":"RecipientDomainIs","Option":"Write"},{"CIMType":"String","Description":"Specifies the existing Safe Attachments policy that's associated with the preset security policy.","Name":"SafeAttachmentPolicy","Option":"Write"},{"CIMType":"String","Description":"Specifies the existing Safe Links policy that's associated with the preset security policy.","Name":"SafeLinksPolicy","Option":"Write"},{"CIMType":"String[]","Description":"Specifies a condition that looks for recipients in messages. You can use any value that uniquely identifies the recipient.","Name":"SentTo","Option":"Write"},{"CIMType":"String[]","Description":"Specifies a condition that looks for messages sent to members of distribution groups, dynamic distribution groups, or mail-enabled security groups. ","Name":"SentToMemberOf","Option":"Write"},{"CIMType":"string","Description":"Present ensures the instance exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Manage ATP Protection policy rules that are associated with Microsoft Defender for Office 365 protections in preset security policies."},{"ClassName":"MSFT_EXOAuthenticationPolicy","Parameters":[{"CIMType":"String","Description":"The Identity parameter specifies the authentication policy you want to view or modify.","Name":"Identity","Option":"Key"},{"CIMType":"Boolean","Description":"The AllowBasicAuthActiveSync switch specifies whether to allow Basic authentication with Exchange Active Sync.","Name":"AllowBasicAuthActiveSync","Option":"write"},{"CIMType":"Boolean","Description":"The AllowBasicAuthAutodiscover switch specifies whether to allow Basic authentication with Autodiscover.","Name":"AllowBasicAuthAutodiscover","Option":"write"},{"CIMType":"Boolean","Description":"The AllowBasicAuthImap switch specifies whether to allow Basic authentication with IMAP.","Name":"AllowBasicAuthImap","Option":"write"},{"CIMType":"Boolean","Description":"The AllowBasicAuthMapi switch specifies whether to allow Basic authentication with MAPI.","Name":"AllowBasicAuthMapi","Option":"write"},{"CIMType":"Boolean","Description":"The AllowBasicAuthOfflineAddressBook switch specifies whether to allow Basic authentication with Offline Address Books.","Name":"AllowBasicAuthOfflineAddressBook","Option":"write"},{"CIMType":"Boolean","Description":"The AllowBasicAuthOutlookService switch specifies whether to allow Basic authentication with the Outlook service.","Name":"AllowBasicAuthOutlookService","Option":"write"},{"CIMType":"Boolean","Description":"The AllowBasicAuthPop switch specifies whether to allow Basic authentication with POP.","Name":"AllowBasicAuthPop","Option":"write"},{"CIMType":"Boolean","Description":"The AllowBasicAuthPowerShell switch specifies whether to allow Basic authentication with PowerShell.","Name":"AllowBasicAuthPowershell","Option":"write"},{"CIMType":"Boolean","Description":"The AllowBasicAuthReporting Web Services switch specifies whether to allow Basic authentication with reporting web services.","Name":"AllowBasicAuthReportingWebServices","Option":"write"},{"CIMType":"Boolean","Description":"The AllowBasicAuthRpc switch specifies whether to allow Basic authentication with RPC.","Name":"AllowBasicAuthRpc","Option":"write"},{"CIMType":"Boolean","Description":"The AllowBasicAuthSmtp switch specifies whether to allow Basic authentication with SMTP.","Name":"AllowBasicAuthSmtp","Option":"write"},{"CIMType":"Boolean","Description":"The AllowBasicAuthWebServices switch specifies whether to allow Basic authentication with Exchange Web Services (EWS).","Name":"AllowBasicAuthWebServices","Option":"write"},{"CIMType":"String","Description":"Specify if the authentication Policy should exist or not.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures Authentication Policies in Exchange Online."},{"ClassName":"MSFT_EXOAuthenticationPolicyAssignment","Parameters":[{"CIMType":"String","Description":"Name of the user assigned to the authentication policy.","Name":"UserName","Option":"Key"},{"CIMType":"String","Description":"Name of the authentication policy.","Name":"AuthenticationPolicyName","Option":"write"},{"CIMType":"String","Description":"Specify if the authentication Policy should exist or not.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource assigns Exchange Online Authentication Policies to users."},{"ClassName":"MSFT_EXOAvailabilityAddressSpace","Parameters":[{"CIMType":"String","Description":"The Identity parameter specifies the AvailabilityAddressSpace you want to modify.","Name":"Identity","Option":"Key"},{"CIMType":"String","Description":"The AccessMethod parameter specifies how the free/busy data is accessed. Valid values are:PerUserFB, OrgWideFB, OrgWideFBToken, OrgWideFBBasic,InternalProxy","Name":"AccessMethod","Option":"Write","ValueMap":["PerUserFB","OrgWideFB","OrgWideFBToken","OrgWideFBBasic","InternalProxy"],"Values":["PerUserFB","OrgWideFB","OrgWideFBToken","OrgWideFBBasic","InternalProxy"]},{"CIMType":"String","Description":"The Credentials parameter specifies the username and password that's used to access the Availability services in the target forest.","Name":"Credentials","Option":"Write"},{"CIMType":"String","Description":"The ForestName parameter specifies the SMTP domain name of the target forest for users whose free/busy data must be retrieved. If your users are distributed among multiple SMTP domains in the target forest, run the Add-AvailabilityAddressSpace command once for each SMTP domain.","Name":"ForestName","Option":"Write"},{"CIMType":"String","Description":"The TargetAutodiscoverEpr parameter specifies the Autodiscover URL of Exchange Web Services for the external organization. Exchange uses Autodiscover to automatically detect the correct server endpoint for external requests.","Name":"TargetAutodiscoverEpr","Option":"Write"},{"CIMType":"String","Description":"The TargetServiceEpr parameter specifies the Exchange Online Calendar Service URL of the external Microsoft 365 organization that you're trying to read free/busy information from.","Name":"TargetServiceEpr","Option":"Write"},{"CIMType":"String","Description":"The TargetTenantID parameter specifies the tenant ID of the external Microsoft 365 organization that you're trying to read free/busy information from.","Name":"TargetTenantId","Option":"Write"},{"CIMType":"String","Description":"Specifies if this AvailabilityAddressSpace should exist.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Create a new AvailabilityAddressSpace in your cloud-based organization."},{"ClassName":"MSFT_EXOAvailabilityConfig","Parameters":[{"CIMType":"String","Description":"Specify the OrgWideAccount for the AvailabilityConfig.","Name":"OrgWideAccount","Option":"Key"},{"CIMType":"String","Description":"Specify if the AvailabilityConfig should exist or not.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures the Availability Config in Exchange Online."},{"ClassName":"MSFT_EXOCalendarProcessing","Parameters":[{"CIMType":"String","Description":"The Identity parameter specifies the resource mailbox that you want to view. You can use any value that uniquely identifies the mailbox.","Name":"Identity","Option":"Key"},{"CIMType":"Boolean","Description":"The AddAdditionalResponse parameter specifies whether additional information (the value of the AdditionalResponse parameter) is added to meeting request responses","Name":"AddAdditionalResponse","Option":"Write"},{"CIMType":"String","Description":"The AdditionalResponse parameter specifies the additional information to be included in responses to meeting requests when the value of the AddAdditionalResponse parameter is $true. If the value contains spaces, enclose the value in quotation marks.","Name":"AdditionalResponse","Option":"Write"},{"CIMType":"Boolean","Description":"The AddNewRequestsTentatively parameter specifies whether new meeting requests are added to the calendar as tentative","Name":"AddNewRequestsTentatively","Option":"Write"},{"CIMType":"Boolean","Description":"The AddOrganizerToSubject parameter specifies whether the meeting organizer's name is used as the subject of the meeting request.","Name":"AddOrganizerToSubject","Option":"Write"},{"CIMType":"Boolean","Description":"The AllBookInPolicy parameter specifies whether to automatically approve in-policy requests from all users to the resource mailbox.","Name":"AllBookInPolicy","Option":"Write"},{"CIMType":"Boolean","Description":"The AllowConflicts parameter specifies whether to allow conflicting meeting requests.","Name":"AllowConflicts","Option":"Write"},{"CIMType":"Boolean","Description":"The AllowRecurringMeetings parameter specifies whether to allow recurring meetings in meeting requests.","Name":"AllowRecurringMeetings","Option":"Write"},{"CIMType":"Boolean","Description":"The AllRequestInPolicy parameter specifies whether to allow all users to submit in-policy requests to the resource mailbox.","Name":"AllRequestInPolicy","Option":"Write"},{"CIMType":"Boolean","Description":"The AllRequestOutOfPolicy parameter specifies whether to allow all users to submit out-of-policy requests to the resource mailbox.","Name":"AllRequestOutOfPolicy","Option":"Write"},{"CIMType":"String","Description":"The AutomateProcessing parameter enables or disables calendar processing on the mailbox.","Name":"AutomateProcessing","Option":"Write","ValueMap":["None","AutoUpdate","AutoAccept"],"Values":["None","AutoUpdate","AutoAccept"]},{"CIMType":"String","Description":"The BookingType parameter specifies how reservations work on the resource mailbox.","Name":"BookingType","Option":"Write","ValueMap":["Standard","Reserved"],"Values":["Standard","Reserved"]},{"CIMType":"UInt32","Description":"The BookingWindowInDays parameter specifies the maximum number of days in advance that the resource can be reserved. A valid value is an integer from 0 through 1080. The default value is 180 days. The value 0 means today.","Name":"BookingWindowInDays","Option":"Write"},{"CIMType":"String[]","Description":"The BookInPolicy parameter specifies users or groups who are allowed to submit in-policy meeting requests to the resource mailbox that are automatically approved. You can use any value that uniquely identifies the user or group.","Name":"BookInPolicy","Option":"Write"},{"CIMType":"UInt32","Description":"The ConflictPercentageAllowed parameter specifies the maximum percentage of meeting conflicts for new recurring meeting requests. A valid value is an integer from 0 through 100. The default value is 0.","Name":"ConflictPercentageAllowed","Option":"Write"},{"CIMType":"Boolean","Description":"The DeleteAttachments parameter specifies whether to remove attachments from all incoming messages.","Name":"DeleteAttachments","Option":"Write"},{"CIMType":"Boolean","Description":"The DeleteComments parameter specifies whether to remove or keep any text in the message body of incoming meeting requests.","Name":"DeleteComments","Option":"Write"},{"CIMType":"Boolean","Description":"The DeleteNonCalendarItems parameter specifies whether to remove or keep all non-calendar-related messages that are received by the resource mailbox.","Name":"DeleteNonCalendarItems","Option":"Write"},{"CIMType":"Boolean","Description":"The DeleteSubject parameter specifies whether to remove or keep the subject of incoming meeting requests. ","Name":"DeleteSubject","Option":"Write"},{"CIMType":"Boolean","Description":"N/A","Name":"EnableAutoRelease","Option":"Write"},{"CIMType":"Boolean","Description":"The EnableResponseDetails parameter specifies whether to include the reasons for accepting or declining a meeting in the response email message.","Name":"EnableResponseDetails","Option":"Write"},{"CIMType":"Boolean","Description":"The EnforceCapacity parameter specifies whether to restrict the number of attendees to the capacity of the workspace. For example, if capacity is set to 10, then only 10 people can book the workspace.","Name":"EnforceCapacity","Option":"Write"},{"CIMType":"Boolean","Description":"The EnforceSchedulingHorizon parameter controls the behavior of recurring meetings that extend beyond the date specified by the BookingWindowInDays parameter.","Name":"EnforceSchedulingHorizon","Option":"Write"},{"CIMType":"Boolean","Description":"The ForwardRequestsToDelegates parameter specifies whether to forward incoming meeting requests to the delegates that are configured for the resource mailbox.","Name":"ForwardRequestsToDelegates","Option":"Write"},{"CIMType":"UInt32","Description":"The MaximumConflictInstances parameter specifies the maximum number of conflicts for new recurring meeting requests when the AllowRecurringMeetings parameter is set to $true. A valid value is an integer from 0 through INT32 (2147483647). The default value is 0.","Name":"MaximumConflictInstances","Option":"Write"},{"CIMType":"UInt32","Description":"The MaximumDurationInMinutes parameter specifies the maximum duration in minutes for meeting requests. A valid value is an integer from 0 through INT32 (2147483647). The default value is 1440 (24 hours).","Name":"MaximumDurationInMinutes","Option":"Write"},{"CIMType":"UInt32","Description":"The MinimumDurationInMinutes parameter specifies the minimum duration in minutes for meeting requests in workspace mailboxes. A valid value is an integer from 0 through INT32 (2147483647). The default value is 0, which means there is no minimum duration.","Name":"MinimumDurationInMinutes","Option":"Write"},{"CIMType":"Boolean","Description":"The OrganizerInfo parameter specifies whether the resource mailbox sends organizer information when a meeting request is declined because of conflicts.","Name":"OrganizerInfo","Option":"Write"},{"CIMType":"UInt32","Description":"N/A","Name":"PostReservationMaxClaimTimeInMinutes","Option":"Write"},{"CIMType":"Boolean","Description":"The ProcessExternalMeetingMessages parameter specifies whether to process meeting requests that originate outside the Exchange organization.","Name":"ProcessExternalMeetingMessages","Option":"Write"},{"CIMType":"Boolean","Description":"The RemoveCanceledMeetings parameter specifies whether to automatically delete meetings that were cancelled by the organizer from the resource mailbox's calendar. ","Name":"RemoveCanceledMeetings","Option":"Write"},{"CIMType":"Boolean","Description":"The RemoveForwardedMeetingNotifications parameter specifies whether forwarded meeting notifications are moved to the Deleted Items folder after they're processed by the Calendar Attendant. ","Name":"RemoveForwardedMeetingNotifications","Option":"Write"},{"CIMType":"Boolean","Description":"The RemoveOldMeetingMessages parameter specifies whether the Calendar Attendant removes old and redundant updates and responses.","Name":"RemoveOldMeetingMessages","Option":"Write"},{"CIMType":"Boolean","Description":"The RemovePrivateProperty parameter specifies whether to clear the private flag for incoming meetings that were sent by the organizer in the original requests. ","Name":"RemovePrivateProperty","Option":"Write"},{"CIMType":"String[]","Description":"The RemovePrivateProperty parameter specifies whether to clear the private flag for incoming meetings that were sent by the organizer in the original requests. ","Name":"RequestInPolicy","Option":"Write"},{"CIMType":"String[]","Description":"The RequestOutOfPolicy parameter specifies users who are allowed to submit out-of-policy requests that require approval by a resource mailbox delegate. You can use any value that uniquely identifies the user. ","Name":"RequestOutOfPolicy","Option":"Write"},{"CIMType":"String[]","Description":"The ResourceDelegates parameter specifies users can approve or reject requests that are sent to the resource mailbox. You can use any value that uniquely identifies the user. ","Name":"ResourceDelegates","Option":"Write"},{"CIMType":"Boolean","Description":"The ScheduleOnlyDuringWorkHours parameter specifies whether to allow meetings to be scheduled outside of the working hours that are defined for the resource mailbox.","Name":"ScheduleOnlyDuringWorkHours","Option":"Write"},{"CIMType":"Boolean","Description":"The TentativePendingApproval parameter specifies whether to mark pending requests as tentative on the calendar.","Name":"TentativePendingApproval","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Determines whether or not the instance exist.","Name":"Ensure","Option":"Write","ValueMap":["Present"],"Values":["Present"]},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures the Calendar Processing settings Exchange Online."},{"ClassName":"MSFT_EXOCASMailboxPlan","Parameters":[{"CIMType":"String","Description":"The Identity parameter specifies the CAS Mailbox Plan that you want to modify.","Name":"Identity","Option":"Key"},{"CIMType":"String","Description":"The display name of the CAS Mailbox Plan.","Name":"DisplayName","Option":"Write"},{"CIMType":"String","Description":"CASMailboxPlans cannot be created/removed in O365.  This must be set to 'Present'","Name":"Ensure","Option":"Write","ValueMap":["Present"],"Values":["Present"]},{"CIMType":"Boolean","Description":"The ActiveSyncEnabled parameter enables or disables access to the mailbox by using Exchange Active Sync. Default is $true.","Name":"ActiveSyncEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The ImapEnabled parameter enables or disables access to the mailbox by using IMAP4 clients. The default value is $true for all CAS mailbox plans except ExchangeOnlineDeskless which is $false by default.","Name":"ImapEnabled","Option":"Write"},{"CIMType":"String","Description":"The OwaMailboxPolicy parameter specifies the Outlook on the web (formerly known as Outlook Web App) mailbox policy for the mailbox plan. The default value is OwaMailboxPolicy-Default. You can use the Get-OwaMailboxPolicy cmdlet to view the available Outlook on the web mailbox policies.","Name":"OwaMailboxPolicy","Option":"Write"},{"CIMType":"Boolean","Description":"The PopEnabled parameter enables or disables access to the mailbox by using POP3 clients. Default is $true.","Name":"PopEnabled","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures Client Access services (CAS) mailbox plans in cloud-based organizations."},{"ClassName":"MSFT_EXOCASMailboxSettings","Parameters":[{"CIMType":"String","Description":"The Identity parameter specifies the mailbox that you want to configure.","Name":"Identity","Option":"Key"},{"CIMType":"String[]","Description":"TheActiveSyncAllowedDeviceIDs parameter specifies one or more Exchange ActiveSync device IDs that are allowed to synchronize with the mailbox.","Name":"ActiveSyncAllowedDeviceIDs","Option":"Write"},{"CIMType":"String[]","Description":"The ActiveSyncBlockedDeviceIDs parameter specifies one or more Exchange ActiveSync device IDs that aren't allowed to synchronize with the mailbox.","Name":"ActiveSyncBlockedDeviceIDs","Option":"Write"},{"CIMType":"Boolean","Description":"The ActiveSyncDebugLogging parameter enables or disables Exchange ActiveSync debug logging for the mailbox.","Name":"ActiveSyncDebugLogging","Option":"Write"},{"CIMType":"Boolean","Description":"The ActiveSyncEnabled parameter enables or disables access to the mailbox using Exchange ActiveSync.","Name":"ActiveSyncEnabled","Option":"Write"},{"CIMType":"String","Description":"The ActiveSyncMailboxPolicy parameter specifies the Exchange ActiveSync mailbox policy for the mailbox.","Name":"ActiveSyncMailboxPolicy","Option":"Write"},{"CIMType":"Boolean","Description":"The ActiveSyncSuppressReadReceipt parameter controls the behavior of read receipts for Exchange ActiveSync clients that access the mailbox.","Name":"ActiveSyncSuppressReadReceipt","Option":"Write"},{"CIMType":"Boolean","Description":"The EwsAllowEntourage parameter enables or disables access to the mailbox by Microsoft Entourage clients that use Exchange Web Services.","Name":"EwsAllowEntourage","Option":"Write"},{"CIMType":"String[]","Description":"The EwsAllowList parameter specifies the Exchange Web Services applications (user agent strings) that are allowed to access the mailbox.","Name":"EwsAllowList","Option":"Write"},{"CIMType":"Boolean","Description":"The EwsAllowMacOutlook parameter enables or disables access to the mailbox by Outlook for Mac clients that use Exchange Web Services.","Name":"EwsAllowMacOutlook","Option":"Write"},{"CIMType":"Boolean","Description":"The EwsAllowOutlook parameter enables or disables access to the mailbox by Outlook clients that use Exchange Web Services.","Name":"EwsAllowOutlook","Option":"Write"},{"CIMType":"String","Description":"The EwsApplicationAccessPolicy parameter controls access to the mailbox using Exchange Web Services applications.","Name":"EwsApplicationAccessPolicy","Option":"Write"},{"CIMType":"String[]","Description":"The EwsBlockList parameter specifies the Exchange Web Services applications (user agent strings) that aren't allowed to access the mailbox using Exchange Web Services.","Name":"EwsBlockList","Option":"Write"},{"CIMType":"Boolean","Description":"The EwsEnabled parameter enables or disables access to the mailbox using Exchange Web Services clients.","Name":"EwsEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The ImapEnabled parameter enables or disables access to the mailbox using IMAP4 clients.","Name":"ImapEnabled","Option":"Write"},{"CIMType":"String","Description":"The ImapMessagesRetrievalMimeFormat parameter specifies the message format for IMAP4 clients that access the mailbox.","Name":"ImapMessagesRetrievalMimeFormat","Option":"Write"},{"CIMType":"Boolean","Description":"The ImapForceICalForCalendarRetrievalOption parameter specifies how meeting requests are presented to IMAP4 clients that access the mailbox.","Name":"ImapForceICalForCalendarRetrievalOption","Option":"Write"},{"CIMType":"Boolean","Description":"The ImapSuppressReadReceipt parameter controls the behavior of read receipts for IMAP4 clients that access the mailbox.","Name":"ImapSuppressReadReceipt","Option":"Write"},{"CIMType":"Boolean","Description":"The ImapUseProtocolDefaults parameter specifies whether to use the IMAP4 protocol defaults for the mailbox.","Name":"ImapUseProtocolDefaults","Option":"Write"},{"CIMType":"Boolean","Description":"The MacOutlookEnabled parameter enables or disables access to the mailbox using Outlook for Mac clients that use Microsoft Sync technology.","Name":"MacOutlookEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The MAPIEnabled parameter enables or disables access to the mailbox using MAPI clients (for example, Outlook).","Name":"MAPIEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The OneWinNativeOutlookEnabled parameter enables or disables access to the mailbox using the new Outlook for Windows.","Name":"OneWinNativeOutlookEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The OutlookMobileEnabled parameter enables or disables access to the mailbox using Outlook for iOS and Android.","Name":"OutlookMobileEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The OWAEnabled parameter enables or disables access to the mailbox using Outlook on the web (formerly known as Outlook Web App or OWA).","Name":"OWAEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The OWAforDevicesEnabled parameter enables or disables access to the mailbox using the older Outlook Web App (OWA) app on iOS and Android devices.","Name":"OWAforDevicesEnabled","Option":"Write"},{"CIMType":"String","Description":"The OwaMailboxPolicy parameter specifies the Outlook on the web mailbox policy for the mailbox.","Name":"OwaMailboxPolicy","Option":"Write"},{"CIMType":"Boolean","Description":"The PopEnabled parameter enables or disables access to the mailbox using POP3 clients.","Name":"PopEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The PopForceICalForCalendarRetrievalOption parameter specifies how meeting requests are presented to POP3 clients that access the mailbox.","Name":"PopForceICalForCalendarRetrievalOption","Option":"Write"},{"CIMType":"String","Description":"The PopMessagesRetrievalMimeFormat parameter specifies the message format for POP3 clients that access the mailbox.","Name":"PopMessagesRetrievalMimeFormat","Option":"Write"},{"CIMType":"Boolean","Description":"The PopSuppressReadReceipt parameter controls the behavior of read receipts for POP3 clients that access the mailbox.","Name":"PopSuppressReadReceipt","Option":"Write"},{"CIMType":"Boolean","Description":"The PopUseProtocolDefaults parameter specifies whether to use the POP3 protocol defaults for the mailbox.","Name":"PopUseProtocolDefaults","Option":"Write"},{"CIMType":"Boolean","Description":"The PublicFolderClientAccess parameter enables or disables access to public folders in Microsoft Outlook.","Name":"PublicFolderClientAccess","Option":"Write"},{"CIMType":"Boolean","Description":"The ShowGalAsDefaultView parameter specifies whether the global address list (GAL) is the default recipient picker for messages.","Name":"ShowGalAsDefaultView","Option":"Write"},{"CIMType":"Boolean","Description":"The SmtpClientAuthenticationDisabled parameter specifies whether to disable authenticated SMTP (SMTP AUTH) for the mailbox.","Name":"SmtpClientAuthenticationDisabled","Option":"Write"},{"CIMType":"Boolean","Description":"The UniversalOutlookEnabled parameter enables or disables access to the mailbox using Windows 10 Mail and Calendar.","Name":"UniversalOutlookEnabled","Option":"Write"},{"CIMType":"string","Description":"Present ensures the Mailbox CAS settings are applied.","Name":"Ensure","Option":"Write","ValueMap":["Present"],"Values":["Present"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures CAS mailbox settings."},{"ClassName":"MSFT_EXODataAtRestEncryptionPolicy","Parameters":[{"CIMType":"String","Description":"The Identity parameter specifies the data-at-rest encryption policy that you want to modify.","Name":"Identity","Option":"Key"},{"CIMType":"String","Description":"The Name parameter specifies a unique name for the Microsoft 365 data-at-rest encryption policy.","Name":"Name","Option":"Write"},{"CIMType":"String","Description":"The Description parameter specifies an optional description for the policy.","Name":"Description","Option":"Write"},{"CIMType":"Boolean","Description":"The Enabled parameter specifies whether the policy is enabled or disabled. ","Name":"Enabled","Option":"Write"},{"CIMType":"String[]","Description":"The AzureKeyIDs parameter specifies the URL of the encryption key in the Azure Key Vault that's used for encryption.","Name":"AzureKeyIDs","Option":"Write"},{"CIMType":"string","Description":"Present ensures the instance exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Absent","Present"],"Values":["Absent","Present"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Microsoft 365 data-at-rest encryption policy for multi-workload usage."},{"ClassName":"MSFT_EXODataAtRestEncryptionPolicyAssignment","Parameters":[{"CIMType":"String","Description":"Only valid value is 'Yes'.","Name":"IsSingleInstance","Option":"Key","ValueMap":["Yes"],"Values":["Yes"]},{"CIMType":"String","Description":"The DataEncryptionPolicy parameter specifies the Microsoft 365 data-at-rest encryption policy.","Name":"DataEncryptionPolicy","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Use the Set-M365DataAtRestEncryptionPolicyAssignment cmdlet to assign a Microsoft 365 data-at-rest encryption policy at the tenant level."},{"ClassName":"MSFT_EXODataClassification","Parameters":[{"CIMType":"String","Description":"The Identity parameter specifies the data classification rule that you want to modify.","Name":"Identity","Option":"Key"},{"CIMType":"String","Description":"The Description parameter specifies a description for the data classification rule. You use the Description parameter with the Locale and Name parameters to specify descriptions for the data classification rule in different languages. ","Name":"Description","Option":"Write"},{"CIMType":"String[]","Description":"The Fingerprints parameter specifies the byte-encoded document files that are used as fingerprints by the data classification rule.","Name":"Fingerprints","Option":"Write"},{"CIMType":"Boolean","Description":"IsDefault is used with the Locale parameter to specify the default language for the data classification rule.","Name":"IsDefault","Option":"Write"},{"CIMType":"String","Description":"The Locale parameter adds or removes languages that are associated with the data classification rule.","Name":"Locale","Option":"Write"},{"CIMType":"String","Description":"The Name parameter specifies a name for the data classification rule. The value must be less than 256 characters.","Name":"Name","Option":"Write"},{"CIMType":"String","Description":"Specifies if this policy should exist.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Create a new data classification policy in your cloud-based organization."},{"ClassName":"MSFT_EXODataEncryptionPolicy","Parameters":[{"CIMType":"String","Description":"The Identity parameter specifies the data encryption policy that you want to modify.","Name":"Identity","Option":"Key"},{"CIMType":"String[]","Description":"The AzureKeyIDs parameter specifies the URI values of the Azure Key Vault keys to associate with the data encryption policy.","Name":"AzureKeyIDs","Option":"Write"},{"CIMType":"String","Description":"The Description parameter specifies an optional description for the data encryption policy","Name":"Description","Option":"Write"},{"CIMType":"Boolean","Description":"The Enabled parameter enables or disable the data encryption policy.","Name":"Enabled","Option":"Write"},{"CIMType":"String","Description":"The Name parameter specifies the unique name for the data encryption policy.","Name":"Name","Option":"Write"},{"CIMType":"String","Description":"The PermanentDataPurgeContact parameter specifies a contact for the purge of all data that's encrypted by the data encryption policy.","Name":"PermanentDataPurgeContact","Option":"Write"},{"CIMType":"String","Description":"The PermanentDataPurgeReason parameter specifies a descriptive reason for the purge of all data that's encrypted by the data encryption policy","Name":"PermanentDataPurgeReason","Option":"Write"},{"CIMType":"String","Description":"Specifies if this policy should exist.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Create a new Data Encryption policy in your cloud-based organization."},{"ClassName":"MSFT_EXODistributionGroup","Parameters":[{"CIMType":"String","Description":"The Identity parameter specifies the distribution group or mail-enabled security group that you want to modify. You can use any value that uniquely identifies the group.","Name":"Identity","Option":"Key"},{"CIMType":"String","Description":"The Name parameter specifies a unique name for the address list.","Name":"Name","Option":"Required"},{"CIMType":"String","Description":"Exchange alias (also known as the mail nickname) for the recipient","Name":"Alias","Option":"Write"},{"CIMType":"Boolean","Description":"Is Bcc blocked for the distribution group.","Name":"BccBlocked","Option":"Write"},{"CIMType":"String[]","Description":"The BypassModerationFromSendersOrMembers parameter specifies who is allowed to send messages to this moderated recipient without approval from a moderator. Valid values for this parameter are individual senders and groups in your organization. Specifying a group means all members of the group are allowed to send messages to this recipient without approval from a moderator.","Name":"BypassModerationFromSendersOrMembers","Option":"Write"},{"CIMType":"Boolean","Description":"The ByPassNestedModerationEnabled parameter specifies how to handle message approval when a moderated group contains other moderated groups as members.","Name":"BypassNestedModerationEnabled","Option":"Write"},{"CIMType":"String","Description":"Description of the distribution group.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"The DisplayName parameter specifies the display name of the group. The display name is visible in the Exchange admin center and in address lists. The maximum length is 256 characters.","Name":"DisplayName","Option":"Write"},{"CIMType":"Boolean","Description":"The HiddenGroupMembershipEnabled switch specifies whether to hide the members of the distribution group from members of the group and users who aren't members of the group.","Name":"HiddenGroupMembershipEnabled","Option":"Write"},{"CIMType":"String[]","Description":"The ManagedBy parameter specifies an owner for the group. A group must have at least one owner.","Name":"ManagedBy","Option":"Write"},{"CIMType":"String","Description":"The MemberDepartRestriction parameter specifies the restrictions that you put on requests to leave the group. Valid values are: Open & Closed","Name":"MemberDepartRestriction","Option":"Write","ValueMap":["Open","Closed"],"Values":["Open","Closed"]},{"CIMType":"String","Description":"The MemberJoinRestriction parameter specifies the restrictions that you put on requests to join the group. Valid values are: Open, Closed & ApprovalRequired","Name":"MemberJoinRestriction","Option":"Write","ValueMap":["Open","Closed","ApprovalRequired"],"Values":["Open","Closed","ApprovalRequired"]},{"CIMType":"String[]","Description":"The Members parameter specifies the recipients (mail-enabled objects) that are members of the group. You can use any value that uniquely identifies the recipient.","Name":"Members","Option":"Write"},{"CIMType":"String[]","Description":"The ModeratedBy parameter specifies one or more moderators for this group. A moderator approves messages sent to the group before the messages are delivered. A moderator must be a mailbox, mail user, or mail contact in your organization. You can use any value that uniquely identifies the moderator.","Name":"ModeratedBy","Option":"Write"},{"CIMType":"Boolean","Description":"The ModerationEnabled parameter specifies whether moderation is enabled for this recipient.","Name":"ModerationEnabled","Option":"Write"},{"CIMType":"String","Description":"The Notes parameters specifies additional information about the object.","Name":"Notes","Option":"Write"},{"CIMType":"String","Description":"The OrganizationalUnit parameter specifies the location in Active Directory where the group is created.","Name":"OrganizationalUnit","Option":"Write"},{"CIMType":"String","Description":"The PrimarySmtpAddress parameter specifies the primary return email address that's used for the recipient.","Name":"PrimarySmtpAddress","Option":"Write"},{"CIMType":"Boolean","Description":"The RequireSenderAuthenticationEnabled parameter specifies whether to accept messages only from authenticated (internal) senders.","Name":"RequireSenderAuthenticationEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The RoomList switch specifies that all members of this distribution group are room mailboxes. You don't need to specify a value with this switch.","Name":"RoomList","Option":"Write"},{"CIMType":"String[]","Description":"The AcceptMessagesOnlyFrom parameter specifies who is allowed to send messages to this recipient. Messages from other senders are rejected.","Name":"AcceptMessagesOnlyFrom","Option":"Write"},{"CIMType":"String[]","Description":"The AcceptMessagesOnlyFromDLMembers parameter specifies who is allowed to send messages to this recipient. Messages from other senders are rejected.","Name":"AcceptMessagesOnlyFromDLMembers","Option":"Write"},{"CIMType":"String[]","Description":"The AcceptMessagesOnlyFromSendersOrMembers parameter specifies who is allowed to send messages to this recipient. Messages from other senders are rejected.","Name":"AcceptMessagesOnlyFromSendersOrMembers","Option":"Write"},{"CIMType":"String","Description":"This parameter specifies a value for the CustomAttribute1 property on the recipient. You can use this property to store custom information about the recipient, and to identify the recipient in filters. The maximum length is 1024 characters. If the value contains spaces, enclose the value in quotation marks.","Name":"CustomAttribute1","Option":"Write"},{"CIMType":"String","Description":"This parameter specifies a value for the CustomAttribute2 property on the recipient. You can use this property to store custom information about the recipient, and to identify the recipient in filters. The maximum length is 1024 characters. If the value contains spaces, enclose the value in quotation marks.","Name":"CustomAttribute2","Option":"Write"},{"CIMType":"String","Description":"This parameter specifies a value for the CustomAttribute3 property on the recipient. You can use this property to store custom information about the recipient, and to identify the recipient in filters. The maximum length is 1024 characters. If the value contains spaces, enclose the value in quotation marks.","Name":"CustomAttribute3","Option":"Write"},{"CIMType":"String","Description":"This parameter specifies a value for the CustomAttribute4 property on the recipient. You can use this property to store custom information about the recipient, and to identify the recipient in filters. The maximum length is 1024 characters. If the value contains spaces, enclose the value in quotation marks.","Name":"CustomAttribute4","Option":"Write"},{"CIMType":"String","Description":"This parameter specifies a value for the CustomAttribute5 property on the recipient. You can use this property to store custom information about the recipient, and to identify the recipient in filters. The maximum length is 1024 characters. If the value contains spaces, enclose the value in quotation marks.","Name":"CustomAttribute5","Option":"Write"},{"CIMType":"String","Description":"This parameter specifies a value for the CustomAttribute6 property on the recipient. You can use this property to store custom information about the recipient, and to identify the recipient in filters. The maximum length is 1024 characters. If the value contains spaces, enclose the value in quotation marks.","Name":"CustomAttribute6","Option":"Write"},{"CIMType":"String","Description":"This parameter specifies a value for the CustomAttribute7 property on the recipient. You can use this property to store custom information about the recipient, and to identify the recipient in filters. The maximum length is 1024 characters. If the value contains spaces, enclose the value in quotation marks.","Name":"CustomAttribute7","Option":"Write"},{"CIMType":"String","Description":"This parameter specifies a value for the CustomAttribute8 property on the recipient. You can use this property to store custom information about the recipient, and to identify the recipient in filters. The maximum length is 1024 characters. If the value contains spaces, enclose the value in quotation marks.","Name":"CustomAttribute8","Option":"Write"},{"CIMType":"String","Description":"This parameter specifies a value for the CustomAttribute9 property on the recipient. You can use this property to store custom information about the recipient, and to identify the recipient in filters. The maximum length is 1024 characters. If the value contains spaces, enclose the value in quotation marks.","Name":"CustomAttribute9","Option":"Write"},{"CIMType":"String","Description":"This parameter specifies a value for the CustomAttribute10 property on the recipient. You can use this property to store custom information about the recipient, and to identify the recipient in filters. The maximum length is 1024 characters. If the value contains spaces, enclose the value in quotation marks.","Name":"CustomAttribute10","Option":"Write"},{"CIMType":"String","Description":"This parameter specifies a value for the CustomAttribute11 property on the recipient. You can use this property to store custom information about the recipient, and to identify the recipient in filters. The maximum length is 1024 characters. If the value contains spaces, enclose the value in quotation marks.","Name":"CustomAttribute11","Option":"Write"},{"CIMType":"String","Description":"This parameter specifies a value for the CustomAttribute12 property on the recipient. You can use this property to store custom information about the recipient, and to identify the recipient in filters. The maximum length is 1024 characters. If the value contains spaces, enclose the value in quotation marks.","Name":"CustomAttribute12","Option":"Write"},{"CIMType":"String","Description":"This parameter specifies a value for the CustomAttribute13 property on the recipient. You can use this property to store custom information about the recipient, and to identify the recipient in filters. The maximum length is 1024 characters. If the value contains spaces, enclose the value in quotation marks.","Name":"CustomAttribute13","Option":"Write"},{"CIMType":"String","Description":"This parameter specifies a value for the CustomAttribute14 property on the recipient. You can use this property to store custom information about the recipient, and to identify the recipient in filters. The maximum length is 1024 characters. If the value contains spaces, enclose the value in quotation marks.","Name":"CustomAttribute14","Option":"Write"},{"CIMType":"String","Description":"This parameter specifies a value for the CustomAttribute15 property on the recipient. You can use this property to store custom information about the recipient, and to identify the recipient in filters. The maximum length is 1024 characters. If the value contains spaces, enclose the value in quotation marks.","Name":"CustomAttribute15","Option":"Write"},{"CIMType":"String[]","Description":"The EmailAddresses parameter specifies all email addresses (proxy addresses) for the recipient, including the primary SMTP address. In on-premises Exchange organizations, the primary SMTP address and other proxy addresses are typically set by email address policies. However, you can use this parameter to configure other proxy addresses for the recipient.","Name":"EmailAddresses","Option":"Write"},{"CIMType":"String[]","Description":"The GrantSendOnBehalfTo parameter specifies who can send on behalf of this group. Although messages send on behalf of the group clearly show the sender in the From field (<Sender> on behalf of <Group>), replies to these messages are delivered to the group, not the sender.","Name":"GrantSendOnBehalfTo","Option":"Write"},{"CIMType":"Boolean","Description":"The HiddenFromAddressListsEnabled parameter specifies whether this recipient is visible in address lists.","Name":"HiddenFromAddressListsEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The SendOofMessageToOriginatorEnabled parameter specifies how to handle out of office (OOF) messages for members of the group.","Name":"SendOofMessageToOriginatorEnabled","Option":"Write"},{"CIMType":"String","Description":"The SendModerationNotifications parameter specifies when moderation notification messages are sent. Valid values are: Always, Internal, Never.","Name":"SendModerationNotifications","Option":"Write","ValueMap":["Always","Internal","Never"],"Values":["Always","Internal","Never"]},{"CIMType":"String","Description":"The Type parameter specifies the type of group that you want to create. Valid values are: Distribution, Security","Name":"Type","Option":"Write","ValueMap":["Distribution","Security"],"Values":["Distribution","Security"]},{"CIMType":"String","Description":"Specifies if this AddressList should exist.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures Exchange Online distribution groups."},{"ClassName":"MSFT_EXODkimSigningConfig","Parameters":[{"CIMType":"String","Description":"The Identity parameter specifies the DKIM signing policy that you want to modify.  This should be the FQDN. ","Name":"Identity","Option":"Key"},{"CIMType":"String","Description":"The AdminDisplayName parameter specifies a description for the policy.","Name":"AdminDisplayName","Option":"Write"},{"CIMType":"String","Description":"The BodyCanonicalization parameter specifies the canonicalization algorithm that's used to create and verify the message body part of the DKIM signature. This value effectively controls the sensitivity of DKIM to changes to the message body in transit. Valid values are 'Simple' or 'Relaxed'.  'Relaxed' is the default.","Name":"BodyCanonicalization","Option":"Write","ValueMap":["Simple","Relaxed"],"Values":["Simple","Relaxed"]},{"CIMType":"String","Description":"The HeaderCanonicalization parameter specifies the canonicalization algorithm that's used to create and verify the message header part of the DKIM signature. This value effectively controls the sensitivity of DKIM to changes to the message headers in transit. Valid values are 'Simple' or 'Relaxed'.  'Relaxed' is the default.","Name":"HeaderCanonicalization","Option":"Write","ValueMap":["Simple","Relaxed"],"Values":["Simple","Relaxed"]},{"CIMType":"Uint16","Description":"The KeySize parameter specifies the size in bits of the public key that's used in the DKIM signing policy. Valid values are 1024 and 2048","Name":"KeySize","Option":"Write","ValueMap":[1024,2048],"Values":[1024,2048]},{"CIMType":"Boolean","Description":"The Enabled parameter specifies whether the DKIM Signing Configuration is enabled or disabled. Default is $true.","Name":"Enabled","Option":"Write"},{"CIMType":"String","Description":"Specifies if this Client Access Rule should exist.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures the DomainKeys Identified Mail (DKIM) signing policy settings for domains in a cloud-based organization."},{"ClassName":"MSFT_EXODnssecForVerifiedDomain","Parameters":[{"CIMType":"String","Description":"DomainName parameter specifies the accepted domain in the Exchange Online organization where you want to view information about DNSSEC","Name":"DomainName","Option":"Key"},{"CIMType":"string","Description":"Status of the DnsSec for the given Domain Name.","Name":"DnssecFeatureStatus","Option":"Write","ValueMap":["Enabled","Disabled","Unknown"],"Values":["Enabled","Disabled","Unknown"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"DNSSec status for a verified domain."},{"ClassName":"MSFT_EXOEmailAddressPolicy","Parameters":[{"CIMType":"String","Description":"The Name parameter specifies the unique name of the email address policy. The maximum length is 64 characters.","Name":"Name","Option":"Key"},{"CIMType":"String","Description":"The Priority parameter specifies the order that the email address policies are evaluated. By default, every time that you add a new email address policy, the policy is assigned a priority of N+1, where N is the number of email address policies that you've created.","Name":"Priority","Option":"Write"},{"CIMType":"String[]","Description":"The EnabledEmailAddressTemplates parameter specifies the rules in the email address policy that are used to generate email addresses for recipients.","Name":"EnabledEmailAddressTemplates","Option":"Write"},{"CIMType":"String[]","Description":"The EnabledPrimarySMTPAddressTemplate parameter specifies the specifies the rule in the email address policy that's used to generate the primary SMTP email addresses for recipients. You can use this parameter instead of the EnabledEmailAddressTemplates if the policy only applies the primary email address and no additional proxy addresses.","Name":"EnabledPrimarySMTPAddressTemplate","Option":"Write"},{"CIMType":"String","Description":"The ManagedByFilter parameter specifies the email address policies to apply to Office 365 groups based on the properties of the users who create the Office 365 groups.","Name":"ManagedByFilter","Option":"Write"},{"CIMType":"String","Description":"Specify if the Email Address Policy should exist or not.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures Email address policies in Exchange Online."},{"ClassName":"MSFT_EXOEmailTenantSettings","Parameters":[{"CIMType":"String","Description":"Only valid value is 'Yes'.","Name":"IsSingleInstance","Option":"Key","ValueMap":["Yes"],"Values":["Yes"]},{"CIMType":"String","Description":"Identity which indicates the organization name.","Name":"Identity","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies whether priority account protection is enabled.","Name":"EnablePriorityAccountProtection","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies whether the migration configuration is valid.","Name":"IsValid","Option":"Write"},{"CIMType":"String","Description":"Specifies the state of the object.","Name":"ObjectState","Option":"Write"},{"CIMType":"String","Description":"Specifies the name of the object.","Name":"Name","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource allows users to manage email tenant settings."},{"ClassName":"MSFT_EXOEOPProtectionPolicyRule","Parameters":[{"CIMType":"String","Description":"The Comments parameter specifies informative comments for the rule, such as what the rule is used for or how it has changed over time. The length of the comment can't exceed 1024 characters.","Name":"Comments","Option":"Write"},{"CIMType":"String[]","Description":"The ExceptIfRecipientDomainIs parameter specifies an exception that looks for recipients with email addresses in the specified domains. You can specify multiple domains separated by commas.","Name":"ExceptIfRecipientDomainIs","Option":"Write"},{"CIMType":"String[]","Description":"The ExceptIfSentTo parameter specifies an exception that looks for recipients in messages. You can use any value that uniquely identifies the recipient.","Name":"ExceptIfSentTo","Option":"Write"},{"CIMType":"String[]","Description":"The ExceptIfSentToMemberOf parameter specifies an exception that looks for messages sent to members of groups. You can use any value that uniquely identifies the group.","Name":"ExceptIfSentToMemberOf","Option":"Write"},{"CIMType":"String","Description":"The Identity parameter specifies the rule that you want to view. You can use any value that uniquely identifies the rule. ","Name":"Identity","Option":"Key"},{"CIMType":"String","Description":"This parameter define if the rule is enabled or disabled","Name":"State","Option":"Write"},{"CIMType":"String","Description":"The Name parameter specifies a unique name for the rule. The maximum length is 64 characters.","Name":"Name","Option":"Write"},{"CIMType":"UInt32","Description":"The Priority parameter specifies a priority value for the rule that determines the order of rule processing. A lower integer value indicates a higher priority, the value 0 is the highest priority, and rules can't have the same priority value.","Name":"Priority","Option":"Write"},{"CIMType":"String[]","Description":"The RecipientDomainIs parameter specifies a condition that looks for recipients with email addresses in the specified domains. You can specify multiple domains separated by commas.","Name":"RecipientDomainIs","Option":"Write"},{"CIMType":"String[]","Description":"The SentTo parameter specifies a condition that looks for recipients in messages. You can use any value that uniquely identifies the recipient.","Name":"SentTo","Option":"Write"},{"CIMType":"String[]","Description":"The SentToMemberOf parameter specifies a condition that looks for messages sent to members of distribution groups, dynamic distribution groups, or mail-enabled security groups. You can use any value that uniquely identifies the group.","Name":"SentToMemberOf","Option":"Write"},{"CIMType":"string","Description":"Present ensures the instance exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures EOP Protection Policy Rules."},{"ClassName":"MSFT_EXOExternalInOutlook","Parameters":[{"CIMType":"string","Description":"OrganisationIDParameter, not needed for cmdlet Functionality, use 'ExternalinOutlook' to use the same configuration for multiple Tenants","Name":"Identity","Option":"Key"},{"CIMType":"Boolean","Description":"The Enabled parameter enables or disables external sender identification in supported versions of Outlook. Valid values are:$true: External sender identification in Outlook is enabled. An External icon is added in the area of the subject line of messages from external senders. To exempt specific senders or sender domains from this identification, use the AllowList parameter.$false: External sender identification in Outlook is disabled.","Name":"Enabled","Option":"Write"},{"CIMType":"String[]","Description":"The AllowList parameter specifies exceptions to external sender identification in supported versions of Outlook. Messages received from the specified senders or senders in the specified domains don't receive native External sender identification. The allow list uses the 5322.From address (also known as the From address or P2 sender). Valid values are an individual domain (contoso.com), a domain and all subdomains (*.contoso.com) or email addresses (admin@contoso.com).","Name":"AllowList","Option":"Write"},{"CIMType":"string","Description":"Present ensures the instance exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource manages the configuration of external sender identification that's available in Outlook, Outlook for Mac, Outlook on the web, and Outlook for iOS and Android."},{"ClassName":"MSFT_EXOFocusedInbox","Parameters":[{"CIMType":"String","Description":"The Identity parameter specifies the mailbox that you want to modify.","Name":"Identity","Option":"Key"},{"CIMType":"Boolean","Description":"The FocusedInboxOn parameter enables or disables Focused Inbox for the mailbox.","Name":"FocusedInboxOn","Option":"Write"},{"CIMType":"String","Description":"Specify if the AcceptedDomain should exist or not.","Name":"Ensure","Option":"Write","ValueMap":["Present"],"Values":["Present"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Manage the Focused Inbox configuration for mailboxes in your organization."},{"ClassName":"MSFT_EXOGlobalAddressList","Parameters":[{"CIMType":"String","Description":"The Name parameter specifies the unique name of the GAL. The maximum length is 64 characters.","Name":"Name","Option":"Key"},{"CIMType":"String[]","Description":"The ConditionalCompany parameter specifies a precanned filter that's based on the value of the recipient's Company property.","Name":"ConditionalCompany","Option":"Write"},{"CIMType":"String[]","Description":"The ConditionalCustomAttribute1 parameter specifies a precanned filter that's based on the value of the recipient's CustomAttribute1 property.","Name":"ConditionalCustomAttribute1","Option":"Write"},{"CIMType":"String[]","Description":"The ConditionalCustomAttribute10 parameter specifies a precanned filter that's based on the value of the recipient's CustomAttribute10 property.","Name":"ConditionalCustomAttribute10","Option":"Write"},{"CIMType":"String[]","Description":"The ConditionalCustomAttribute11 parameter specifies a precanned filter that's based on the value of the recipient's CustomAttribute11 property.","Name":"ConditionalCustomAttribute11","Option":"Write"},{"CIMType":"String[]","Description":"The ConditionalCustomAttribute12 parameter specifies a precanned filter that's based on the value of the recipient's CustomAttribute12 property.","Name":"ConditionalCustomAttribute12","Option":"Write"},{"CIMType":"String[]","Description":"The ConditionalCustomAttribute13 parameter specifies a precanned filter that's based on the value of the recipient's CustomAttribute13 property.","Name":"ConditionalCustomAttribute13","Option":"Write"},{"CIMType":"String[]","Description":"The ConditionalCustomAttribute14 parameter specifies a precanned filter that's based on the value of the recipient's CustomAttribute14 property.","Name":"ConditionalCustomAttribute14","Option":"Write"},{"CIMType":"String[]","Description":"The ConditionalCustomAttribute15 parameter specifies a precanned filter that's based on the value of the recipient's CustomAttribute15 property.","Name":"ConditionalCustomAttribute15","Option":"Write"},{"CIMType":"String[]","Description":"The ConditionalCustomAttribute2 parameter specifies a precanned filter that's based on the value of the recipient's CustomAttribute2 property.","Name":"ConditionalCustomAttribute2","Option":"Write"},{"CIMType":"String[]","Description":"The ConditionalCustomAttribute3 parameter specifies a precanned filter that's based on the value of the recipient's CustomAttribute3 property.","Name":"ConditionalCustomAttribute3","Option":"Write"},{"CIMType":"String[]","Description":"The ConditionalCustomAttribute4 parameter specifies a precanned filter that's based on the value of the recipient's CustomAttribute4 property.","Name":"ConditionalCustomAttribute4","Option":"Write"},{"CIMType":"String[]","Description":"The ConditionalCustomAttribute5 parameter specifies a precanned filter that's based on the value of the recipient's CustomAttribute5 property.","Name":"ConditionalCustomAttribute5","Option":"Write"},{"CIMType":"String[]","Description":"The ConditionalCustomAttribute6 parameter specifies a precanned filter that's based on the value of the recipient's CustomAttribute6 property.","Name":"ConditionalCustomAttribute6","Option":"Write"},{"CIMType":"String[]","Description":"The ConditionalCustomAttribute7 parameter specifies a precanned filter that's based on the value of the recipient's CustomAttribute7 property.","Name":"ConditionalCustomAttribute7","Option":"Write"},{"CIMType":"String[]","Description":"The ConditionalCustomAttribute8 parameter specifies a precanned filter that's based on the value of the recipient's CustomAttribute8 property.","Name":"ConditionalCustomAttribute8","Option":"Write"},{"CIMType":"String[]","Description":"The ConditionalCustomAttribute9 parameter specifies a precanned filter that's based on the value of the recipient's CustomAttribute9 property.","Name":"ConditionalCustomAttribute9","Option":"Write"},{"CIMType":"String[]","Description":"The ConditionalDepartment parameter specifies a precanned filter that's based on the value of the recipient's Department property.","Name":"ConditionalDepartment","Option":"Write"},{"CIMType":"String[]","Description":"The ConditionalStateOrProvince parameter specifies a precanned filter that's based on the value of the recipient's StateOrProvince property.","Name":"ConditionalStateOrProvince","Option":"Write"},{"CIMType":"String[]","Description":"The IncludedRecipients parameter specifies a precanned filter that's based on the recipient type.","Name":"IncludedRecipients","Option":"Write","ValueMap":["","AllRecipients","MailboxUsers","MailContacts","MailGroups","MailUsers","Resources"],"Values":["","AllRecipients","MailboxUsers","MailContacts","MailGroups","MailUsers","Resources"]},{"CIMType":"String","Description":"The RecipientFilter parameter specifies an OPath filter that's based on the value of any available recipient property.","Name":"RecipientFilter","Option":"Write"},{"CIMType":"String","Description":"Specify if the Global Address List should exist or not.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures Global Address Lists in Exchange Online."},{"ClassName":"MSFT_EXOGroupSettings","Parameters":[{"CIMType":"string","Description":"The DisplayName parameter specifies the name of the Microsoft 365 Group. The display name is visible in the Exchange admin center, address lists, and Outlook. The maximum length is 64 characters.","Name":"DisplayName","Option":"Key"},{"CIMType":"string","Description":"The unique Id of the group","Name":"Id","Option":"Write"},{"CIMType":"string[]","Description":"The AcceptMessagesOnlyFromSendersOrMembers parameter specifies who is allowed to send messages to this recipient. Messages from other senders are rejected.","Name":"AcceptMessagesOnlyFromSendersOrMembers","Option":"Write"},{"CIMType":"string","Description":"Private","Name":"AccessType","Option":"Write","ValueMap":["Public","Private"],"Values":["Public","Private"]},{"CIMType":"boolean","Description":"The AlwaysSubscribeMembersToCalendarEvents switch controls the default subscription settings of new members that are added to the Microsoft 365 Group. Changing this setting doesn't affect existing group members.","Name":"AlwaysSubscribeMembersToCalendarEvents","Option":"Write"},{"CIMType":"string","Description":"The AlwaysSubscribeMembersToCalendarEvents switch controls the default subscription settings of new members that are added to the Microsoft 365 Group. Changing this setting doesn't affect existing group members.","Name":"AuditLogAgeLimit","Option":"Write"},{"CIMType":"boolean","Description":"The AutoSubscribeNewMembers switch specifies whether to automatically subscribe new members that are added to the Microsoft 365 Group to conversations and calendar events. Only users that are added to the group after you enable this setting are automatically subscribed to the group.","Name":"AutoSubscribeNewMembers","Option":"Write"},{"CIMType":"boolean","Description":"The CalendarMemberReadOnly parameter specifies whether to set read-only Calendar permissions to the Microsoft 365 Group for members of the group.","Name":"CalendarMemberReadOnly","Option":"Write"},{"CIMType":"string","Description":"The CalendarMemberReadOnly switch specifies whether to set read-only Calendar permissions to the Microsoft 365 Group for members of the group.","Name":"Classification","Option":"Write"},{"CIMType":"boolean","Description":"The CalendarMemberReadOnly switch specifies whether to set read-only Calendar permissions to the Microsoft 365 Group for members of the group.","Name":"ConnectorsEnabled","Option":"Write"},{"CIMType":"string","Description":"This parameter specifies a value for the CustomAttribute1 property on the recipient. You can use this property to store custom information about the recipient, and to identify the recipient in filters. The maximum length is 1024 characters.","Name":"CustomAttribute1","Option":"Write"},{"CIMType":"string","Description":"This parameter specifies a value for the CustomAttribute2 property on the recipient. You can use this property to store custom information about the recipient, and to identify the recipient in filters. The maximum length is 1024 characters.","Name":"CustomAttribute2","Option":"Write"},{"CIMType":"string","Description":"This parameter specifies a value for the CustomAttribute3 property on the recipient. You can use this property to store custom information about the recipient, and to identify the recipient in filters. The maximum length is 1024 characters.","Name":"CustomAttribute3","Option":"Write"},{"CIMType":"string","Description":"This parameter specifies a value for the CustomAttribute4 property on the recipient. You can use this property to store custom information about the recipient, and to identify the recipient in filters. The maximum length is 1024 characters.","Name":"CustomAttribute4","Option":"Write"},{"CIMType":"string","Description":"This parameter specifies a value for the CustomAttribute5 property on the recipient. You can use this property to store custom information about the recipient, and to identify the recipient in filters. The maximum length is 1024 characters.","Name":"CustomAttribute5","Option":"Write"},{"CIMType":"string","Description":"This parameter specifies a value for the CustomAttribute6 property on the recipient. You can use this property to store custom information about the recipient, and to identify the recipient in filters. The maximum length is 1024 characters.","Name":"CustomAttribute6","Option":"Write"},{"CIMType":"string","Description":"This parameter specifies a value for the CustomAttribute7 property on the recipient. You can use this property to store custom information about the recipient, and to identify the recipient in filters. The maximum length is 1024 characters.","Name":"CustomAttribute7","Option":"Write"},{"CIMType":"string","Description":"This parameter specifies a value for the CustomAttribute8 property on the recipient. You can use this property to store custom information about the recipient, and to identify the recipient in filters. The maximum length is 1024 characters.","Name":"CustomAttribute8","Option":"Write"},{"CIMType":"string","Description":"This parameter specifies a value for the CustomAttribute9 property on the recipient. You can use this property to store custom information about the recipient, and to identify the recipient in filters. The maximum length is 1024 characters.","Name":"CustomAttribute9","Option":"Write"},{"CIMType":"string","Description":"This parameter specifies a value for the CustomAttribute10 property on the recipient. You can use this property to store custom information about the recipient, and to identify the recipient in filters. The maximum length is 1024 characters.","Name":"CustomAttribute10","Option":"Write"},{"CIMType":"string","Description":"This parameter specifies a value for the CustomAttribute11 property on the recipient. You can use this property to store custom information about the recipient, and to identify the recipient in filters. The maximum length is 1024 characters.","Name":"CustomAttribute11","Option":"Write"},{"CIMType":"string","Description":"This parameter specifies a value for the CustomAttribute12 property on the recipient. You can use this property to store custom information about the recipient, and to identify the recipient in filters. The maximum length is 1024 characters.","Name":"CustomAttribute12","Option":"Write"},{"CIMType":"string","Description":"This parameter specifies a value for the CustomAttribute13 property on the recipient. You can use this property to store custom information about the recipient, and to identify the recipient in filters. The maximum length is 1024 characters.","Name":"CustomAttribute13","Option":"Write"},{"CIMType":"string","Description":"This parameter specifies a value for the CustomAttribute14 property on the recipient. You can use this property to store custom information about the recipient, and to identify the recipient in filters. The maximum length is 1024 characters.","Name":"CustomAttribute14","Option":"Write"},{"CIMType":"string","Description":"This parameter specifies a value for the CustomAttribute15 property on the recipient. You can use this property to store custom information about the recipient, and to identify the recipient in filters. The maximum length is 1024 characters.","Name":"CustomAttribute15","Option":"Write"},{"CIMType":"string","Description":"The DataEncryptionPolicy parameter specifies the data encryption policy that's applied to the Microsoft 365 Group. ","Name":"DataEncryptionPolicy","Option":"Write"},{"CIMType":"string[]","Description":"The EmailAddresses parameter specifies all the email addresses (proxy addresses) for the recipient, including the primary SMTP address.","Name":"EmailAddresses","Option":"Write"},{"CIMType":"string[]","Description":"This parameter specifies a value for the ExtensionCustomAttribute1 property on the recipient. You can use this property to store custom information about the recipient, and to identify the recipient in filters. You can specify up to 1300 values separated by commas.","Name":"ExtensionCustomAttribute1","Option":"Write"},{"CIMType":"string[]","Description":"This parameter specifies a value for the ExtensionCustomAttribute2 property on the recipient. You can use this property to store custom information about the recipient, and to identify the recipient in filters. You can specify up to 1300 values separated by commas.","Name":"ExtensionCustomAttribute2","Option":"Write"},{"CIMType":"string[]","Description":"This parameter specifies a value for the ExtensionCustomAttribute3 property on the recipient. You can use this property to store custom information about the recipient, and to identify the recipient in filters. You can specify up to 1300 values separated by commas.","Name":"ExtensionCustomAttribute3","Option":"Write"},{"CIMType":"string[]","Description":"This parameter specifies a value for the ExtensionCustomAttribute4 property on the recipient. You can use this property to store custom information about the recipient, and to identify the recipient in filters. You can specify up to 1300 values separated by commas.","Name":"ExtensionCustomAttribute4","Option":"Write"},{"CIMType":"string[]","Description":"This parameter specifies a value for the ExtensionCustomAttribute5 property on the recipient. You can use this property to store custom information about the recipient, and to identify the recipient in filters. You can specify up to 1300 values separated by commas.","Name":"ExtensionCustomAttribute5","Option":"Write"},{"CIMType":"string[]","Description":"The GrantSendOnBehalfTo parameter specifies who can send on behalf of this Microsoft 365 Group.","Name":"GrantSendOnBehalfTo","Option":"Write"},{"CIMType":"boolean","Description":"The GrantSendOnBehalfTo parameter specifies who can send on behalf of this Microsoft 365 Group.","Name":"HiddenFromAddressListsEnabled","Option":"Write"},{"CIMType":"boolean","Description":"The HiddenFromExchangeClientsEnabled switch specifies whether the Microsoft 365 Group is hidden from Outlook clients connected to Microsoft 365.","Name":"HiddenFromExchangeClientsEnabled","Option":"Write"},{"CIMType":"string","Description":"The InformationBarrierMode parameter specifies the information barrier mode for the Microsoft 365 Group.","Name":"InformationBarrierMode","Option":"Write","ValueMap":["Explicit","Implicit","Open","OwnerModerated"],"Values":["Explicit","Implicit","Open","OwnerModerated"]},{"CIMType":"boolean","Description":"This parameter specifies whether or not members are allow to edit content.","Name":"IsMemberAllowedToEditContent","Option":"Write"},{"CIMType":"string","Description":"The Language parameter specifies language preference for the Microsoft 365 Group.","Name":"Language","Option":"Write"},{"CIMType":"string","Description":"The MailboxRegion parameter specifies the preferred data location (PDL) for the Microsoft 365 Group in multi-geo environments.","Name":"MailboxRegion","Option":"Write"},{"CIMType":"string","Description":"The MailTip parameter specifies the custom MailTip text for this recipient. The MailTip is shown to senders when they start drafting an email message to this recipient. ","Name":"MailTip","Option":"Write"},{"CIMType":"string[]","Description":"The MailTipTranslations parameter specifies additional languages for the custom MailTip text that's defined by the MailTip parameter.","Name":"MailTipTranslations","Option":"Write"},{"CIMType":"string","Description":"The MaxReceiveSize parameter specifies the maximum size of an email message that can be sent to this group. Messages that exceed the maximum size are rejected by the group.","Name":"MaxReceiveSize","Option":"Write"},{"CIMType":"string","Description":"The MaxSendSize parameter specifies the maximum size of an email message that can be sent by this group.","Name":"MaxSendSize","Option":"Write"},{"CIMType":"string[]","Description":"The ModeratedBy parameter specifies one or more moderators for this recipient. A moderator approves messages sent to the recipient before the messages are delivered. A moderator must be a mailbox, mail user, or mail contact in your organization. You can use any value that uniquely identifies the moderator. ","Name":"ModeratedBy","Option":"Write"},{"CIMType":"boolean","Description":"The ModerationEnabled parameter specifies whether moderation is enabled for this recipient.","Name":"ModerationEnabled","Option":"Write"},{"CIMType":"string","Description":"The Notes parameter specifies the description of the Microsoft 365 Group. If the value contains spaces, enclose the value in quotation marks.","Name":"Notes","Option":"Write"},{"CIMType":"string","Description":"The PrimarySmtpAddress parameter specifies the primary return email address that's used for the recipient. You can't use the EmailAddresses and PrimarySmtpAddress parameters in the same command.","Name":"PrimarySmtpAddress","Option":"Write"},{"CIMType":"string[]","Description":"The RejectMessagesFromSendersOrMembers parameter specifies who isn't allowed to send messages to this recipient. Messages from these senders are rejected.","Name":"RejectMessagesFromSendersOrMembers","Option":"Write"},{"CIMType":"boolean","Description":"The RequireSenderAuthenticationEnabled parameter specifies whether to accept messages only from authenticated (internal) senders. ","Name":"RequireSenderAuthenticationEnabled","Option":"Write"},{"CIMType":"string","Description":"The SensitivityLabelId parameter specifies the GUID value of the sensitivity label that's assigned to the Microsoft 365 Group.","Name":"SensitivityLabelId","Option":"Write"},{"CIMType":"boolean","Description":"The SubscriptionEnabled switch specifies whether the group owners can enable subscription to conversations and calendar events on the groups they own. ","Name":"SubscriptionEnabled","Option":"Write"},{"CIMType":"boolean","Description":"The WelcomeMessageEnabled switch specifies whether to enable or disable sending system-generated welcome messages to users who are added as members to the Microsoft 365 Group.","Name":"WelcomeMessageEnabled","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures settings on groups such as the custom attributes and language."},{"ClassName":"MSFT_EXOHostedConnectionFilterPolicy","Parameters":[{"CIMType":"String","Description":"The Identity parameter specifies the Hosted Connection Filter Policy that you want to modify.","Name":"Identity","Option":"Key"},{"CIMType":"String","Description":"The AdminDisplayName parameter specifies a description for the policy.","Name":"AdminDisplayName","Option":"Write"},{"CIMType":"Boolean","Description":"The EnableSafeList parameter enables or disables use of the safe list. The safe list is a dynamic allow list in the Microsoft datacenter that requires no customer configuration. Valid input for this parameter is $true or $false. The default value is $false.","Name":"EnableSafeList","Option":"Write"},{"CIMType":"String[]","Description":"The IPAllowList parameter specifies IP addresses from which messages are always allowed. Messages from the IP addresses you specify won't be identified as spam, despite any other spam characteristics of the messages. Valid values for this parameter are: A single IP address, an IP address range, a CIDR IP.","Name":"IPAllowList","Option":"Write"},{"CIMType":"String[]","Description":"The IPBlockList parameter specifies IP addresses from which messages are never allowed. Messages from the IP addresses you specify are blocked without any further spam scanning. Valid values for this parameter are: A single IP address, an IP address range, a CIDR IP.","Name":"IPBlockList","Option":"Write"},{"CIMType":"Boolean","Description":"The MakeDefault parameter makes the specified policy the default connection filter policy. Default is $false.","Name":"MakeDefault","Option":"Write"},{"CIMType":"String","Description":"Specifies if this Hosted Connection Filter Policy should exist.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures the settings of connection filter policies in your cloud-based organization."},{"ClassName":"MSFT_EXOHostedContentFilterPolicy","Parameters":[{"CIMType":"String","Description":"The Identity parameter specifies the name of the Hosted Content Filter Policy that you want to modify.","Name":"Identity","Option":"Key"},{"CIMType":"String","Description":"The AddXHeaderValue parameter specifies the X-header value to add to spam messages when an action parameter is set to the value AddXHeader.","Name":"AddXHeaderValue","Option":"Write"},{"CIMType":"String","Description":"The AdminDisplayName parameter specifies a description for the policy.","Name":"AdminDisplayName","Option":"Write"},{"CIMType":"String[]","Description":"The AllowedSenderDomains parameter specifies trusted domains that aren't processed by the spam filter.","Name":"AllowedSenderDomains","Option":"Write"},{"CIMType":"String[]","Description":"The AllowedSenders parameter specifies a list of trusted senders that aren't processed by the spam filter.","Name":"AllowedSenders","Option":"Write"},{"CIMType":"String[]","Description":"The BlockedSenderDomains parameter specifies domains that are always marked as spam sources.","Name":"BlockedSenderDomains","Option":"Write"},{"CIMType":"String[]","Description":"The BlockedSenders parameter specifies senders that are always marked as spam sources.","Name":"BlockedSenders","Option":"Write"},{"CIMType":"String","Description":"The BulkQuarantineTag parameter specifies the quarantine policy that's used on messages that are quarantined as bulk email.","Name":"BulkQuarantineTag","Option":"Write"},{"CIMType":"String","Description":"The BulkSpamAction parameter specifies the action to take on messages that are classified as bulk email.","Name":"BulkSpamAction","Option":"Write","ValueMap":["MoveToJmf","AddXHeader","ModifySubject","Redirect","Delete","Quarantine","NoAction"],"Values":["MoveToJmf","AddXHeader","ModifySubject","Redirect","Delete","Quarantine","NoAction"]},{"CIMType":"UInt32","Description":"The BulkThreshold parameter specifies the Bulk Complaint Level (BCL) threshold setting. Valid values are from 1 - 9, where 1 marks most bulk email as spam, and 9 allows the most bulk email to be delivered. The default value is 7.","Name":"BulkThreshold","Option":"Write"},{"CIMType":"Boolean","Description":"The EnableLanguageBlockList parameter enables or disables blocking email messages that are written in specific languages, regardless of the message contents. Valid input for this parameter is $true or $false. The default value is $false.","Name":"EnableLanguageBlockList","Option":"Write"},{"CIMType":"Boolean","Description":"The EnableRegionBlockList parameter enables or disables blocking email messages that are sent from specific countries or regions, regardless of the message contents. Valid input for this parameter is $true or $false. The default value is $false.","Name":"EnableRegionBlockList","Option":"Write"},{"CIMType":"String","Description":"The HighConfidencePhishAction parameter specifies the action to take on messages that are marked as high confidence phishing","Name":"HighConfidencePhishAction","Option":"Write","ValueMap":["MoveToJmf","Redirect","Quarantine"],"Values":["MoveToJmf","Redirect","Quarantine"]},{"CIMType":"String","Description":"The HighConfidencePhishQuarantineTag parameter specifies the quarantine policy that's used on messages that are quarantined as high confidence phishing.","Name":"HighConfidencePhishQuarantineTag","Option":"Write"},{"CIMType":"String","Description":"The HighConfidenceSpamAction parameter specifies the action to take on messages that are classified as high confidence spam.","Name":"HighConfidenceSpamAction","Option":"Write","ValueMap":["MoveToJmf","AddXHeader","ModifySubject","Redirect","Delete","Quarantine","NoAction"],"Values":["MoveToJmf","AddXHeader","ModifySubject","Redirect","Delete","Quarantine","NoAction"]},{"CIMType":"String","Description":"The HighConfidenceSpamQuarantineTag parameter specifies the quarantine policy that's used on messages that are quarantined as high confidence spam.","Name":"HighConfidenceSpamQuarantineTag","Option":"Write"},{"CIMType":"String","Description":"The IncreaseScoreWithBizOrInfoUrls parameter increases the spam score of messages that contain links to .biz or .info domains. Valid values for this parameter are Off, On or Test. The default value is Off.","Name":"IncreaseScoreWithBizOrInfoUrls","Option":"Write","ValueMap":["Off","On","Test"],"Values":["Off","On","Test"]},{"CIMType":"String","Description":"The IncreaseScoreWithImageLinks parameter increases the spam score of messages that contain image links to remote websites. Valid values for this parameter are Off, On or Test. The default value is Off.","Name":"IncreaseScoreWithImageLinks","Option":"Write","ValueMap":["Off","On","Test"],"Values":["Off","On","Test"]},{"CIMType":"String","Description":"The IncreaseScoreWithNumericIps parameter increases the spam score of messages that contain links to IP addresses. Valid values for this parameter are Off, On or Test. The default value is Off.","Name":"IncreaseScoreWithNumericIps","Option":"Write","ValueMap":["Off","On","Test"],"Values":["Off","On","Test"]},{"CIMType":"String","Description":"The IncreaseScoreWithRedirectToOtherPort parameter increases the spam score of messages that contain links that redirect to other TCP ports. Valid values for this parameter are Off, On or Test. The default value is Off.","Name":"IncreaseScoreWithRedirectToOtherPort","Option":"Write","ValueMap":["Off","On","Test"],"Values":["Off","On","Test"]},{"CIMType":"Boolean","Description":"The InlineSafetyTipsEnabled parameter specifies whether to enable or disable safety tips that are shown to recipients in messages. The default is $true","Name":"InlineSafetyTipsEnabled","Option":"Write"},{"CIMType":"String","Description":"The IntraOrgFilterState parameter specifies whether to enable anti-spam filtering for messages sent between internal users (users in the same organization).","Name":"IntraOrgFilterState","Option":"Write","ValueMap":["Default","HighConfidencePhish","Phish","HighConfidenceSpam","Spam","Disabled"],"Values":["Default","HighConfidencePhish","Phish","HighConfidenceSpam","Spam","Disabled"]},{"CIMType":"String[]","Description":"The LanguageBlockList parameter specifies the languages to block when messages are blocked based on their language. Valid input for this parameter is a supported ISO 639-1 lowercase two-letter language code. You can specify multiple values separated by commas. This parameter is only use when the EnableRegionBlockList parameter is set to $true.","Name":"LanguageBlockList","Option":"Write"},{"CIMType":"Boolean","Description":"The MakeDefault parameter makes the specified content filter policy the default content filter policy. The default value is $false","Name":"MakeDefault","Option":"Write"},{"CIMType":"String","Description":"The MarkAsSpamBulkMail parameter classifies the message as spam when the message is identified as a bulk email message. Valid values for this parameter are Off, On or Test. The default value is On.","Name":"MarkAsSpamBulkMail","Option":"Write","ValueMap":["Off","On","Test"],"Values":["Off","On","Test"]},{"CIMType":"String","Description":"The MarkAsSpamEmbedTagsInHtml parameter classifies the message as spam when the message contains HTML <embed> tags. Valid values for this parameter are Off, On or Test. The default value is Off.","Name":"MarkAsSpamEmbedTagsInHtml","Option":"Write","ValueMap":["Off","On","Test"],"Values":["Off","On","Test"]},{"CIMType":"String","Description":"The MarkAsSpamEmptyMessages parameter classifies the message as spam when the message is empty. Valid values for this parameter are Off, On or Test. The default value is Off.","Name":"MarkAsSpamEmptyMessages","Option":"Write","ValueMap":["Off","On","Test"],"Values":["Off","On","Test"]},{"CIMType":"String","Description":"The MarkAsSpamFormTagsInHtml parameter classifies the message as spam when the message contains HTML <form> tags. Valid values for this parameter are Off, On or Test. The default value is Off.","Name":"MarkAsSpamFormTagsInHtml","Option":"Write","ValueMap":["Off","On","Test"],"Values":["Off","On","Test"]},{"CIMType":"String","Description":"The MarkAsSpamFramesInHtml parameter classifies the message as spam when the message contains HTML <frame> or <iframe> tags. Valid values for this parameter are Off, On or Test. The default value is Off.","Name":"MarkAsSpamFramesInHtml","Option":"Write","ValueMap":["Off","On","Test"],"Values":["Off","On","Test"]},{"CIMType":"String","Description":"The MarkAsSpamFromAddressAuthFail parameter classifies the message as spam when Sender ID filtering encounters a hard fail. Valid values for this parameter are Off or On. The default value is Off.","Name":"MarkAsSpamFromAddressAuthFail","Option":"Write","ValueMap":["Off","On","Test"],"Values":["Off","On","Test"]},{"CIMType":"String","Description":"The MarkAsSpamJavaScriptInHtml parameter classifies the message as spam when the message contains JavaScript or VBScript. Valid values for this parameter are Off, On or Test. The default value is Off.","Name":"MarkAsSpamJavaScriptInHtml","Option":"Write","ValueMap":["Off","On","Test"],"Values":["Off","On","Test"]},{"CIMType":"String","Description":"The MarkAsSpamNdrBackscatter parameter classifies the message as spam when the message is a non-delivery report (NDR) to a forged sender. Valid values for this parameter are Off or On. The default value is Off.","Name":"MarkAsSpamNdrBackscatter","Option":"Write","ValueMap":["Off","On","Test"],"Values":["Off","On","Test"]},{"CIMType":"String","Description":"The MarkAsSpamObjectTagsInHtml parameter classifies the message as spam when the message contains HTML <object> tags. Valid values for this parameter are Off, On or Test. The default value is Off.","Name":"MarkAsSpamObjectTagsInHtml","Option":"Write","ValueMap":["Off","On","Test"],"Values":["Off","On","Test"]},{"CIMType":"String","Description":"The MarkAsSpamSensitiveWordList parameter classifies the message as spam when the message contains words from the sensitive words list. Valid values for this parameter are Off, On or Test. The default value is Off.","Name":"MarkAsSpamSensitiveWordList","Option":"Write","ValueMap":["Off","On","Test"],"Values":["Off","On","Test"]},{"CIMType":"String","Description":"The MarkAsSpamSpfRecordHardFail parameter classifies the message as spam when Sender Policy Framework (SPF) record checking encounters a hard fail. Valid values for this parameter are Off or On. The default value is Off.","Name":"MarkAsSpamSpfRecordHardFail","Option":"Write","ValueMap":["Off","On","Test"],"Values":["Off","On","Test"]},{"CIMType":"String","Description":"The MarkAsSpamWebBugsInHtml parameter classifies the message as spam when the message contains web bugs. Valid values for this parameter are Off, On or Test. The default value is Off.","Name":"MarkAsSpamWebBugsInHtml","Option":"Write","ValueMap":["Off","On","Test"],"Values":["Off","On","Test"]},{"CIMType":"String","Description":"The ModifySubjectValue parameter specifies the text to prepend to the existing subject of spam messages when an action parameter is set to the value ModifySubject.","Name":"ModifySubjectValue","Option":"Write"},{"CIMType":"String","Description":"The PhishSpamAction parameter specifies the action to take on messages that are classified as phishing","Name":"PhishSpamAction","Option":"Write","ValueMap":["MoveToJmf","AddXHeader","ModifySubject","Redirect","Delete","Quarantine","NoAction"],"Values":["MoveToJmf","AddXHeader","ModifySubject","Redirect","Delete","Quarantine","NoAction"]},{"CIMType":"String","Description":"The PhishQuarantineTag parameter specifies the quarantine policy that's used on messages that are quarantined as phishing.","Name":"PhishQuarantineTag","Option":"Write"},{"CIMType":"String","Description":"The SpamQuarantineTag parameter specifies the quarantine policy that's used on messages that are quarantined as spam.","Name":"SpamQuarantineTag","Option":"Write"},{"CIMType":"UInt32","Description":"The QuarantineRetentionPeriod parameter specifies the length of time in days that spam messages remain in the quarantine. Valid input for this parameter is an integer between 1 and 30. The default value is 15.","Name":"QuarantineRetentionPeriod","Option":"Write"},{"CIMType":"String[]","Description":"The RedirectToRecipients parameter specifies the replacement recipients in spam messages when an action parameter is set to the value Redirect. The action parameters that use the value of RedirectToRecipients are BulkSpamAction, HighConfidencePhishAction, HighConfidenceSpamAction, PhishSpamAction and SpamAction.","Name":"RedirectToRecipients","Option":"Write"},{"CIMType":"String[]","Description":"The RegionBlockList parameter specifies the region to block when messages are blocked based on their source region. Valid input for this parameter is a supported ISO 3166-1 uppercase two-letter country code. You can specify multiple values separated by commas. This parameter is only used when the EnableRegionBlockList parameter is set to $true.","Name":"RegionBlockList","Option":"Write"},{"CIMType":"String","Description":"The SpamAction parameter specifies the action to take on messages that are classified as spam (not high confidence spam, bulk email, or phishing). ","Name":"SpamAction","Option":"Write","ValueMap":["MoveToJmf","AddXHeader","ModifySubject","Redirect","Delete","Quarantine","NoAction"],"Values":["MoveToJmf","AddXHeader","ModifySubject","Redirect","Delete","Quarantine","NoAction"]},{"CIMType":"String","Description":"The TestModeAction parameter specifies the additional action to take on messages that match any of the IncreaseScoreWith or MarkAsSpam parameters that are set to the value Test. ","Name":"TestModeAction","Option":"Write","ValueMap":["None","AddXHeader","BccMessage"],"Values":["None","AddXHeader","BccMessage"]},{"CIMType":"String[]","Description":"The TestModeBccToRecipients parameter specifies the blind carbon copy recipients to add to spam messages when the TestModeAction action parameter is set to the value BccMessage.","Name":"TestModeBccToRecipients","Option":"Write"},{"CIMType":"Boolean","Description":"The PhishZapEnabled parameter enables or disables zero-hour auto purge (ZAP) to detect phishing messages in delivered messages in Exchange Online mailboxes.","Name":"PhishZapEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The SpamZapEnabled parameter enables or disables zero-hour auto purge (ZAP) to detect spam in delivered messages in Exchange Online mailboxes.","Name":"SpamZapEnabled","Option":"Write"},{"CIMType":"String","Description":"Specify if this policy should exist or not.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures the settings of connection filter policies in your cloud-based organization."},{"ClassName":"MSFT_EXOHostedContentFilterRule","Parameters":[{"CIMType":"String","Description":"The Identity parameter specifies the name of the HostedContentFilter rule that you want to modify.","Name":"Identity","Option":"Key"},{"CIMType":"String","Description":"The HostedContentFilterPolicy parameter specifies the name of the HostedContentFilter policy that's associated with the HostedContentFilter rule.","Name":"HostedContentFilterPolicy","Option":"Required"},{"CIMType":"Boolean","Description":"Specify if this rule should be enabled. Default is $true.","Name":"Enabled","Option":"Write"},{"CIMType":"uint32","Description":"The Priority parameter specifies a priority value for the rule that determines the order of rule processing. A lower integer value indicates a higher priority, the value 0 is the highest priority, and rules can't have the same priority value.","Name":"Priority","Option":"Write"},{"CIMType":"String","Description":"The Comments parameter specifies informative comments for the rule, such as what the rule is used for or how it has changed over time. The length of the comment can't exceed 1024 characters.","Name":"Comments","Option":"Write"},{"CIMType":"String[]","Description":"The ExceptIfRecipientDomainIs parameter specifies an exception that looks for recipients with email address in the specified domains. You can specify multiple domains separated by commas.","Name":"ExceptIfRecipientDomainIs","Option":"Write"},{"CIMType":"String[]","Description":"The ExceptIfSentTo parameter specifies an exception that looks for recipients in messages. You can use any value that uniquely identifies the recipient.","Name":"ExceptIfSentTo","Option":"Write"},{"CIMType":"String[]","Description":"The ExceptIfSentToMemberOf parameter specifies an exception that looks for messages sent to members of groups. You can use any value that uniquely identifies the group.","Name":"ExceptIfSentToMemberOf","Option":"Write"},{"CIMType":"String[]","Description":"The RecipientDomainIs parameter specifies a condition that looks for recipients with email address in the specified domains. You can specify multiple domains separated by commas.","Name":"RecipientDomainIs","Option":"Write"},{"CIMType":"String[]","Description":"The SentTo parameter specifies a condition that looks for recipients in messages. You can use any value that uniquely identifies the recipient.","Name":"SentTo","Option":"Write"},{"CIMType":"String[]","Description":"The SentToMemberOf parameter looks for messages sent to members of groups. You can use any value that uniquely identifies the group.","Name":"SentToMemberOf","Option":"Write"},{"CIMType":"String","Description":"Specify if this rule should exist or not.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures an Hosted Content Filter Rule in Exchange Online."},{"ClassName":"MSFT_EXOHostedOutboundSpamFilterPolicy","Parameters":[{"CIMType":"String","Description":"The Identity parameter specifies the name of the policy that you want to modify. There is only one policy named 'Default'","Name":"Identity","Option":"Key"},{"CIMType":"String","Description":"The AdminDisplayName parameter specifies a description for the policy.","Name":"AdminDisplayName","Option":"Write"},{"CIMType":"String[]","Description":"The BccSuspiciousOutboundAdditionalRecipients parameter specifies the recipients to add to the Bcc field of outgoing spam messages. Valid input for this parameter is an email address. Separate multiple email addresses with commas.","Name":"BccSuspiciousOutboundAdditionalRecipients","Option":"Write"},{"CIMType":"Boolean","Description":"The BccSuspiciousOutboundMail parameter enables or disables adding recipients to the Bcc field of outgoing spam messages. Valid input for this parameter is $true or $false. The default value is $false. You specify the additional recipients using the BccSuspiciousOutboundAdditionalRecipients parameter.","Name":"BccSuspiciousOutboundMail","Option":"Write"},{"CIMType":"Boolean","Description":"The NotifyOutboundSpam parameter enables or disables sending notification messages to administrators when an outgoing message is determined to be spam. Valid input for this parameter is $true or $false. The default value is $false. You specify the administrators to notify by using the NotifyOutboundSpamRecipients parameter.","Name":"NotifyOutboundSpam","Option":"Write"},{"CIMType":"String[]","Description":"The NotifyOutboundSpamRecipients parameter specifies the administrators to notify when an outgoing message is determined to be spam. Valid input for this parameter is an email address. Separate multiple email addresses with commas.","Name":"NotifyOutboundSpamRecipients","Option":"Write"},{"CIMType":"UInt32","Description":"The RecipientLimitInternalPerHour parameter specifies the maximum number of internal recipients that a user can send to within an hour. A valid value is 0 to 10000. The default value is 0, which means the service defaults are used.","Name":"RecipientLimitInternalPerHour","Option":"Write"},{"CIMType":"UInt32","Description":"The RecipientLimitPerDay parameter specifies the maximum number of recipients that a user can send to within a day. A valid value is 0 to 10000. The default value is 0, which means the service defaults are used.","Name":"RecipientLimitPerDay","Option":"Write"},{"CIMType":"UInt32","Description":"The RecipientLimitExternalPerHour parameter specifies the maximum number of external recipients that a user can send to within an hour. A valid value is 0 to 10000. The default value is 0, which means the service defaults are used.","Name":"RecipientLimitExternalPerHour","Option":"Write"},{"CIMType":"String","Description":"The ActionWhenThresholdReached parameter specifies the action to take when any of the limits specified in the policy are reached. Valid values are: Alert, BlockUser, BlockUserForToday. BlockUserForToday is the default value.","Name":"ActionWhenThresholdReached","Option":"Write"},{"CIMType":"String","Description":"The AutoForwardingMode specifies how the policy controls automatic email forwarding to outbound recipients. Valid values are: Automatic, On, Off.","Name":"AutoForwardingMode","Option":"Write"},{"CIMType":"String","Description":"Specify if this policy should exist or not.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures the settings of the outbound spam filter policy in your cloud-based organization."},{"ClassName":"MSFT_EXOHostedOutboundSpamFilterRule","Parameters":[{"CIMType":"String","Description":"The Identity parameter specifies the name of the HostedOutboundSpamFilter rule that you want to modify.","Name":"Identity","Option":"Key"},{"CIMType":"String","Description":"The HostedOutboundSpamFilterPolicy parameter specifies the name of the HostedOutboundSpamFilter policy that's associated with the HostedOutboundSpamFilter rule.","Name":"HostedOutboundSpamFilterPolicy","Option":"Required"},{"CIMType":"Boolean","Description":"Specify if this rule should be enabled. Default is $true.","Name":"Enabled","Option":"Write"},{"CIMType":"uint32","Description":"The Priority parameter specifies a priority value for the rule that determines the order of rule processing. A lower integer value indicates a higher priority, the value 0 is the highest priority, and rules can't have the same priority value.","Name":"Priority","Option":"Write"},{"CIMType":"String","Description":"The Comments parameter specifies informative comments for the rule, such as what the rule is used for or how it has changed over time. The length of the comment can't exceed 1024 characters.","Name":"Comments","Option":"Write"},{"CIMType":"String[]","Description":"The ExceptIfSenderDomainIs parameter specifies an exception that looks for senders with email address in the specified domains. You can specify multiple domains separated by commas.","Name":"ExceptIfSenderDomainIs","Option":"Write"},{"CIMType":"String[]","Description":"The ExceptIfFrom parameter specifies an exception that looks for messages from specific senders. You can use any value that uniquely identifies the sender.","Name":"ExceptIfFrom","Option":"Write"},{"CIMType":"String[]","Description":"The ExceptIfFromMemberOf parameter specifies an exception that looks for messages sent by group members. You can use any value that uniquely identifies the group.","Name":"ExceptIfFromMemberOf","Option":"Write"},{"CIMType":"String[]","Description":"The SenderDomainIs parameter specifies a condition that looks for senders with email address in the specified domains. You can specify multiple domains separated by commas.","Name":"SenderDomainIs","Option":"Write"},{"CIMType":"String[]","Description":"The From parameter specifies a condition that looks for messages from specific senders. You can use any value that uniquely identifies the sender.","Name":"From","Option":"Write"},{"CIMType":"String[]","Description":"The FromMemberOf parameter specifies a condition that looks for messages sent by group members. You can use any value that uniquely identifies the group.","Name":"FromMemberOf","Option":"Write"},{"CIMType":"String","Description":"Specify if this rule should exist or not.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures an Hosted Content Filter Rule in Exchange Online."},{"ClassName":"MSFT_EXOInboundConnector","Parameters":[{"CIMType":"String","Description":"The Identity parameter specifies the outbound connector that you want to modify.","Name":"Identity","Option":"Key"},{"CIMType":"String[]","Description":"The AssociatedAcceptedDomains parameter specifies the accepted domains that the connector applies to, thereby limiting its scope. For example, you can apply the connector to a specific accepted domain in your organization, such as contoso.com.","Name":"AssociatedAcceptedDomains","Option":"Write"},{"CIMType":"Boolean","Description":"The CloudServicesMailEnabled parameter specifies whether the connector is used for hybrid mail flow between an on-premises Exchange environment and Microsoft Office 365. Specifically, this parameter controls how certain internal X-MS-Exchange-Organization-* message headers are handled in messages that are sent between accepted domains in the on-premises and cloud organizations. These headers are collectively known as cross-premises headers. DO NOT USE MANUALLY!","Name":"CloudServicesMailEnabled","Option":"Write"},{"CIMType":"String","Description":"The Comment parameter specifies an optional comment.","Name":"Comment","Option":"Write"},{"CIMType":"String","Description":"The ConnectorSource parameter specifies how the connector is created. DO NOT CHANGE THIS!","Name":"ConnectorSource","Option":"Write","ValueMap":["Default","Migrated","HybridWizard"],"Values":["Default","Migrated","HybridWizard"]},{"CIMType":"String","Description":"The ConnectorType parameter specifies a category for the domains that are serviced by the connector. Valid values are Partner and OnPremises","Name":"ConnectorType","Option":"Write","ValueMap":["Partner","OnPremises"],"Values":["Partner","OnPremises"]},{"CIMType":"String[]","Description":"The EFSkipIPs parameter specifies the source IP addresses to skip in Enhanced Filtering for Connectors when the EFSkipLastIP parameter value is $false.","Name":"EFSkipIPs","Option":"Write"},{"CIMType":"Boolean","Description":"The EFSkipLastIP parameter specifies the behavior of Enhanced Filtering for Connectors.","Name":"EFSkipLastIP","Option":"Write"},{"CIMType":"String[]","Description":"The EFUsers parameter specifies the recipients that Enhanced Filtering for Connectors applies to.","Name":"EFUsers","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies whether connector is enabled.","Name":"Enabled","Option":"Write"},{"CIMType":"Boolean","Description":"The RequireTLS parameter specifies that all messages received by this connector require TLS transmission. Valid values for this parameter are $true or $false. The default value is $false. When the RequireTLS parameter is set to $true, all messages received by this connector require TLS transmission.","Name":"RequireTls","Option":"Write"},{"CIMType":"Boolean","Description":"The RestrictDomainsToCertificate parameter specifies that Office 365 should identify incoming messages that are eligible for this connector by verifying that the remote server authenticates using a TLS certificate that has the TlsSenderCertificateName in the Subject.","Name":"RestrictDomainsToCertificate","Option":"Write"},{"CIMType":"Boolean","Description":"The RestrictDomainsToIPAddresses parameter, when set to $true, automatically rejects mail from the domains specified by the SenderDomains parameter if the mail originates from an IP address that isn't specified by the SenderIPAddresses parameter.","Name":"RestrictDomainsToIPAddresses","Option":"Write"},{"CIMType":"String[]","Description":"The SenderDomains parameter specifies the remote domains from which this connector accepts messages, thereby limiting its scope. You can use a wildcard character to specify all subdomains of a specified domain, as shown in the following example: *.contoso.com. However, you can't embed a wildcard character, as shown in the following example: domain.*.contoso.com.","Name":"SenderDomains","Option":"Write"},{"CIMType":"String[]","Description":"The SenderIPAddresses parameter specifies the remote IP addresses from which this connector accepts messages.","Name":"SenderIPAddresses","Option":"Write"},{"CIMType":"String","Description":"The TlsSenderCertificateName parameter specifies the certificate used by the sender's domain when the RequireTls parameter is set to $true. Valid input for the TlsSenderCertificateName parameter is an SMTP domain. ","Name":"TlsSenderCertificateName","Option":"Write"},{"CIMType":"Boolean","Description":"The TreatMessagesAsInternal parameter specifies an alternative method to identify messages sent from an on-premises organization as internal messages. You should only consider using this parameter when your on-premises organization doesn't use Exchange.","Name":"TreatMessagesAsInternal","Option":"Write"},{"CIMType":"String","Description":"Specifies if this Outbound connector should exist.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures an Inbound connector in your cloud-based organization."},{"ClassName":"MSFT_EXOIntraOrganizationConnector","Parameters":[{"CIMType":"String","Description":"The Identity parameter specifies the intraorg connector that you want to modify.","Name":"Identity","Option":"Key"},{"CIMType":"String","Description":"The DiscoveryEndpoint parameter specifies the externally-accessible URL that's used for the Autodiscover service for the domain that's configured in the Intra-Organization connector.","Name":"DiscoveryEndpoint","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies whether connector is enabled.","Name":"Enabled","Option":"Write"},{"CIMType":"String[]","Description":"The TargetAddressDomains parameter specifies the domain namespaces that will be used in the Intra-organization connector. These domains must have valid Autodiscover endpoints defined in their organizations. The domains and their associated Autodiscover endpoints are used by the Intra-Organization connector for feature and service connectivity. You can specify multiple domains separated by commas.","Name":"TargetAddressDomains","Option":"Write"},{"CIMType":"String","Description":"The TargetSharingEpr parameter specifies the URL of the target Exchange Web Services that will be used in the Intra-Organization connector.","Name":"TargetSharingEpr","Option":"Write"},{"CIMType":"String","Description":"Specifies if this Intra-Organization connector should exist.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Create a new EXOIntraOrganizationConnector in your cloud-based organization."},{"ClassName":"MSFT_EXOIRMConfiguration","Parameters":[{"CIMType":"String","Description":"Only valid value is 'Yes'.","Name":"IsSingleInstance","Option":"Key","ValueMap":["Yes"],"Values":["Yes"]},{"CIMType":"Boolean","Description":"The AutomaticServiceUpdateEnabled parameter specifies whether to allow the automatic addition of new features within Azure Information Protection for your cloud-based organization.","Name":"AutomaticServiceUpdateEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The AzureRMSLicensingEnabled parameter specifies whether the Exchange Online organization can to connect directly to Azure Rights Management.","Name":"AzureRMSLicensingEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The DecryptAttachmentForEncryptOnly parameter specifies whether mail recipients have unrestricted rights on the attachment or not for Encrypt-only mails sent using Microsoft Purview Message Encryption.","Name":"DecryptAttachmentForEncryptOnly","Option":"Write"},{"CIMType":"Boolean","Description":"The EDiscoverySuperUserEnabled parameter specifies whether members of the Discovery Management role group can access IRM-protected messages in a discovery mailbox that were returned by a discovery search.","Name":"EDiscoverySuperUserEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The EnablePdfEncryption parameter specifies whether to enable the encryption of PDF attachments using Microsoft Purview Message Encryption. ","Name":"EnablePdfEncryption","Option":"Write"},{"CIMType":"Boolean","Description":"The EnablePortalTrackingLogs parameter specifies whether to enable portal message tracking logs.","Name":"EnablePortalTrackingLogs","Option":"Write"},{"CIMType":"Boolean","Description":"The InternalLicensingEnabled parameter specifies whether to enable IRM features for messages that are sent to internal and external recipients.","Name":"InternalLicensingEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The JournalReportDecryptionEnabled parameter specifies whether to enable journal report decryption.","Name":"JournalReportDecryptionEnabled","Option":"Write"},{"CIMType":"String[]","Description":"The LicensingLocation parameter specifies the RMS licensing URLs. You can specify multiple URL values separated by commas.","Name":"LicensingLocation","Option":"Write"},{"CIMType":"Boolean","Description":"This parameter is available only in the cloud-based service.","Name":"RejectIfRecipientHasNoRights","Option":"Write"},{"CIMType":"String","Description":"The RMSOnlineKeySharingLocation parameter specifies the Azure Rights Management URL that's used to get the trusted publishing domain (TPD) for the Exchange Online organization.","Name":"RMSOnlineKeySharingLocation","Option":"Write"},{"CIMType":"Boolean","Description":"The SearchEnabled parameter specifies whether to enable searching of IRM-encrypted messages in Outlook on the web (formerly known as Outlook Web App).","Name":"SearchEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The SimplifiedClientAccessDoNotForwardDisabled parameter specifies whether to disable Do not forward in Outlook on the web.","Name":"SimplifiedClientAccessDoNotForwardDisabled","Option":"Write"},{"CIMType":"Boolean","Description":"The SimplifiedClientAccessEnabled parameter specifies whether to enable the Protect button in Outlook on the web.","Name":"SimplifiedClientAccessEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The SimplifiedClientAccessEncryptOnlyDisabled parameter specifies whether to disable Encrypt only in Outlook on the web. ","Name":"SimplifiedClientAccessEncryptOnlyDisabled","Option":"Write"},{"CIMType":"String","Description":"The TransportDecryptionSetting parameter specifies the transport decryption configuration.","Name":"TransportDecryptionSetting","Option":"Write","ValueMap":["Disabled","Mandatory","Optional"],"Values":["Disabled","Mandatory","Optional"]},{"CIMType":"String","Description":"Specifies if this Outbound connector should exist.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Modify the resource Configuration policy in your cloud-based organization."},{"ClassName":"MSFT_EXOJournalRule","Parameters":[{"CIMType":"String","Description":"Name of the Journal Rule","Name":"Name","Option":"Key"},{"CIMType":"String","Description":"The JournalEmailAddress parameter specifies a recipient object to which journal reports are sent. You can use any value that uniquely identifies the recipient.","Name":"JournalEmailAddress","Option":"Key"},{"CIMType":"String","Description":"The Recipient parameter specifies the SMTP address of a mailbox, contact, or distribution group to journal. If you specify a distribution group, all recipients in that distribution group are journaled. All messages sent to or from a recipient are journaled.","Name":"Recipient","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies whether the Journal Rule is enabled or not.","Name":"Enabled","Option":"Write"},{"CIMType":"String","Description":"The Scope parameter specifies the scope of email messages to which the journal rule is applied","Name":"RuleScope","Option":"Write","ValueMap":["Global","Internal","External"],"Values":["Global","Internal","External"]},{"CIMType":"String","Description":"Present ensures the rule exists, Absent that it does not.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource allows to configure Journal Rules in Exchange Online."},{"ClassName":"MSFT_EXOMailboxAuditBypassAssociation","Parameters":[{"CIMType":"String","Description":"The Identity parameter specifies the user account or computer account where you want to view the value of the AuditBypassEnabled property.","Name":"Identity","Option":"Key"},{"CIMType":"Boolean","Description":"The AuditBypassEnabled parameter specifies whether audit bypass is enabled for the user or computer.","Name":"AuditBypassEnabled","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Use the Set-MailboxAuditBypassAssociation cmdlet to configure mailbox audit logging bypass for user or computer accounts such as service accounts for applications that access mailboxes frequently."},{"ClassName":"MSFT_EXOMailboxAutoReplyConfiguration","Parameters":[{"CIMType":"String","Description":"The Identity parameter specifies the mailbox that you want to modify. You can use any value that uniquely identifies the mailbox.","Name":"Identity","Option":"Key"},{"CIMType":"String","Description":"User Principal Name of the mailbox owner","Name":"Owner","Option":"Write"},{"CIMType":"Boolean","Description":"The AutoDeclineFutureRequestsWhenOOF parameter specifies whether to automatically decline new meeting requests that are sent to the mailbox during the scheduled time period when Automatic Replies are being sent. ","Name":"AutoDeclineFutureRequestsWhenOOF","Option":"Write"},{"CIMType":"String","Description":"The AutoReplyState parameter specifies whether the mailbox is enabled for Automatic Replies. Valid values are: Enabled, Disabled, Scheduled","Name":"AutoReplyState","Option":"Write","ValueMap":["Enabled","Disabled","Scheduled"],"Values":["Enabled","Disabled","Scheduled"]},{"CIMType":"Boolean","Description":"The CreateOOFEvent parameter specifies whether to create a calendar event that corresponds to the scheduled time period when Automatic Replies are being sent for the mailbox.","Name":"CreateOOFEvent","Option":"Write"},{"CIMType":"Boolean","Description":"The DeclineAllEventsForScheduledOOF parameter specifies whether to decline all existing calendar events in the mailbox during the scheduled time period when Automatic Replies are being sent.","Name":"DeclineAllEventsForScheduledOOF","Option":"Write"},{"CIMType":"Boolean","Description":"The DeclineEventsForScheduledOOF parameter specifies whether it's possible to decline existing calendar events in the mailbox during the scheduled time period when Automatic Replies are being sent. ","Name":"DeclineEventsForScheduledOOF","Option":"Write"},{"CIMType":"String","Description":"The DeclineMeetingMessage parameter specifies the text in the message when meetings requests that are sent to the mailbox are automatically declined.","Name":"DeclineMeetingMessage","Option":"Write"},{"CIMType":"String","Description":"The EndTime parameter specifies the end date and time that Automatic Replies are sent for the mailbox. You use this parameter only when the AutoReplyState parameter is set to Scheduled, and the value of this parameter is meaningful only when AutoReplyState is Scheduled.","Name":"EndTime","Option":"Write"},{"CIMType":"String[]","Description":"The EventsToDeleteIDs parameter specifies the calendar events to delete from the mailbox when the DeclineEventsForScheduledOOF parameter is set to $true.","Name":"EventsToDeleteIDs","Option":"Write"},{"CIMType":"String","Description":"The ExternalAudience parameter specifies whether Automatic Replies are sent to external senders. Valid values are: None, Known, All","Name":"ExternalAudience","Option":"Write","ValueMap":["None","Known","All"],"Values":["None","Known","All"]},{"CIMType":"String","Description":"The ExternalMessage parameter specifies the Automatic Replies message that's sent to external senders or senders outside the organization. If the value contains spaces, enclose the value in quotation marks.","Name":"ExternalMessage","Option":"Write"},{"CIMType":"String","Description":"The InternalMessage parameter specifies the Automatic Replies message that's sent to internal senders or senders within the organization. If the value contains spaces, enclose the value in quotation marks.","Name":"InternalMessage","Option":"Write"},{"CIMType":"String","Description":"The OOFEventSubject parameter specifies the subject for the calendar event that's automatically created when the CreateOOFEvent parameter is set to $true.","Name":"OOFEventSubject","Option":"Write"},{"CIMType":"String","Description":"The StartTime parameter specifies the start date and time that Automatic Replies are sent for the specified mailbox. You use this parameter only when the AutoReplyState parameter is set to Scheduled, and the value of this parameter is meaningful only when AutoReplyState is Scheduled.","Name":"StartTime","Option":"Write"},{"CIMType":"String","Description":"Represents the existence of the instance. This must be set to 'Present'","Name":"Ensure","Option":"Write","ValueMap":["Present"],"Values":["Present"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures the Auto Reply settings of mailboxes."},{"ClassName":"MSFT_EXOMailboxCalendarConfiguration","Parameters":[{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"},{"CIMType":"String","Description":"Specifies the mailbox identity.","Name":"Identity","Option":"Key"},{"CIMType":"Boolean","Description":"Enables or disables agenda mail introduction.","Name":"AgendaMailIntroductionEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"Automatically declines meeting requests when the user is busy.","Name":"AutoDeclineWhenBusy","Option":"Write"},{"CIMType":"String","Description":"Preferred language for calendar feeds.","Name":"CalendarFeedsPreferredLanguage","Option":"Write"},{"CIMType":"String","Description":"Preferred region for calendar feeds.","Name":"CalendarFeedsPreferredRegion","Option":"Write"},{"CIMType":"String","Description":"Root page ID for calendar feeds.","Name":"CalendarFeedsRootPageId","Option":"Write"},{"CIMType":"Boolean","Description":"Enables or disables conversational scheduling.","Name":"ConversationalSchedulingEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"Creates events from email as private.","Name":"CreateEventsFromEmailAsPrivate","Option":"Write"},{"CIMType":"UInt32","Description":"Default minutes to reduce long events by.","Name":"DefaultMinutesToReduceLongEventsBy","Option":"Write"},{"CIMType":"UInt32","Description":"Default minutes to reduce short events by.","Name":"DefaultMinutesToReduceShortEventsBy","Option":"Write"},{"CIMType":"String","Description":"Default online meeting provider.","Name":"DefaultOnlineMeetingProvider","Option":"Write"},{"CIMType":"String","Description":"Default reminder time.","Name":"DefaultReminderTime","Option":"Write"},{"CIMType":"Boolean","Description":"Deletes meeting request on respond.","Name":"DeleteMeetingRequestOnRespond","Option":"Write"},{"CIMType":"Boolean","Description":"Enables or disables dining events from email.","Name":"DiningEventsFromEmailEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"Enables or disables entertainment events from email.","Name":"EntertainmentEventsFromEmailEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"Enables or disables events from email.","Name":"EventsFromEmailEnabled","Option":"Write"},{"CIMType":"String","Description":"Specifies the first week of the year.","Name":"FirstWeekOfYear","Option":"Write"},{"CIMType":"Boolean","Description":"Enables or disables flight events from email.","Name":"FlightEventsFromEmailEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"Enables or disables hotel events from email.","Name":"HotelEventsFromEmailEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"Enables or disables invoice events from email.","Name":"InvoiceEventsFromEmailEnabled","Option":"Write"},{"CIMType":"String","Description":"Specifies location details in free/busy information.","Name":"LocationDetailsInFreeBusy","Option":"Write"},{"CIMType":"String","Description":"Specifies the mailbox location.","Name":"MailboxLocation","Option":"Write"},{"CIMType":"Boolean","Description":"Enables or disables online meetings by default.","Name":"OnlineMeetingsByDefaultEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"Enables or disables package delivery events from email.","Name":"PackageDeliveryEventsFromEmailEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"Preserves declined meetings.","Name":"PreserveDeclinedMeetings","Option":"Write"},{"CIMType":"Boolean","Description":"Enables or disables reminders.","Name":"RemindersEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"Enables or disables reminder sound.","Name":"ReminderSoundEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"Enables or disables rental car events from email.","Name":"RentalCarEventsFromEmailEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"Enables or disables service appointment events from email.","Name":"ServiceAppointmentEventsFromEmailEnabled","Option":"Write"},{"CIMType":"String","Description":"Specifies the default scope for shortening events.","Name":"ShortenEventScopeDefault","Option":"Write"},{"CIMType":"Boolean","Description":"Shows or hides week numbers.","Name":"ShowWeekNumbers","Option":"Write"},{"CIMType":"String","Description":"Specifies the time increment for calendar events.","Name":"TimeIncrement","Option":"Write"},{"CIMType":"Boolean","Description":"Uses a bright calendar color theme in Outlook on the web.","Name":"UseBrightCalendarColorThemeInOwa","Option":"Write"},{"CIMType":"String","Description":"Enables or disables weather information.","Name":"WeatherEnabled","Option":"Write"},{"CIMType":"UInt32","Description":"Specifies the weather location bookmark.","Name":"WeatherLocationBookmark","Option":"Write"},{"CIMType":"String[]","Description":"Specifies the weather locations.","Name":"WeatherLocations","Option":"Write"},{"CIMType":"String","Description":"Specifies the weather unit.","Name":"WeatherUnit","Option":"Write"},{"CIMType":"String","Description":"Specifies the start day of the week.","Name":"WeekStartDay","Option":"Write"},{"CIMType":"String","Description":"Specifies the work days.","Name":"WorkDays","Option":"Write"},{"CIMType":"String","Description":"Specifies the end time of working hours.","Name":"WorkingHoursEndTime","Option":"Write"},{"CIMType":"String","Description":"Specifies the start time of working hours.","Name":"WorkingHoursStartTime","Option":"Write"},{"CIMType":"String","Description":"Specifies the time zone for working hours.","Name":"WorkingHoursTimeZone","Option":"Write"},{"CIMType":"Boolean","Description":"Enables or disables workspace user.","Name":"WorkspaceUserEnabled","Option":"Write"},{"CIMType":"String","Description":"Ensures the presence or absence of the configuration.","Name":"Ensure","Option":"Write"}],"Description":"This resource allows users to manage mailbox calendar settings."},{"ClassName":"MSFT_EXOMailboxCalendarFolder","Parameters":[{"CIMType":"String","Description":"The Identity parameter specifies the calendar folder that you want to modify.","Name":"Identity","Option":"Key"},{"CIMType":"String","Description":"The DetailLevel parameter specifies the level of calendar detail that's published and available to anonymous users.","Name":"DetailLevel","Option":"Write","ValueMap":["AvailabilityOnly","LimitedDetails","FullDetails"],"Values":["AvailabilityOnly","LimitedDetails","FullDetails"]},{"CIMType":"String","Description":"The PublishDateRangeFrom parameter specifies the start date of calendar information to publish (past information).","Name":"PublishDateRangeFrom","Option":"Write","ValueMap":["OneDay","ThreeDays","OneWeek","OneMonth","ThreeMonths","SixMonths","OneYear"],"Values":["OneDay","ThreeDays","OneWeek","OneMonth","ThreeMonths","SixMonths","OneYear"]},{"CIMType":"String","Description":"The PublishDateRangeTo parameter specifies the end date of calendar information to publish (future information).","Name":"PublishDateRangeTo","Option":"Write","ValueMap":["OneDay","ThreeDays","OneWeek","OneMonth","ThreeMonths","SixMonths","OneYear"],"Values":["OneDay","ThreeDays","OneWeek","OneMonth","ThreeMonths","SixMonths","OneYear"]},{"CIMType":"Boolean","Description":"The PublishEnabled parameter specifies whether to publish the specified calendar information.","Name":"PublishEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The SearchableUrlEnabled parameter specifies whether the published calendar URL is discoverable on the web.","Name":"SearchableUrlEnabled","Option":"Write"},{"CIMType":"String","Description":"The SharedCalendarSyncStartDate parameter specifies the limit for past events in the shared calendar that are visible to delegates. A copy of the shared calendar within the specified date range is stored in the delegate's mailbox.","Name":"SharedCalendarSyncStartDate","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Determines whether or not the instance exist.","Name":"Ensure","Option":"Write","ValueMap":["Present"],"Values":["Present"]},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures calendar publishing or sharing settings on a mailbox for the visibility of calendar information to external users."},{"ClassName":"MSFT_EXOMailboxFolderUserPermission","Parameters":[{"CIMType":"String[]","Description":"The AccessRights parameter specifies the permissions that you want to add for the user on the mailbox folder.","Name":"AccessRights","Option":"Write"},{"CIMType":"String","Description":"The User parameter specifies who gets the permissions on the mailbox folder.","Name":"User","Option":"Key"},{"CIMType":"String","Description":"The SharingPermissionFlags parameter assigns calendar delegate permissions. This parameter only applies to calendar folders and can only be used when the AccessRights parameter value is Editor. Valid values are: None, Delegate, CanViewPrivateItems","Name":"SharingPermissionFlags","Option":"Write"}],"Description":"Use this resource to add/set/remove mailbox folder permissions for users in your tenant.\n\n**Please note:** This resource cannot be used with Service Principals because they don't have mailboxes assigned."},{"ClassName":"MSFT_EXOMailboxFolderPermission","Parameters":[{"CIMType":"String","Description":"The Identity parameter specifies the target mailbox and folder. The syntax is MailboxID:\\\\ParentFolder[\\\\SubFolder]. For the MailboxID you can use any value that uniquely identifies the mailbox.","Name":"Identity","Option":"Key"},{"CIMType":"MSFT_EXOMailboxFolderUserPermission[]","Description":"Mailbox Folder Permissions for the current user.","Name":"UserPermissions","Option":"Write"},{"CIMType":"String","Description":"Determines whether or not the permission should exist on the mailbox.","Name":"Ensure","Option":"Write","ValueMap":["Present"],"Values":["Present"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Use this resource to add/set/remove mailbox folder permissions for users in your tenant.\n\n**Please note:** This resource cannot be used with Service Principals because they don't have mailboxes assigned."},{"ClassName":"MSFT_EXOMailboxIRMAccess","Parameters":[{"CIMType":"String","Description":"The Identity parameter specifies the mailbox that you want to modify","Name":"Identity","Option":"Key"},{"CIMType":"String","Description":"The User parameter specifies the delegate who is blocked from reading IRM-protected messages in the mailbox.","Name":"User","Option":"Key"},{"CIMType":"string","Description":"The AccessLevel parameter specifies what delegates can do to IRM-protected messages in the mailbox that's specified by the Identity parameter.","Name":"AccessLevel","Option":"Write","ValueMap":["Block"],"Values":["Block"]},{"CIMType":"string","Description":"Present ensures the resource exists, absent ensures it is removed","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Use this resource to set MailboxIRMAccess settings"},{"ClassName":"MSFT_EXOMailboxPermission","Parameters":[{"CIMType":"String","Description":"The Identity parameter specifies the mailbox where you want to assign permissions to the user. You can use any value that uniquely identifies the mailbox.","Name":"Identity","Option":"Key"},{"CIMType":"String[]","Description":"The AccessRights parameter specifies the permission that you want to add for the user on the mailbox. Valid values are: ChangeOwner, ChangePermission, DeleteItem, ExternalAccount, FullAccess and ReadPermission.","Name":"AccessRights","Option":"Required"},{"CIMType":"String","Description":"The User parameter specifies who gets the permissions on the mailbox.","Name":"User","Option":"Key"},{"CIMType":"String","Description":"The InheritanceType parameter specifies how permissions are inherited by folders in the mailbox. Valid values are: None, All, Children, Descendents, SelfAndChildren.","Name":"InheritanceType","Option":"Key","ValueMap":["None","All","Children","Descendents","SelfAndChildren"],"Values":["None","All","Children","Descendents","SelfAndChildren"]},{"CIMType":"String","Description":"The Owner parameter specifies the owner of the mailbox object.","Name":"Owner","Option":"Write"},{"CIMType":"Boolean","Description":"The Deny switch specifies that the permissions you're adding are Deny permissions.","Name":"Deny","Option":"Write"},{"CIMType":"String","Description":"Determines whether or not the permission should exist on the mailbox.","Name":"Ensure","Option":"Write","ValueMap":["Present"],"Values":["Present"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Use this resource to modify the permissions of mailbox."},{"ClassName":"MSFT_EXOMailboxPlan","Parameters":[{"CIMType":"String","Description":"The Identity parameter specifies the Mailbox Plan that you want to modify.","Name":"Identity","Option":"Key"},{"CIMType":"String","Description":"The display name of the mailbox plan.","Name":"DisplayName","Option":"Write"},{"CIMType":"String","Description":"MailboxPlans cannot be created/removed in O365.  This must be set to 'Present'","Name":"Ensure","Option":"Write","ValueMap":["Present"],"Values":["Present"]},{"CIMType":"String","Description":"The IssueWarningQuota parameter specifies the warning threshold for the size of the mailboxes that are created or enabled using the mailbox plan.","Name":"IssueWarningQuota","Option":"Write"},{"CIMType":"String","Description":"The MaxReceiveSize parameter specifies the maximum size of a message that can be sent to the mailbox.","Name":"MaxReceiveSize","Option":"Write"},{"CIMType":"String","Description":"The MaxSendSize parameter specifies the maximum size of a message that can be sent by the mailbox.","Name":"MaxSendSize","Option":"Write"},{"CIMType":"String","Description":"The ProhibitSendQuota parameter specifies a size limit for the mailbox.","Name":"ProhibitSendQuota","Option":"Write"},{"CIMType":"String","Description":"The ProhibitSendReceiveQuota parameter specifies a size limit for the mailbox.","Name":"ProhibitSendReceiveQuota","Option":"Write"},{"CIMType":"String","Description":"The RetainDeletedItemsFor parameter specifies the length of time to keep soft-deleted items for the mailbox.","Name":"RetainDeletedItemsFor","Option":"Write"},{"CIMType":"String","Description":"The RetentionPolicy parameter specifies the retention policy that's applied to the mailbox.","Name":"RetentionPolicy","Option":"Write"},{"CIMType":"String","Description":"The RoleAssignmentPolicy parameter specifies the role assignment policy that's applied to the mailbox.","Name":"RoleAssignmentPolicy","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Use this resource to modify the settings of mailbox plans in the cloud-based service."},{"ClassName":"MSFT_EXOMailboxSettings","Parameters":[{"CIMType":"string","Description":"The display name of the Shared Mailbox","Name":"DisplayName","Option":"Key"},{"CIMType":"string","Description":"Associated retention policy.","Name":"RetentionPolicy","Option":"Write"},{"CIMType":"string","Description":"Associated address book policy.","Name":"AddressBookPolicy","Option":"Write"},{"CIMType":"string","Description":"Associated role assignment policy.","Name":"RoleAssignmentPolicy","Option":"Write"},{"CIMType":"string","Description":"Associated sharing policy.","Name":"SharingPolicy","Option":"Write"},{"CIMType":"string","Description":"The name of the Time Zone to assign to the mailbox","Name":"TimeZone","Option":"Write"},{"CIMType":"string","Description":"The code of the Locale to assign to the mailbox","Name":"Locale","Option":"Write"},{"CIMType":"boolean","Description":"The AuditEnabled parameter specifies whether to enable or disable mailbox audit logging for the mailbox. If auditing is enabled, actions specified in the AuditAdmin, AuditDelegate, and AuditOwner parameters are logged","Name":"AuditEnabled","Option":"Write"},{"CIMType":"string","Description":"Present ensures the Mailbox Settings are applied","Name":"Ensure","Option":"Write","ValueMap":["Present"],"Values":["Present"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures settings on Mailboxes such as the Regional settings and its timezone."},{"ClassName":"MSFT_EXOMailContact","Parameters":[{"CIMType":"String","Description":"The Name parameter specifies a unique name for the mail contact.","Name":"Name","Option":"Key"},{"CIMType":"String","Description":"The ExternalEmailAddress parameter specifies the target email address of the mail contact or mail user. By default, this value is used as the primary email address of the mail contact or mail user.","Name":"ExternalEmailAddress","Option":"Required"},{"CIMType":"String","Description":"The Alias parameter specifies the Exchange alias (also known as the mail nickname) for the recipient. This value identifies the recipient as a mail-enabled object, and shouldn't be confused with multiple email addresses for the same recipient (also known as proxy addresses). A recipient can have only one Alias value. The maximum length is 64 characters.","Name":"Alias","Option":"Write"},{"CIMType":"String","Description":"The DisplayName parameter specifies the display name of the mail contact. The display name is visible in the Exchange admin center and in address lists. ","Name":"DisplayName","Option":"Write"},{"CIMType":"String","Description":"The FirstName parameter specifies the user's first name.","Name":"FirstName","Option":"Write"},{"CIMType":"String","Description":"The Initials parameter specifies the user's middle initials.","Name":"Initials","Option":"Write"},{"CIMType":"String","Description":"The LastName parameter specifies the user's last name.","Name":"LastName","Option":"Write"},{"CIMType":"String","Description":"The MacAttachmentFormat parameter specifies the Apple Macintosh operating system attachment format to use for messages sent to the mail contact or mail user. Valid values are: BinHex, UuEncode, AppleSingle, AppleDouble","Name":"MacAttachmentFormat","Option":"Write","ValueMap":["BinHex","UuEncode","AppleSingle","AppleDouble"],"Values":["BinHex","UuEncode","AppleSingle","AppleDouble"]},{"CIMType":"String","Description":"The MessageBodyFormat parameter specifies the message body format for messages sent to the mail contact or mail user. Valid values are: Text, Html, TextAndHtml","Name":"MessageBodyFormat","Option":"Write","ValueMap":["Text","Html","TextAndHtml"],"Values":["Text","Html","TextAndHtml"]},{"CIMType":"String","Description":"The MessageFormat parameter specifies the message format for messages sent to the mail contact or mail user. Valid values are: Mime, Text","Name":"MessageFormat","Option":"Write","ValueMap":["Mime","Text"],"Values":["Mime","Text"]},{"CIMType":"String[]","Description":"The ModeratedBy parameter specifies one or more moderators for this mail contact. A moderator approves messages sent to the mail contact before the messages are delivered. A moderator must be a mailbox, mail user, or mail contact in your organization.","Name":"ModeratedBy","Option":"Write"},{"CIMType":"Boolean","Description":"The ModerationEnabled parameter specifies whether moderation is enabled for this recipient.","Name":"ModerationEnabled","Option":"Write"},{"CIMType":"String","Description":"The OrganizationalUnit parameter specifies the location in Active Directory where the new contact is created.","Name":"OrganizationalUnit","Option":"Write"},{"CIMType":"String","Description":"The SendModerationNotifications parameter specifies when moderation notification messages are sent. Valid values are: ALways, Internal, Never","Name":"SendModerationNotifications","Option":"Write","ValueMap":["Always","Internal","Never"],"Values":["Always","Internal","Never"]},{"CIMType":"Boolean","Description":"The UsePreferMessageFormat specifies whether the message format settings configured for the mail user or mail contact override the global settings configured for the remote domain or configured by the message sender","Name":"UsePreferMessageFormat","Option":"Write"},{"CIMType":"String","Description":"The CustomAttribute1 parameter specifies the value of the CustomAttribute1","Name":"CustomAttribute1","Option":"Write"},{"CIMType":"String","Description":"The CustomAttribute2 parameter specifies the value of the CustomAttribute2","Name":"CustomAttribute2","Option":"Write"},{"CIMType":"String","Description":"The CustomAttribute3 parameter specifies the value of the CustomAttribute3","Name":"CustomAttribute3","Option":"Write"},{"CIMType":"String","Description":"The CustomAttribute4 parameter specifies the value of the CustomAttribute4","Name":"CustomAttribute4","Option":"Write"},{"CIMType":"String","Description":"The CustomAttribute5 parameter specifies the value of the CustomAttribute5","Name":"CustomAttribute5","Option":"Write"},{"CIMType":"String","Description":"The CustomAttribute6 parameter specifies the value of the CustomAttribute6","Name":"CustomAttribute6","Option":"Write"},{"CIMType":"String","Description":"The CustomAttribute7 parameter specifies the value of the CustomAttribute7","Name":"CustomAttribute7","Option":"Write"},{"CIMType":"String","Description":"The CustomAttribute8 parameter specifies the value of the CustomAttribute8","Name":"CustomAttribute8","Option":"Write"},{"CIMType":"String","Description":"The CustomAttribute9 parameter specifies the value of the CustomAttribute9","Name":"CustomAttribute9","Option":"Write"},{"CIMType":"String","Description":"The CustomAttribute10 parameter specifies the value of the CustomAttribute10","Name":"CustomAttribute10","Option":"Write"},{"CIMType":"String","Description":"The CustomAttribute11 parameter specifies the value of the CustomAttribute11","Name":"CustomAttribute11","Option":"Write"},{"CIMType":"String","Description":"The CustomAttribute12 parameter specifies the value of the CustomAttribute12","Name":"CustomAttribute12","Option":"Write"},{"CIMType":"String","Description":"The CustomAttribute13 parameter specifies the value of the CustomAttribute13","Name":"CustomAttribute13","Option":"Write"},{"CIMType":"String","Description":"The CustomAttribute14 parameter specifies the value of the CustomAttribute14","Name":"CustomAttribute14","Option":"Write"},{"CIMType":"String","Description":"The CustomAttribute15 parameter specifies the value of the CustomAttribute15","Name":"CustomAttribute15","Option":"Write"},{"CIMType":"String[]","Description":"The ExtensionCustomAttribute1 parameter specifies the value of the ExtensionCustomAttribute1","Name":"ExtensionCustomAttribute1","Option":"Write"},{"CIMType":"String[]","Description":"The ExtensionCustomAttribute2 parameter specifies the value of the ExtensionCustomAttribute2","Name":"ExtensionCustomAttribute2","Option":"Write"},{"CIMType":"String[]","Description":"The ExtensionCustomAttribute3 parameter specifies the value of the ExtensionCustomAttribute3","Name":"ExtensionCustomAttribute3","Option":"Write"},{"CIMType":"String[]","Description":"The ExtensionCustomAttribute4 parameter specifies the value of the ExtensionCustomAttribute4","Name":"ExtensionCustomAttribute4","Option":"Write"},{"CIMType":"String[]","Description":"The ExtensionCustomAttribute5 parameter specifies the value of the ExtensionCustomAttribute5","Name":"ExtensionCustomAttribute5","Option":"Write"},{"CIMType":"String","Description":"Specifies if this Contact should exist.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures Exchange Online address lists."},{"ClassName":"MSFT_EXOMalwareFilterPolicy","Parameters":[{"CIMType":"String","Description":"The Identity parameter specifies the MalwareFilterPolicy you want to modify.","Name":"Identity","Option":"Key"},{"CIMType":"String","Description":"The AdminDisplayName parameter specifies a description for the policy. If the value contains spaces, enclose the value in quotation marks.","Name":"AdminDisplayName","Option":"Write"},{"CIMType":"String","Description":"The CustomExternalBody parameter specifies the body of the custom notification message for malware detections in messages from external senders. If the value contains spaces, enclose the value in quotation marks.","Name":"CustomExternalBody","Option":"Write"},{"CIMType":"String","Description":"The CustomExternalSubject parameter specifies the subject of the custom notification message for malware detections in messages from external senders. If the value contains spaces, enclose the value in quotation marks.","Name":"CustomExternalSubject","Option":"Write"},{"CIMType":"String","Description":"The CustomFromAddress parameter specifies the From address of the custom notification message for malware detections in messages from internal or external senders.","Name":"CustomFromAddress","Option":"Write"},{"CIMType":"String","Description":"The CustomFromName parameter specifies the From name of the custom notification message for malware detections in messages from internal or external senders. If the value contains spaces, enclose the value in quotation marks.","Name":"CustomFromName","Option":"Write"},{"CIMType":"String","Description":"The CustomInternalBody parameter specifies the body of the custom notification message for malware detections in messages from internal senders. If the value contains spaces, enclose the value in quotation marks.","Name":"CustomInternalBody","Option":"Write"},{"CIMType":"String","Description":"The CustomInternalSubject parameter specifies the subject of the custom notification message for malware detections in messages from internal senders. If the value contains spaces, enclose the value in quotation marks.","Name":"CustomInternalSubject","Option":"Write"},{"CIMType":"Boolean","Description":"The CustomNotifications parameter enables or disables custom notification messages for malware detections in messages from internal or external senders. Valid values are: $true, $false.","Name":"CustomNotifications","Option":"Write"},{"CIMType":"Boolean","Description":"The EnableExternalSenderAdminNotifications parameter enables or disables sending malware detection notification messages to an administrator for messages from external senders. Valid values are: $true, $false.","Name":"EnableExternalSenderAdminNotifications","Option":"Write"},{"CIMType":"Boolean","Description":"The EnableFileFilter parameter enables or disables common attachment blocking - also known as the Common Attachment Types Filter.Valid values are: $true, $false.","Name":"EnableFileFilter","Option":"Write"},{"CIMType":"Boolean","Description":"The EnableInternalSenderAdminNotifications parameter enables or disables sending malware detection notification messages to an administrator for messages from internal senders. Valid values are: $true, $false.","Name":"EnableInternalSenderAdminNotifications","Option":"Write"},{"CIMType":"String","Description":"The ExternalSenderAdminAddress parameter specifies the email address of the administrator who will receive notification messages for malware detections in messages from external senders.","Name":"ExternalSenderAdminAddress","Option":"Write"},{"CIMType":"String","Description":"The FileTypeAction parameter specifies what's done to messages that contain one or more attachments where the file extension is included in the FileTypes parameter (common attachment blocking). Valid values are Quarantine and Reject. The default value is Reject.","Name":"FileTypeAction","Option":"Write","ValueMap":["Quarantine","Reject"],"Values":["Quarantine","Reject"]},{"CIMType":"String[]","Description":"The FileTypes parameter specifies the file types that are automatically blocked by common attachment blocking (also known as the Common Attachment Types Filter), regardless of content.","Name":"FileTypes","Option":"Write"},{"CIMType":"String","Description":"The InternalSenderAdminAddress parameter specifies the email address of the administrator who will receive notification messages for malware detections in messages from internal senders.","Name":"InternalSenderAdminAddress","Option":"Write"},{"CIMType":"Boolean","Description":"MakeDefault makes this malware filter policy the default policy. Valid values are: $true, $false.","Name":"MakeDefault","Option":"Write"},{"CIMType":"String","Description":"The QuarantineTag specifies the quarantine policy that's used on messages that are quarantined as malware.","Name":"QuarantineTag","Option":"Write"},{"CIMType":"Boolean","Description":"The ZapEnabled parameter enables or disables zero-hour auto purge (ZAP) for malware. ZAP detects malware in unread messages that have already been delivered to the user's Inbox. Valid values are: $true, $false.","Name":"ZapEnabled","Option":"Write"},{"CIMType":"String","Description":"Specifies if this MalwareFilterPolicy should exist.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Create or modify a EXOMalwareFilterPolicy in your cloud-based organization."},{"ClassName":"MSFT_EXOMalwareFilterRule","Parameters":[{"CIMType":"String","Description":"The Identity parameter specifies the EXO resource you want to modify.","Name":"Identity","Option":"Key"},{"CIMType":"String","Description":"The Comments parameter specifies informative comments for the rule, such as what the rule is used for or how it has changed over time. The length of the comment can't exceed 1024 characters.","Name":"Comments","Option":"Write"},{"CIMType":"Boolean","Description":"The Enabled parameter enables or disables the malware filter rule. Valid input for this parameter is $true or $false. The default value is $true.","Name":"Enabled","Option":"Write"},{"CIMType":"String[]","Description":"The ExceptIfRecipientDomainIs parameter specifies an exception that looks for recipients with email address in the specified domains. You can specify multiple domains separated by commas.","Name":"ExceptIfRecipientDomainIs","Option":"Write"},{"CIMType":"String[]","Description":"The ExceptIfSentTo parameter specifies an exception that looks for recipients in messages. You can use any value that uniquely identifies the recipient.","Name":"ExceptIfSentTo","Option":"Write"},{"CIMType":"String[]","Description":"The ExceptIfSentToMemberOf parameter specifies an exception that looks for messages sent to members of groups. You can use any value that uniquely identifies the group.","Name":"ExceptIfSentToMemberOf","Option":"Write"},{"CIMType":"String","Description":"The MalwareFilterPolicy parameter specifies the malware filter policy to apply to messages that match the conditions defined by this malware filter rule.","Name":"MalwareFilterPolicy","Option":"Write"},{"CIMType":"String","Description":"The Priority parameter specifies a priority value for the rule that determines the order of rule processing. A lower integer value indicates a higher priority, the value 0 is the highest priority, and rules can't have the same priority value.","Name":"Priority","Option":"Write"},{"CIMType":"String[]","Description":"The RecipientDomainIs parameter specifies a condition that looks for recipients with email address in the specified domains. You can specify multiple domains separated by commas.","Name":"RecipientDomainIs","Option":"Write"},{"CIMType":"String[]","Description":"The SentTo parameter specifies a condition that looks for recipients in messages. You can use any value that uniquely identifies the recipient.","Name":"SentTo","Option":"Write"},{"CIMType":"String[]","Description":"The SentToMemberOf parameter specifies a condition that looks for messages sent to members of distribution groups, dynamic distribution groups, or mail-enabled security groups. You can use any value that uniquely identifies the group.","Name":"SentToMemberOf","Option":"Write"},{"CIMType":"String","Description":"Specifies if the Malware Filter Rule should exist.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Create or modify a new EXOMalwareFilterRule in your cloud-based organization."},{"ClassName":"MSFT_EXOManagementRole","Parameters":[{"CIMType":"String","Description":"The Name parameter specifies the name of the role. The maximum length of the name is 64 characters.","Name":"Name","Option":"Key"},{"CIMType":"String","Description":"The Parent parameter specifies the identity of the role to copy. Mandatory for management role creation/update or when Ensure=Present. Non-mandatory for Ensure=Absent","Name":"Parent","Option":"Key"},{"CIMType":"String","Description":"The Description parameter specifies the description that's displayed when the management role is viewed using the Get-ManagementRole cmdlet.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Specify if the Management Role should exist or not.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures RBAC Management Roles in Exchange Online."},{"ClassName":"MSFT_EXOManagementRoleAssignment","Parameters":[{"CIMType":"String","Description":"The Name parameter specifies a name for the new management role assignment. The maximum length of the name is 64 characters.","Name":"Name","Option":"Key"},{"CIMType":"String","Description":"The Role parameter specifies the existing role to assign. You can use any value that uniquely identifies the role.","Name":"Role","Option":"Key"},{"CIMType":"String","Description":"The App parameter specifies the service principal to assign the management role to. Specifically, the ServiceId GUID value from the output of the Get-ServicePrincipal cmdlet (for example, 6233fba6-0198-4277-892f-9275bf728bcc).","Name":"App","Option":"Write"},{"CIMType":"String","Description":"The Policy parameter specifies the name of the management role assignment policy to assign the management role to.","Name":"Policy","Option":"Write"},{"CIMType":"String","Description":"The SecurityGroup parameter specifies the name of the management role group or mail-enabled universal security group to assign the management role to.","Name":"SecurityGroup","Option":"Write"},{"CIMType":"String","Description":"The User parameter specifies the name or alias of the user to assign the management role to.","Name":"User","Option":"Write"},{"CIMType":"String","Description":"The CustomRecipientWriteScope parameter specifies the existing recipient-based management scope to associate with this management role assignment.","Name":"CustomRecipientWriteScope","Option":"Write"},{"CIMType":"String","Description":"The CustomResourceScope parameter specifies the custom management scope to associate with this management role assignment. You can use any value that uniquely identifies the management scope.","Name":"CustomResourceScope","Option":"Write"},{"CIMType":"String","Description":"The ExclusiveConfigWriteScope parameter specifies the exclusive configuration-based management scope to associate with the new role assignment.","Name":"ExclusiveRecipientWriteScope","Option":"Write"},{"CIMType":"String","Description":"The RecipientAdministrativeUnitScope parameter specifies the administrative unit to scope the new role assignment to.","Name":"RecipientAdministrativeUnitScope","Option":"Write"},{"CIMType":"String","Description":"The RecipientOrganizationalUnitScope parameter specifies the OU to scope the new role assignment to. If you use the RecipientOrganizationalUnitScope parameter, you can't use the CustomRecipientWriteScope or ExclusiveRecipientWriteScope parameters.","Name":"RecipientOrganizationalUnitScope","Option":"Write"},{"CIMType":"String","Description":"The RecipientRelativeWriteScope parameter specifies the type of restriction to apply to a recipient scope. The available types are None, Organization, MyGAL, Self, and MyDistributionGroups. The RecipientRelativeWriteScope parameter is automatically set when the CustomRecipientWriteScope or RecipientOrganizationalUnitScope parameters are used.","Name":"RecipientRelativeWriteScope","Option":"Write"},{"CIMType":"String","Description":"Specify if the Management Role Assignment should exist or not.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures RBAC Management Roles Assignments in Exchange Online."},{"ClassName":"MSFT_EXOManagementRoleEntry","Parameters":[{"CIMType":"String","Description":"The Identity parameter specifies the role entry that you want to modify.","Name":"Identity","Option":"Key"},{"CIMType":"String[]","Description":"The Parameters parameter specifies the parameters to be added to or removed from the role entry.","Name":"Parameters","Option":"Write"},{"CIMType":"String","Description":"The Type parameter specifies the type of role entry to return.","Name":"Type","Option":"Write","ValueMap":["Cmdlet","Script","ApplicationPermission","WebService"],"Values":["Cmdlet","Script","ApplicationPermission","WebService"]},{"CIMType":"String","Description":"Specify if the Management Role entry should exist or not.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures RBAC Management Roles Entries in Exchange Online."},{"ClassName":"MSFT_EXOManagementScope","Parameters":[{"CIMType":"String","Description":"The Identity parameter specifies the name of the management scope to modify.","Name":"Identity","Option":"Key"},{"CIMType":"String","Description":"The Name parameter specifies the name of the management scope.","Name":"Name","Option":"Write"},{"CIMType":"String","Description":"The RecipientRestrictionFilter parameter uses OPATH filter syntax to specify the recipients that are included in the scope.","Name":"RecipientRestrictionFilter","Option":"Write"},{"CIMType":"String","Description":"The RecipientRoot parameter specifies the organizational unit (OU) under which the filter specified with the RecipientRestrictionFilter parameter should be applied.","Name":"RecipientRoot","Option":"Write"},{"CIMType":"Boolean","Description":"The Exclusive switch specifies that the role should be an exclusive scope.","Name":"Exclusive","Option":"Write"},{"CIMType":"String","Description":"Specifies if this Outbound connector should exist.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Use this resource to create ManagementScopes."},{"ClassName":"MSFT_EXOMessageClassification","Parameters":[{"CIMType":"String","Description":"The Identity parameter specifies the OME Configuration policy that you want to modify.","Name":"Identity","Option":"Key"},{"CIMType":"String","Description":"The ClassificationID parameter specifies the classification ID (GUID) of an existing message classification that you want to import and use in your Exchange organization.","Name":"ClassificationID","Option":"Write"},{"CIMType":"String","Description":"The DisplayName parameter specifies the title of the message classification that's displayed in Outlook and selected by users.","Name":"DisplayName","Option":"Write"},{"CIMType":"String","Description":"The DisplayPrecedence parameter specifies the relative precedence of the message classification to other message classifications that may be applied to a specified message.","Name":"DisplayPrecedence","Option":"Write","ValueMap":["Highest","Higher","High","MediumHigh","Medium","MediumLow","Low","Lower","Lowest"],"Values":["Highest","Higher","High","MediumHigh","Medium","MediumLow","Low","Lower","Lowest"]},{"CIMType":"String","Description":"The Name parameter specifies the unique name for the message classification.","Name":"Name","Option":"Write"},{"CIMType":"Boolean","Description":"The PermissionMenuVisible parameter specifies whether the values that you entered for the DisplayName and RecipientDescription parameters are displayed in Outlook as the user composes a message. ","Name":"PermissionMenuVisible","Option":"Write"},{"CIMType":"String","Description":"The RecipientDescription parameter specifies the detailed text that's shown to Outlook recipient when they receive a message that has the message classification applied.","Name":"RecipientDescription","Option":"Write"},{"CIMType":"Boolean","Description":"The RetainClassificationEnabled parameter specifies whether the message classification should persist with the message if the message is forwarded or replied to.","Name":"RetainClassificationEnabled","Option":"Write"},{"CIMType":"String","Description":"The SenderDescription parameter specifies the detailed text that's shown to Outlook senders when they select a message classification to apply to a message before they send the message. ","Name":"SenderDescription","Option":"Write"},{"CIMType":"String","Description":"Specifies if this Outbound connector should exist.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Create a new Message Classification policy in your cloud-based organization."},{"ClassName":"MSFT_EXOMigration","Parameters":[{"CIMType":"String","Description":"The Identity parameter identifies the name of the current migration batch.","Name":"Identity","Option":"Key"},{"CIMType":"String[]","Description":"The NotificationEmails parameter specifies one or more email addresses that migration status reports are sent to.","Name":"NotificationEmails","Option":"Write"},{"CIMType":"String","Description":"The CompleteAfter parameter specifies a delay before the batch is completed.","Name":"CompleteAfter","Option":"Write"},{"CIMType":"Boolean","Description":"The AddUsers parameter controls whether additional users can be dynamically added to an existing migration batch after it has been created.","Name":"AddUsers","Option":"Write"},{"CIMType":"String","Description":"The BadItemLimit parameter specifies the maximum number of bad items that are allowed before the migration request fails.","Name":"BadItemLimit","Option":"Write"},{"CIMType":"String","Description":"The LargeItemLimit parameter specifies the maximum number of large items that are allowed before the migration request fails.","Name":"LargeItemLimit","Option":"Write"},{"CIMType":"String[]","Description":"The MoveOptions parameter specifies the stages of the migration that you want to skip for debugging purposes.","Name":"MoveOptions","Option":"Write"},{"CIMType":"String[]","Description":"The SkipMerging parameter specifies the stages of the migration that you want to skip for debugging purposes.","Name":"SkipMerging","Option":"Write"},{"CIMType":"String","Description":"The StartAfter parameter specifies a delay before the data migration for the users within the batch is started.","Name":"StartAfter","Option":"Write"},{"CIMType":"Boolean","Description":"The Update switch sets the Update flag on the migration batch.","Name":"Update","Option":"Write"},{"CIMType":"String","Description":"The Status parameter returns information about migration users that have the specified status state.","Name":"Status","Option":"Write"},{"CIMType":"String[]","Description":"Migration Users states the list of the users/mailboxes that are part of a migration batch that are to be migrated.","Name":"MigrationUsers","Option":"Write"},{"CIMType":"String","Description":"The SourceEndpoint parameter specifies the migration endpoint to use for the source of the migration batch.","Name":"SourceEndpoint","Option":"Write"},{"CIMType":"String","Description":"The TargetDeliveryDomain parameter specifies the FQDN of the external email address created in the source forest for the mail-enabled user when the migration batch is complete.","Name":"TargetDeliveryDomain","Option":"Write"},{"CIMType":"String","Description":"Specifies if the migration endpoint should exist or not.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Use the MigrationBatch cmdlets to create and update a migration request for a batch of users."},{"ClassName":"MSFT_EXOMigrationEndpoint","Parameters":[{"CIMType":"String","Description":"Identity of the migration endpoint.","Name":"Identity","Option":"Key"},{"CIMType":"Boolean","Description":"Specifies whether to accept untrusted certificates.","Name":"AcceptUntrustedCertificates","Option":"Write"},{"CIMType":"String","Description":"The Application ID used for authentication.","Name":"AppID","Option":"Write"},{"CIMType":"String","Description":"The URL of the Key Vault that stores the application secret.","Name":"AppSecretKeyVaultUrl","Option":"Write"},{"CIMType":"String","Description":"The authentication method for the migration endpoint.","Name":"Authentication","Option":"Write"},{"CIMType":"String","Description":"The type of migration endpoint.","Name":"EndpointType","Option":"Write","ValueMap":["IMAP","ExchangeRemoteMove"],"Values":["IMAP","ExchangeRemoteMove"]},{"CIMType":"String","Description":"The Exchange Server address for the migration endpoint.","Name":"ExchangeServer","Option":"Write"},{"CIMType":"String","Description":"The mailbox permission for the migration endpoint.","Name":"MailboxPermission","Option":"Write"},{"CIMType":"String","Description":"The maximum number of concurrent incremental syncs.","Name":"MaxConcurrentIncrementalSyncs","Option":"Write"},{"CIMType":"String","Description":"The maximum number of concurrent migrations.","Name":"MaxConcurrentMigrations","Option":"Write"},{"CIMType":"String","Description":"The NSPI server for the migration endpoint.","Name":"NspiServer","Option":"Write"},{"CIMType":"String","Description":"The port number for the migration endpoint.","Name":"Port","Option":"Write"},{"CIMType":"String","Description":"The remote server for the migration endpoint.","Name":"RemoteServer","Option":"Write"},{"CIMType":"String","Description":"The remote tenant for the migration endpoint.","Name":"RemoteTenant","Option":"Write"},{"CIMType":"String","Description":"The RPC proxy server for the migration endpoint.","Name":"RpcProxyServer","Option":"Write"},{"CIMType":"String","Description":"The security level for the migration endpoint.","Name":"Security","Option":"Write","ValueMap":["None","Tls","Ssl"],"Values":["None","Tls","Ssl"]},{"CIMType":"String","Description":"The legacy distinguished name of the source mailbox.","Name":"SourceMailboxLegacyDN","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies whether to use AutoDiscover.","Name":"UseAutoDiscover","Option":"Write"},{"CIMType":"String","Description":"Specifies if the migration endpoint should exist or not.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Use this resource to create and monitor migration endpoints in exchange."},{"ClassName":"MSFT_EXOMobileDeviceMailboxPolicy","Parameters":[{"CIMType":"String","Description":"The Name parameter specifies the friendly name of the mobile device mailbox policy.","Name":"Name","Option":"Key"},{"CIMType":"Boolean","Description":"The AllowApplePushNotifications parameter specifies whether push notifications are allowed to Apple mobile devices.","Name":"AllowApplePushNotifications","Option":"Write"},{"CIMType":"String","Description":"The AllowBluetooth parameter specifies whether the Bluetooth capabilities are allowed on the mobile phone. The available options are Disable, HandsfreeOnly, and Allow. The default value is Allow.","Name":"AllowBluetooth","Option":"Write","ValueMap":["Disable","HandsfreeOnly","Allow"],"Values":["Disable","HandsfreeOnly","Allow"]},{"CIMType":"Boolean","Description":"The AllowBrowser parameter indicates whether Microsoft Pocket Internet Explorer is allowed on the mobile phone. This parameter doesn't affect third-party browsers.","Name":"AllowBrowser","Option":"Write"},{"CIMType":"Boolean","Description":"The AllowCamera parameter specifies whether the mobile phone's camera is allowed.","Name":"AllowCamera","Option":"Write"},{"CIMType":"Boolean","Description":"The AllowConsumerEmail parameter specifies whether the mobile phone user can configure a personal email account on the mobile phone.","Name":"AllowConsumerEmail","Option":"Write"},{"CIMType":"Boolean","Description":"The AllowDesktopSync parameter specifies whether the mobile phone can synchronize with a desktop computer through a cable.","Name":"AllowDesktopSync","Option":"Write"},{"CIMType":"Boolean","Description":"The AllowExternalDeviceManagement parameter specifies whether an external device management program is allowed to manage the mobile phone.","Name":"AllowExternalDeviceManagement","Option":"Write"},{"CIMType":"Boolean","Description":"The AllowGooglePushNotifications parameter controls whether the user can receive push notifications from Google for Outlook on the web for devices.","Name":"AllowGooglePushNotifications","Option":"Write"},{"CIMType":"Boolean","Description":"The AllowHTMLEmail parameter specifies whether HTML email is enabled on the mobile phone.","Name":"AllowHTMLEmail","Option":"Write"},{"CIMType":"Boolean","Description":"The AllowInternetSharing parameter specifies whether the mobile phone can be used as a modem to connect a computer to the Internet.","Name":"AllowInternetSharing","Option":"Write"},{"CIMType":"Boolean","Description":"The AllowIrDA parameter specifies whether infrared connections are allowed to the mobile phone.","Name":"AllowIrDA","Option":"Write"},{"CIMType":"Boolean","Description":"The AllowMobileOTAUpdate parameter specifies whether the Exchange ActiveSync mailbox policy can be sent to the mobile phone over a cellular data connection.","Name":"AllowMobileOTAUpdate","Option":"Write"},{"CIMType":"Boolean","Description":"The AllowMicrosoftPushNotifications parameter specifies whether push notifications are enabled on the mobile device.","Name":"AllowMicrosoftPushNotifications","Option":"Write"},{"CIMType":"Boolean","Description":"The AllowNonProvisionableDevices parameter specifies whether all mobile phones can synchronize with the server running Exchange.","Name":"AllowNonProvisionableDevices","Option":"Write"},{"CIMType":"Boolean","Description":"The AllowPOPIMAPEmail parameter specifies whether the user can configure a POP3 or IMAP4 email account on the mobile phone.","Name":"AllowPOPIMAPEmail","Option":"Write"},{"CIMType":"Boolean","Description":"The AllowRemoteDesktop parameter specifies whether the mobile phone can initiate a remote desktop connection.","Name":"AllowRemoteDesktop","Option":"Write"},{"CIMType":"Boolean","Description":"The AllowSimplePassword parameter specifies whether a simple device password is allowed. A simple device password is a password that has a specific pattern, such as 1111 or 1234.","Name":"AllowSimplePassword","Option":"Write"},{"CIMType":"String","Description":"The AllowSMIMEEncryptionAlgorithmNegotiation parameter specifies whether the messaging application on the mobile device can negotiate the encryption algorithm if a recipient's certificate doesn't support the specified encryption algorithm.","Name":"AllowSMIMEEncryptionAlgorithmNegotiation","Option":"Write","ValueMap":["AllowAnyAlgorithmNegotiation","BlockNegotiation","OnlyStrongAlgorithmNegotiation"],"Values":["AllowAnyAlgorithmNegotiation","BlockNegotiation","OnlyStrongAlgorithmNegotiation"]},{"CIMType":"Boolean","Description":"The AllowSMIMESoftCerts parameter specifies whether S/MIME software certificates are allowed.","Name":"AllowSMIMESoftCerts","Option":"Write"},{"CIMType":"Boolean","Description":"The AllowStorageCard parameter specifies whether the mobile phone can access information stored on a storage card.","Name":"AllowStorageCard","Option":"Write"},{"CIMType":"Boolean","Description":"The AllowTextMessaging parameter specifies whether text messaging is allowed from the mobile phone.","Name":"AllowTextMessaging","Option":"Write"},{"CIMType":"Boolean","Description":"The AllowUnsignedApplications parameter specifies whether unsigned applications can be installed on the mobile phone.","Name":"AllowUnsignedApplications","Option":"Write"},{"CIMType":"Boolean","Description":"The AllowUnsignedInstallationPackages parameter specifies whether unsigned installation packages can be executed on the mobile phone.","Name":"AllowUnsignedInstallationPackages","Option":"Write"},{"CIMType":"Boolean","Description":"The AllowWiFi parameter specifies whether wireless Internet access is allowed on the mobile phone. ","Name":"AllowWiFi","Option":"Write"},{"CIMType":"Boolean","Description":"The AlphanumericPasswordRequired parameter specifies whether the password for the mobile phone must be alphanumeric.","Name":"AlphanumericPasswordRequired","Option":"Write"},{"CIMType":"String[]","Description":"The ApprovedApplicationList parameter specifies a list of approved applications for the mobile phone.","Name":"ApprovedApplicationList","Option":"Write"},{"CIMType":"Boolean","Description":"The AttachmentsEnabled parameter specifies whether attachments can be downloaded.","Name":"AttachmentsEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The DeviceEncryptionEnabled parameter specifies whether encryption is enabled.","Name":"DeviceEncryptionEnabled","Option":"Write"},{"CIMType":"String","Description":"The DevicePolicyRefreshInterval parameter specifies how often the policy is sent from the server to the mobile phone.","Name":"DevicePolicyRefreshInterval","Option":"Write"},{"CIMType":"Boolean","Description":"The IrmEnabled parameter specifies whether Information Rights Management (IRM) is enabled for the mailbox policy.","Name":"IrmEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The IsDefault parameter specifies whether this policy is the default Mobile Device mailbox policy.","Name":"IsDefault","Option":"Write"},{"CIMType":"String","Description":"The MaxAttachmentSize parameter specifies the maximum size of attachments that can be downloaded to the mobile phone.","Name":"MaxAttachmentSize","Option":"Write"},{"CIMType":"String","Description":"The MaxCalendarAgeFilter parameter specifies the maximum range of calendar days that can be synchronized to the device.","Name":"MaxCalendarAgeFilter","Option":"Write","ValueMap":["All","TwoWeeks","OneMonth","ThreeMonths","SixMonths"],"Values":["All","TwoWeeks","OneMonth","ThreeMonths","SixMonths"]},{"CIMType":"String","Description":"The MaxEmailAgeFilter parameter specifies the maximum number of days of email items to synchronize to the mobile phone.","Name":"MaxEmailAgeFilter","Option":"Write","ValueMap":["All","OneDay","ThreeDays","OneWeek","TwoWeeks","OneMonth"],"Values":["All","OneDay","ThreeDays","OneWeek","TwoWeeks","OneMonth"]},{"CIMType":"String","Description":"The MaxEmailBodyTruncationSize parameter specifies the maximum size at which email messages are truncated when synchronized to the mobile phone. The value is specified in kilobytes (KB).","Name":"MaxEmailBodyTruncationSize","Option":"Write"},{"CIMType":"String","Description":"The MaxEmailHTMLBodyTruncationSize parameter specifies the maximum size at which HTML-formatted email messages are synchronized to the mobile phone. The value is specified in KB.","Name":"MaxEmailHTMLBodyTruncationSize","Option":"Write"},{"CIMType":"String","Description":"The MaxInactivityTimeDeviceLock parameter specifies the length of time that the mobile phone can be inactive before the password is required to reactivate it.","Name":"MaxInactivityTimeLock","Option":"Write"},{"CIMType":"String","Description":"The MaxPasswordFailedAttempts parameter specifies the number of attempts a user can make to enter the correct password for the mobile phone. You can enter any number from 4 through 16 or the value Unlimited.","Name":"MaxPasswordFailedAttempts","Option":"Write"},{"CIMType":"SInt32","Description":"The MinPasswordComplexCharacters parameter specifies the character sets that are required in the password of the mobile device.","Name":"MinPasswordComplexCharacters","Option":"Write"},{"CIMType":"String","Description":"The MinPasswordLength parameter specifies the minimum number of characters in the mobile device password.","Name":"MinPasswordLength","Option":"Write"},{"CIMType":"Boolean","Description":"The PasswordEnabled parameter specifies whether a password is required on the mobile device.","Name":"PasswordEnabled","Option":"Write"},{"CIMType":"String","Description":"The PasswordExpiration parameter specifies how long a password can be used on a mobile device before the user is forced to change the password.","Name":"PasswordExpiration","Option":"Write"},{"CIMType":"SInt32","Description":"The PasswordHistory parameter specifies the number of unique new passwords that need to be created on the mobile device before an old password can be reused.","Name":"PasswordHistory","Option":"Write"},{"CIMType":"Boolean","Description":"The PasswordRecoveryEnabled parameter specifies whether the recovery password for the mobile device is stored in Exchange.","Name":"PasswordRecoveryEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The RequireDeviceEncryption parameter specifies whether encryption is required on the mobile device.","Name":"RequireDeviceEncryption","Option":"Write"},{"CIMType":"Boolean","Description":"The RequireEncryptedSMIMEMessages parameter specifies whether the mobile device must send encrypted S/MIME messages.","Name":"RequireEncryptedSMIMEMessages","Option":"Write"},{"CIMType":"String","Description":"The RequireEncryptionSMIMEAlgorithm parameter specifies the algorithm that's required to encrypt S/MIME messages on a mobile device.","Name":"RequireEncryptionSMIMEAlgorithm","Option":"Write","ValueMap":["DES","TripleDES","RC240bit","RC264bit","RC2128bit"],"Values":["DES","TripleDES","RC240bit","RC264bit","RC2128bit"]},{"CIMType":"Boolean","Description":"The RequireSignedSMIMEAlgorithm parameter specifies the algorithm that's used to sign S/MIME messages on the mobile device.","Name":"RequireManualSyncWhenRoaming","Option":"Write"},{"CIMType":"String","Description":"The RequireSignedSMIMEAlgorithm parameter specifies the algorithm that's used to sign S/MIME messages on the mobile device.","Name":"RequireSignedSMIMEAlgorithm","Option":"Write","ValueMap":["SHA1","MD5"],"Values":["SHA1","MD5"]},{"CIMType":"Boolean","Description":"The RequireSignedSMIMEMessages parameter specifies whether the mobile device must send signed S/MIME messages.","Name":"RequireSignedSMIMEMessages","Option":"Write"},{"CIMType":"Boolean","Description":"The RequireStorageCardEncryption parameter specifies whether storage card encryption is required on the mobile device.","Name":"RequireStorageCardEncryption","Option":"Write"},{"CIMType":"String[]","Description":"The UnapprovedInROMApplicationList parameter specifies a list of applications that can't be run in ROM on the mobile device.","Name":"UnapprovedInROMApplicationList","Option":"Write"},{"CIMType":"Boolean","Description":"The UNCAccessEnabled parameter specifies whether access to Microsoft Windows file shares is enabled from the mobile device.","Name":"UNCAccessEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The WSSAccessEnabled parameter specifies whether access to Microsoft Windows SharePoint Services is enabled from the mobile device.","Name":"WSSAccessEnabled","Option":"Write"},{"CIMType":"String","Description":"Specify if the Mobile Device Mailbox Policy should exist or not.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures Mobile Device Mailbox Policies in Exchange Online."},{"ClassName":"MSFT_EXOOfflineAddressBook","Parameters":[{"CIMType":"String","Description":"The Name parameter specifies the unique name of the Offline Address Book. The maximum length is 64 characters.","Name":"Name","Option":"Key"},{"CIMType":"String[]","Description":"The AddressLists parameter specifies the address lists or global address lists that are included in the OAB. You can use any value that uniquely identifies the address list.","Name":"AddressLists","Option":"Write"},{"CIMType":"String[]","Description":"The ConfiguredAttributes parameter specifies the recipient MAPI properties that are available in the OAB.","Name":"ConfiguredAttributes","Option":"Write"},{"CIMType":"String","Description":"The DiffRetentionPeriod parameter specifies the number of days that the OAB difference files are stored on the server.","Name":"DiffRetentionPeriod","Option":"Write"},{"CIMType":"Boolean","Description":"The IsDefault parameter specifies whether the OAB is used by all mailboxes and mailbox databases that don't have an OAB specified.","Name":"IsDefault","Option":"Write"},{"CIMType":"String","Description":"Specify if the Offline Address Book should exist or not.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures Offline Address Books in Exchange Online."},{"ClassName":"MSFT_EXOOMEConfiguration","Parameters":[{"CIMType":"String","Description":"The Identity parameter specifies the OME Configuration policy that you want to modify.","Name":"Identity","Option":"Key"},{"CIMType":"String","Description":"The BackgroundColor parameter specifies the background color","Name":"BackgroundColor","Option":"Write"},{"CIMType":"String","Description":"The DisclaimerText parameter specifies the disclaimer text in the email that contains the encrypted message","Name":"DisclaimerText","Option":"Write"},{"CIMType":"String","Description":"The EmailText parameter specifies the default text that accompanies encrypted email messages.","Name":"EmailText","Option":"Write"},{"CIMType":"UInt32","Description":"The ExternalMailExpiryInDays parameter specifies the number of days that the encrypted message is available to external recipients in the Microsoft 365 portal. A valid value is an integer from 0 to 730.","Name":"ExternalMailExpiryInDays","Option":"Write"},{"CIMType":"String","Description":"The IntroductionText parameter specifies the default text that accompanies encrypted email messages.","Name":"IntroductionText","Option":"Write"},{"CIMType":"Boolean","Description":"The OTPEnabled parameter specifies whether to allow recipients to use a one-time passcode to view encrypted messages.","Name":"OTPEnabled","Option":"Write"},{"CIMType":"String","Description":"The PortalText parameter specifies the text that appears at the top of the encrypted email viewing portal.","Name":"PortalText","Option":"Write"},{"CIMType":"String","Description":"The PrivacyStatementUrl parameter specifies the Privacy Statement link in the encrypted email notification message.","Name":"PrivacyStatementUrl","Option":"Write"},{"CIMType":"String","Description":"The ReadButtonText parameter specifies the text that appears on the 'Read the message' button. ","Name":"ReadButtonText","Option":"Write"},{"CIMType":"Boolean","Description":"The SocialIdSignIn parameter specifies whether a user is allowed to view an encrypted message in the Microsoft 365 admin center using their own social network id (Google, Yahoo, and Microsoft account).","Name":"SocialIdSignIn","Option":"Write"},{"CIMType":"String","Description":"Specifies if this Outbound connector should exist.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Create a new OME Configuration policy in your cloud-based organization."},{"ClassName":"MSFT_EXOOnPremisesOrganization","Parameters":[{"CIMType":"String","Description":"The Identity parameter specifies the identity of the on-premises organization object.","Name":"Identity","Option":"Key"},{"CIMType":"String[]","Description":"The HybridDomains parameter specifies the domains that are configured in the hybrid deployment between an Office 365 tenant and an on-premises Exchange organization. The domains specified in this parameter must match the domains listed in the HybridConfiguration Active Directory object for the on-premises Exchange organization configured by the Hybrid Configuration wizard. ","Name":"HybridDomains","Option":"Write"},{"CIMType":"String","Description":"The InboundConnector parameter specifies the name of the inbound connector configured on the Microsoft Exchange Online Protection (EOP) service for a hybrid deployment configured with an on-premises Exchange organization.","Name":"InboundConnector","Option":"Write"},{"CIMType":"String","Description":"The OutboundConnector parameter specifies the name of the outbound connector configured on the EOP service for a hybrid deployment configured with an on-premises Exchange organization.","Name":"OutboundConnector","Option":"Write"},{"CIMType":"String","Description":"The OrganizationName parameter specifies the Active Directory object name of the on-premises Exchange organization.","Name":"OrganizationName","Option":"Write"},{"CIMType":"String","Description":"The OrganizationGuid parameter specifies the globally unique identifier (GUID) of the on-premises Exchange organization object in the Office 365 tenant.","Name":"OrganizationGuid","Option":"Write"},{"CIMType":"String","Description":"The OrganizationRelationship parameter specifies the organization relationship configured by the Hybrid Configuration wizard on the Office 365 tenant as part of a hybrid deployment with an on-premises Exchange organization. This organization relationship defines the federated sharing features enabled on the Office 365 tenant.","Name":"OrganizationRelationship","Option":"Write"},{"CIMType":"String","Description":"The Comment parameter specifies an optional comment.","Name":"Comment","Option":"Write"},{"CIMType":"String","Description":"Specify if the On-Premises Organization should exist or not.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures On-Premises Organization in Exchange Online."},{"ClassName":"MSFT_EXOOrganizationConfig","Parameters":[{"CIMType":"String","Description":"Only valid value is 'Yes'.","Name":"IsSingleInstance","Option":"Key","ValueMap":["Yes"],"Values":["Yes"]},{"CIMType":"Boolean","Description":"The ActivityBasedAuthenticationTimeoutEnabled parameter specifies whether the timed logoff feature is enabled. The default value is $true","Name":"ActivityBasedAuthenticationTimeoutEnabled","Option":"Write"},{"CIMType":"String","Description":"The ActivityBasedAuthenticationTimeoutInterval parameter specifies the time span for logoff. You enter this value as a time span: hh:mm:ss where hh = hours, mm = minutes and ss = seconds. Valid values for this parameter are from 00:05:00 to 08:00:00 (5 minutes to 8 hours). The default value is 06:00:00 (6 hours).","Name":"ActivityBasedAuthenticationTimeoutInterval","Option":"Write"},{"CIMType":"Boolean","Description":"The ActivityBasedAuthenticationTimeoutWithSingleSignOnEnabled parameter specifies whether to keep single sign-on enabled. The default value is $true.","Name":"ActivityBasedAuthenticationTimeoutWithSingleSignOnEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The AppsForOfficeEnabled parameter specifies whether to enable apps for Outlook features. By default, the parameter is set to $true. If the flag is set to $false, no new apps can be activated for any user in the organization.","Name":"AppsForOfficeEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The AsyncSendEnabled parameter specifies whether to enable or disable async send in Outlook on the web.","Name":"AsyncSendEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The AuditDisabled parameter specifies whether to disable or enable mailbox auditing for the organization.","Name":"AuditDisabled","Option":"Write"},{"CIMType":"Boolean","Description":"Setting this parameter to $true will cause unknown users to be redirected to the on-premises endpoint and will allow on-premises users to discover their mailbox automatically.","Name":"AutodiscoverPartialDirSync","Option":"Write"},{"CIMType":"Boolean","Description":"The AutoExpandingArchive switch enables the unlimited archiving feature (called auto-expanding archiving) in an Exchange Online organization. You don't need to specify a value with this switch.","Name":"AutoExpandingArchive","Option":"Write"},{"CIMType":"Boolean","Description":"No description available for BlockMoveMessagesForGroupFolders","Name":"BlockMoveMessagesForGroupFolders","Option":"Write"},{"CIMType":"Boolean","Description":"The BookingsAddressEntryRestricted parameter specifies whether addresses can be collected from Bookings customers.","Name":"BookingsAddressEntryRestricted","Option":"Write"},{"CIMType":"Boolean","Description":"The BookingsAuthEnabled parameter specifies whether to enforce authentication to access all published Bookings pages.","Name":"BookingsAuthEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"No description available for BookingsBlockedWordsEnabled","Name":"BookingsBlockedWordsEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The BookingsCreationOfCustomQuestionsRestricted parameter specifies whether Bookings admins can add custom questions.","Name":"BookingsCreationOfCustomQuestionsRestricted","Option":"Write"},{"CIMType":"Boolean","Description":"The BookingsEnabled parameter specifies whether to enable Microsoft Bookings in an organization.","Name":"BookingsEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The BookingsExposureOfStaffDetailsRestricted parameter specifies whether the attributes of internal Bookings staff members are visible to external Bookings customers.","Name":"BookingsExposureOfStaffDetailsRestricted","Option":"Write"},{"CIMType":"Boolean","Description":"The BookingsMembershipApprovalRequired parameter enables a membership approval requirement when new staff members are added to Bookings calendars.","Name":"BookingsMembershipApprovalRequired","Option":"Write"},{"CIMType":"Boolean","Description":"No description available for BookingsNamingPolicyEnabled","Name":"BookingsNamingPolicyEnabled","Option":"Write"},{"CIMType":"String","Description":"No description available for BookingsNamingPolicyPrefix","Name":"BookingsNamingPolicyPrefix","Option":"Write"},{"CIMType":"Boolean","Description":"No description available for BookingsNamingPolicyPrefixEnabled","Name":"BookingsNamingPolicyPrefixEnabled","Option":"Write"},{"CIMType":"String","Description":"No description available for BookingsNamingPolicySuffix","Name":"BookingsNamingPolicySuffix","Option":"Write"},{"CIMType":"Boolean","Description":"No description available for BookingsNamingPolicySuffixEnabled","Name":"BookingsNamingPolicySuffixEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The BookingsNotesEntryRestricted parameter specifies whether appointment notes can be collected from Bookings customers.","Name":"BookingsNotesEntryRestricted","Option":"Write"},{"CIMType":"Boolean","Description":"The BookingsPaymentsEnabled parameter specifies whether to enable online payment node inside Bookings.","Name":"BookingsPaymentsEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The BookingsPhoneNumberEntryRestricted parameter specifies whether phone numbers can be collected from Bookings customers.","Name":"BookingsPhoneNumberEntryRestricted","Option":"Write"},{"CIMType":"Boolean","Description":"No description available for BookingsSearchEngineIndexDisabled","Name":"BookingsSearchEngineIndexDisabled","Option":"Write"},{"CIMType":"Boolean","Description":"No description available for BookingsSmsMicrosoftEnabled","Name":"BookingsSmsMicrosoftEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The BookingsSocialSharingRestricted parameter allows you to control whether, or not, your users can see social sharing options inside Bookings.","Name":"BookingsSocialSharingRestricted","Option":"Write"},{"CIMType":"UInt32","Description":"The ByteEncoderTypeFor7BitCharsets parameter specifies the 7-bit transfer encoding method for MIME format for messages sent to this remote domain.","Name":"ByteEncoderTypeFor7BitCharsets","Option":"Write"},{"CIMType":"Boolean","Description":"No description available for ComplianceMLBgdCrawlEnabled","Name":"ComplianceMLBgdCrawlEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The ConnectorsActionableMessagesEnabled parameter specifies whether to enable or disable actionable buttons in messages (connector cards) from connected apps on Outlook on the web.","Name":"ConnectorsActionableMessagesEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The ConnectorsEnabled parameter specifies whether to enable or disable all connected apps in organization.","Name":"ConnectorsEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The ConnectorsEnabledForOutlook parameter specifies whether to enable or disable connected apps in Outlook on the web. ","Name":"ConnectorsEnabledForOutlook","Option":"Write"},{"CIMType":"Boolean","Description":"The ConnectorsEnabledForSharepoint parameter specifies whether to enable or disable connected apps on Sharepoint.","Name":"ConnectorsEnabledForSharepoint","Option":"Write"},{"CIMType":"Boolean","Description":"The ConnectorsEnabledForTeams parameter specifies whether to enable or disable connected apps on Teams.","Name":"ConnectorsEnabledForTeams","Option":"Write"},{"CIMType":"Boolean","Description":"The ConnectorsEnabledForYammer parameter specifies whether to enable or disable connected apps on Yammer.","Name":"ConnectorsEnabledForYammer","Option":"Write"},{"CIMType":"Boolean","Description":"Enable Customer Lockbox.","Name":"CustomerLockboxEnabled","Option":"Write"},{"CIMType":"String","Description":"The DefaultAuthenticationPolicy parameter specifies the authentication policy that's used for the whole organization. You can use any value that uniquely identifies the policy.","Name":"DefaultAuthenticationPolicy","Option":"Write"},{"CIMType":"String","Description":"The DefaultGroupAccessType parameter specifies the default access type for Office 365 groups.","Name":"DefaultGroupAccessType","Option":"Write","ValueMap":["Private","Public"],"Values":["Private","Public"]},{"CIMType":"UInt32","Description":"The DefaultMinutesToReduceLongEventsBy parameter specifies the number of minutes to reduce calendar events by if the events are 60 minutes or longer.","Name":"DefaultMinutesToReduceLongEventsBy","Option":"Write"},{"CIMType":"UInt32","Description":"The DefaultMinutesToReduceShortEventsBy parameter specifies the number of minutes to reduce calendar events by if the events are less than 60 minutes long.","Name":"DefaultMinutesToReduceShortEventsBy","Option":"Write"},{"CIMType":"String","Description":"The DefaultPublicFolderAgeLimit parameter specifies the default age limit for the contents of public folders across the entire organization. Content in a public folder is automatically deleted when this age limit is exceeded. This attribute applies to all public folders in the organization that don't have their own AgeLimit setting. To specify a value, enter it as a time span: dd.hh:mm:ss where d = days, h = hours, m = minutes, and s = seconds. Or, enter the value $null. The default value is blank ($null).","Name":"DefaultPublicFolderAgeLimit","Option":"Write"},{"CIMType":"String","Description":"The DefaultPublicFolderDeletedItemRetention parameter specifies the default value of the length of time to retain deleted items for public folders across the entire organization. This attribute applies to all public folders in the organization that don't have their own RetainDeletedItemsFor attribute set.","Name":"DefaultPublicFolderDeletedItemRetention","Option":"Write"},{"CIMType":"String","Description":"The DefaultPublicFolderIssueWarningQuota parameter specifies the default value across the entire organization for the public folder size at which a warning message is sent to this folder's owners, warning that the public folder is almost full. This attribute applies to all public folders within the organization that don't have their own warning quota attribute set. The default value of this attribute is unlimited. The valid input range for this parameter is from 0 through 2199023254529 bytes(2 TB). If you enter a value of unlimited, no size limit is imposed on the public folder.","Name":"DefaultPublicFolderIssueWarningQuota","Option":"Write"},{"CIMType":"String","Description":"The DefaultPublicFolderMaxItemSize parameter specifies the default maximum size for posted items within public folders across the entire organization. Items larger than the value of the DefaultPublicFolderMaxItemSize parameter are rejected. This attribute applies to all public folders within the organization that don't have their own MaxItemSize attribute set. The default value of this attribute is unlimited.","Name":"DefaultPublicFolderMaxItemSize","Option":"Write"},{"CIMType":"String","Description":"The DefaultPublicFolderMovedItemRetention parameter specifies how long items that have been moved between mailboxes are kept in the source mailbox for recovery purposes before being removed by the Public Folder Assistant.","Name":"DefaultPublicFolderMovedItemRetention","Option":"Write"},{"CIMType":"String","Description":"The DefaultPublicFolderProhibitPostQuota parameter specifies the size of a public folder at which users are notified that the public folder is full. Users can't post to a folder whose size is larger than the DefaultPublicFolderProhibitPostQuota parameter value. The default value of this attribute is unlimited.","Name":"DefaultPublicFolderProhibitPostQuota","Option":"Write"},{"CIMType":"Boolean","Description":"The DelayedDelicensingEnabled parameter enables or disables a 30 day grace period for Exchange Online license removals from mailboxes.","Name":"DelayedDelicensingEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The DirectReportsGroupAutoCreationEnabled parameter specifies whether to enable or disable the automatic creation of direct report Office 365 groups.","Name":"DirectReportsGroupAutoCreationEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The DisablePlusAddressInRecipients parameter specifies whether to enable or disable plus addressing (also known as subaddressing) for Exchange Online mailboxes.","Name":"DisablePlusAddressInRecipients","Option":"Write"},{"CIMType":"String","Description":"The DistributionGroupDefaultOU parameter specifies the container where distribution groups are created by default.","Name":"DistributionGroupDefaultOU","Option":"Write"},{"CIMType":"String[]","Description":"The DistributionGroupNameBlockedWordsList parameter specifies words that can't be included in the names of distribution groups. Separate multiple values with commas.","Name":"DistributionGroupNameBlockedWordsList","Option":"Write"},{"CIMType":"String","Description":"The DistributionGroupNamingPolicy parameter specifies the template applied to the name of distribution groups that are created in the organization. You can enforce that a prefix or suffix be applied to all distribution groups. Prefixes and suffixes can be either a string or an attribute, and you can combine strings and attributes.","Name":"DistributionGroupNamingPolicy","Option":"Write"},{"CIMType":"Boolean","Description":"The ElcProcessingDisabled parameter specifies whether to enable or disable the processing of mailboxes by the Managed Folder Assistant.","Name":"ElcProcessingDisabled","Option":"Write"},{"CIMType":"Boolean","Description":"The EnableOutlookEvents parameter specifies whether Outlook or Outlook on the web automatically discovers events from email messages and adds them to user calendars.","Name":"EnableOutlookEvents","Option":"Write"},{"CIMType":"Boolean","Description":"The EndUserDLUpgradeFlowsDisabled parameter specifies whether to prevent users from upgrading their own distribution groups to Office 365 groups in an Exchange Online organization.","Name":"EndUserDLUpgradeFlowsDisabled","Option":"Write"},{"CIMType":"Boolean","Description":"The EndUserMailNotificationForDelayedDelicensingEnabled parameter enables or disables periodic email warnings to affected users that have pending Exchange Online license removal requests on their mailboxes.","Name":"EndUserMailNotificationForDelayedDelicensingEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The EwsAllowEntourage parameter specifies whether to enable or disable Entourage 2008 to access Exchange Web Services (EWS) for the entire organization.","Name":"EwsAllowEntourage","Option":"Write"},{"CIMType":"String[]","Description":"The EwsAllowList parameter specifies the applications that are allowed to access EWS or REST when the EwsApplicationAccessPolicy parameter is set to EwsAllowList. Other applications that aren't specified by this parameter aren't allowed to access EWS or REST. You identify the application by its user agent string value. Wildcard characters (*) are supported.","Name":"EwsAllowList","Option":"Write"},{"CIMType":"Boolean","Description":"The EwsAllowMacOutlook parameter enables or disables access to mailboxes by Outlook for Mac clients that use Exchange Web Services (for example, Outlook for Mac 2011 or later).","Name":"EwsAllowMacOutlook","Option":"Write"},{"CIMType":"Boolean","Description":"The EwsAllowOutlook parameter enables or disables access to mailboxes by Outlook clients that use Exchange Web Services. Outlook uses Exchange Web Services for free/busy, out-of-office settings, and calendar sharing.","Name":"EwsAllowOutlook","Option":"Write"},{"CIMType":"String","Description":"The EwsApplicationAccessPolicy parameter specifies the client applications that have access to EWS and REST.","Name":"EwsApplicationAccessPolicy","Option":"Write","ValueMap":["EnforceAllowList","EnforceBlockList"],"Values":["EnforceAllowList","EnforceBlockList"]},{"CIMType":"String[]","Description":"The EwsBlockList parameter specifies the applications that aren't allowed to access EWS or REST when the EwsApplicationAccessPolicy parameter is set to EnforceBlockList. All other applications that aren't specified by this parameter are allowed to access EWS or REST. You identify the application by its user agent string value. Wildcard characters (*) are supported.","Name":"EwsBlockList","Option":"Write"},{"CIMType":"Boolean","Description":"The EwsEnabled parameter specifies whether to globally enable or disable EWS access for the entire organization, regardless of what application is making the request.","Name":"EwsEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The ExchangeNotificationEnabled parameter enables or disables Exchange notifications sent to administrators regarding their organizations. Valid input for this parameter is $true or $false.","Name":"ExchangeNotificationEnabled","Option":"Write"},{"CIMType":"String[]","Description":"The ExchangeNotificationRecipients parameter specifies the recipients for Exchange notifications sent to administrators regarding their organizations. If the ExchangeNotificationEnabled parameter is set to $false, no notification messages are sent. Be sure to enclose values that contain spaces in quotation marks and separate multiple values with commas. If this parameter isn't set, Exchange notifications are sent to all administrators.","Name":"ExchangeNotificationRecipients","Option":"Write"},{"CIMType":"Boolean","Description":"The FindTimeAttendeeAuthenticationEnabled parameter controls whether attendees are required to verify their identity in meeting polls using the FindTime Outlook add-in.","Name":"FindTimeAttendeeAuthenticationEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The FindTimeAutoScheduleDisabled parameter controls automatically scheduling the meeting once a consensus is reached in meeting polls using the FindTime Outlook add-in.","Name":"FindTimeAutoScheduleDisabled","Option":"Write"},{"CIMType":"Boolean","Description":"The FindTimeLockPollForAttendeesEnabled controls whether the Lock poll for attendees setting is managed by the organization.","Name":"FindTimeLockPollForAttendeesEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The FindTimeOnlineMeetingOptionDisabled parameter controls the availability of the Online meeting checkbox for Teams in meeting polls using the FindTime Outlook add-in.","Name":"FindTimeOnlineMeetingOptionDisabled","Option":"Write"},{"CIMType":"Boolean","Description":"The FocusedInboxOn parameter enables or disables Focused Inbox for the organization.","Name":"FocusedInboxOn","Option":"Write"},{"CIMType":"String","Description":"The HierarchicalAddressBookRoot parameter specifies the user, contact, or group to be used as the root organization for a hierarchical address book in the Exchange organization. You can use any value that uniquely identifies the recipient.","Name":"HierarchicalAddressBookRoot","Option":"Write"},{"CIMType":"String[]","Description":"The IPListBlocked parameter specifies the blocked IP addresses that aren't allowed to connect to Exchange Online organization. These settings affect client connections that use Basic authentication where on-premises Active Directory Federation Services (ADFS) servers federate authentication with Azure Active Directory. Note that the new settings might take up to 4 hours to fully propagate across the service.","Name":"IPListBlocked","Option":"Write"},{"CIMType":"Boolean","Description":"No description available for IsGroupFoldersAndRulesEnabled","Name":"IsGroupFoldersAndRulesEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"No description available for IsGroupMemberAllowedToEditContent","Name":"IsGroupMemberAllowedToEditContent","Option":"Write"},{"CIMType":"Boolean","Description":"The LeanPopoutEnabled parameter specifies whether to enable faster loading of pop-out messages in Outlook on the web for Internet Explorer and Microsoft Edge.","Name":"LeanPopoutEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The LinkPreviewEnabled parameter specifies whether link preview of URLs in email messages is allowed for the organization.","Name":"LinkPreviewEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The MailTipsAllTipsEnabled parameter specifies whether MailTips are enabled. The default value is $true.","Name":"MailTipsAllTipsEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The MailTipsExternalRecipientsTipsEnabled parameter specifies whether MailTips for external recipients are enabled. The default value is $false.","Name":"MailTipsExternalRecipientsTipsEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The MailTipsGroupMetricsEnabled parameter specifies whether MailTips that rely on group metrics data are enabled. The default value is $true.","Name":"MailTipsGroupMetricsEnabled","Option":"Write"},{"CIMType":"UInt32","Description":"The MailTipsLargeAudienceThreshold parameter specifies what a large audience is. The default value is 25.","Name":"MailTipsLargeAudienceThreshold","Option":"Write"},{"CIMType":"Boolean","Description":"The MailTipsMailboxSourcedTipsEnabled parameter specifies whether MailTips that rely on mailbox data (out-of-office or full mailbox) are enabled.","Name":"MailTipsMailboxSourcedTipsEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"No description available for MaskClientIpInReceivedHeadersEnabled.","Name":"MaskClientIpInReceivedHeadersEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"No description available for MatchSenderOrganizerProperties.","Name":"MatchSenderOrganizerProperties","Option":"Write"},{"CIMType":"Boolean","Description":"No description available for MessageHighlightsEnabled.","Name":"MessageHighlightsEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The MessageRecallEnabled parameter enables or disables the message recall feature in the organization.","Name":"MessageRecallEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The MessageRemindersEnabled parameter enables or disables the message reminders feature in the organization.","Name":"MessageRemindersEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The MobileAppEducationEnabled specifies whether to show or hide the Outlook for iOS and Android education reminder in Outlook on the web.","Name":"MobileAppEducationEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The OAuth2ClientProfileEnabled parameter enables or disables modern authentication in the Exchange organization.","Name":"OAuth2ClientProfileEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The OnlineMeetingsByDefaultEnabled parameter specifies whether to set all meetings as Teams by default during meeting creation.","Name":"OnlineMeetingsByDefaultEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The OutlookGifPickerDisabled parameter disables the GIF Search (powered by Bing) feature that's built into the Compose page in Outlook on the web.","Name":"OutlookGifPickerDisabled","Option":"Write"},{"CIMType":"Boolean","Description":"The OutlookMobileGCCRestrictionsEnabled parameter specifies whether to enable or disable features within Outlook for iOS and Android that are not FedRAMP compliant for Office 365 US Government Community Cloud (GCC) customers.","Name":"OutlookMobileGCCRestrictionsEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The OutlookPayEnabled parameter enables or disables Payments in Outlook in the Office 365 organization.","Name":"OutlookPayEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"No description available for OutlookTextPredictionDisabled.","Name":"OutlookTextPredictionDisabled","Option":"Write"},{"CIMType":"Boolean","Description":"The PublicComputersDetectionEnabled parameter specifies whether Outlook on the web will detect when a user signs from a public or private computer or network, and then enforces the attachment handling settings from public networks. The default is $false. However, if you set this parameter to $true, Outlook on the web will determine if the user is signing in from a public computer, and all public attachment handling rules will be applied and enforced.","Name":"PublicComputersDetectionEnabled","Option":"Write"},{"CIMType":"String","Description":"The PublicFoldersEnabled parameter specifies how public folders are deployed in your organization.","Name":"PublicFoldersEnabled","Option":"Write","ValueMap":["None","Local","Remote"],"Values":["None","Local","Remote"]},{"CIMType":"Boolean","Description":"The PublicFolderShowClientControl parameter enables or disables access to public folders in Microsoft Outlook.","Name":"PublicFolderShowClientControl","Option":"Write"},{"CIMType":"Boolean","Description":"The ReadTrackingEnabled parameter specifies whether the tracking for read status for messages in an organization is enabled. The default value is $false.","Name":"ReadTrackingEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"No description available for RecallReadMessagesEnabled.","Name":"RecallReadMessagesEnabled","Option":"Write"},{"CIMType":"String[]","Description":"The RemotePublicFolderMailboxes parameter specifies the identities of the public folder objects (represented as mail user objects locally) corresponding to the public folder mailboxes created in the remote forest. The public folder values set here are used only if the public folder deployment is a remote deployment.","Name":"RemotePublicFolderMailboxes","Option":"Write"},{"CIMType":"Boolean","Description":"The SendFromAliasEnabled parameter allows mailbox users to send messages using aliases (proxy addresses). It does this by disabling the rewriting of aliases to their primary SMTP address. This change is implemented in the Exchange Online service","Name":"SendFromAliasEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"No description available for SharedDomainEmailAddressFlowEnabled.","Name":"SharedDomainEmailAddressFlowEnabled","Option":"Write"},{"CIMType":"String","Description":"The ShortenEventScopeDefault parameter specifies whether calendar events start late or end early in the organization.","Name":"ShortenEventScopeDefault","Option":"Write"},{"CIMType":"String","Description":"The SiteMailboxCreationURL parameter specifies the URL that's used to create site mailboxes. Site mailboxes improve collaboration and user productivity by allowing access to both SharePoint documents and Exchange email in Outlook 2013 or later.","Name":"SiteMailboxCreationURL","Option":"Write"},{"CIMType":"Boolean","Description":"The SmtpActionableMessagesEnabled parameter specifies whether to enable or disable action buttons in email messages in Outlook on the web.","Name":"SmtpActionableMessagesEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The TenantAdminNotificationForDelayedDelicensingEnabled parameter enables or disables weekly admin Service Health advisory notifications that are sent to admins.","Name":"TenantAdminNotificationForDelayedDelicensingEnabled","Option":"Write"},{"CIMType":"String","Description":"The VisibleMeetingUpdateProperties parameter specifies whether meeting message updates will be auto-processed on behalf of attendees. Auto-processed updates are applied to the attendee's calendar item, and then the meeting message is moved to the deleted items. The attendee never sees the update in their inbox, but their calendar is updated.","Name":"VisibleMeetingUpdateProperties","Option":"Write"},{"CIMType":"Boolean","Description":"The WebPushNotificationsDisabled parameter specifies whether to enable or disable Web Push Notifications in Outlook on the Web. This feature provides web push notifications which appear on a user's desktop while the user is not using Outlook on the Web. This brings awareness of incoming messages while they are working elsewhere on their computer.","Name":"WebPushNotificationsDisabled","Option":"Write"},{"CIMType":"Boolean","Description":"The WebSuggestedRepliesDisabled parameter specifies whether to enable or disable Suggested Replies in Outlook on the web. This feature provides suggested replies to emails so users can easily and quickly respond to messages.","Name":"WebSuggestedRepliesDisabled","Option":"Write"},{"CIMType":"Boolean","Description":"The WorkspaceTenantEnabled parameter enables or disables workspace booking in the organization.","Name":"WorkspaceTenantEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"This parameter is available only in the cloud-based service.","Name":"RejectDirectSend","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures the Exchange Online organization-wide settings."},{"ClassName":"MSFT_EXOOrganizationRelationship","Parameters":[{"CIMType":"String","Description":"The Name parameter specifies the unique name of the organization relationship. The maximum length is 64 characters.","Name":"Name","Option":"Key"},{"CIMType":"Boolean","Description":"The ArchiveAccessEnabled parameter specifies whether the organization relationship has been configured to provide remote archive access.","Name":"ArchiveAccessEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The DeliveryReportEnabled parameter specifies whether Delivery Reports should be shared over the organization relationship.","Name":"DeliveryReportEnabled","Option":"Write"},{"CIMType":"String[]","Description":"The DomainNames parameter specifies the SMTP domains of the external organization. You can specify multiple domains separated by commas.","Name":"DomainNames","Option":"Write"},{"CIMType":"Boolean","Description":"The Enabled parameter specifies whether to enable the organization relationship.","Name":"Enabled","Option":"Write"},{"CIMType":"Boolean","Description":"The FreeBusyAccessEnabled parameter specifies whether the organization relationship should be used to retrieve free/busy information from the external organization.","Name":"FreeBusyAccessEnabled","Option":"Write"},{"CIMType":"String","Description":"The FreeBusyAccessLevel parameter specifies the maximum amount of detail returned to the requesting organization. Valid values are: None, AvailabilityOnly or LimitedDetails","Name":"FreeBusyAccessLevel","Option":"Write","ValueMap":["None","AvailabilityOnly","LimitedDetails"],"Values":["None","AvailabilityOnly","LimitedDetails"]},{"CIMType":"String","Description":"The FreeBusyAccessScope parameter specifies a mail-enabled security group in the internal organization that contains users whose free/busy information is accessible by an external organization. You can use any value that uniquely identifies the group.","Name":"FreeBusyAccessScope","Option":"Write"},{"CIMType":"Boolean","Description":"The MailboxMoveEnabled parameter specifies whether the organization relationship enables moving mailboxes to or from the external organization.","Name":"MailboxMoveEnabled","Option":"Write"},{"CIMType":"String","Description":"The MailboxMoveCapability parameter is used in cross-tenant mailbox migrations.","Name":"MailboxMoveCapability","Option":"Write","ValueMap":["Inbound","Outbound","RemoteInbound","RemoteOutbound","None"],"Values":["Inbound","Outbound","RemoteInbound","RemoteOutbound","None"]},{"CIMType":"String[]","Description":"The MailboxMovePublishedScopes parameter is used in cross-tenant mailbox migrations to specify the mail-enabled security groups whose members are allowed to migrate.","Name":"MailboxMovePublishedScopes","Option":"Write"},{"CIMType":"Boolean","Description":"The MailTipsAccessEnabled parameter specifies whether MailTips for users in this organization are returned over this organization relationship.","Name":"MailTipsAccessEnabled","Option":"Write"},{"CIMType":"String","Description":"The MailTipsAccessLevel parameter specifies the level of MailTips data externally shared over this organization relationship. This parameter can have the following values: All, Limited, None","Name":"MailTipsAccessLevel","Option":"Write","ValueMap":["None","All","Limited"],"Values":["None","All","Limited"]},{"CIMType":"String","Description":"The MailTipsAccessScope parameter specifies a mail-enabled security group in the internal organization that contains users whose free/busy information is accessible by an external organization. You can use any value that uniquely identifies the group.","Name":"MailTipsAccessScope","Option":"Write"},{"CIMType":"String","Description":"The OAuthApplicationId is used in cross-tenant mailbox migrations to specify the application ID of the mailbox migration app that you consented to.","Name":"OauthApplicationId","Option":"Write"},{"CIMType":"String","Description":"The OrganizationContact parameter specifies the email address that can be used to contact the external organization (for example, administrator@fourthcoffee.com).","Name":"OrganizationContact","Option":"Write"},{"CIMType":"Boolean","Description":"The PhotosEnabled parameter specifies whether photos for users in the internal organization are returned over the organization relationship.","Name":"PhotosEnabled","Option":"Write"},{"CIMType":"String","Description":"The TargetApplicationUri parameter specifies the target Uniform Resource Identifier (URI) of the external organization. The TargetApplicationUri parameter is specified by Exchange when requesting a delegated token to retrieve free and busy information, for example, mail.contoso.com.","Name":"TargetApplicationUri","Option":"Write"},{"CIMType":"String","Description":"The TargetAutodiscoverEpr parameter specifies the Autodiscover URL of Exchange Web Services for the external organization. Exchange uses Autodiscover to automatically detect the correct Exchangeserver endpoint to use for external requests.","Name":"TargetAutodiscoverEpr","Option":"Write"},{"CIMType":"String","Description":"The TargetOwaURL parameter specifies the Outlook on the web (formerly Outlook Web App) URL of the external organization that's defined in the organization relationship. It is used for Outlook on the web redirection in a cross-premise Exchange scenario. Configuring this attribute enables users in the organization to use their current Outlook on the web URL to access Outlook on the web in the external organization.","Name":"TargetOwaURL","Option":"Write"},{"CIMType":"String","Description":"The TargetSharingEpr parameter specifies the URL of the target Exchange Web Services for the external organization.","Name":"TargetSharingEpr","Option":"Write"},{"CIMType":"String","Description":"Specify if the OrganizationRelationship should exist or not.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures the Organization Relationship in Exchange Online."},{"ClassName":"MSFT_EXOOutboundConnector","Parameters":[{"CIMType":"String","Description":"The Identity parameter specifies the outbound connector that you want to modify.","Name":"Identity","Option":"Key"},{"CIMType":"Boolean","Description":"Specifies whether connector is enabled.","Name":"Enabled","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies whether connector should use MXRecords for target resolution.","Name":"UseMXRecord","Option":"Write"},{"CIMType":"String","Description":"The Comment parameter specifies an optional comment.","Name":"Comment","Option":"Write"},{"CIMType":"String","Description":"The ConnectorSource parameter specifies how the connector is created. DO NOT CHANGE THIS!","Name":"ConnectorSource","Option":"Write","ValueMap":["Default","Migrated","HybridWizard"],"Values":["Default","Migrated","HybridWizard"]},{"CIMType":"String","Description":"The ConnectorType parameter specifies a category for the domains that are serviced by the connector.","Name":"ConnectorType","Option":"Write","ValueMap":["Partner","OnPremises"],"Values":["Partner","OnPremises"]},{"CIMType":"String[]","Description":"The RecipientDomains parameter specifies the domain that the Outbound connector routes mail to. You can specify multiple domains separated by commas.","Name":"RecipientDomains","Option":"Write"},{"CIMType":"String[]","Description":"The SmartHosts parameter specifies the smart hosts the Outbound connector uses to route mail. This parameter is required if you set the UseMxRecord parameter to $false and must be specified on the same command line.","Name":"SmartHosts","Option":"Write"},{"CIMType":"String","Description":"The TlsDomain parameter specifies the domain name that the Outbound connector uses to verify the FQDN of the target certificate when establishing a TLS secured connection. This parameter is only used if the TlsSettings parameter is set to DomainValidation. Valid input for the TlsDomain parameter is an SMTP domain. You can use a wildcard character to specify all subdomains of a specified domain, as shown in the following example: *.contoso.com. However, you can't embed a wildcard character, as shown in the following example: domain.*.contoso.com","Name":"TlsDomain","Option":"Write"},{"CIMType":"String","Description":"The TlsSettings parameter specifies the TLS authentication level that's used for outbound TLS connections established by this Outbound connector.","Name":"TlsSettings","Option":"Write","ValueMap":["EncryptionOnly","CertificateValidation","DomainValidation"],"Values":["EncryptionOnly","CertificateValidation","DomainValidation"]},{"CIMType":"Boolean","Description":"The IsTransportRuleScoped parameter specifies whether the Outbound connector is associated with a transport rule (also known as a mail flow rule).","Name":"IsTransportRuleScoped","Option":"Write"},{"CIMType":"Boolean","Description":"The RouteAllMessagesViaOnPremises parameter specifies that all messages serviced by this connector are first routed through the on-premises messaging system (Centralized mailrouting).","Name":"RouteAllMessagesViaOnPremises","Option":"Write"},{"CIMType":"Boolean","Description":"The CloudServicesMailEnabled parameter specifies whether the connector is used for hybrid mail flow between an on-premises Exchange environment and Microsoft Office 365. Specifically, this parameter controls how certain internal X-MS-Exchange-Organization-* message headers are handled in messages that are sent between accepted domains in the on-premises and cloud organizations. These headers are collectively known as cross-premises headers. DO NOT USE MANUALLY!","Name":"CloudServicesMailEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The AllAcceptedDomains parameter specifies whether the Outbound connector is used in hybrid organizations where message recipients are in accepted domains of the cloud-based organization.","Name":"AllAcceptedDomains","Option":"Write"},{"CIMType":"Boolean","Description":"The SenderRewritingEnabled parameter specifies that all messages that normally qualify for SRS rewriting are rewritten for routing through the on-premises email system.","Name":"SenderRewritingEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The TestMode parameter specifies whether you want to enabled or disable test mode for the Outbound connector.","Name":"TestMode","Option":"Write"},{"CIMType":"String[]","Description":"The ValidationRecipients parameter specifies the email addresses of the validation recipients for the Outbound connector. You can specify multiple email addresses separated by commas.","Name":"ValidationRecipients","Option":"Write"},{"CIMType":"String","Description":"Specifies if this Outbound connector should exist.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Create a new Inbound connector in your cloud-based organization."},{"ClassName":"MSFT_EXOOwaMailboxPolicy","Parameters":[{"CIMType":"String","Description":"The Name parameter specifies the unique name for the policy. The maximum length is 64 characters.","Name":"Name","Option":"Key"},{"CIMType":"Boolean","Description":"The AccountTransferEnabled parameter specifies whether to enable or disable QR code sign-in. By default, QR code sign-in is enabled.","Name":"AccountTransferEnabled","Option":"Write"},{"CIMType":"String","Description":"The ActionForUnknownFileAndMIMETypes parameter specifies how to handle file types that aren't specified in the Allow, Block, and Force Save lists for file types and MIME types","Name":"ActionForUnknownFileAndMIMETypes","Option":"Write","ValueMap":["Allow","ForceSave","Block"],"Values":["Allow","ForceSave","Block"]},{"CIMType":"Boolean","Description":"The ActiveSyncIntegrationEnabled parameter specifies whether to enable or disable Exchange ActiveSync settings in Outlook on the web. ","Name":"ActiveSyncIntegrationEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"No description available.","Name":"AdditionalAccountsEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The AdditionalStorageProvidersAvailable parameter specifies whether to allow additional storage providers (for example, Box, Dropbox, Facebook, Google Drive, Egnyte, personal OneDrive) attachments in Outlook on the web.","Name":"AdditionalStorageProvidersAvailable","Option":"Write"},{"CIMType":"Boolean","Description":"The AllAddressListsEnabled parameter specifies which address lists are available in Outlook on the web.","Name":"AllAddressListsEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The AllowCopyContactsToDeviceAddressBook parameter specifies whether users can copy the contents of their Contacts folder to a mobile device's native address book when using Outlook on the web for devices.","Name":"AllowCopyContactsToDeviceAddressBook","Option":"Write"},{"CIMType":"String[]","Description":"The AllowedFileTypes parameter specifies the attachment file types (file extensions) that can be saved locally or viewed from Outlook on the web.","Name":"AllowedFileTypes","Option":"Write"},{"CIMType":"String[]","Description":"The AllowedMimeTypes parameter specifies the MIME extensions of attachments that allow the attachments to be saved locally or viewed from Outlook on the web.","Name":"AllowedMimeTypes","Option":"Write"},{"CIMType":"String[]","Description":"The BlockedFileTypes parameter specifies a list of attachment file types (file extensions) that can't be saved locally or viewed from Outlook on the web.","Name":"BlockedFileTypes","Option":"Write"},{"CIMType":"String[]","Description":"The BlockedMimeTypes parameter specifies MIME extensions in attachments that prevent the attachments from being saved locally or viewed from Outlook on the web.","Name":"BlockedMimeTypes","Option":"Write"},{"CIMType":"Boolean","Description":"No description available.","Name":"BookingsMailboxCreationEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"No description available.","Name":"ChangeSettingsAccountEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The ClassicAttachmentsEnabled parameter specifies whether users can attach local files as regular email attachments in Outlook on the web.","Name":"ClassicAttachmentsEnabled","Option":"Write"},{"CIMType":"String","Description":"The ConditionalAccessPolicy parameter specifies the Outlook on the Web Policy for limited access. For this feature to work properly, you also need to configure a Conditional Access policy in the Azure Active Directory Portal.","Name":"ConditionalAccessPolicy","Option":"Write","ValueMap":["Off","ReadOnly","ReadOnlyPlusAttachmentsBlocked"],"Values":["Off","ReadOnly","ReadOnlyPlusAttachmentsBlocked"]},{"CIMType":"String","Description":"The DefaultTheme parameter specifies the default theme that's used in Outlook on the web when the user hasn't selected a theme. The default value is blank ($null).","Name":"DefaultTheme","Option":"Write"},{"CIMType":"Boolean","Description":"The DirectFileAccessOnPrivateComputersEnabled parameter specifies the left-click options for attachments in Outlook on the web for private computer sessions. ","Name":"DirectFileAccessOnPrivateComputersEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The DirectFileAccessOnPrivateComputersEnabled parameter specifies the left-click options for attachments in Outlook on the web for public computer sessions.","Name":"DirectFileAccessOnPublicComputersEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The DisableFacebook switch specifies whether users can synchronize their Facebook contacts to their Contacts folder in Outlook on the web. By default, Facebook integration is enabled.","Name":"DisableFacebook","Option":"Write"},{"CIMType":"Boolean","Description":"The DisplayPhotosEnabled parameter specifies whether users see sender photos in Outlook on the web.","Name":"DisplayPhotosEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The ExplicitLogonEnabled parameter specifies whether to allow a user to open someone else's mailbox in Outlook on the web (provided that user has permissions to the mailbox).","Name":"ExplicitLogonEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The ExternalImageProxyEnabled parameter specifies whether to load all external images through the Outlook external image proxy.","Name":"ExternalImageProxyEnabled","Option":"Write"},{"CIMType":"String","Description":"The ExternalSPMySiteHostURL specifies the My Site Host URL for external users.","Name":"ExternalSPMySiteHostURL","Option":"Write"},{"CIMType":"Boolean","Description":"The FeedbackEnabled parameter specifies whether to enable or disable inline feedback surveys in Outlook on the web.","Name":"FeedbackEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The ForceSaveAttachmentFilteringEnabled parameter specifies whether files are filtered before they can be saved from Outlook on the web.","Name":"ForceSaveAttachmentFilteringEnabled","Option":"Write"},{"CIMType":"String[]","Description":"The ForceSaveFileTypes parameter specifies the attachment file types (file extensions) that can only be saved from Outlook on the web (not opened).","Name":"ForceSaveFileTypes","Option":"Write"},{"CIMType":"String[]","Description":"The ForceSaveMimeTypes parameter specifies the MIME extensions in attachments that only allow the attachments to be saved locally (not opened).","Name":"ForceSaveMimeTypes","Option":"Write"},{"CIMType":"Boolean","Description":"The ForceWacViewingFirstOnPrivateComputers parameter specifies whether private computers must first preview an Office file as a web page in Office Online Server (formerly known as Office Web Apps Server and Web Access Companion Server) before opening the file in the local application.","Name":"ForceWacViewingFirstOnPrivateComputers","Option":"Write"},{"CIMType":"Boolean","Description":"The ForceWacViewingFirstOnPublicComputers parameter specifies whether public computers must first preview an Office file as a web page in Office Online Server before opening the file in the local application.","Name":"ForceWacViewingFirstOnPublicComputers","Option":"Write"},{"CIMType":"Boolean","Description":"The FreCardsEnabled parameter specifies whether the theme, signature, and phone cards are available in Outlook on the web.","Name":"FreCardsEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The GlobalAddressListEnabled parameter specifies whether the global address list is available in Outlook on the web.","Name":"GlobalAddressListEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The GroupCreationEnabled parameter specifies whether Office 365 group creation is available in Outlook on the web.","Name":"GroupCreationEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The InstantMessagingEnabled parameter specifies whether instant messaging is available in Outlook on the web.","Name":"InstantMessagingEnabled","Option":"Write"},{"CIMType":"String","Description":"The InstantMessagingType parameter specifies the type of instant messaging provider in Outlook on the web.","Name":"InstantMessagingType","Option":"Write","ValueMap":["None","Ocs"],"Values":["None","Ocs"]},{"CIMType":"Boolean","Description":"The InterestingCalendarsEnabled parameter specifies whether interesting calendars are available in Outlook on the web.","Name":"InterestingCalendarsEnabled","Option":"Write"},{"CIMType":"String","Description":"The InternalSPMySiteHostURL specifies the My Site Host URL for internal users.","Name":"InternalSPMySiteHostURL","Option":"Write"},{"CIMType":"Boolean","Description":"The IRMEnabled parameter specifies whether Information Rights Management (IRM) features are available in Outlook on the web.","Name":"IRMEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"No description available.","Name":"ItemsToOtherAccountsEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The IsDefault switch specifies whether the Outlook on the web policy is the default policy that's used to configure the Outlook on the web settings for new mailboxes.","Name":"IsDefault","Option":"Write"},{"CIMType":"Boolean","Description":"The JournalEnabled parameter specifies whether the Journal folder is available in Outlook on the web.","Name":"JournalEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The LocalEventsEnabled parameter specifies whether local events calendars are available in Outlook on the web.","Name":"LocalEventsEnabled","Option":"Write"},{"CIMType":"SInt32","Description":"The LogonAndErrorLanguage parameter specifies the language that used in Outlook on the web for forms-based authentication and for error messages when a user's current language setting can't be read. A valid value is a supported Microsoft Windows Language Code Identifier (LCID). For example, 1033 is US English.","Name":"LogonAndErrorLanguage","Option":"Write"},{"CIMType":"Boolean","Description":"No description available.","Name":"MessagePreviewsDisabled","Option":"Write"},{"CIMType":"Boolean","Description":"The NotesEnabled parameter specifies whether the Notes folder is available in Outlook on the web.","Name":"NotesEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The NpsSurveysEnabled parameter specifies whether to enable or disable the Net Promoter Score (NPS) survey in Outlook on the web. The survey allows uses to rate Outlook on the web on a scale of 1 to 5, and to provide feedback and suggested improvements in free text.","Name":"NpsSurveysEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The OneWinNativeOutlookEnabled parameter controls the availability of the new Outlook for Windows App.","Name":"OneWinNativeOutlookEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"When the OrganizationEnabled parameter is set to $false, the Automatic Reply option doesn't include external and internal options, the address book doesn't show the organization hierarchy, and the Resources tab in Calendar forms is disabled.","Name":"OrganizationEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The OnSendAddinsEnabled parameter specifies whether to enable or disable on send add-ins in Outlook on the web (add-ins that support events when a user clicks Send).","Name":"OnSendAddinsEnabled","Option":"Write"},{"CIMType":"String","Description":"The OutboundCharset parameter specifies the character set that's used for outgoing messages in Outlook on the web.","Name":"OutboundCharset","Option":"Write","ValueMap":["AutoDetect","AlwaysUTF8","UserLanguageChoice"],"Values":["AutoDetect","AlwaysUTF8","UserLanguageChoice"]},{"CIMType":"Boolean","Description":"The OutlookBetaToggleEnabled parameter specifies whether to enable or disable the Outlook on the web Preview toggle. The Preview toggle allows users to try the new Outlook on the web experience.","Name":"OutlookBetaToggleEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The OWALightEnabled parameter controls the availability of the light version of Outlook on the web.","Name":"OWALightEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"No description available.","Name":"PersonalAccountsEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The PersonalAccountCalendarsEnabled parameter specifies whether to allow users to connect to their personal Outlook.com or Google Calendar in Outlook on the web.","Name":"PersonalAccountCalendarsEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The PhoneticSupportEnabled parameter specifies phonetically spelled entries in the address book. This parameter is available for use in Japan.","Name":"PhoneticSupportEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The PlacesEnabled parameter specifies whether to enable or disable Places in Outlook on the web. Places lets users search, share, and map location details by using Bing.","Name":"PlacesEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The PremiumClientEnabled parameter controls the availability of the full version of Outlook Web App.","Name":"PremiumClientEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The PrintWithoutDownloadEnabled specifies whether to allow printing of supported files without downloading the attachment in Outlook on the web.","Name":"PrintWithoutDownloadEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The ProjectMocaEnabled parameter enables or disables access to Project Moca in Outlook on the web.","Name":"ProjectMocaEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The PublicFoldersEnabled parameter specifies whether a user can browse or read items in public folders in Outlook Web App.","Name":"PublicFoldersEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The RecoverDeletedItemsEnabled parameter specifies whether a user can use Outlook Web App to view, recover, or delete permanently items that have been deleted from the Deleted Items folder.","Name":"RecoverDeletedItemsEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The ReferenceAttachmentsEnabled parameter specifies whether users can attach files from the cloud as linked attachments in Outlook on the web.","Name":"ReferenceAttachmentsEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The RemindersAndNotificationsEnabled parameter specifies whether notifications and reminders are enabled in Outlook on the web.","Name":"RemindersAndNotificationsEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The ReportJunkEmailEnabled parameter specifies whether users can report messages to Microsoft or unsubscribe from messages in Outlook on the web. ","Name":"ReportJunkEmailEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The RulesEnabled parameter specifies whether a user can view, create, or modify server-side rules in Outlook on the web.","Name":"RulesEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The SatisfactionEnabled parameter specifies whether to enable or disable the satisfaction survey.","Name":"SatisfactionEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The SaveAttachmentsToCloudEnabled parameter specifies whether users can save regular email attachments to the cloud.","Name":"SaveAttachmentsToCloudEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The SearchFoldersEnabled parameter specifies whether Search Folders are available in Outlook on the web.","Name":"SearchFoldersEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The SetPhotoEnabled parameter specifies whether users can add, change, and remove their sender photo in Outlook on the web.","Name":"SetPhotoEnabled","Option":"Write"},{"CIMType":"String","Description":"The SetPhotoURL parameter controls where users go to select their photo. Note that you can't specify a URL that contains one or more picture files, as there is no mechanism to copy a URL photo to the properties of the users' Exchange Online mailboxes.","Name":"SetPhotoURL","Option":"Write"},{"CIMType":"Boolean","Description":"No description available.","Name":"ShowOnlineArchiveEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The SignaturesEnabled parameter specifies whether to enable or disable the use of signatures in Outlook on the web.","Name":"SignaturesEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The SkipCreateUnifiedGroupCustomSharepointClassification parameter specifies whether to skip a custom SharePoint page during the creation of Office 365 Groups in Outlook web app.","Name":"SkipCreateUnifiedGroupCustomSharepointClassification","Option":"Write"},{"CIMType":"Boolean","Description":"The TeamSnapCalendarsEnabled parameter specifies whether to allow users to connect to their personal TeamSnap calendars in Outlook on the web.","Name":"TeamSnapCalendarsEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The TextMessagingEnabled parameter specifies whether users can send and receive text messages in Outlook on the web.","Name":"TextMessagingEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The ThemeSelectionEnabled parameter specifies whether users can change the theme in Outlook on the web.","Name":"ThemeSelectionEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The UMIntegrationEnabled parameter specifies whether Unified Messaging (UM) integration is enabled in Outlook on the web.","Name":"UMIntegrationEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The UseGB18030 parameter specifies whether to use the GB18030 character set instead of GB2312 in Outlook on the web.","Name":"UseGB18030","Option":"Write"},{"CIMType":"Boolean","Description":"The UseISO885915 parameter specifies whether to use the character set ISO8859-15 instead of ISO8859-1 in Outlook on the web.","Name":"UseISO885915","Option":"Write"},{"CIMType":"Boolean","Description":"The UserVoiceEnabled parameter specifies whether to enable or disable Outlook UserVoice in Outlook on the web. Outlook UserVoice is a customer feedback area that's available in Office 365.","Name":"UserVoiceEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The WacEditingEnabled parameter specifies whether to enable or disable editing documents in Outlook on the web by using Office Online Server (formerly known as Office Web Apps Server and Web Access Companion Server). ","Name":"WacEditingEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The WacExternalServicesEnabled parameter specifies whether to enable or disable external services when viewing documents in Outlook on the web (for example, machine translation) by using Office Online Server.","Name":"WacExternalServicesEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The WacOMEXEnabled parameter specifies whether to enable or disable apps for Outlook in Outlook on the web in Office Online Server.","Name":"WacOMEXEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The WacViewingOnPrivateComputersEnabled parameter specifies whether to enable or disable web viewing of supported Office documents private computer sessions in Office Online Server (formerly known as Office Web Apps Server and Web Access Companion Server). By default, all Outlook on the web sessions are considered to be on private computers.","Name":"WacViewingOnPrivateComputersEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The WacViewingOnPublicComputersEnabled parameter specifies whether to enable or disable web viewing of supported Office documents in public computer sessions in Office Online Server. ","Name":"WacViewingOnPublicComputersEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The WeatherEnabled parameter specifies whether to enable or disable weather information in the calendar in Outlook on the web.","Name":"WeatherEnabled","Option":"Write"},{"CIMType":"String","Description":"The WebPartsFrameOptionsType parameter specifies what sources can access web parts in IFRAME or FRAME elements in Outlook on the web.","Name":"WebPartsFrameOptionsType","Option":"Write","ValueMap":["None","SameOrigin","Deny"],"Values":["None","SameOrigin","Deny"]},{"CIMType":"String","Description":"Specify if the OWA Mailbox Policy should exist or not.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures OWA Mailbox Policies in Exchange Online."},{"ClassName":"MSFT_EXOPartnerApplication","Parameters":[{"CIMType":"String","Description":"The Name parameter specifies a new name for the partner application.","Name":"Name","Option":"Key"},{"CIMType":"String","Description":"The ApplicationIdentifier parameter specifies a unique application identifier for the partner application that uses an authorization server.","Name":"ApplicationIdentifier","Option":"Write"},{"CIMType":"Boolean","Description":"The AcceptSecurityIdentifierInformation parameter specifies whether Exchange should accept security identifiers (SIDs) from another trusted Active Directory forest for the partner application.","Name":"AcceptSecurityIdentifierInformation","Option":"Write"},{"CIMType":"String","Description":"The AccountType parameter specifies the type of Microsoft account that's required for the partner application.","Name":"AccountType","Option":"Write","ValueMap":["OrganizationalAccount","ConsumerAccount"],"Values":["OrganizationalAccount","ConsumerAccount"]},{"CIMType":"Boolean","Description":"The Enabled parameter specifies whether the partner application is enabled.","Name":"Enabled","Option":"Write"},{"CIMType":"String","Description":"The LinkedAccount parameter specifies a linked Active Directory user account for the application.","Name":"LinkedAccount","Option":"Write"},{"CIMType":"String","Description":"Specify if the Partner Application should exist or not.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures Partner Applications in Exchange Online."},{"ClassName":"MSFT_EXOPerimeterConfiguration","Parameters":[{"CIMType":"String","Description":"Only valid value is 'Yes'.","Name":"IsSingleInstance","Option":"Key","ValueMap":["Yes"],"Values":["Yes"]},{"CIMType":"String[]","Description":"Use the GatewayIPAddresses parameter to create or modify a list of gateway server IP addresses to add to IP safelists.","Name":"GatewayIPAddresses","Option":"Write"},{"CIMType":"String","Description":"Specifies if this Outbound connector should exist.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Modify the perimeter Configuration policy in your cloud-based organization."},{"ClassName":"MSFT_EXOPhishSimOverrideRule","Parameters":[{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"},{"CIMType":"String","Description":"The unique identifier (GUID or name) of the override rule. This parameter is mandatory.","Name":"Identity","Option":"Key"},{"CIMType":"String[]","Description":"The domains for the override rule.","Name":"Domains","Option":"Write"},{"CIMType":"String[]","Description":"The IP ranges for the override rule.","Name":"SenderIpRanges","Option":"Write"},{"CIMType":"String","Description":"An optional comment for the override rule.","Name":"Comment","Option":"Write"},{"CIMType":"String","Description":"The phishing simulation override policy that's associated with the rule.","Name":"Policy","Option":"Write"},{"CIMType":"String","Description":"Ensures the presence or absence of the configuration.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]}],"Description":"This resource allows users to manage resource to modify third-party phishing\nsimulation override rules to bypass Exchange Online Protection filtering."},{"ClassName":"MSFT_EXOPlace","Parameters":[{"CIMType":"String","Description":"The Identity parameter specifies the room mailbox that you want to modify. You can use any value that uniquely identifies the room.","Name":"Identity","Option":"Key"},{"CIMType":"String","Description":"The display name of the place.","Name":"DisplayName","Option":"Write"},{"CIMType":"String","Description":"The AudioDeviceName parameter specifies the name of the audio device in the room. If the value contains spaces, enclose the value in quotation marks.","Name":"AudioDeviceName","Option":"Write"},{"CIMType":"String","Description":"The Building parameter specifies the building name or building number that the room is in. If the value contains spaces, enclose the value in quotation marks.","Name":"Building","Option":"Write"},{"CIMType":"UInt32","Description":"The Capacity parameter specifies the capacity of the room. A valid value is an integer.","Name":"Capacity","Option":"Write"},{"CIMType":"String","Description":"The City parameter specifies the room's city. If the value contains spaces, enclose the value in quotation marks.","Name":"City","Option":"Write"},{"CIMType":"String","Description":"The CountryOrRegion parameter specifies the room's country or region. A valid value is a valid ISO 3166-1 two-letter country code (for example, AU for Australia) or the corresponding friendly name for the country (which might be different from the official ISO 3166 Maintenance Agency short name).","Name":"CountryOrRegion","Option":"Write"},{"CIMType":"String[]","Description":"N/A","Name":"Desks","Option":"Write"},{"CIMType":"String","Description":"The DisplayDeviceName parameter specifies the name of the display device in the room. If the value contains spaces, enclose the value in quotation marks.","Name":"DisplayDeviceName","Option":"Write"},{"CIMType":"String","Description":"The Floor parameter specifies the floor number that the room is on.","Name":"Floor","Option":"Write"},{"CIMType":"String","Description":"The FloorLabel parameter specifies a descriptive label for the floor that the room is on. If the value contains spaces, enclose the value in quotation marks.","Name":"FloorLabel","Option":"Write"},{"CIMType":"String","Description":"The GeoCoordinates parameter specifies the room's location in latitude, longitude and (optionally) altitude coordinates.","Name":"GeoCoordinates","Option":"Write"},{"CIMType":"Boolean","Description":"The IsWheelChairAccessible parameter specifies whether the room is wheelchair accessible.","Name":"IsWheelChairAccessible","Option":"Write"},{"CIMType":"String","Description":"The Label parameter specifies a descriptive label for the room (for example, a number or name). If the value contains spaces, enclose the value in quotation marks.","Name":"Label","Option":"Write"},{"CIMType":"Boolean","Description":"The MTREnabled parameter identifies the room as configured with a Microsoft Teams room system. You can add Teams room systems as audio sources in Teams meetings that involve the room.","Name":"MTREnabled","Option":"Write"},{"CIMType":"String","Description":"The ParentId parameter specifies the ID of a Place in the parent location hierarchy in Microsoft Places.","Name":"ParentId","Option":"Write"},{"CIMType":"String","Description":"The ParentType parameter specifies the parent type of the ParentId in Microsoft Places. Valid values are: Floor, Section","Name":"ParentType","Option":"Write","ValueMap":["Floor","Section","None"],"Values":["Floor","Section","None"]},{"CIMType":"String","Description":"The Phone parameter specifies the room's telephone number.","Name":"Phone","Option":"Write"},{"CIMType":"String","Description":"The PostalCode parameter specifies the room's postal code.","Name":"PostalCode","Option":"Write"},{"CIMType":"String","Description":"The State parameter specifies the room's state or province.","Name":"State","Option":"Write"},{"CIMType":"String","Description":"The Street parameter specifies the room's physical address.","Name":"Street","Option":"Write"},{"CIMType":"String[]","Description":"The Tags parameter specifies additional features of the room (for example, details like the type of view or furniture type).","Name":"Tags","Option":"Write"},{"CIMType":"String","Description":"The VideoDeviceName parameter specifies the name of the video device in the room. If the value contains spaces, enclose the value in quotation marks.","Name":"VideoDeviceName","Option":"Write"},{"CIMType":"String","Description":"Specifies if this Outbound connector should exist.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures a place in Exchange Online (e.g., room)."},{"ClassName":"MSFT_EXOPolicyTipConfig","Parameters":[{"CIMType":"String","Description":"The Name parameter specifies the custom Policy Tip you want to modify.","Name":"Name","Option":"Key"},{"CIMType":"String","Description":"The Value parameter specifies the text that's displayed by the Policy Tip.","Name":"Value","Option":"Write"},{"CIMType":"String","Description":"Specify if the Policy Tip Config should exist or not.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures Policy Tips in Exchange Online."},{"ClassName":"MSFT_EXOQuarantinePolicy","Parameters":[{"CIMType":"String","Description":"The Identity parameter specifies the QuarantinePolicy you want to modify.","Name":"Identity","Option":"Key"},{"CIMType":"UInt32","Description":"The EndUserQuarantinePermissionsValue parameter specifies the end-user permissions for the quarantine policy.","Name":"EndUserQuarantinePermissionsValue","Option":"Write"},{"CIMType":"Boolean","Description":"The ESNEnabled parameter specifies whether to enable quarantine notifications (formerly known as end-user spam notifications) for the policy.","Name":"ESNEnabled","Option":"Write"},{"CIMType":"String[]","Description":"The MultiLanguageCustomDisclaimer parameter specifies the custom disclaimer text to use near the bottom of quarantine notifications.","Name":"MultiLanguageCustomDisclaimer","Option":"Write"},{"CIMType":"String[]","Description":"The MultiLanguageSenderName parameter specifies the email sender's display name to use in quarantine notifications.","Name":"MultiLanguageSenderName","Option":"Write"},{"CIMType":"String[]","Description":"The MultiLanguageSetting parameter specifies the language of quarantine notifications.","Name":"MultiLanguageSetting","Option":"Write"},{"CIMType":"Boolean","Description":"The OrganizationBrandingEnabled parameter enables or disables organization branding in the end-user quarantine notification messages.","Name":"OrganizationBrandingEnabled","Option":"Write"},{"CIMType":"String","Description":"Specifies if this QuarantinePolicy should exist.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String","Description":"The EndUserSpamNotificationFrequency parameter species how often quarantine notifications are sent to users. Valid values are: 04:00:00 (4 hours),1.00:00:00 (1 day),7.00:00:00 (7 days)","Name":"EndUserSpamNotificationFrequency","Option":"Write"},{"CIMType":"String","Description":"The QuarantinePolicyType parameter filters the results by the specified quarantine policy type. Valid values are: QuarantinePolicy, GlobalQuarantinePolicy","Name":"QuarantinePolicyType","Option":"Write"},{"CIMType":"String","Description":"This parameter is reserved for internal Microsoft use.","Name":"EndUserSpamNotificationFrequencyInDays","Option":"Write"},{"CIMType":"String","Description":"This parameter is reserved for internal Microsoft use.","Name":"CustomDisclaimer","Option":"Write"},{"CIMType":"String","Description":"The EndUserSpamNotificationCustomFromAddress specifies the email address of an existing internal sender to use as the sender for quarantine notifications. To set this parameter back to the default email address quarantine@messaging.microsoft.com, use the value $null.","Name":"EndUserSpamNotificationCustomFromAddress","Option":"Write"},{"CIMType":"String[]","Description":"The EsnCustomSubject parameter specifies the text to use in the Subject field of quarantine notifications.This setting is available only in the built-in quarantine policy named DefaultGlobalTag that controls global quarantine policy settings.","Name":"EsnCustomSubject","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Create or modify a EXOQuarantinePolicy in your cloud-based organization."},{"ClassName":"MSFT_EXORecipientPermission","Parameters":[{"CIMType":"String","Description":"The mailbox the permission should be given on.","Name":"Identity","Option":"Key"},{"CIMType":"String","Description":"The account to give the permission to.","Name":"Trustee","Option":"Key"},{"CIMType":"String[]","Description":"The access rights granted to the account. Only 'SendAs' is supported.","Name":"AccessRights","Option":"Write"},{"CIMType":"string","Description":"Present ensures the group exists, absent ensures it is removed","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource allows users to retrieve Office 365 Recipient Permissions."},{"ClassName":"MSFT_EXORemoteDomain","Parameters":[{"CIMType":"String","Description":"Specify the Identity for the RemoteDomain.","Name":"Identity","Option":"Key"},{"CIMType":"String","Description":"The DomainName parameter specifies the SMTP domain that you want to establish as a remote domain. A valid value is an SMTP domain (for example, contoso.com). The maximum length is 256 characters.","Name":"DomainName","Option":"Write"},{"CIMType":"String","Description":"Specify if the RemoteDomain should exist or not.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"String","Description":"The AllowedOOFType parameter specifies the type of automatic replies or out-of-office (also known as OOF) notifications than can be sent to recipients in the remote domain. Valid values are: External, ExternalLegacy, InternalLegacy or None","Name":"AllowedOOFType","Option":"Write","ValueMap":["External","ExternalLegacy","InternalLegacy","None"],"Values":["External","ExternalLegacy","InternalLegacy","None"]},{"CIMType":"Boolean","Description":"The AutoForwardEnabled parameter specifies whether to allow messages that are auto-forwarded by client email programs in your organization.","Name":"AutoForwardEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The AutoReplyEnabled parameter specifies whether to allow messages that are automatic replies from client email programs in your organization (for example, automatic reply messages that are generated by rules in Outlook).","Name":"AutoReplyEnabled","Option":"Write"},{"CIMType":"String","Description":"The ByteEncoderTypeFor7BitCharsets parameter specifies the 7-bit transfer encoding method for MIME format for messages sent to this remote domain.","Name":"ByteEncoderTypeFor7BitCharsets","Option":"Write","ValueMap":["Use7Bit","UseQP","UseBase64","UseQPHtmlDetectTextPlain","UseBase64HtmlDetectTextPlain","UseQPHtml7BitTextPlain","UseBase64Html7BitTextPlain","Undefined"],"Values":["Use7Bit","UseQP","UseBase64","UseQPHtmlDetectTextPlain","UseBase64HtmlDetectTextPlain","UseQPHtml7BitTextPlain","UseBase64Html7BitTextPlain","Undefined"]},{"CIMType":"String","Description":"The CharacterSet parameter specifies a character set for MIME messages without defined character sets that are sent from your organization to recipients in the remote domain.","Name":"CharacterSet","Option":"Write"},{"CIMType":"String","Description":"The ContentType parameter specifies the outbound message content type and formatting.","Name":"ContentType","Option":"Write","ValueMap":["MimeHtmlText","MimeText","MimeHtml"],"Values":["MimeHtmlText","MimeText","MimeHtml"]},{"CIMType":"Boolean","Description":"The DeliveryReportEnabled parameter specifies whether to allow delivery reports from client software in your organization to recipients in the remote domain.","Name":"DeliveryReportEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The DisplaySenderName parameter specifies whether to show the sender's Display Name in the From email address for messages sent to recipients in the remote domain.","Name":"DisplaySenderName","Option":"Write"},{"CIMType":"Boolean","Description":"The IsInternal parameter specifies whether the recipients in the remote domain are considered to be internal recipients.","Name":"IsInternal","Option":"Write"},{"CIMType":"string","Description":"The LineWrapSize parameter specifies the line-wrap size for messages to recipients in the remote domain. Valid values are an integer from 0 through 132 or the value to unlimited. The default value is unlimited.","Name":"LineWrapSize","Option":"Write"},{"CIMType":"Boolean","Description":"The MeetingForwardNotificationEnabled parameter specifies whether to enable meeting forward notifications for recipients in the remote domain.","Name":"MeetingForwardNotificationEnabled","Option":"Write"},{"CIMType":"String","Description":"The Name parameter specifies a unique name for the remote domain object. The maximum length is 64 characters. If the value contains spaces, enclose the value in quotation marks.","Name":"Name","Option":"Write"},{"CIMType":"Boolean","Description":"The NDREnabled parameter specifies whether to allow non-delivery reports (also known NDRs or bounce messages) from your organization to recipients in the remote domain.","Name":"NDREnabled","Option":"Write"},{"CIMType":"String","Description":"The NonMimeCharacterSet parameter specifies a character set for plain text messages without defined character sets that are sent from your organization to recipients in the remote domain.","Name":"NonMimeCharacterSet","Option":"Write"},{"CIMType":"String","Description":"The PreferredInternetCodePageForShiftJis parameter specifies the specific code page to use for Shift JIS character encoding in messages that are sent to recipients in the remote domain.","Name":"PreferredInternetCodePageForShiftJis","Option":"Write","ValueMap":["50220","50221","50222","Undefined"],"Values":["50220","50221","50222","Undefined"]},{"CIMType":"sint32","Description":"The RequiredCharsetCoverage parameter specifies a percentage threshold for characters in a message that must match to apply your organization's preferred character set before switching to automatic character set detection.","Name":"RequiredCharsetCoverage","Option":"Write"},{"CIMType":"Boolean","Description":"The TargetDeliveryDomain parameter specifies whether the remote domain is used in cross-forest deployments to generate target email addresses for new mail users that represent users in the other organization (for example, all mailboxes hosted on Exchange Online are represented as mail users in your on-premises organization).","Name":"TargetDeliveryDomain","Option":"Write"},{"CIMType":"Boolean","Description":"The TNEFEnabled parameter specifies whether Transport Neutral Encapsulation Format (TNEF) message encoding is used on messages sent to the remote domain.","Name":"TNEFEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The TrustedMailInboundEnabled parameter specifies whether messages from senders in the remote domain are treated as trusted messages.","Name":"TrustedMailInboundEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The TrustedMailOutboundEnabled parameter specifies whether messages sent to recipients in the remote domain are treated as trusted messages.","Name":"TrustedMailOutboundEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The UseSimpleDisplayName parameter specifies whether the sender's simple display name is used for the From email address in messages sent to recipients in the remote domain.","Name":"UseSimpleDisplayName","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures the Remote Email Domains in Exchange Online."},{"ClassName":"MSFT_EXOReportSubmissionPolicy","Parameters":[{"CIMType":"String","Description":"Specifies the resource is a single instance, the value must be 'Yes'.","Name":"IsSingleInstance","Option":"Key","ValueMap":["Yes"],"Values":["Yes"]},{"CIMType":"Boolean","Description":"The DisableQuarantineReportingOption parameter allows or prevents users from reporting messages in quarantine.","Name":"DisableQuarantineReportingOption","Option":"Write"},{"CIMType":"Boolean","Description":"The EnableCustomNotificationSender parameter specifies whether a custom sender email address is used for result messages after an admin reviews and marks the reported messages as junk, not junk, or phishing.","Name":"EnableCustomNotificationSender","Option":"Write"},{"CIMType":"Boolean","Description":"The EnableOrganizationBranding parameter specifies whether to show the company logo in the footer of result messages that users receive after an admin reviews and marks the reported messages as junk, not junk, or phishing.","Name":"EnableOrganizationBranding","Option":"Write"},{"CIMType":"Boolean","Description":"The EnableReportToMicrosoft parameter specifies whether Microsoft integrated reporting experience is enabled or disabled.","Name":"EnableReportToMicrosoft","Option":"Write"},{"CIMType":"Boolean","Description":"The EnableThirdPartyAddress parameter specifies whether you're using third-party reporting tools in Outlook instead of Microsoft tools to send messages to the reporting mailbox in Exchange Online.","Name":"EnableThirdPartyAddress","Option":"Write"},{"CIMType":"Boolean","Description":"The EnableUserEmailNotification parameter species whether users receive result messages after an admin reviews and marks the reported messages as junk, not junk, or phishing.","Name":"EnableUserEmailNotification","Option":"Write"},{"CIMType":"String","Description":"The JunkReviewResultMessage parameter specifies the custom text to use in result messages after an admin reviews and marks the reported messages as junk.","Name":"JunkReviewResultMessage","Option":"Write"},{"CIMType":"String","Description":"The NotJunkReviewResultMessage parameter specifies the custom text to use in result messages after an admin reviews and marks the reported messages as not junk.","Name":"NotJunkReviewResultMessage","Option":"Write"},{"CIMType":"String","Description":"The NotificationFooterMessage parameter specifies the custom footer text to use in email notifications after an admin reviews and marks the reported messages as junk, not junk, or phishing.","Name":"NotificationFooterMessage","Option":"Write"},{"CIMType":"String","Description":"The NotificationSenderAddress parameter specifies the sender email address to use in result messages after an admin reviews and marks the reported messages as junk, not junk, or phishing.","Name":"NotificationSenderAddress","Option":"Write"},{"CIMType":"String","Description":"The PhishingReviewResultMessage parameter specifies the custom text to use in result messages after an admin reviews and marks the reported messages as phishing.","Name":"PhishingReviewResultMessage","Option":"Write"},{"CIMType":"String","Description":"The PostSubmitMessage parameter specifies the custom pop-up message text to use in Outlook notifications after users report messages.","Name":"PostSubmitMessage","Option":"Write"},{"CIMType":"Boolean","Description":"The PostSubmitMessageEnabled parameter enables or disables the pop-up Outlook notifications that users see after they report messages using Microsoft reporting tools.","Name":"PostSubmitMessageEnabled","Option":"Write"},{"CIMType":"String","Description":"The PostSubmitMessage parameter parameter specifies the custom pop-up message title to use in Outlook notifications after users report messages.","Name":"PostSubmitMessageTitle","Option":"Write"},{"CIMType":"String","Description":"The PreSubmitMessage parameter specifies the custom pop-up message text to use in Outlook notifications before users report messages. ","Name":"PreSubmitMessage","Option":"Write"},{"CIMType":"Boolean","Description":"The PreSubmitMessageEnabled parameter enables or disables the pop-up Outlook notifications that users see before they report messages using Microsoft reporting tools.","Name":"PreSubmitMessageEnabled","Option":"Write"},{"CIMType":"String","Description":"The PreSubmitMessage parameter parameter specifies the custom pop-up message title to use in Outlook notifications before users report messages.","Name":"PreSubmitMessageTitle","Option":"Write"},{"CIMType":"String[]","Description":"The ReportJunkAddresses parameter specifies the email address of the reporting mailbox in Exchange Online to receive user reported messages in reporting in Outlook using Microsoft or third-party reporting tools in Outlook.","Name":"ReportJunkAddresses","Option":"Write"},{"CIMType":"Boolean","Description":"The ReportJunkToCustomizedAddress parameter specifies whether to send user reported messages from Outlook (using Microsoft or third-party reporting tools) to the reporting mailbox as part of reporting in Outlook. ","Name":"ReportJunkToCustomizedAddress","Option":"Write"},{"CIMType":"String[]","Description":"The ReportNotJunkAddresses parameter specifies the email address of the reporting mailbox in Exchange Online to receive user reported messages in reporting in Outlook using Microsoft or third-party reporting tools in Outlook.","Name":"ReportNotJunkAddresses","Option":"Write"},{"CIMType":"Boolean","Description":"The ReportNotJunkToCustomizedAddress parameter specifies whether to send user reported messages from Outlook (using Microsoft or third-party reporting tools) to the reporting mailbox as part of reporting in Outlook.","Name":"ReportNotJunkToCustomizedAddress","Option":"Write"},{"CIMType":"String[]","Description":"The ReportPhishAddresses parameter specifies the email address of the reporting mailbox in Exchange Online to receive user reported messages in reporting in Outlook using Microsoft or third-party reporting tools in Outlook.","Name":"ReportPhishAddresses","Option":"Write"},{"CIMType":"Boolean","Description":"The ReportPhishToCustomizedAddress parameter specifies whether to send user reported messages from Outlook (using Microsoft or third-party reporting tools) to the reporting mailbox as part of reporting in Outlook.","Name":"ReportPhishToCustomizedAddress","Option":"Write"},{"CIMType":"String[]","Description":"Use the ThirdPartyReportAddresses parameter to specify the email address of the reporting mailbox when you're using a third-party product for user submissions instead of reporting in Outlook.","Name":"ThirdPartyReportAddresses","Option":"Write"},{"CIMType":"Boolean","Description":"TBD","Name":"ReportChatMessageEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"TBD","Name":"ReportChatMessageToCustomizedAddressEnabled","Option":"Write"},{"CIMType":"String","Description":"Specifies if this report submission policy should exist.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Create or modify an EXOReportSubmissionPolicy in your cloud-based organization."},{"ClassName":"MSFT_EXOReportSubmissionRule","Parameters":[{"CIMType":"String","Description":"Specifies the resource is a single instance, the value must be 'Yes'.","Name":"IsSingleInstance","Option":"Key","ValueMap":["Yes"],"Values":["Yes"]},{"CIMType":"String","Description":"The Identity parameter specifies the report submission rule that you want to modify.","Name":"Identity","Option":"Write"},{"CIMType":"String","Description":"The Comments parameter specifies informative comments for the rule, such as what the rule is used for or how it has changed over time.","Name":"Comments","Option":"Write"},{"CIMType":"String[]","Description":"The SentTo parameter specifies the email address of the reporting mailbox in Exchange Online where user reported messages are sent.","Name":"SentTo","Option":"Write"},{"CIMType":"String","Description":"Specifies if this report submission rule should exist.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Create or modify an EXOReportSubmissionRule in your cloud-based organization."},{"ClassName":"MSFT_EXOResourceConfiguration","Parameters":[{"CIMType":"String","Description":"Only valid value is 'Yes'.","Name":"IsSingleInstance","Option":"Key","ValueMap":["Yes"],"Values":["Yes"]},{"CIMType":"String[]","Description":"The ResourcePropertySchema parameter specifies the custom resource property that you want to make available to room or equipment mailboxes. This parameter uses the syntax Room/<Text> or Equipment/<Text> where the <Text> value doesn't contain spaces. For example, Room/Whiteboard or Equipment/Van.","Name":"ResourcePropertySchema","Option":"Write"},{"CIMType":"String","Description":"Specifies if this Outbound connector should exist.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Modify the resource Configuration policy in your cloud-based organization."},{"ClassName":"MSFT_EXORetentionPolicy","Parameters":[{"CIMType":"String","Description":"The Identity parameter specifies the name, distinguished name (DN), or GUID of the retention policy.","Name":"Identity","Option":"Key"},{"CIMType":"Boolean","Description":"The IsDefault switch specifies that this retention policy is the default retention policy. You don't need to specify a value with this switch.","Name":"IsDefault","Option":"Write"},{"CIMType":"Boolean","Description":"The IsDefaultArbitrationMailbox switch configures this policy as the default retention policy for arbitration mailboxes in your Exchange Online organization. You don't need to specify a value with this switch.","Name":"IsDefaultArbitrationMailbox","Option":"Write"},{"CIMType":"String","Description":"The Name parameter specifies a unique name for the retention policy.","Name":"Name","Option":"Write"},{"CIMType":"String","Description":"The RetentionId parameter specifies the identity of the retention policy to make sure mailboxes moved between two Exchange organizations continue to have the same retention policy applied to them.","Name":"RetentionId","Option":"Write"},{"CIMType":"String[]","Description":"The RetentionPolicyTagLinks parameter specifies the identity of retention policy tags to associate with the retention policy. Mailboxes that get a retention policy applied have retention tags linked with that retention policy.","Name":"RetentionPolicyTagLinks","Option":"Write"},{"CIMType":"String","Description":"Specifies if this report submission rule should exist.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures an Exchange Online Retention Policy."},{"ClassName":"MSFT_EXORetentionPolicyTag","Parameters":[{"CIMType":"String","Description":"The Identity parameter specifies the name of the tag.","Name":"Identity","Option":"Key"},{"CIMType":"String","Description":"The Description parameter specifies a comment for the tag.","Name":"Comment","Option":"Write"},{"CIMType":"UInt32","Description":"The AgeLimitForRetention parameter specifies the age at which retention is enforced on an item. The age limit corresponds to the number of days from the date the item was delivered, or the date an item was created if it wasn't delivered. If this parameter isn't present and the RetentionEnabled parameter is set to $true, an error is returned.","Name":"AgeLimitForRetention","Option":"Write"},{"CIMType":"String","Description":"The MessageClass parameter specifies the message type to which the tag applies. If not specified, the default value is set to *.","Name":"MessageClass","Option":"Write"},{"CIMType":"Boolean","Description":"The MustDisplayCommentEnabled parameter specifies whether the comment can be hidden. The default value is $true.","Name":"MustDisplayCommentEnabled","Option":"Write"},{"CIMType":"String","Description":"The RetentionAction parameter specifies the action for the retention policy.","Name":"RetentionAction","Option":"Write"},{"CIMType":"Boolean","Description":"The RetentionEnabled parameter specifies whether the tag is enabled. When set to $false, the tag is disabled, and no retention action is taken on messages that have the tag applied.","Name":"RetentionEnabled","Option":"Write"},{"CIMType":"String","Description":"The Type parameter specifies the type of retention tag being created.","Name":"Type","Option":"Write"},{"CIMType":"string","Description":"Present ensures the instance exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Absent","Present"],"Values":["Absent","Present"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Manage Exchange Online retention policy tags."},{"ClassName":"MSFT_EXORoleAssignmentPolicy","Parameters":[{"CIMType":"String","Description":"The Name parameter specifies the new name of the assignment policy. The maximum length is 64 characters.","Name":"Name","Option":"Key"},{"CIMType":"String","Description":"The Description parameter specifies the description that's displayed when the role assignment policy is viewed using the Get-RoleAssignmentPolicy cmdlet.","Name":"Description","Option":"Write"},{"CIMType":"Boolean","Description":"The IsDefault switch makes the assignment policy the default assignment policy.","Name":"IsDefault","Option":"Write"},{"CIMType":"String[]","Description":"The Roles parameter specifies the management roles to assign to the role assignment policy when it's created.","Name":"Roles","Option":"Write"},{"CIMType":"String","Description":"Specify if the Role Assignment Policy should exist or not.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures Role Assignment Policies in Exchange Online."},{"ClassName":"MSFT_EXORoleGroup","Parameters":[{"CIMType":"String","Description":"The Name parameter specifies the name of the role. The maximum length of the name is 64 characters.","Name":"Name","Option":"Key"},{"CIMType":"String","Description":"The Description parameter specifies the description that's displayed when the role group is viewed using the Get-RoleGroup cmdlet. Enclose the description in quotation marks","Name":"Description","Option":"Write"},{"CIMType":"String[]","Description":"The Members parameter specifies the mailboxes or mail-enabled USGs to add as a member of the role group. You can identify the user or group by the name, DN, or primary SMTP address value. You can specify multiple members separated by commas (Value1,Value2,...ValueN). If the value contains spaces, enclose the value in quotation marks","Name":"Members","Option":"Write"},{"CIMType":"String[]","Description":"The Roles parameter specifies the management roles to assign to the role group when it's created. If a role name contains spaces, enclose the name in quotation marks. If you want to assign more that one role, separate the role names with commas.","Name":"Roles","Option":"Write"},{"CIMType":"String","Description":"Specify if the Role Group should exist or not.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures Role Groups in Exchange Online."},{"ClassName":"MSFT_EXOSafeAttachmentPolicy","Parameters":[{"CIMType":"String","Description":"The Identity parameter specifies the name of the SafeAttachmentpolicy that you want to modify.","Name":"Identity","Option":"Key"},{"CIMType":"String","Description":"The Action parameter specifies the action for the Safe Attachments policy.","Name":"Action","Option":"Write","ValueMap":["Block","Replace","Allow","DynamicDelivery"],"Values":["Block","Replace","Allow","DynamicDelivery"]},{"CIMType":"String","Description":"The AdminDisplayName parameter specifies a description for the policy.","Name":"AdminDisplayName","Option":"Write"},{"CIMType":"Boolean","Description":"Specify if this policy should be enabled. Default is $true.","Name":"Enable","Option":"Write"},{"CIMType":"String","Description":"The QuarantineTag specifies the quarantine policy that's used on messages that are quarantined as malware by Safe Attachments.","Name":"QuarantineTag","Option":"Write"},{"CIMType":"Boolean","Description":"The Redirect parameter specifies whether to send detected malware attachments to another email address. Valid values are: $true: Malware attachments are sent to the email address specified by the RedirectAddress parameter. $false: Malware attachments aren't sent to another email address. This is the default value.","Name":"Redirect","Option":"Write"},{"CIMType":"String","Description":"The RedirectAddress parameter specifies the email address where detected malware attachments are sent when the Redirect parameter is set to the value $true.","Name":"RedirectAddress","Option":"Write"},{"CIMType":"String","Description":"Specify if this policy should exist or not.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures the settings of the Safe Attachments policies\nin your cloud-based organization."},{"ClassName":"MSFT_EXOSafeAttachmentRule","Parameters":[{"CIMType":"String","Description":"The Identity parameter specifies the name of the SafeAttachment rule that you want to modify.","Name":"Identity","Option":"Key"},{"CIMType":"String","Description":"The SafeAttachmentPolicy parameter specifies the name of the SafeAttachment policy that's associated with the SafeAttachment rule.","Name":"SafeAttachmentPolicy","Option":"Required"},{"CIMType":"Boolean","Description":"Specify if this rule should be enabled. Default is $true.","Name":"Enabled","Option":"Write"},{"CIMType":"uint32","Description":"The Priority parameter specifies a priority value for the rule that determines the order of rule processing. A lower integer value indicates a higher priority, the value 0 is the highest priority, and rules can't have the same priority value.","Name":"Priority","Option":"Write"},{"CIMType":"String","Description":"The Comments parameter specifies informative comments for the rule, such as what the rule is used for or how it has changed over time. The length of the comment can't exceed 1024 characters.","Name":"Comments","Option":"Write"},{"CIMType":"String[]","Description":"The ExceptIfRecipientDomainIs parameter specifies an exception that looks for recipients with email address in the specified domains. You can specify multiple domains separated by commas.","Name":"ExceptIfRecipientDomainIs","Option":"Write"},{"CIMType":"String[]","Description":"The ExceptIfSentTo parameter specifies an exception that looks for recipients in messages. You can use any value that uniquely identifies the recipient.","Name":"ExceptIfSentTo","Option":"Write"},{"CIMType":"String[]","Description":"The ExceptIfSentToMemberOf parameter specifies an exception that looks for messages sent to members of groups. You can use any value that uniquely identifies the group.","Name":"ExceptIfSentToMemberOf","Option":"Write"},{"CIMType":"String[]","Description":"The RecipientDomainIs parameter specifies a condition that looks for recipients with email address in the specified domains. You can specify multiple domains separated by commas.","Name":"RecipientDomainIs","Option":"Write"},{"CIMType":"String[]","Description":"The SentTo parameter specifies a condition that looks for recipients in messages. You can use any value that uniquely identifies the recipient.","Name":"SentTo","Option":"Write"},{"CIMType":"String[]","Description":"The SentToMemberOf parameter looks for messages sent to members of groups. You can use any value that uniquely identifies the group.","Name":"SentToMemberOf","Option":"Write"},{"CIMType":"String","Description":"Specify if this rule should exist or not.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures an Safe Attachment Rule in Exchange Online."},{"ClassName":"MSFT_EXOSafeLinksPolicy","Parameters":[{"CIMType":"String","Description":"The Identity parameter specifies the SafeLinks policy that you want to modify.","Name":"Identity","Option":"Key"},{"CIMType":"String","Description":"Specify if this policy should exist or not.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"String","Description":"The AdminDisplayName parameter specifies a description for the policy.","Name":"AdminDisplayName","Option":"Write"},{"CIMType":"Boolean","Description":"The AllowClickThrough parameter specifies whether to allow users to click through to the original URL on warning pages.","Name":"AllowClickThrough","Option":"Write"},{"CIMType":"String","Description":"The custom notification text specifies the customized notification text to show to users.","Name":"CustomNotificationText","Option":"Write"},{"CIMType":"Boolean","Description":"The DeliverMessageAfterScan parameter specifies whether to deliver email messages only after Safe Links scanning is complete. Valid values are: $true: Wait until Safe Links scanning is complete before delivering the message. $false: If Safe Links scanning can't complete, deliver the message anyway. This is the default value.","Name":"DeliverMessageAfterScan","Option":"Write"},{"CIMType":"String[]","Description":"The DoNotRewriteUrls parameter specifies a URL that's skipped by Safe Links scanning. You can specify multiple values separated by commas.","Name":"DoNotRewriteUrls","Option":"Write"},{"CIMType":"Boolean","Description":"The EnableForInternalSenders parameter specifies whether the Safe Links policy is applied to messages sent between internal senders and internal recipients within the same Exchange Online organization.","Name":"EnableForInternalSenders","Option":"Write"},{"CIMType":"Boolean","Description":"The EnableOrganizationBranding parameter specifies whether your organization's logo is displayed on Safe Links warning and notification pages.","Name":"EnableOrganizationBranding","Option":"Write"},{"CIMType":"Boolean","Description":"The EnableSafeLinksForOffice parameter specifies whether to enable Safe Links protection for supported Office desktop, mobile, or web apps.","Name":"EnableSafeLinksForOffice","Option":"Write"},{"CIMType":"Boolean","Description":"The EnableSafeLinksForTeams parameter specifies whether Safe Links is enabled for Microsoft Teams. Valid values are: $true: Safe Links is enabled for Teams. If a protected user clicks a malicious link in a Teams conversation, group chat, or from channels, a warning page will appear in the default web browser. $false: Safe Links isn't enabled for Teams. This is the default value.","Name":"EnableSafeLinksForTeams","Option":"Write"},{"CIMType":"Boolean","Description":"The EnableSafeLinksForEmail parameter specifies whether to enable Safe Links protection for email messages. Valid values are: $true: Safe Links is enabled for email. When a user clicks a link in an email, the link is checked by Safe Links. If the link is found to be malicious, a warning page appears in the default web browser. $false: Safe Links isn't enabled for email. This is the default value.","Name":"EnableSafeLinksForEmail","Option":"Write"},{"CIMType":"Boolean","Description":"The DisableUrlRewrite parameter specifies whether to rewrite (wrap) URLs in email messages. Valid values are: $true: URLs in messages are not rewritten, but messages are still scanned by Safe Links prior to delivery. Time of click checks on links are done using the Safe Links API in supported Outlook clients (currently, Outlook for Windows and Outlook for Mac). Typically, we don't recommend using this value. $false: URLs in messages are rewritten. API checks still occur on unwrapped URLs in supported clients if the user is in a valid Safe Links policy. This is the default value.","Name":"DisableUrlRewrite","Option":"Write"},{"CIMType":"Boolean","Description":"The ScanUrls parameter specifies whether to enable or disable the scanning of links in email messages. Valid values are: $true: Scanning links in email messages is enabled. $false: Scanning links in email messages is disabled. This is the default value.","Name":"ScanUrls","Option":"Write"},{"CIMType":"Boolean","Description":"The TrackClicks parameter specifies whether to track user clicks related to Safe Links protection of links.","Name":"TrackClicks","Option":"Write"},{"CIMType":"Boolean","Description":"The UseTranslatedNotificationText specifies whether to use Microsoft Translator to automatically localize the custom notification text that you specified with the CustomNotificationText parameter.","Name":"UseTranslatedNotificationText","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures the settings of the SafeLinks policies\nin your cloud-based organization."},{"ClassName":"MSFT_EXOSafeLinksRule","Parameters":[{"CIMType":"String","Description":"The Identity parameter specifies the name of the SafeLink rule that you want to modify.","Name":"Identity","Option":"Key"},{"CIMType":"String","Description":"Specify if this rule should exist or not.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"String","Description":"The SafeLinksPolicy parameter specifies the name of the SafeLink policy that's associated with the SafeLinksing rule.","Name":"SafeLinksPolicy","Option":"Required"},{"CIMType":"Boolean","Description":"Specify if this rule should be enabled. Default is $true.","Name":"Enabled","Option":"Write"},{"CIMType":"uint32","Description":"The Priority parameter specifies a priority value for the rule that determines the order of rule processing. A lower integer value indicates a higher priority, the value 0 is the highest priority, and rules can't have the same priority value.","Name":"Priority","Option":"Write"},{"CIMType":"String","Description":"The Comments parameter specifies informative comments for the rule, such as what the rule is used for or how it has changed over time. The length of the comment can't exceed 1024 characters.","Name":"Comments","Option":"Write"},{"CIMType":"String[]","Description":"The ExceptIfRecipientDomainIs parameter specifies an exception that looks for recipients with email address in the specified domains. You can specify multiple domains separated by commas.","Name":"ExceptIfRecipientDomainIs","Option":"Write"},{"CIMType":"String[]","Description":"The ExceptIfSentTo parameter specifies an exception that looks for recipients in messages. You can use any value that uniquely identifies the recipient.","Name":"ExceptIfSentTo","Option":"Write"},{"CIMType":"String[]","Description":"The ExceptIfSentToMemberOf parameter specifies an exception that looks for messages sent to members of groups. You can use any value that uniquely identifies the group.","Name":"ExceptIfSentToMemberOf","Option":"Write"},{"CIMType":"String[]","Description":"The RecipientDomainIs parameter specifies a condition that looks for recipients with email address in the specified domains. You can specify multiple domains separated by commas.","Name":"RecipientDomainIs","Option":"Write"},{"CIMType":"String[]","Description":"The SentTo parameter specifies a condition that looks for recipients in messages. You can use any value that uniquely identifies the recipient.","Name":"SentTo","Option":"Write"},{"CIMType":"String[]","Description":"The SentToMemberOf parameter looks for messages sent to members of groups. You can use any value that uniquely identifies the group.","Name":"SentToMemberOf","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures an SafeLinks Rule in Exchange Online."},{"ClassName":"MSFT_EXOSecOpsOverrideRule","Parameters":[{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"},{"CIMType":"String","Description":"The unique identifier (GUID or name) of the override rule. This parameter is mandatory.","Name":"Identity","Option":"Key"},{"CIMType":"String","Description":"An optional comment for the override rule.","Name":"Comment","Option":"Write"},{"CIMType":"String","Description":"The SecOps simulation override policy that's associated with the rule.","Name":"Policy","Option":"Write"},{"CIMType":"String","Description":"Ensures the presence or absence of the configuration.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]}],"Description":"This resource allows users to manage resource to modify SecOps\noverride rules to bypass Exchange Online Protection filtering."},{"ClassName":"MSFT_EXOServicePrincipal","Parameters":[{"CIMType":"string","Description":"The AppName parameter specifies the corresponding friendly name of the unique AppId GUID value for the service principal.","Name":"AppName","Option":"Key"},{"CIMType":"string","Description":"The DisplayName parameter specifies the friendly name of the service principal.","Name":"DisplayName","Option":"Write"},{"CIMType":"string","Description":"The Identity parameter specifies the service principal that you want to view.","Name":"Identity","Option":"Write"},{"CIMType":"string","Description":"The AppId parameter specifies the unique AppId GUID value for the service principal.","Name":"AppId","Option":"Write"},{"CIMType":"string","Description":"Present ensures the group exists, absent ensures it is removed","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resources configures an EXO Service Principal."},{"ClassName":"MSFT_EXOSharedMailbox","Parameters":[{"CIMType":"string","Description":"The display name of the Shared Mailbox","Name":"DisplayName","Option":"Key"},{"CIMType":"string","Description":"The unique identifier of the Shared Mailbox","Name":"Identity","Option":"Write"},{"CIMType":"string","Description":"The primary email address of the Shared Mailbox","Name":"PrimarySMTPAddress","Option":"Write"},{"CIMType":"string","Description":"The alias of the Shared Mailbox","Name":"Alias","Option":"Write"},{"CIMType":"string[]","Description":"The EmailAddresses parameter specifies all the email addresses (proxy addresses) for the Shared Mailbox","Name":"EmailAddresses","Option":"Write"},{"CIMType":"boolean","Description":"The AuditEnabled parameter specifies whether to enable or disable mailbox audit logging for the mailbox. If auditing is enabled, actions specified in the AuditAdmin, AuditDelegate, and AuditOwner parameters are logged","Name":"AuditEnabled","Option":"Write"},{"CIMType":"string","Description":"Present ensures the group exists, absent ensures it is removed","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource allows users to create Office 365 Shared Mailboxes."},{"ClassName":"MSFT_EXOSharingPolicy","Parameters":[{"CIMType":"String","Description":"The Name parameter specifies the unique name of the sharing policy. The maximum length is 64 characters.","Name":"Name","Option":"Key"},{"CIMType":"Boolean","Description":"The Default switch specifies that the sharing policy is the default sharing policy for all mailboxes.","Name":"Default","Option":"Write"},{"CIMType":"Boolean","Description":"The Enabled parameter specifies whether to enable the sharing policy. Valid values for this parameter are $true or $false.","Name":"Enabled","Option":"Write"},{"CIMType":"String[]","Description":"The Domains parameter specifies domains to which this policy applies and the sharing policy action.","Name":"Domains","Option":"Write"},{"CIMType":"String","Description":"Specify if the Sharing Policy should exist or not.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures Sharing Policies in Exchange Online."},{"ClassName":"MSFT_EXOSmtpDaneInbound","Parameters":[{"CIMType":"String","Description":"Specifies the accepted domain in the Exchange Online organization where you want to enable SMTP DANE","Name":"DomainName","Option":"Key"},{"CIMType":"string","Description":"Present ensures SmtpDaneInbound is enabled, absent ensures it is disabled.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures SmtpDaneInbound for an accepted domain in Exchange Online.\n\nNote that enabling DANE requires that the accepted domain is configured for DNSSEC and the public MX-record must be updated correspondingly."},{"ClassName":"MSFT_EXOSweepRule","Parameters":[{"CIMType":"String","Description":"The Name parameter specifies the name of the Sweep rule. If the value contains spaces, enclose the value in quotation marks.","Name":"Name","Option":"Key"},{"CIMType":"String","Description":"The Provider parameter specifies the provider for the Sweep rule. If the value contains spaces, enclose the value in quotation marks. For Sweep rules that you create in Outlook on the web, the default value is Exchange16.","Name":"Provider","Option":"Write"},{"CIMType":"String","Description":"The DestinationFolder parameter specifies an action for the Sweep rule that moves messages to the specified folder.","Name":"DestinationFolder","Option":"Write"},{"CIMType":"Boolean","Description":"The Enabled parameter specifies whether the Sweep rule is enabled or disabled.","Name":"Enabled","Option":"Write"},{"CIMType":"UInt32","Description":"The KeepForDays parameter specifies an action for the Sweep rule that specifies the number of days to keep messages that match the conditions of the rule. After the number of days have passed, the messages are moved to the location that's specified by the DestinationFolder parameter (by default, the Deleted Items folder). You can't use this parameter with the KeepLatest parameter and the Sweep rule must contain a KeepForDays or KeepLatest parameter value.","Name":"KeepForDays","Option":"Write"},{"CIMType":"UInt32","Description":"The KeepLatest parameter specifies an action for the Sweep rule that specifies the number of messages to keep that match the conditions of the rule. After the number of messages is exceeded, the oldest messages are moved to the location that's specified by the DestinationFolder parameter (by default, the Deleted Items folder). You can't use this parameter with the KeepForDays parameter and the Sweep rule must contain a KeepForDays or KeepLatest parameter value.","Name":"KeepLatest","Option":"Write"},{"CIMType":"String","Description":"The Mailbox parameter specifies the mailbox where you want to create the Sweep rule. You can use any value that uniquely identifies the mailbox.","Name":"Mailbox","Option":"Write"},{"CIMType":"String","Description":"The SenderName parameter specifies a condition for the Sweep rule that looks for the specified sender in messages. For internal senders, you can use any value that uniquely identifies the sender.","Name":"SenderName","Option":"Write"},{"CIMType":"String","Description":"The SourceFolder parameter specifies a condition for the Sweep rule that looks for messages in the specified folder.","Name":"SourceFolder","Option":"Write"},{"CIMType":"String","Description":"The SystemCategory parameter specifies a condition for the sweep rule that looks for messages with the specified system category. System categories are available to all mailboxes in the organization.","Name":"SystemCategory","Option":"Write"},{"CIMType":"String","Description":"Specify if this rule should exist or not.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Use this resource to create Sweep rules in mailboxes. Sweep rules run at regular intervals to help keep your Inbox clean."},{"ClassName":"MSFT_EXOTeamsProtectionPolicy","Parameters":[{"CIMType":"String","Description":"Only valid value is 'Yes'.","Name":"IsSingleInstance","Option":"Key","ValueMap":["Yes"],"Values":["Yes"]},{"CIMType":"String","Description":"The AdminDisplayName parameter specifies a description for the policy.","Name":"AdminDisplayName","Option":"Write"},{"CIMType":"String","Description":"The HighConfidencePhishQuarantineTag parameter specifies the quarantine policy that's used for messages that are quarantined as high confidence phishing by ZAP for Teams.","Name":"HighConfidencePhishQuarantineTag","Option":"Write","ValueMap":["AdminOnlyAccessPolicy","DefaultFullAccessPolicy","DefaultFullAccessWithNotificationPolicy"],"Values":["AdminOnlyAccessPolicy","DefaultFullAccessPolicy","DefaultFullAccessWithNotificationPolicy"]},{"CIMType":"String","Description":"The MalwareQuarantineTag parameter specifies the quarantine policy that's used for messages that are quarantined as malware by ZAP for Teams.","Name":"MalwareQuarantineTag","Option":"Write","ValueMap":["AdminOnlyAccessPolicy","DefaultFullAccessPolicy","DefaultFullAccessWithNotificationPolicy"],"Values":["AdminOnlyAccessPolicy","DefaultFullAccessPolicy","DefaultFullAccessWithNotificationPolicy"]},{"CIMType":"Boolean","Description":"The ZapEnabled parameter specifies whether to enable zero-hour auto purge (ZAP) for malware and high confidence phishing messages in Teams messages.","Name":"ZapEnabled","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Create or modify a TeamsProtectionPolicy in your cloud-based organization."},{"ClassName":"MSFT_EXOTenantAllowBlockListItems","Parameters":[{"CIMType":"String","Description":"The action (allow/block) to take for this list entry","Name":"Action","Option":"Required","ValueMap":["Allow","Block"],"Values":["Allow","Block"]},{"CIMType":"String","Description":"The value that you want to add to the Tenant Allow/Block List based on the ListType parameter value","Name":"Value","Option":"Key"},{"CIMType":"DateTime","Description":"The expiration date of the entry in Coordinated Universal Time (UTC)","Name":"ExpirationDate","Option":"Write"},{"CIMType":"String","Description":"The subtype for this entry","Name":"ListSubType","Option":"Write","ValueMap":["AdvancedDelivery","Submission","Tenant"],"Values":["AdvancedDelivery","Submission","Tenant"]},{"CIMType":"String","Description":"The type of entry to add.","Name":"ListType","Option":"Key","ValueMap":["FileHash","Sender","Url"],"Values":["FileHash","Sender","Url"]},{"CIMType":"String","Description":"Additional information about the object","Name":"Notes","Option":"Write"},{"CIMType":"UInt32","Description":"Number of days after the entry is first used for it to removed","Name":"RemoveAfter","Option":"Write"},{"CIMType":"string","Description":"Present ensures the instance exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Use this resource to manage the Exchange Online Tenant Allow/Block List items."},{"ClassName":"MSFT_EXOTenantAllowBlockListSpoofItems","Parameters":[{"CIMType":"String","Description":"The SpoofedUser parameter specifies the email address or domain for the spoofed sender entry.","Name":"SpoofedUser","Option":"Key"},{"CIMType":"String","Description":"The Action parameter specifies whether is an allowed or blocked spoofed sender entry.","Name":"Action","Option":"Write"},{"CIMType":"String","Description":"Unique identified for the blocked item.","Name":"Identity","Option":"Write"},{"CIMType":"String","Description":"The SendingInfrastructure parameter specifies the source of the messages sent by the spoofed sender that's defined in the SpoofedUser parameter..","Name":"SendingInfrastructure","Option":"Write"},{"CIMType":"String","Description":"The SpoofType parameter specifies whether this is an internal or external spoofed sender entry.","Name":"SpoofType","Option":"Write"},{"CIMType":"string","Description":"Present ensures the instance exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Absent","Present"],"Values":["Absent","Present"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Configures blocked spoofed items in Exchange Online."},{"ClassName":"MSFT_EXOTransportConfig","Parameters":[{"CIMType":"String","Description":"Specifies the resource is a single instance, the value must be 'Yes'.","Name":"IsSingleInstance","Option":"Key","ValueMap":["Yes"],"Values":["Yes"]},{"CIMType":"Boolean","Description":"The AddressBookPolicyRoutingEnabled parameter controls how recipients are resolved in an organization that uses address book policies to create separate virtual organizations within the same Exchange organization.","Name":"AddressBookPolicyRoutingEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"Allow legacy TLS clients","Name":"AllowLegacyTLSClients","Option":"Write"},{"CIMType":"Boolean","Description":"The ClearCategories parameter keeps or removes Microsoft Outlook message categories during content conversion.","Name":"ClearCategories","Option":"Write"},{"CIMType":"Boolean","Description":"The ConvertDisclaimerWrapperToEml parameter specifies whether the original message will be added as a TNEF attachment or a regular EML attachment to a disclaimer.","Name":"ConvertDisclaimerWrapperToEml","Option":"Write"},{"CIMType":"String","Description":"The DSNConversionMode parameter controls how Exchange handles delivery status notifications that are generated by earlier versions of Exchange or other messaging systems.","Name":"DSNConversionMode","Option":"Write"},{"CIMType":"Boolean","Description":"The ExternalDelayDsnEnabled parameter specifies whether a delay delivery status notification (DSN) message should be created for external messages that couldn't be immediately delivered. ","Name":"ExternalDelayDsnEnabled","Option":"Write"},{"CIMType":"String","Description":"The ExternalDsnDefaultLanguage parameter specifies which Exchange server language should be used by default when you create external DSN messages.","Name":"ExternalDsnDefaultLanguage","Option":"Write"},{"CIMType":"Boolean","Description":"The ExternalDsnLanguageDetectionEnabled parameter specifies whether the server should try to send an external DSN message in the same language as the original message that generated the notification.","Name":"ExternalDsnLanguageDetectionEnabled","Option":"Write"},{"CIMType":"String","Description":"The ExternalDsnReportingAuthority parameter specifies the domain in the machine-readable part of external DSN messages. ","Name":"ExternalDsnReportingAuthority","Option":"Write"},{"CIMType":"Boolean","Description":"The ExternalDsnSendHtml parameter specifies whether external DSN messages should be HTML or plain text.","Name":"ExternalDsnSendHtml","Option":"Write"},{"CIMType":"String","Description":"The ExternalPostmasterAddress parameter specifies the email address in the From header field of an external DSN message.","Name":"ExternalPostmasterAddress","Option":"Write"},{"CIMType":"String","Description":"The HeaderPromotionModeSetting parameter specifies whether named properties are created for custom X-headers on messages received.","Name":"HeaderPromotionModeSetting","Option":"Write"},{"CIMType":"Boolean","Description":"The InternalDelayDsnEnabled parameter specifies whether a delay DSN message should be created for messages sent to or from recipients or senders in the same Exchange organization that couldn't be immediately delivered.","Name":"InternalDelayDsnEnabled","Option":"Write"},{"CIMType":"String","Description":"The InternalDsnDefaultLanguage parameter specifies which Exchange server language should be used by default when you create internal DSN messages.","Name":"InternalDsnDefaultLanguage","Option":"Write"},{"CIMType":"Boolean","Description":"The InternalDsnLanguageDetectionEnabled parameter specifies whether the server should try to send an internal DSN message in the same language as the original message that generated the notification.","Name":"InternalDsnLanguageDetectionEnabled","Option":"Write"},{"CIMType":"String","Description":"The InternalDsnReportingAuthority parameter specifies the domain in the machine-readable part of internal DSN messages.","Name":"InternalDsnReportingAuthority","Option":"Write"},{"CIMType":"Boolean","Description":"The InternalDsnSendHtml parameter specifies whether internal DSN messages should be HTML or plain text.","Name":"InternalDsnSendHtml","Option":"Write"},{"CIMType":"SInt32","Description":"The JournalMessageExpirationDays parameter extends the number of days that undeliverable journal reports are queued before they expire.","Name":"JournalMessageExpirationDays","Option":"Write"},{"CIMType":"String","Description":"The JournalingReportNdrTo parameter specifies the email address to which journal reports are sent if the journaling mailbox is unavailable. Once set, it cannot be reset to blank again.","Name":"JournalingReportNdrTo","Option":"Write"},{"CIMType":"String","Description":"The MaxRecipientEnvelopeLimit parameter specifies the maximum number of recipients in a message.","Name":"MaxRecipientEnvelopeLimit","Option":"Write"},{"CIMType":"SInt32","Description":"Reply all storm block duration hours.","Name":"ReplyAllStormBlockDurationHours","Option":"Write"},{"CIMType":"SInt32","Description":"Reply all storm detection minimum recipients.","Name":"ReplyAllStormDetectionMinimumRecipients","Option":"Write"},{"CIMType":"SInt32","Description":"Reply all storm detection minimum replies.","Name":"ReplyAllStormDetectionMinimumReplies","Option":"Write"},{"CIMType":"Boolean","Description":"Reply all storm protection enabled.","Name":"ReplyAllStormProtectionEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The Rfc2231EncodingEnabled parameter specifies whether the RFC 2231 encoding of MIME parameters for outbound messages is enabled in your organization.","Name":"Rfc2231EncodingEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The SmtpClientAuthenticationDisabled parameter specifies whether to disable authenticated SMTP (SMTP AUTH) for the whole organization.","Name":"SmtpClientAuthenticationDisabled","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures the Exchange Online transport\nsettings."},{"ClassName":"MSFT_EXOTransportRule","Parameters":[{"CIMType":"String","Description":"The Name parameter specifies the display name of the transport rule to be created. The maximum length is 64 characters.","Name":"Name","Option":"Key"},{"CIMType":"String","Description":"This parameter specifies a condition or part of a condition for the rule. The name of the corresponding exception parameter starts with ExceptIf.","Name":"ADComparisonAttribute","Option":"Write"},{"CIMType":"String","Description":"This parameter specifies a condition or part of a condition for the rule. The name of the corresponding exception parameter starts with ExceptIf.","Name":"ADComparisonOperator","Option":"Write","ValueMap":["Equal","NotEqual"],"Values":["Equal","NotEqual"]},{"CIMType":"String","Description":"The ActivationDate parameter specifies when the rule starts processing messages. The rule won't take any action on messages until the specified date/time.","Name":"ActivationDate","Option":"Write"},{"CIMType":"String","Description":"The AddManagerAsRecipientType parameter specifies an action that delivers or redirects messages to the user that's defined in the sender's Manager attribute.","Name":"AddManagerAsRecipientType","Option":"Write","ValueMap":["To","Cc","Bcc","Redirect"],"Values":["To","Cc","Bcc","Redirect"]},{"CIMType":"String[]","Description":"The AddToRecipients parameter specifies an action that adds recipients to the To field of messages.","Name":"AddToRecipients","Option":"Write"},{"CIMType":"String[]","Description":"The AnyOfCcHeader parameter specifies a condition that looks for recipients in the Cc field of messages.","Name":"AnyOfCcHeader","Option":"Write"},{"CIMType":"String[]","Description":"The AnyOfCcHeaderMemberOf parameter specifies a condition that looks for group members in the Cc field of messages.","Name":"AnyOfCcHeaderMemberOf","Option":"Write"},{"CIMType":"String[]","Description":"The AnyOfRecipientAddressContainsWords parameter specifies a condition that looks for words in recipient email addresses.","Name":"AnyOfRecipientAddressContainsWords","Option":"Write"},{"CIMType":"String[]","Description":"The AnyOfRecipientAddressMatchesPatterns parameter specifies a condition that looks for text patterns in recipient email addresses by using regular expressions.","Name":"AnyOfRecipientAddressMatchesPatterns","Option":"Write"},{"CIMType":"String[]","Description":"The AnyOfToCcHeader parameter specifies a condition that looks for recipients in the To or Cc fields of messages.","Name":"AnyOfToCcHeader","Option":"Write"},{"CIMType":"String[]","Description":"The AnyOfToCcHeaderMemberOf parameter specifies a condition that looks for group members in the To and Cc fields of messages.","Name":"AnyOfToCcHeaderMemberOf","Option":"Write"},{"CIMType":"String[]","Description":"The AnyOfToHeader parameter specifies a condition that looks for recipients in the To field of messages.","Name":"AnyOfToHeader","Option":"Write"},{"CIMType":"String[]","Description":"The AnyOfToHeaderMemberOf parameter specifies a condition that looks for group members in the To field of messages.","Name":"AnyOfToHeaderMemberOf","Option":"Write"},{"CIMType":"String","Description":"The ApplyClassification parameter specifies an action that applies a message classification to messages. ","Name":"ApplyClassification","Option":"Write"},{"CIMType":"String","Description":"The ApplyHtmlDisclaimerFallbackAction parameter specifies what to do if the HTML disclaimer can't be added to a message.","Name":"ApplyHtmlDisclaimerFallbackAction","Option":"Write","ValueMap":["Wrap","Ignore","Reject"],"Values":["Wrap","Ignore","Reject"]},{"CIMType":"String","Description":"The ApplyHtmlDisclaimerLocation parameter specifies where to insert the HTML disclaimer text in the body of messages.","Name":"ApplyHtmlDisclaimerLocation","Option":"Write","ValueMap":["Append","Prepend"],"Values":["Append","Prepend"]},{"CIMType":"String","Description":"The ApplyHtmlDisclaimerText parameter specifies an action that adds the disclaimer text to messages.","Name":"ApplyHtmlDisclaimerText","Option":"Write"},{"CIMType":"String","Description":"The ApplyRightsProtectionCustomizationTemplate parameter specifies an action that applies a custom branding template for OME encrypted messages.","Name":"ApplyRightsProtectionCustomizationTemplate","Option":"Write"},{"CIMType":"String","Description":"The ApplyRightsProtectionTemplate parameter specifies an action that applies rights management service (RMS) templates to messages. ","Name":"ApplyRightsProtectionTemplate","Option":"Write"},{"CIMType":"String[]","Description":"The AttachmentContainsWords parameter specifies a condition that looks for words in message attachments. ","Name":"AttachmentContainsWords","Option":"Write"},{"CIMType":"String[]","Description":"The AttachmentExtensionMatchesWords parameter specifies a condition that looks for words in the file name extensions of message attachments.","Name":"AttachmentExtensionMatchesWords","Option":"Write"},{"CIMType":"Boolean","Description":"The AttachmentHasExecutableContent parameter specifies a condition that looks for executable content in message attachments.","Name":"AttachmentHasExecutableContent","Option":"Write"},{"CIMType":"Boolean","Description":"The AttachmentIsPasswordProtected parameter specifies a condition that looks for password protected files in messages (because the contents of the file can't be inspected).","Name":"AttachmentIsPasswordProtected","Option":"Write"},{"CIMType":"Boolean","Description":"The AttachmentIsUnsupported parameter specifies a condition that looks for unsupported file types in messages.","Name":"AttachmentIsUnsupported","Option":"Write"},{"CIMType":"String[]","Description":"The AttachmentMatchesPatterns parameter specifies a condition that looks for text patterns in the content of message attachments by using regular expressions.","Name":"AttachmentMatchesPatterns","Option":"Write"},{"CIMType":"String[]","Description":"The AttachmentNameMatchesPatterns parameter specifies a condition that looks for text patterns in the file name of message attachments by using regular expressions.","Name":"AttachmentNameMatchesPatterns","Option":"Write"},{"CIMType":"Boolean","Description":"The AttachmentProcessingLimitExceeded parameter specifies a condition that looks for messages where attachment scanning didn't complete.","Name":"AttachmentProcessingLimitExceeded","Option":"Write"},{"CIMType":"String[]","Description":"The AttachmentPropertyContainsWords parameter specifies a condition that looks for words in the properties of attached Office documents.","Name":"AttachmentPropertyContainsWords","Option":"Write"},{"CIMType":"String","Description":"The AttachmentSizeOver parameter specifies a condition that looks for messages where any attachment is greater than the specified size.","Name":"AttachmentSizeOver","Option":"Write"},{"CIMType":"String[]","Description":"The BetweenMemberOf1 parameter specifies a condition that looks for messages that are sent between group members.","Name":"BetweenMemberOf1","Option":"Write"},{"CIMType":"String[]","Description":"The BetweenMemberOf2 parameter specifies a condition that looks for messages that are sent between group members.","Name":"BetweenMemberOf2","Option":"Write"},{"CIMType":"String[]","Description":"The BlindCopyTo parameter specifies an action that adds recipients to the Bcc field of messages. ","Name":"BlindCopyTo","Option":"Write"},{"CIMType":"String","Description":"The Comments parameter specifies optional descriptive text for the rule. The length of the comment can't exceed 1024 characters.","Name":"Comments","Option":"Write"},{"CIMType":"String[]","Description":"The ContentCharacterSetContainsWords parameter specifies a condition that looks for character set names in messages.","Name":"ContentCharacterSetContainsWords","Option":"Write"},{"CIMType":"String[]","Description":"The CopyTo parameter specifies an action that adds recipients to the Cc field of messages.","Name":"CopyTo","Option":"Write"},{"CIMType":"Boolean","Description":"The DeleteMessage parameter specifies an action that silently drops messages without an NDR.","Name":"DeleteMessage","Option":"Write"},{"CIMType":"String","Description":"The DlpPolicy parameter specifies the data loss prevention (DLP) policy that's associated with the rule.","Name":"DlpPolicy","Option":"Write"},{"CIMType":"Boolean","Description":"The Enabled parameter specifies whether the new rule is created as enabled or disabled.","Name":"Enabled","Option":"Write"},{"CIMType":"String","Description":"The ExceptIfADComparisonAttribute parameter specifies an exception that compares an Active Directory attribute between the sender and all recipients of the message.","Name":"ExceptIfADComparisonAttribute","Option":"Write"},{"CIMType":"String","Description":"The ExceptIfADComparisonOperator parameter specifies the comparison operator for the ExceptIfADComparisonAttribute parameter.","Name":"ExceptIfADComparisonOperator","Option":"Write","ValueMap":["Equal","NotEqual"],"Values":["Equal","NotEqual"]},{"CIMType":"String[]","Description":"The ExceptIfAnyOfCcHeader parameter specifies an exception that looks for recipients in the Cc field of messages.","Name":"ExceptIfAnyOfCcHeader","Option":"Write"},{"CIMType":"String[]","Description":"The ExceptIfAnyOfCcHeaderMemberOf parameter specifies an exception that looks for group members in the Cc field of messages. You can use any value that uniquely identifies the group.","Name":"ExceptIfAnyOfCcHeaderMemberOf","Option":"Write"},{"CIMType":"String[]","Description":"The ExceptIfAnyOfRecipientAddressContainsWords parameter specifies an exception that looks for words in recipient email addresses.","Name":"ExceptIfAnyOfRecipientAddressContainsWords","Option":"Write"},{"CIMType":"String[]","Description":"The ExceptIfAnyOfRecipientAddressMatchesPatterns parameter specifies an exception that looks for text patterns in recipient email addresses by using regular expressions.","Name":"ExceptIfAnyOfRecipientAddressMatchesPatterns","Option":"Write"},{"CIMType":"String[]","Description":"The ExceptIfAnyOfToCcHeader parameter specifies an exception that looks for recipients in the To or Cc fields of messages.","Name":"ExceptIfAnyOfToCcHeader","Option":"Write"},{"CIMType":"String[]","Description":"The ExceptIfAnyOfToCcHeaderMemberOf parameter specifies an exception that looks for group members in the To and Cc fields of messages.","Name":"ExceptIfAnyOfToCcHeaderMemberOf","Option":"Write"},{"CIMType":"String[]","Description":"The ExceptIfAnyOfToHeader parameter specifies an exception that looks for recipients in the To field of messages.","Name":"ExceptIfAnyOfToHeader","Option":"Write"},{"CIMType":"String[]","Description":"The ExceptIfAnyOfToHeaderMemberOf parameter specifies an exception that looks for group members in the To field of messages.","Name":"ExceptIfAnyOfToHeaderMemberOf","Option":"Write"},{"CIMType":"String[]","Description":"The ExceptIfAttachmentContainsWords parameter specifies an exception that looks for words in message attachments.","Name":"ExceptIfAttachmentContainsWords","Option":"Write"},{"CIMType":"String[]","Description":"The ExceptIfAttachmentExtensionMatchesWords parameter specifies an exception that looks for words in the file name extensions of message attachments.","Name":"ExceptIfAttachmentExtensionMatchesWords","Option":"Write"},{"CIMType":"Boolean","Description":"The ExceptIfAttachmentHasExecutableContent parameter specifies an exception that looks for executable content in message attachments.","Name":"ExceptIfAttachmentHasExecutableContent","Option":"Write"},{"CIMType":"Boolean","Description":"The ExceptIfAttachmentIsPasswordProtected parameter specifies an exception that looks for password protected files in messages (because the contents of the file can't be inspected).","Name":"ExceptIfAttachmentIsPasswordProtected","Option":"Write"},{"CIMType":"Boolean","Description":"The ExceptIfAttachmentIsUnsupported parameter specifies an exception that looks for unsupported file types in messages.","Name":"ExceptIfAttachmentIsUnsupported","Option":"Write"},{"CIMType":"String[]","Description":"The ExceptIfAttachmentMatchesPatterns parameter specifies an exception that looks for text patterns in the content of message attachments by using regular expressions.","Name":"ExceptIfAttachmentMatchesPatterns","Option":"Write"},{"CIMType":"String[]","Description":"The ExceptIfAttachmentNameMatchesPatterns parameter specifies an exception that looks for text patterns in the file name of message attachments by using regular expressions.","Name":"ExceptIfAttachmentNameMatchesPatterns","Option":"Write"},{"CIMType":"String[]","Description":"The ExceptIfAttachmentPropertyContainsWords parameter specifies an exception that looks for words in the properties of attached Office documents. ","Name":"ExceptIfAttachmentPropertyContainsWords","Option":"Write"},{"CIMType":"Boolean","Description":"The ExceptIfAttachmentProcessingLimitExceeded parameter specifies an exception that looks for messages where attachment scanning didn't complete.","Name":"ExceptIfAttachmentProcessingLimitExceeded","Option":"Write"},{"CIMType":"String","Description":"The ExceptIfAttachmentSizeOver parameter specifies an exception that looks for messages where any attachment is greater than the specified size.","Name":"ExceptIfAttachmentSizeOver","Option":"Write"},{"CIMType":"String[]","Description":"The ExceptIfBetweenMemberOf1 parameter specifies an exception that looks for messages that are sent between group members. ","Name":"ExceptIfBetweenMemberOf1","Option":"Write"},{"CIMType":"String[]","Description":"The ExceptIfBetweenMemberOf2 parameter specifies an exception that looks for messages that are sent between group members.","Name":"ExceptIfBetweenMemberOf2","Option":"Write"},{"CIMType":"String[]","Description":"The ExceptIfContentCharacterSetContainsWords parameter specifies an exception that looks for character set names in messages.","Name":"ExceptIfContentCharacterSetContainsWords","Option":"Write"},{"CIMType":"String[]","Description":"The ExceptIfFrom parameter specifies an exception that looks for messages from specific senders.","Name":"ExceptIfFrom","Option":"Write"},{"CIMType":"String[]","Description":"The ExceptIfFromAddressContainsWords parameter specifies an exception that looks for words in the sender's email address.","Name":"ExceptIfFromAddressContainsWords","Option":"Write"},{"CIMType":"String[]","Description":"The ExceptIfFromAddressMatchesPatterns parameter specifies an exception that looks for text patterns in the sender's email address by using regular expressions.","Name":"ExceptIfFromAddressMatchesPatterns","Option":"Write"},{"CIMType":"String[]","Description":"The ExceptIfFromMemberOf parameter specifies an exception that looks for messages sent by group members.","Name":"ExceptIfFromMemberOf","Option":"Write"},{"CIMType":"String","Description":"The ExceptIfFromScope parameter specifies an exception that looks for the location of message senders.","Name":"ExceptIfFromScope","Option":"Write","ValueMap":["InOrganization","NotInOrganization"],"Values":["InOrganization","NotInOrganization"]},{"CIMType":"String","Description":"The ExceptIfHasClassification parameter specifies an exception that looks for messages with the specified message classification.","Name":"ExceptIfHasClassification","Option":"Write"},{"CIMType":"Boolean","Description":"The ExceptIfHasNoClassification parameter specifies an exception that looks for messages with or without any message classifications.","Name":"ExceptIfHasNoClassification","Option":"Write"},{"CIMType":"String","Description":"The ExceptIfHeaderContainsMessageHeader parameter specifies the name of header field in the message header when searching for the words specified by the ExceptIfHeaderContainsWords parameter.","Name":"ExceptIfHeaderContainsMessageHeader","Option":"Write"},{"CIMType":"String[]","Description":"The ExceptIfHeaderContainsWords parameter specifies an exception that looks for words in a header field.","Name":"ExceptIfHeaderContainsWords","Option":"Write"},{"CIMType":"String","Description":"The ExceptIfHeaderMatchesMessageHeader parameter specifies the name of header field in the message header when searching for the text patterns specified by the ExceptIfHeaderMatchesPatterns parameter.","Name":"ExceptIfHeaderMatchesMessageHeader","Option":"Write"},{"CIMType":"String[]","Description":"The ExceptIfHeaderMatchesPatterns parameter specifies an exception that looks for text patterns in a header field by using regular expressions.","Name":"ExceptIfHeaderMatchesPatterns","Option":"Write"},{"CIMType":"String[]","Description":"The ExceptIfManagerAddresses parameter specifies the users (managers) for the ExceptIfManagerForEvaluatedUser parameter.","Name":"ExceptIfManagerAddresses","Option":"Write"},{"CIMType":"String","Description":"The ExceptIfManagerForEvaluatedUser parameter specifies an exception that looks for users in the Manager attribute of senders or recipients.","Name":"ExceptIfManagerForEvaluatedUser","Option":"Write"},{"CIMType":"String","Description":"The ExceptIfMessageTypeMatches parameter specifies an exception that looks for messages of the specified type.","Name":"ExceptIfMessageTypeMatches","Option":"Write","ValueMap":["OOF","AutoForward","Encrypted","Calendaring","PermissionControlled","Voicemail","Signed","ApprovalRequest","ReadReceipt"],"Values":["OOF","AutoForward","Encrypted","Calendaring","PermissionControlled","Voicemail","Signed","ApprovalRequest","ReadReceipt"]},{"CIMType":"String","Description":"The ExceptIfMessageSizeOver parameter specifies an exception that looks for messages larger than the specified size. ","Name":"ExceptIfMessageSizeOver","Option":"Write"},{"CIMType":"String[]","Description":"The ExceptIfRecipientADAttributeContainsWords parameter specifies an exception that looks for words in the Active Directory attributes of recipients.","Name":"ExceptIfRecipientADAttributeContainsWords","Option":"Write"},{"CIMType":"String[]","Description":"The ExceptIfRecipientADAttributeMatchesPatterns parameter specifies an exception that looks for text patterns in the Active Directory attributes of recipients by using regular expressions.","Name":"ExceptIfRecipientADAttributeMatchesPatterns","Option":"Write"},{"CIMType":"String[]","Description":"The ExceptIfRecipientAddressContainsWords parameter specifies an exception that looks for words in recipient email addresses.","Name":"ExceptIfRecipientAddressContainsWords","Option":"Write"},{"CIMType":"String[]","Description":"The ExceptIfRecipientAddressMatchesPatterns parameter specifies an exception that looks for text patterns in recipient email addresses by using regular expressions.","Name":"ExceptIfRecipientAddressMatchesPatterns","Option":"Write"},{"CIMType":"String[]","Description":"The ExceptIfRecipientDomainIs parameter specifies an exception that looks for recipients with email address in the specified domains.","Name":"ExceptIfRecipientDomainIs","Option":"Write"},{"CIMType":"String[]","Description":"This parameter is reserved for internal Microsoft use.","Name":"ExceptIfRecipientInSenderList","Option":"Write"},{"CIMType":"String","Description":"The ExceptIfSCLOver parameter specifies an exception that looks for the SCL value of messages","Name":"ExceptIfSCLOver","Option":"Write"},{"CIMType":"String[]","Description":"The ExceptIfSenderADAttributeContainsWords parameter specifies an exception that looks for words in Active Directory attributes of message senders.","Name":"ExceptIfSenderADAttributeContainsWords","Option":"Write"},{"CIMType":"String[]","Description":"The ExceptIfSenderADAttributeMatchesPatterns parameter specifies an exception that looks for text patterns in Active Directory attributes of message senders by using regular expressions.","Name":"ExceptIfSenderADAttributeMatchesPatterns","Option":"Write"},{"CIMType":"String[]","Description":"The ExceptIfSenderDomainIs parameter specifies an exception that looks for senders with email address in the specified domains.","Name":"ExceptIfSenderDomainIs","Option":"Write"},{"CIMType":"String[]","Description":"This parameter is reserved for internal Microsoft use.","Name":"ExceptIfSenderInRecipientList","Option":"Write"},{"CIMType":"String[]","Description":"The ExceptIfSenderIpRanges parameter specifies an exception that looks for senders whose IP addresses matches the specified value, or fall within the specified ranges.","Name":"ExceptIfSenderIpRanges","Option":"Write"},{"CIMType":"String","Description":"The ExceptIfSenderManagementRelationship parameter specifies an exception that looks for the relationship between the sender and recipients in messages.","Name":"ExceptIfSenderManagementRelationship","Option":"Write","ValueMap":["Manager","DirectReport"],"Values":["Manager","DirectReport"]},{"CIMType":"String[]","Description":"The ExceptIfSentTo parameter specifies an exception that looks for recipients in messages. You can use any value that uniquely identifies the recipient.","Name":"ExceptIfSentTo","Option":"Write"},{"CIMType":"String[]","Description":"The ExceptIfSentToMemberOf parameter specifies an exception that looks for messages sent to members of groups. You can use any value that uniquely identifies the group.","Name":"ExceptIfSentToMemberOf","Option":"Write"},{"CIMType":"String","Description":"The ExceptIfSentToScope parameter specifies an exception that looks for the location of a recipient. ","Name":"ExceptIfSentToScope","Option":"Write","ValueMap":["InOrganization","NotInOrganization","ExternalPartner","ExternalNonPartner"],"Values":["InOrganization","NotInOrganization","ExternalPartner","ExternalNonPartner"]},{"CIMType":"String[]","Description":"The ExceptIfSubjectContainsWords parameter specifies an exception that looks for words in the Subject field of messages.","Name":"ExceptIfSubjectContainsWords","Option":"Write"},{"CIMType":"String[]","Description":"The ExceptIfSubjectMatchesPatterns parameter specifies an exception that looks for text patterns in the Subject field of messages by using regular expressions.","Name":"ExceptIfSubjectMatchesPatterns","Option":"Write"},{"CIMType":"String[]","Description":"The ExceptIfSubjectOrBodyContainsWords parameter specifies an exception that looks for words in the Subject field or body of messages.","Name":"ExceptIfSubjectOrBodyContainsWords","Option":"Write"},{"CIMType":"String[]","Description":"The ExceptIfSubjectOrBodyMatchesPatterns parameter specifies an exception that looks for text patterns in the Subject field or body of messages.","Name":"ExceptIfSubjectOrBodyMatchesPatterns","Option":"Write"},{"CIMType":"String","Description":"The ExceptIfWithImportance parameter specifies an exception that looks for messages with the specified importance level.","Name":"ExceptIfWithImportance","Option":"Write","ValueMap":["Low","Normal","High"],"Values":["Low","Normal","High"]},{"CIMType":"String","Description":"The ExpiryDate parameter specifies when this rule will stop processing messages. The rule won't take any action on messages after the specified date/time.","Name":"ExpiryDate","Option":"Write"},{"CIMType":"String[]","Description":"The From parameter specifies a condition that looks for messages from specific senders. You can use any value that uniquely identifies the sender.","Name":"From","Option":"Write"},{"CIMType":"String[]","Description":"The FromAddressContainsWords parameter specifies a condition that looks for words in the sender's email address. ","Name":"FromAddressContainsWords","Option":"Write"},{"CIMType":"String[]","Description":"The FromAddressMatchesPatterns parameter specifies a condition that looks for text patterns in the sender's email address by using regular expressions.","Name":"FromAddressMatchesPatterns","Option":"Write"},{"CIMType":"String[]","Description":"The FromMemberOf parameter specifies a condition that looks for messages sent by group members.","Name":"FromMemberOf","Option":"Write"},{"CIMType":"String","Description":"The FromScope parameter specifies a condition that looks for the location of message senders.","Name":"FromScope","Option":"Write","ValueMap":["InOrganization","NotInOrganization"],"Values":["InOrganization","NotInOrganization"]},{"CIMType":"String","Description":"The GenerateIncidentReport parameter specifies where to send the incident report that's defined by the IncidentReportContent parameter.","Name":"GenerateIncidentReport","Option":"Write"},{"CIMType":"String","Description":"The GenerateNotification parameter specifies an action that sends a notification message to recipients.","Name":"GenerateNotification","Option":"Write"},{"CIMType":"String","Description":"The HasClassification parameter specifies a condition that looks for messages with the specified message classification.","Name":"HasClassification","Option":"Write"},{"CIMType":"Boolean","Description":"The HasNoClassification parameter specifies a condition that looks for messages with or without any message classifications.","Name":"HasNoClassification","Option":"Write"},{"CIMType":"String","Description":"The HeaderContainsMessageHeader parameter specifies the name of header field in the message header when searching for the words specified by the HeaderContainsWords parameter.","Name":"HeaderContainsMessageHeader","Option":"Write"},{"CIMType":"String[]","Description":"The HeaderContainsWords parameter specifies a condition that looks for words in a header field.","Name":"HeaderContainsWords","Option":"Write"},{"CIMType":"String","Description":"The HeaderMatchesMessageHeader parameter specifies the name of header field in the message header when searching for the text patterns specified by the HeaderMatchesPatterns parameter.","Name":"HeaderMatchesMessageHeader","Option":"Write"},{"CIMType":"String[]","Description":"The HeaderMatchesPatterns parameter specifies a condition that looks for text patterns in a header field by using regular expressions. ","Name":"HeaderMatchesPatterns","Option":"Write"},{"CIMType":"String[]","Description":"The IncidentReportContent parameter specifies the message properties that are included in the incident report that's generated when a message violates a DLP policy. ","Name":"IncidentReportContent","Option":"Write"},{"CIMType":"String[]","Description":"The ManagerAddresses parameter specifies the users (managers) for the ExceptIfManagerForEvaluatedUser parameter.","Name":"ManagerAddresses","Option":"Write"},{"CIMType":"String","Description":"The ManagerForEvaluatedUser parameter specifies a condition that looks for users in the Manager attribute of senders or recipients.","Name":"ManagerForEvaluatedUser","Option":"Write","ValueMap":["Recipient","Sender"],"Values":["Recipient","Sender"]},{"CIMType":"String","Description":"The MessageSizeOver parameter specifies a condition that looks for messages larger than the specified size. The size includes the message and all attachments.","Name":"MessageSizeOver","Option":"Write"},{"CIMType":"String","Description":"The MessageTypeMatches parameter specifies a condition that looks for messages of the specified type.","Name":"MessageTypeMatches","Option":"Write","ValueMap":["OOF","AutoForward","Encrypted","Calendaring","PermissionControlled","Voicemail","Signed","ApprovalRequest","ReadReceipt"],"Values":["OOF","AutoForward","Encrypted","Calendaring","PermissionControlled","Voicemail","Signed","ApprovalRequest","ReadReceipt"]},{"CIMType":"String","Description":"The Mode parameter specifies how the rule operates.","Name":"Mode","Option":"Write","ValueMap":["Audit","AuditAndNotify","Enforce"],"Values":["Audit","AuditAndNotify","Enforce"]},{"CIMType":"Boolean","Description":"The ModerateMessageByManager parameter specifies an action that forwards messages for approval to the user that's specified in the sender's Manager attribute.","Name":"ModerateMessageByManager","Option":"Write"},{"CIMType":"String[]","Description":"The ModerateMessageByUser parameter specifies an action that forwards messages for approval to the specified users.","Name":"ModerateMessageByUser","Option":"Write"},{"CIMType":"String","Description":"The PrependSubject parameter specifies an action that adds text to add to the beginning of the Subject field of messages.","Name":"PrependSubject","Option":"Write"},{"CIMType":"UInt32","Description":"The Priority parameter specifies a priority value for the rule that determines the order of rule processing.","Name":"Priority","Option":"Write"},{"CIMType":"Boolean","Description":"The Quarantine parameter specifies an action that quarantines messages.","Name":"Quarantine","Option":"Write"},{"CIMType":"String[]","Description":"The RecipientADAttributeContainsWords parameter specifies a condition that looks for words in the Active Directory attributes of recipients. ","Name":"RecipientADAttributeContainsWords","Option":"Write"},{"CIMType":"String[]","Description":"The RecipientADAttributeMatchesPatterns parameter specifies a condition that looks for text patterns in the Active Directory attributes of recipients by using regular expressions.","Name":"RecipientADAttributeMatchesPatterns","Option":"Write"},{"CIMType":"String[]","Description":"The RecipientAddressContainsWords parameter specifies a condition that looks for words in recipient email addresses.","Name":"RecipientAddressContainsWords","Option":"Write"},{"CIMType":"String[]","Description":"The RecipientAddressMatchesPatterns parameter specifies a condition that looks for text patterns in recipient email addresses by using regular expressions.","Name":"RecipientAddressMatchesPatterns","Option":"Write"},{"CIMType":"String","Description":"The RecipientAddressType parameter specifies how conditions and exceptions check recipient email addresses.","Name":"RecipientAddressType","Option":"Write","ValueMap":["Original","Resolved"],"Values":["Original","Resolved"]},{"CIMType":"String[]","Description":"The RecipientDomainIs parameter specifies a condition that looks for recipients with email address in the specified domains.","Name":"RecipientDomainIs","Option":"Write"},{"CIMType":"String[]","Description":"This parameter is reserved for internal Microsoft use.","Name":"RecipientInSenderList","Option":"Write"},{"CIMType":"String[]","Description":"The RedirectMessageTo parameter specifies a rule action that redirects messages to the specified recipients.","Name":"RedirectMessageTo","Option":"Write"},{"CIMType":"String","Description":"The RejectMessageEnhancedStatusCode parameter specifies the enhanced status code that's used when the rule rejects messages.","Name":"RejectMessageEnhancedStatusCode","Option":"Write"},{"CIMType":"String","Description":"The RejectMessageReasonText parameter specifies the explanation text that's used when the rule rejects messages.","Name":"RejectMessageReasonText","Option":"Write"},{"CIMType":"String","Description":"The RemoveHeader parameter specifies an action that removes a header field from the message header.","Name":"RemoveHeader","Option":"Write"},{"CIMType":"Boolean","Description":"The RemoveOMEv2 parameter specifies an action that removes Office 365 Message Encryption from messages and their attachments.","Name":"RemoveOMEv2","Option":"Write"},{"CIMType":"Boolean","Description":"This parameter specifies an action or part of an action for the rule.","Name":"RemoveRMSAttachmentEncryption","Option":"Write"},{"CIMType":"String","Description":"The RouteMessageOutboundConnector parameter specifies an action that routes messages through the specified Outbound connector in Office 365.","Name":"RouteMessageOutboundConnector","Option":"Write"},{"CIMType":"Boolean","Description":"The RouteMessageOutboundRequireTls parameter specifies an action that uses Transport Layer Security (TLS) encryption to deliver messages outside your organization.","Name":"RouteMessageOutboundRequireTls","Option":"Write"},{"CIMType":"String","Description":"The RuleErrorAction parameter specifies what to do if rule processing can't be completed on messages.","Name":"RuleErrorAction","Option":"Write","ValueMap":["Ignore","Defer"],"Values":["Ignore","Defer"]},{"CIMType":"String","Description":"The RuleSubType parameter specifies the rule type.","Name":"RuleSubType","Option":"Write","ValueMap":["Dlp","None"],"Values":["Dlp","None"]},{"CIMType":"String","Description":"The SCLOver parameter specifies a condition that looks for the SCL value of messages","Name":"SCLOver","Option":"Write"},{"CIMType":"String[]","Description":"The SenderADAttributeContainsWords parameter specifies a condition that looks for words in Active Directory attributes of message senders.","Name":"SenderADAttributeContainsWords","Option":"Write"},{"CIMType":"String[]","Description":"The SenderADAttributeMatchesPatterns parameter specifies a condition that looks for text patterns in Active Directory attributes of message senders by using regular expressions.","Name":"SenderADAttributeMatchesPatterns","Option":"Write"},{"CIMType":"String","Description":"The SenderAddressLocation parameter specifies where to look for sender addresses in conditions and exceptions that examine sender email addresses.","Name":"SenderAddressLocation","Option":"Write","ValueMap":["Header","Envelope","HeaderOrEnvelope"],"Values":["Header","Envelope","HeaderOrEnvelope"]},{"CIMType":"String[]","Description":"The SenderDomainIs parameter specifies a condition that looks for senders with email address in the specified domains.","Name":"SenderDomainIs","Option":"Write"},{"CIMType":"String[]","Description":"This parameter is reserved for internal Microsoft use.","Name":"SenderInRecipientList","Option":"Write"},{"CIMType":"String[]","Description":"The SenderIpRanges parameter specifies a condition that looks for senders whose IP addresses matches the specified value, or fall within the specified ranges.","Name":"SenderIpRanges","Option":"Write"},{"CIMType":"String","Description":"The SenderManagementRelationship parameter specifies a condition that looks for the relationship between the sender and recipients in messages.","Name":"SenderManagementRelationship","Option":"Write","ValueMap":["Manager","DirectReport"],"Values":["Manager","DirectReport"]},{"CIMType":"String[]","Description":"The SentTo parameter specifies a condition that looks for recipients in messages.","Name":"SentTo","Option":"Write"},{"CIMType":"String[]","Description":"The SentToMemberOf parameter specifies a condition that looks for messages sent to members of distribution groups, dynamic distribution groups, or mail-enabled security groups.","Name":"SentToMemberOf","Option":"Write"},{"CIMType":"String","Description":"The SentToScope parameter specifies a condition that looks for the location of recipients.","Name":"SentToScope","Option":"Write","ValueMap":["InOrganization","NotInOrganization","ExternalPartner","ExternalNonPartner"],"Values":["InOrganization","NotInOrganization","ExternalPartner","ExternalNonPartner"]},{"CIMType":"String","Description":"The SetAuditSeverity parameter specifies an action that sets the severity level of the incident report and the corresponding entry that's written to the message tracking log when messages violate DLP policies.","Name":"SetAuditSeverity","Option":"Write","ValueMap":["DoNotAudit","Low","Medium","High"],"Values":["DoNotAudit","Low","Medium","High"]},{"CIMType":"String","Description":"The SetHeaderName parameter specifies an action that adds or modifies a header field in the message header.","Name":"SetHeaderName","Option":"Write"},{"CIMType":"String","Description":"The SetHeaderValue parameter specifies an action that adds or modifies a header field in the message header.","Name":"SetHeaderValue","Option":"Write"},{"CIMType":"String","Description":"The SetSCL parameter specifies an action that adds or modifies the SCL value of messages.","Name":"SetSCL","Option":"Write"},{"CIMType":"Boolean","Description":"The StopRuleProcessing parameter specifies an action that stops processing more rules.","Name":"StopRuleProcessing","Option":"Write"},{"CIMType":"String[]","Description":"The SubjectContainsWords parameter specifies a condition that looks for words in the Subject field of messages.","Name":"SubjectContainsWords","Option":"Write"},{"CIMType":"String[]","Description":"The SubjectMatchesPatterns parameter specifies a condition that looks for text patterns in the Subject field of messages by using regular expressions.","Name":"SubjectMatchesPatterns","Option":"Write"},{"CIMType":"String[]","Description":"The SubjectOrBodyContainsWords parameter specifies a condition that looks for words in the Subject field or body of messages.","Name":"SubjectOrBodyContainsWords","Option":"Write"},{"CIMType":"String[]","Description":"The SubjectOrBodyMatchesPatterns parameter specifies a condition that looks for text patterns in the Subject field or body of messages.","Name":"SubjectOrBodyMatchesPatterns","Option":"Write"},{"CIMType":"String","Description":"The WithImportance parameter specifies a condition that looks for messages with the specified importance level.","Name":"WithImportance","Option":"Write","ValueMap":["Low","Normal","High"],"Values":["Low","Normal","High"]},{"CIMType":"String","Description":"Specify if the Transport Rule should exist or not.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures Transport Rules in Exchange Online."},{"ClassName":"MSFT_FabricDelegatedFrom","Parameters":[{"CIMType":"String","Description":"The setting is delegated from a capacity.","Name":"Capacity","Option":"Write"},{"CIMType":"String","Description":"The setting is delegated from a domain.","Name":"Domain","Option":"Write"},{"CIMType":"String","Description":"The setting is delegated from a tenant.","Name":"Tenant","Option":"Write"}],"Description":"This resource configures the tenant settings for Microsoft Fabric.\n\n**Please note:** For a successful export, you need to use service principals. Refer to the [Authentication and Permissions](https://microsoft365dsc.com/user-guide/get-started/authentication-and-permissions/#fabric-permissions) page for further information on how to set up your service principal."},{"ClassName":"MSFT_FabricTenantSettingProperty","Parameters":[{"CIMType":"String","Description":"The name of the property.","Name":"name","Option":"Write"},{"CIMType":"String","Description":"The type of the property.","Name":"type","Option":"Write"},{"CIMType":"String","Description":"The value of the property.","Name":"value","Option":"Write"}],"Description":"This resource configures the tenant settings for Microsoft Fabric.\n\n**Please note:** For a successful export, you need to use service principals. Refer to the [Authentication and Permissions](https://microsoft365dsc.com/user-guide/get-started/authentication-and-permissions/#fabric-permissions) page for further information on how to set up your service principal."},{"ClassName":"MSFT_FabricTenantSetting","Parameters":[{"CIMType":"Boolean","Description":"Indicates if the tenant setting is enabled for a security group. 0 - The tenant setting is enabled for the entire organization.","Name":"canSpecifySecurityGroups","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether the tenant setting can be delegated to a workspace admin. False - Workspace admin cannot override the tenant setting.","Name":"delegateToWorkspace","Option":"Write"},{"CIMType":"MSFT_FabricDelegatedFrom","Description":"Tenant setting delegated from tenant, capacity or domain.","Name":"delegatedFrom","Option":"Write"},{"CIMType":"String","Description":"The name of the tenant setting.","Name":"settingName","Option":"Write"},{"CIMType":"Boolean","Description":"The status of the tenant setting.","Name":"enabled","Option":"Write"},{"CIMType":"String","Description":"Tenant setting group name.","Name":"tenantSettingGroup","Option":"Write"},{"CIMType":"String","Description":"The title of the tenant setting.","Name":"title","Option":"Write"},{"CIMType":"MSFT_FabricTenantSettingProperty[]","Description":"Tenant setting properties.","Name":"properties","Option":"Write"},{"CIMType":"String[]","Description":"A list of excluded security groups.","Name":"excludedSecurityGroups","Option":"Write"},{"CIMType":"String[]","Description":"A list of enabled security groups.","Name":"enabledSecurityGroups","Option":"Write"}],"Description":"This resource configures the tenant settings for Microsoft Fabric.\n\n**Please note:** For a successful export, you need to use service principals. Refer to the [Authentication and Permissions](https://microsoft365dsc.com/user-guide/get-started/authentication-and-permissions/#fabric-permissions) page for further information on how to set up your service principal."},{"ClassName":"MSFT_FabricAdminTenantSettings","Parameters":[{"CIMType":"String","Description":"Specifies the resource is a single instance, the value must be 'Yes'.","Name":"IsSingleInstance","Option":"Key","ValueMap":["Yes"],"Values":["Yes"]},{"CIMType":"MSFT_FabricTenantSetting","Description":"Microsoft Entra single sign-on for data gateway","Name":"AADSSOForGateway","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Enhance admin APIs responses with detailed metadata","Name":"AdminApisIncludeDetailedMetadata","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Enhance admin APIs responses with DAX and mashup expressions","Name":"AdminApisIncludeExpressions","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Show a custom message before publishing reports","Name":"AdminCustomDisclaimer","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Users can create and share AI skill item types (preview)","Name":"AISkillArtifactTenantSwitch","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Azure Private Link","Name":"AllowAccessOverPrivateLinks","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"AppSource Custom Visuals SSO","Name":"AllowCVAuthenticationTenant","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Allow access to the browser's local storage","Name":"AllowCVLocalStorageV2Tenant","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Allow downloads from custom visuals","Name":"AllowCVToExportDataToFileTenant","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Endorse master data (preview)","Name":"AllowEndorsementMasterDataSwitch","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Users can accept external data shares (preview)","Name":"AllowExternalDataSharingReceiverSwitch","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"External data sharing (preview)","Name":"AllowExternalDataSharingSwitch","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Use short-lived user-delegated SAS tokens (preview).","Name":"AllowGetOneLakeUDK","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Users can try Microsoft Fabric paid features","Name":"AllowFreeTrial","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Users can see guest users in lists of suggested people","Name":"AllowGuestLookup","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Guest users can access Microsoft Fabric","Name":"AllowGuestUserToAccessSharedContent","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"DEPRECATED","Name":"AllowMountDfCreation","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Authenticate with OneLake user-delegated SAS tokens (preview).","Name":"AllowOneLakeUDK","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Allow DirectQuery connections to Power BI semantic models","Name":"AllowPowerBIASDQOnTenant","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Data sent to Azure OpenAI can be processed outside your capacity's geographic region, compliance boundary, or national cloud instance","Name":"AllowSendAOAIDataToOtherRegions","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Allow user data to leave their geography","Name":"AllowSendNLToDaxDataToOtherRegions","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Allow service principals to create and use profiles","Name":"AllowServicePrincipalsCreateAndUseProfiles","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Service principals can access read-only admin APIs","Name":"AllowServicePrincipalsUseReadAdminAPIs","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Push apps to end users","Name":"AppPush","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Users can discover and create org apps (preview).","Name":"ArtifactOrgAppPreview","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Use global search for Power BI","Name":"ArtifactSearchTenant","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Microsoft can store query text to aid in support investigations","Name":"ASCollectQueryTextTelemetryTenantSwitch","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Enable granular access control for all data connections","Name":"ASShareableCloudConnectionBindingSecurityModeTenant","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Semantic models can export data to OneLake (preview)","Name":"ASWritethruContinuousExportTenantSwitch","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Users can store semantic model tables in OneLake (preview)","Name":"ASWritethruTenantSwitch","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Install Power BI app for Microsoft Teams automatically","Name":"AutoInstallPowerBIAppInTeamsTenant","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Show entry points for insights (preview)","Name":"AutomatedInsightsEntryPoints","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Receive notifications for top insights (preview)","Name":"AutomatedInsightsTenant","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"DEPRECATED","Name":"AzureMap","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Map and filled map visuals","Name":"BingMap","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Block Public Internet Access","Name":"BlockAccessFromPublicNetworks","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Block republish and disable package refresh","Name":"BlockAutoDiscoverAndPackageRefresh","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Restrict content with protected labels from being shared via link with everyone in your organization","Name":"BlockProtectedLabelSharingToEntireOrg","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Block ResourceKey Authentication","Name":"BlockResourceKeyAuthentication","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Create and use Gen1 dataflows","Name":"CDSAManagement","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Add and use certified visuals only (block uncertified)","Name":"CertifiedCustomVisualsTenant","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Certification","Name":"CertifyDatasets","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Define workspace retention period","Name":"ConfigureFolderRetentionPeriod","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Create workspaces","Name":"CreateAppWorkspaces","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Allow visuals created using the Power BI SDK","Name":"CustomVisualsTenant","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Create Datamarts (preview)","Name":"DatamartTenant","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Semantic Model Execute Queries REST API","Name":"DatasetExecuteQueries","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Publish template apps","Name":"DevelopServiceApps","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Discover content","Name":"DiscoverDatasetsConsumption","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Make certified content discoverable ","Name":"DiscoverDatasetsSettingsCertified","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Make promoted content discoverable","Name":"DiscoverDatasetsSettingsPromoted","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Dremio SSO","Name":"DremioSSO","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Apply sensitivity labels from data sources to their data in Power BI","Name":"EimInformationProtectionDataSourceInheritanceSetting","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Automatically apply sensitivity labels to downstream content","Name":"EimInformationProtectionDownstreamInheritanceSetting","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Allow users to apply sensitivity labels for content","Name":"EimInformationProtectionEdit","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"DEPRECATED","Name":"EimInformationProtectionLessElevated","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Allow workspace admins to override automatically applied sensitivity labels","Name":"EimInformationProtectionWorkspaceAdminsOverrideAutomaticLabelsSetting","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Guest users can browse and access Fabric content","Name":"ElevatedGuestsTenant","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Receive email notifications for service outages or incidents","Name":"EmailSecurityGroupsOnOutage","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Guest users can set up and subscribe to email subscriptions","Name":"EmailSubscriptionsToB2BUsers","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Users can send email subscriptions to guest users","Name":"EmailSubscriptionsToExternalUsers","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Users can set up email subscriptions","Name":"EmailSubscriptionTenant","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Embed content in apps","Name":"Embedding","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Users can use Copilot and other features powered by Azure OpenAI","Name":"EnableAOAI","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Allow specific users to turn on external data sharing","Name":"EnableDatasetInPlaceSharing","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Allow connections to featured tables","Name":"EnableExcelYellowIntegration","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"DEPRECATED","Name":"EnableFabricAirflow","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Allow quick measure suggestions (preview)","Name":"EnableNLToDax","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Allow tenant and domain admins to override workspace assignments (preview)","Name":"EnableReassignDataDomainSwitch","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Use ArcGIS Maps for Power BI","Name":"EsriVisual","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Help Power BI optimize your experience","Name":"ExpFlightingTenant","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Download reports","Name":"ExportReport","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Export to .csv","Name":"ExportToCsv","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Export to Excel","Name":"ExportToExcelSetting","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Export reports as image files","Name":"ExportToImage","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Export reports as MHTML documents","Name":"ExportToMHTML","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Export reports as PowerPoint presentations or PDF documents","Name":"ExportToPowerPoint","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Export reports as Word documents","Name":"ExportToWord","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Export reports as XML documents","Name":"ExportToXML","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Copy and paste visuals","Name":"ExportVisualImageTenant","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Guest users can work with shared semantic models in their own tenants","Name":"ExternalDatasetSharingTenant","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Users can invite guest users to collaborate through item sharing and permissions","Name":"ExternalSharingV2","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Capacity admins and contributors can add and remove additional workloads","Name":"FabricAddPartnerWorkload","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Product Feedback","Name":"FabricFeedbackTenantSwitch","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Users can create Fabric items","Name":"FabricGAWorkloads","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Capacity admins can develop additional workloads","Name":"FabricThirdPartyWorkloads","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Users can sync workspace items with GitHub repositories ","Name":"GitHubTenantSettings","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Users can export items to Git repositories in other geographical locations (preview)","Name":"GitIntegrationCrossGeoTenantSwitch","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Users can export workspace items with applied sensitivity labels to Git repositories (preview)","Name":"GitIntegrationSensitivityLabelsTenantSwitch","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Users can synchronize workspace items with their Git repositories (preview)","Name":"GitIntegrationTenantSwitch","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Google BigQuery SSO","Name":"GoogleBigQuerySSO","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"DEPRECATED","Name":"GraphQLTenant","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Healthcare data solutions (preview)","Name":"HealthcareSolutionsTenantSwitch","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Install template apps not listed in AppSource","Name":"InstallNonvalidatedTemplateApps","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Install template apps","Name":"InstallServiceApps","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Users can create Real-Time Dashboards (preview)","Name":"KustoDashboardTenantSwitch","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Users can work with semantic models in Excel using a live connection","Name":"LiveConnection","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Azure Log Analytics connections for workspace administrators","Name":"LogAnalyticsAttachForWorkspaceAdmins","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Users can see Microsoft Fabric metadata in Microsoft 365","Name":"M365DataSharing","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Database Mirroring (preview)","Name":"Mirroring","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Semantic model owners can choose to automatically update semantic models from files imported from OneDrive or SharePoint","Name":"ODSPRefreshEnforcementTenantAllowAutomaticUpdate","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Users can share links to Power BI files stored in OneDrive and SharePoint through Power BI Desktop (preview)","Name":"OneDriveSharePointAllowSharingTenantSetting","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Users can view Power BI files saved in OneDrive and SharePoint (preview)","Name":"OneDriveSharePointViewerIntegrationTenantSettingV2","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Users can sync data in OneLake with the OneLake File Explorer app","Name":"OneLakeFileExplorer","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Users can access data stored in OneLake with apps external to Fabric","Name":"OneLakeForThirdParty","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Allow XMLA endpoints and Analyze in Excel with on-premises semantic models","Name":"OnPremAnalyzeInExcel","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Create and use Metrics","Name":"PowerBIGoalsTenant","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"DEPRECATED","Name":"PowerPlatformSolutionsIntegrationTenant","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Print dashboards and reports","Name":"Printing","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Featured content","Name":"PromoteContent","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Publish apps to the entire organization","Name":"PublishContentPack","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Publish to web","Name":"PublishToWeb","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Review questions","Name":"QnaFeedbackLoop","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Synonym sharing","Name":"QnaLsdlSharing","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Scale out queries for large semantic models","Name":"QueryScaleOutTenant","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Redshift SSO","Name":"RedshiftSSO","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Block users from reassigning personal workspaces (My Workspace)","Name":"RestrictMyFolderCapacity","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"DEPRECATED","Name":"RetailSolutionsTenantSwitch","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Interact with and share R and Python visuals","Name":"RScriptVisual","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"DEPRECATED","Name":"ServicePrincipalAccess","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Allow shareable links to grant access to everyone in your organization","Name":"ShareLinkToEntireOrg","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Enable Microsoft Teams integration","Name":"ShareToTeamsTenant","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Snowflake SSO","Name":"SnowflakeSSO","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Enable Power BI add-in for PowerPoint","Name":"StorytellingTenant","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Sustainability solutions (preview)","Name":"SustainabilitySolutionsTenantSwitch","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Create template organizational apps","Name":"TemplatePublish","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Publish Get Help information","Name":"TenantSettingPublishGetHelpInfo","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Data Activator (preview)","Name":"TridentPrivatePreview","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Usage metrics for content creators","Name":"UsageMetrics","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Per-user data in usage metrics for content creators","Name":"UsageMetricsTrackUserLevelInfo","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Use semantic models across workspaces","Name":"UseDatasetsAcrossWorkspaces","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Integration with SharePoint and Microsoft Lists","Name":"VisualizeListInPowerBI","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Web content on dashboard tiles","Name":"WebContentTilesTenant","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Users can edit data models in the Power BI service (preview)","Name":"WebModelingTenantSwitch","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Users with view permission can launch Explore","Name":"AdminDataExploreViewPermission","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Show user data in the Fabric Capacity Metrics app and reports","Name":"AllowCapacityMetricsReportUserMask","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Allow non-Entra ID auth in Eventstream","Name":"AllowNonEntraADAuthInEventStream","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Service principals can access admin APIs used for updates","Name":"AllowServicePrincipalsUseWriteAdminAPIs","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Data sent to Azure OpenAI can be stored outside your capacity's geographic region, compliance boundary, or national cloud instance","Name":"AllowStoreAOAIDataInOtherRegions","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Users can create dbt job items (preview)","Name":"ArtifactDBTItemTenantSwitch","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"User can create Graph (preview)","Name":"ArtifactGraphPreview","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Users can create Maps (preview)","Name":"ArtifactMapTenantSwitch","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"TBD","Name":"ArtifactSnowflakeDatabasePreview","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Automatically convert and store reports using Power BI enhanced metadata format (PBIR) (preview)","Name":"AutomaticallyUsePBIR","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Users can use the Azure Maps visual","Name":"AzureMaps","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Data sent to Azure Maps can be processed outside your tenant's geographic region, compliance boundary, or national cloud instance","Name":"AzureMapsCrossRegionDataProcessing","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Users can use Azure Maps services","Name":"AzureMapsInFabric","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Data sent to Azure Maps can be processed outside your capacity's geographic region, compliance boundary or national cloud instance","Name":"AzureMapsInFabricCrossRegionDataProcessing","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Data sent to Azure Maps can be processed by Microsoft Online Services Subprocessors","Name":"AzureMapsThirdPartyDataProcessing","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Users can use Azure Maps Weather Services (Preview)","Name":"AzureMapsWeatherServices","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Configure workspace IP firewall rules (preview)","Name":"ConfigureWorkspaceLevelIPFirewallRules","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Capacities can be designated as Fabric Copilot capacities","Name":"CopilotCapacitySetupPermissionSwitch","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Allow Microsoft Purview to secure AI interactions","Name":"DataSecurityForAIInteractions","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"TBD","Name":"DeltaToIcebergTableVirtualization","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Users can create Digital Twin Builder (preview) items","Name":"DigitalOperationsPreview","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Users can create Direct Lake on OneLake semantic models (preview)","Name":"DirectLakeOnOneLakeSemanticModelCreation","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Domain admins can set default sensitivity labels for their domains (preview)","Name":"EimInformationProtectionDefaultLabelDomainSetting","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"ArcGIS GeoAnalytics for Fabric Runtime","Name":"EnableEsriLibraries","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Workspace admins can add and remove additional workloads (preview)","Name":"FabricAddWorkloadToWorkspace","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Users can be informed of upcoming conferences featuring Microsoft Fabric when they are logged in to Fabric","Name":"FabricPromotionTenantSwitch","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Users can access a standalone, cross-item Power BI Copilot experience (preview)","Name":"ImmersiveTenantAdminSwitch","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"ML models can serve real-time predictions from API endpoints (preview)","Name":"MLModelEndpointsTenantSwitch","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Include end-user identifiers in OneLake diagnostic logs","Name":"OneLakeDiagnosticLogsEUII","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Users can create Ontology (preview) items","Name":"OntologyPreview","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Workspace admins can turn on monitoring for their workspaces (preview)","Name":"PlatformMonitoringTenantSetting","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Users can use the Power BI Model Context Protocol server endpoint (preview)","Name":"PowerBIMCP","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Only show approved items in the standalone Copilot in Power BI experience (preview)","Name":"PreppedForCopilotContentDiscovery","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Detect anomalies in Real-Time Intelligence (Preview)","Name":"RTHAnomalyDetectionTenantSwitch","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Enable Operations Agents (Preview)","Name":"RTHOperationalAgentsTenantSwitch","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Service principals can create workspaces, connections, and deployment pipelines","Name":"ServicePrincipalAccessGlobalAPIs","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Service principals can call Fabric public APIs","Name":"ServicePrincipalAccessPermissionAPIs","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"All Power BI users can see Set alert button to create Fabric Activator alerts","Name":"ShowActivatorEntryPointsTenantSwitch","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Users can see and work with additional workloads not validated by Microsoft","Name":"ThirdPartyPrivateWorkloads","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Configure workspace-level inbound network rules","Name":"WorkspaceBlockInboundAccess","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Configure workspace-level outbound network rules","Name":"WorkspaceBlockOutboundAccess","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Apply customer-managed keys","Name":"WorkspaceCmk","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory application to authenticate with.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures the tenant settings for Microsoft Fabric.\n\n**Please note:** For a successful export, you need to use service principals. Refer to the [Authentication and Permissions](https://microsoft365dsc.com/user-guide/get-started/authentication-and-permissions/#fabric-permissions) page for further information on how to set up your service principal."},{"ClassName":"MSFT_IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicyAssignments","Parameters":[{"CIMType":"String","Description":"The type of the target assignment.","Name":"dataType","Option":"Required","ValueMap":["#microsoft.graph.groupAssignmentTarget","#microsoft.graph.allLicensedUsersAssignmentTarget","#microsoft.graph.allDevicesAssignmentTarget","#microsoft.graph.exclusionGroupAssignmentTarget","#microsoft.graph.configurationManagerCollectionAssignmentTarget"],"Values":["#microsoft.graph.groupAssignmentTarget","#microsoft.graph.allLicensedUsersAssignmentTarget","#microsoft.graph.allDevicesAssignmentTarget","#microsoft.graph.exclusionGroupAssignmentTarget","#microsoft.graph.configurationManagerCollectionAssignmentTarget"]},{"CIMType":"String","Description":"The type of filter of the target assignment i.e. Exclude or Include. Possible values are:none, include, exclude.","Name":"deviceAndAppManagementAssignmentFilterType","Option":"Write","ValueMap":["none","include","exclude"],"Values":["none","include","exclude"]},{"CIMType":"String","Description":"The Id of the filter for the target assignment.","Name":"deviceAndAppManagementAssignmentFilterId","Option":"Write"},{"CIMType":"String","Description":"The display name of the filter for the target assignment.","Name":"deviceAndAppManagementAssignmentFilterDisplayName","Option":"Write"},{"CIMType":"String","Description":"The group Id that is the target of the assignment.","Name":"groupId","Option":"Write"},{"CIMType":"String","Description":"The group Display Name that is the target of the assignment.","Name":"groupDisplayName","Option":"Write"},{"CIMType":"String","Description":"The collection Id that is the target of the assignment.(ConfigMgr)","Name":"collectionId","Option":"Write"}],"Description":"This resource configures an Intune Account Protection Local Administrator Password Solution Policy."},{"ClassName":"MSFT_IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicy","Parameters":[{"CIMType":"String","Description":"Identity of the account protection local administrator password solution policy.","Name":"Identity","Option":"Write"},{"CIMType":"String","Description":"Display name of the account protection local administrator password solution policy.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"Description of the account protection local administrator password solution policy.","Name":"Description","Option":"Write"},{"CIMType":"String[]","Description":"List of Scope Tags for this policy.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"MSFT_IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicyAssignments[]","Description":"Assignments of the account protection local administrator password solution policy.","Name":"Assignments","Option":"Write"},{"CIMType":"UInt32","Description":"Configures which directory the local admin account password is backed up to. 0 - Disabled, 1 - Azure AD, 2 - AD","Name":"BackupDirectory","Option":"Write","ValueMap":[0,1,2],"Values":[0,1,2]},{"CIMType":"UInt32","Description":"Configures the maximum password age of the managed local administrator account for Azure AD. Minimum - 7, Maximum - 365","Name":"passwordagedays_aad","Option":"Write"},{"CIMType":"UInt32","Description":"Configures the maximum password age of the managed local administrator account for Active Directory. Minimum - 1, Maximum - 365","Name":"PasswordAgeDays","Option":"Write"},{"CIMType":"Boolean","Description":"Configures additional enforcement of maximum password age for the managed local administrator account.","Name":"PasswordExpirationProtectionEnabled","Option":"Write"},{"CIMType":"UInt32","Description":"Configures how many previous encrypted passwords will be remembered in Active Directory. Minimum - 0, Maximum - 12","Name":"AdEncryptedPasswordHistorySize","Option":"Write"},{"CIMType":"Boolean","Description":"Configures whether the password is encrypted before being stored in Active Directory.","Name":"AdPasswordEncryptionEnabled","Option":"Write"},{"CIMType":"String","Description":"Configures the name or SID of a user or group that can decrypt the password stored in Active Directory.","Name":"AdPasswordEncryptionPrincipal","Option":"Write"},{"CIMType":"String","Description":"Configures the name of the managed local administrator account.","Name":"AdministratorAccountName","Option":"Write"},{"CIMType":"UInt32","Description":"Configures the password complexity of the managed local administrator account. (1: Large letters, 2: Large letters + small letters, 3: Large letters + small letters + numbers, 4: Large letters + small letters + numbers + special characters, 5: Large letters + small letters + numbers + special characters (improved readability), 6: Passphrase (long words), 7: Passphrase (short words), 8: Passphrase (short words with unique prefixes))","Name":"PasswordComplexity","Option":"Write","ValueMap":[1,2,3,4,5,6,7,8],"Values":[1,2,3,4,5,6,7,8]},{"CIMType":"SInt32","Description":"Passphrase Length (Minimum 3, Maximum 10 characters) - Depends on PasswordComplexity","Name":"PassphraseLength","Option":"Write"},{"CIMType":"UInt32","Description":"Configures the length of the password of the managed local administrator account. Minimum - 8, Maximum - 64","Name":"PasswordLength","Option":"Write"},{"CIMType":"UInt32","Description":"Specifies the actions to take upon expiration of the configured grace period. (1: Reset password, 3: Reset the password and logoff the managed account, 5: Reset the password and reboot, 11: Reset the password, logoff the managed account, and terminate any remaining processes.)","Name":"PostAuthenticationActions","Option":"Write","ValueMap":[1,3,5,11],"Values":[1,3,5,11]},{"CIMType":"UInt32","Description":"Specifies the amount of time (in hours) to wait after an authentication before executing the specified post-authentication actions. Minimum - 0, Maximum - 24","Name":"PostAuthenticationResetDelay","Option":"Write"},{"CIMType":"String","Description":"Automatic Account Management Enabled (false: The target account will not be automatically managed, true: The target account will be automatically managed)","Name":"AutomaticAccountManagementEnabled","Option":"Write","ValueMap":["true","false"],"Values":["true","false"]},{"CIMType":"String","Description":"Automatic Account Management Target - Depends on AutomaticAccountManagementEnabled (0: Manage the built-in administrator account, 1: Manage a new custom administrator account)","Name":"AutomaticAccountManagementTarget","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Automatic Account Management Randomize Name - Depends on AutomaticAccountManagementEnabled (false: The name of the target account will not use a random numeric suffix., true: The name of the target account will use a random numeric suffix.)","Name":"AutomaticAccountManagementRandomizeName","Option":"Write","ValueMap":["true","false"],"Values":["true","false"]},{"CIMType":"String","Description":"Automatic Account Management Name Or Prefix - Depends on AutomaticAccountManagementEnabled","Name":"AutomaticAccountManagementNameOrPrefix","Option":"Write"},{"CIMType":"String","Description":"Automatic Account Management Enable Account - Depends on AutomaticAccountManagementEnabled (false: The target account will be disabled, true: The target account will be enabled)","Name":"AutomaticAccountManagementEnableAccount","Option":"Write","ValueMap":["true","false"],"Values":["true","false"]},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Intune Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Name of the Azure Active Directory tenant used for authentication. Format contoso.onmicrosoft.com","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures an Intune Account Protection Local Administrator Password Solution Policy."},{"ClassName":"MSFT_IntuneAccountProtectionLocalUserGroupMembershipPolicyAssignments","Parameters":[{"CIMType":"String","Description":"The type of the target assignment.","Name":"dataType","Option":"Required","ValueMap":["#microsoft.graph.groupAssignmentTarget","#microsoft.graph.allLicensedUsersAssignmentTarget","#microsoft.graph.allDevicesAssignmentTarget","#microsoft.graph.exclusionGroupAssignmentTarget","#microsoft.graph.configurationManagerCollectionAssignmentTarget"],"Values":["#microsoft.graph.groupAssignmentTarget","#microsoft.graph.allLicensedUsersAssignmentTarget","#microsoft.graph.allDevicesAssignmentTarget","#microsoft.graph.exclusionGroupAssignmentTarget","#microsoft.graph.configurationManagerCollectionAssignmentTarget"]},{"CIMType":"String","Description":"The type of filter of the target assignment i.e. Exclude or Include. Possible values are:none, include, exclude.","Name":"deviceAndAppManagementAssignmentFilterType","Option":"Write","ValueMap":["none","include","exclude"],"Values":["none","include","exclude"]},{"CIMType":"String","Description":"The Id of the filter for the target assignment.","Name":"deviceAndAppManagementAssignmentFilterId","Option":"Write"},{"CIMType":"String","Description":"The display name of the filter for the target assignment.","Name":"deviceAndAppManagementAssignmentFilterDisplayName","Option":"Write"},{"CIMType":"String","Description":"The group Id that is the target of the assignment.","Name":"groupId","Option":"Write"},{"CIMType":"String","Description":"The group Display Name that is the target of the assignment.","Name":"groupDisplayName","Option":"Write"},{"CIMType":"String","Description":"The collection Id that is the target of the assignment.(ConfigMgr)","Name":"collectionId","Option":"Write"}],"Description":"This resource configures a Intune Account Protection Local User Group Membership policy."},{"ClassName":"MSFT_MicrosoftGraphIntuneSettingsCatalogAccessGroup","Parameters":[{"CIMType":"String","Description":"The action to use for adding / removing members. Possible values: Add (AddUpdate), Remove (RemoveUpdate), Replace (AddRestrict). Add and Remove do not update unspecified members, whereas Replace will replace all members with the ones specified.","Name":"action","Option":"Write","ValueMap":["AddUpdate","RemoveUpdate","AddRestrict"],"Values":["AddUpdate","RemoveUpdate","AddRestrict"]},{"CIMType":"String[]","Description":"The local groups to add / remove the members to / from. List of the following values: `administrators`, `users`, `guests`, `powerusers`, `remotedesktopusers`, `remotemanagementusers`","Name":"desc","Option":"Write","ValueMap":["administrators","users","guests","powerusers","remotedesktopusers","remotemanagementusers"],"Values":["administrators","users","guests","powerusers","remotedesktopusers","remotemanagementusers"]},{"CIMType":"String[]","Description":"The members to add / remove to / from the group. For AzureAD Users, use the format `AzureAD\\\\<UserPrincipalName>`. For groups, use the security identifier (SID).","Name":"member","Option":"Write"},{"CIMType":"String","Description":"The type of the selection. Either users / groups from AzureAD, or by manual identifier.","Name":"userselectiontype","Option":"Write","ValueMap":["users","manual"],"Values":["users","manual"]}],"Description":"This resource configures a Intune Account Protection Local User Group Membership policy."},{"ClassName":"MSFT_IntuneAccountProtectionLocalUserGroupMembershipPolicy","Parameters":[{"CIMType":"String","Description":"Identity of the account protection policy.","Name":"Identity","Option":"Write"},{"CIMType":"String","Description":"Display name of the account protection rules policy.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"Description of the account protection rules policy.","Name":"Description","Option":"Write"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"MSFT_IntuneAccountProtectionLocalUserGroupMembershipPolicyAssignments[]","Description":"Assignments of the Intune Policy.","Name":"Assignments","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphIntuneSettingsCatalogAccessGroup[]","Description":"Local User Group Collections of the Intune Policy.","Name":"AccessGroup","Option":"Write"},{"CIMType":"string","Description":"Present ensures the site collection exists, absent ensures it is removed","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Intune Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Name of the Azure Active Directory tenant used for authentication. Format contoso.onmicrosoft.com","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures a Intune Account Protection Local User Group Membership policy."},{"ClassName":"MSFT_DeviceManagementConfigurationPolicyAssignments","Parameters":[{"CIMType":"String","Description":"The type of the target assignment.","Name":"dataType","Option":"Required","ValueMap":["#microsoft.graph.cloudPcManagementGroupAssignmentTarget","#microsoft.graph.groupAssignmentTarget","#microsoft.graph.allLicensedUsersAssignmentTarget","#microsoft.graph.allDevicesAssignmentTarget","#microsoft.graph.exclusionGroupAssignmentTarget","#microsoft.graph.configurationManagerCollectionAssignmentTarget"],"Values":["#microsoft.graph.cloudPcManagementGroupAssignmentTarget","#microsoft.graph.groupAssignmentTarget","#microsoft.graph.allLicensedUsersAssignmentTarget","#microsoft.graph.allDevicesAssignmentTarget","#microsoft.graph.exclusionGroupAssignmentTarget","#microsoft.graph.configurationManagerCollectionAssignmentTarget"]},{"CIMType":"String","Description":"The type of filter of the target assignment i.e. Exclude or Include. Possible values are:none, include, exclude.","Name":"deviceAndAppManagementAssignmentFilterType","Option":"Write","ValueMap":["none","include","exclude"],"Values":["none","include","exclude"]},{"CIMType":"String","Description":"The Id of the filter for the target assignment.","Name":"deviceAndAppManagementAssignmentFilterId","Option":"Write"},{"CIMType":"String","Description":"The display name of the filter for the target assignment.","Name":"deviceAndAppManagementAssignmentFilterDisplayName","Option":"Write"},{"CIMType":"String","Description":"The group Id that is the target of the assignment.","Name":"groupId","Option":"Write"},{"CIMType":"String","Description":"The group Display Name that is the target of the assignment.","Name":"groupDisplayName","Option":"Write"},{"CIMType":"String","Description":"The collection Id that is the target of the assignment.(ConfigMgr)","Name":"collectionId","Option":"Write"}],"Description":"Intune Account Protection Policy for Windows10"},{"ClassName":"MSFT_MicrosoftGraphIntuneSettingsCatalogDeviceSettings_IntuneAccountProtectionPolicyWindows10","Parameters":[{"CIMType":"String","Description":"Credential Guard (0: (Disabled) Turns off Credential Guard remotely if configured previously without UEFI Lock., 1: (Enabled with UEFI lock) Turns on Credential Guard with UEFI lock., 2: (Enabled without lock) Turns on Credential Guard without UEFI lock.)","Name":"LsaCfgFlags","Option":"Write","ValueMap":["0","1","2"],"Values":["0","1","2"]},{"CIMType":"String","Description":"Facial Features Use Enhanced Anti Spoofing (false: Disabled, true: Enabled)","Name":"FacialFeaturesUseEnhancedAntiSpoofing","Option":"Write","ValueMap":["false","true"],"Values":["false","true"]},{"CIMType":"String","Description":"Enable Pin Recovery (false: Disabled, true: Enabled)","Name":"EnablePinRecovery","Option":"Write","ValueMap":["false","true"],"Values":["false","true"]},{"CIMType":"SInt32","Description":"Expiration","Name":"Expiration","Option":"Write"},{"CIMType":"SInt32","Description":"PIN History","Name":"History","Option":"Write"},{"CIMType":"String","Description":"Lowercase Letters (0: Allows the use of lowercase letters in PIN., 1: Requires the use of at least one lowercase letters in PIN., 2: Does not allow the use of lowercase letters in PIN.)","Name":"LowercaseLetters","Option":"Write","ValueMap":["0","1","2"],"Values":["0","1","2"]},{"CIMType":"SInt32","Description":"Maximum PIN Length","Name":"MaximumPINLength","Option":"Write"},{"CIMType":"SInt32","Description":"Minimum PIN Length","Name":"MinimumPINLength","Option":"Write"},{"CIMType":"String","Description":"Special Characters (0: Allows the use of special characters in PIN., 1: Requires the use of at least one special characters in PIN., 2: Does not allow the use of special characters in PIN.)","Name":"SpecialCharacters","Option":"Write","ValueMap":["0","1","2"],"Values":["0","1","2"]},{"CIMType":"String","Description":"Uppercase Letters (0: Allows the use of uppercase letters in PIN., 1: Requires the use of at least one uppercase letters in PIN., 2: Does not allow the use of uppercase letters in PIN.)","Name":"UppercaseLetters","Option":"Write","ValueMap":["0","1","2"],"Values":["0","1","2"]},{"CIMType":"String","Description":"Require Security Device (false: Disabled, true: Enabled)","Name":"RequireSecurityDevice","Option":"Write","ValueMap":["false","true"],"Values":["false","true"]},{"CIMType":"String","Description":"Use Certificate For On Prem Auth (false: Disabled, true: Enabled)","Name":"UseCertificateForOnPremAuth","Option":"Write","ValueMap":["false","true"],"Values":["false","true"]},{"CIMType":"String","Description":"Use Windows Hello For Business (Device) (false: Disabled, true: Enabled)","Name":"UsePassportForWork","Option":"Write","ValueMap":["false","true"],"Values":["false","true"]}],"Description":"Intune Account Protection Policy for Windows10"},{"ClassName":"MSFT_MicrosoftGraphIntuneSettingsCatalogUserSettings_IntuneAccountProtectionPolicyWindows10","Parameters":[{"CIMType":"String","Description":"Enable Pin Recovery (User) (false: Disabled, true: Enabled)","Name":"EnablePinRecovery","Option":"Write","ValueMap":["false","true"],"Values":["false","true"]},{"CIMType":"SInt32","Description":"Expiration (User)","Name":"Expiration","Option":"Write"},{"CIMType":"SInt32","Description":"PIN History (User)","Name":"History","Option":"Write"},{"CIMType":"String","Description":"Lowercase Letters (User) (0: Allows the use of lowercase letters in PIN., 1: Requires the use of at least one lowercase letters in PIN., 2: Does not allow the use of lowercase letters in PIN.)","Name":"LowercaseLetters","Option":"Write","ValueMap":["0","1","2"],"Values":["0","1","2"]},{"CIMType":"SInt32","Description":"Maximum PIN Length (User)","Name":"MaximumPINLength","Option":"Write"},{"CIMType":"SInt32","Description":"Minimum PIN Length (User)","Name":"MinimumPINLength","Option":"Write"},{"CIMType":"String","Description":"Special Characters (User) (0: Allows the use of special characters in PIN., 1: Requires the use of at least one special characters in PIN., 2: Does not allow the use of special characters in PIN.)","Name":"SpecialCharacters","Option":"Write","ValueMap":["0","1","2"],"Values":["0","1","2"]},{"CIMType":"String","Description":"Uppercase Letters (User) (0: Allows the use of uppercase letters in PIN., 1: Requires the use of at least one uppercase letters in PIN., 2: Does not allow the use of uppercase letters in PIN.)","Name":"UppercaseLetters","Option":"Write","ValueMap":["0","1","2"],"Values":["0","1","2"]},{"CIMType":"String","Description":"Require Security Device (User) (false: Disabled, true: Enabled)","Name":"RequireSecurityDevice","Option":"Write","ValueMap":["false","true"],"Values":["false","true"]},{"CIMType":"String","Description":"Use Windows Hello For Business (User) (false: Disabled, true: Enabled)","Name":"UsePassportForWork","Option":"Write","ValueMap":["false","true"],"Values":["false","true"]}],"Description":"Intune Account Protection Policy for Windows10"},{"ClassName":"MSFT_IntuneAccountProtectionPolicyWindows10","Parameters":[{"CIMType":"String","Description":"Policy description","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Policy name","Name":"DisplayName","Option":"Key"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphIntuneSettingsCatalogDeviceSettings_IntuneAccountProtectionPolicyWindows10","Description":"The policy settings for the device scope.","Name":"DeviceSettings","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphIntuneSettingsCatalogUserSettings_IntuneAccountProtectionPolicyWindows10","Description":"The policy settings for the user scope","Name":"UserSettings","Option":"Write"},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Account Protection Policy for Windows10"},{"ClassName":"MSFT_IntuneAlertRuleNotificationChannelReceiver","Parameters":[{"CIMType":"String","Description":"The email address of the receiver.","Name":"ContactInformation","Option":"Key"},{"CIMType":"String","Description":"The locale of the email.","Name":"Locale","Option":"Write","ValueMap":["en-us","cs-cz","de-de","es-es","fr-fr","hu-hu","it-it","ja-jp","ko-kr","nl-nl","pl-pl","pt-br","pt-pt","ru-ru","sv-se","tr-tr","zh-cn","zh-tw"],"Values":["en-us","cs-cz","de-de","es-es","fr-fr","hu-hu","it-it","ja-jp","ko-kr","nl-nl","pl-pl","pt-br","pt-pt","ru-ru","sv-se","tr-tr","zh-cn","zh-tw"]}],"Description":"Intune Alert Rule Windows365"},{"ClassName":"MSFT_IntuneAlertRuleNotificationChannel","Parameters":[{"CIMType":"String","Description":"The notification channel type.","Name":"NotificationChannelType","Option":"Key","ValueMap":["portal","email"],"Values":["portal","email"]},{"CIMType":"MSFT_IntuneAlertRuleNotificationChannelReceiver[]","Description":"The receivers of the notification. Only applicable if the NotificationChannelType is 'email'.","Name":"NotificationReceivers","Option":"Write"}],"Description":"Intune Alert Rule Windows365"},{"ClassName":"MSFT_IntuneAlertRuleCondition","Parameters":[{"CIMType":"String","Description":"The built-in aggregation method for the rule condition. The possible values are: count, percentage, affectedCloudPcCount, affectedCloudPcPercentage, durationInMinutes.","Name":"Aggregation","Option":"Write","ValueMap":["count","percentage","affectedCloudPcCount","affectedCloudPcPercentage","durationInMinutes"],"Values":["count","percentage","affectedCloudPcCount","affectedCloudPcPercentage","durationInMinutes"]},{"CIMType":"String","Description":"The property that the rule condition monitors. Possible values are: provisionFailures, imageUploadFailures, azureNetworkConnectionCheckFailures, cloudPcInGracePeriod, frontlineInsufficientLicenses, cloudPcConnectionErrors, cloudPcHostHealthCheckFailures, cloudPcZoneOutage, unknownFutureValue, frontlineBufferUsageDuration, frontlineBufferUsageThreshold, cloudPcUserSettingsPersistenceUsageThreshold, cloudPcDeprovisionedThreshold, cloudPcReserveDeprovisionFailedThreshold.","Name":"ConditionCategory","Option":"Key","ValueMap":["provisionFailures","imageUploadFailures","azureNetworkConnectionCheckFailures","cloudPcInGracePeriod","frontlineInsufficientLicenses","cloudPcConnectionErrors","cloudPcHostHealthCheckFailures","cloudPcZoneOutage","unknownFutureValue","frontlineBufferUsageDuration","frontlineBufferUsageThreshold","cloudPcUserSettingsPersistenceUsageThreshold","cloudPcDeprovisionedThreshold","cloudPcReserveDeprovisionFailedThreshold"],"Values":["provisionFailures","imageUploadFailures","azureNetworkConnectionCheckFailures","cloudPcInGracePeriod","frontlineInsufficientLicenses","cloudPcConnectionErrors","cloudPcHostHealthCheckFailures","cloudPcZoneOutage","unknownFutureValue","frontlineBufferUsageDuration","frontlineBufferUsageThreshold","cloudPcUserSettingsPersistenceUsageThreshold","cloudPcDeprovisionedThreshold","cloudPcReserveDeprovisionFailedThreshold"]},{"CIMType":"String","Description":"The built-in operator for the rule condition. The possible values are: greaterOrEqual, equal, greater, less, lessOrEqual, notEqual.","Name":"Operator","Option":"Write","ValueMap":["greaterOrEqual","greater","equal","less","lessOrEqual"],"Values":["greaterOrEqual","greater","equal","less","lessOrEqual"]},{"CIMType":"String","Description":"The relationship type. Possible values are: and, or.","Name":"RelationshipType","Option":"Write","ValueMap":["and","or"],"Values":["and","or"]},{"CIMType":"String","Description":"The threshold value of the alert condition. The threshold value can be a number in string form or string like 'WestUS'.","Name":"ThresholdValue","Option":"Write"}],"Description":"Intune Alert Rule Windows365"},{"ClassName":"MSFT_IntuneAlertRuleWindows365","Parameters":[{"CIMType":"String","Description":"The rule template of the alert event. The possible values are: cloudPcProvisionScenario, cloudPcImageUploadScenario, cloudPcOnPremiseNetworkConnectionCheckScenario, cloudPcInGracePeriodScenario, cloudPcFrontlineInsufficientLicensesScenario, cloudPcInaccessibleScenario, cloudPcFrontlineConcurrencyScenario, cloudPcUserSettingsPersistenceScenario, cloudPcDeprovisionFailedScenario.","Name":"AlertRuleTemplate","Option":"Key","ValueMap":["cloudPcProvisionScenario","cloudPcImageUploadScenario","cloudPcOnPremiseNetworkConnectionCheckScenario","cloudPcInGracePeriodScenario","cloudPcFrontlineInsufficientLicensesScenario","cloudPcInaccessibleScenario","cloudPcFrontlineConcurrencyScenario","cloudPcUserSettingsPersistenceScenario","cloudPcDeprovisionFailedScenario"],"Values":["cloudPcProvisionScenario","cloudPcImageUploadScenario","cloudPcOnPremiseNetworkConnectionCheckScenario","cloudPcInGracePeriodScenario","cloudPcFrontlineInsufficientLicensesScenario","cloudPcInaccessibleScenario","cloudPcFrontlineConcurrencyScenario","cloudPcUserSettingsPersistenceScenario","cloudPcDeprovisionFailedScenario"]},{"CIMType":"MSFT_IntuneAlertRuleCondition[]","Description":"The conditions that determine when to send alerts. For example, you can configure a condition to send an alert when provisioning fails for six or more Cloud PCs.","Name":"Conditions","Option":"Write"},{"CIMType":"Boolean","Description":"The status of the rule that indicates whether the rule is enabled or disabled. If true, the rule is enabled otherwise, the rule is disabled.","Name":"Enabled","Option":"Write"},{"CIMType":"MSFT_IntuneAlertRuleNotificationChannel[]","Description":"The notification channels of the rule selected by the user.","Name":"NotificationChannels","Option":"Write"},{"CIMType":"String","Description":"The severity of the rule. The possible values are: informational, warning, critical.","Name":"Severity","Option":"Write","ValueMap":["Critical","Warning","Informational"],"Values":["Critical","Warning","Informational"]},{"CIMType":"string","Description":"Present ensures the rule exists. Alert rules for Windows365 cannot be removed.","Name":"Ensure","Option":"Write","ValueMap":["Present"],"Values":["Present"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Alert Rule Windows365"},{"ClassName":"MSFT_androidPermissionAction","Parameters":[{"CIMType":"String","Description":"Android permission string, defined in the official Android documentation. Example 'android.permission.READ_CONTACTS'.","Name":"permission","Option":"Key"},{"CIMType":"String","Description":"Type of Android permission action. Possible values are: prompt, autoGrant, autoDeny.","Name":"action","Option":"Required","ValueMap":["prompt","autoGrant","autoDeny"],"Values":["prompt","autoGrant","autoDeny"]}],"Description":"This resource configures an Intune Android Managed Store Application Configuration Policy."},{"ClassName":"MSFT_IntuneAndroidManagedStoreAppConfiguration","Parameters":[{"CIMType":"String","Description":"Id of the Intune policy.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"Display name of the Intune policy.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"Admin provided description of the Device Configuration. Inherited from managedDeviceMobileAppConfiguration","Name":"Description","Option":"Write"},{"CIMType":"String[]","Description":"the associated app. Inherited from managedDeviceMobileAppConfiguration","Name":"targetedMobileApps","Option":"Write"},{"CIMType":"String","Description":"Android Enterprise app configuration package id.","Name":"packageId","Option":"Write"},{"CIMType":"String","Description":"Android Enterprise app configuration JSON payload.","Name":"payloadJson","Option":"Write"},{"CIMType":"MSFT_androidPermissionAction[]","Description":"List of Android app permissions and corresponding permission actions.","Name":"permissionActions","Option":"Write"},{"CIMType":"Boolean","Description":"Whether or not this AppConfig is an OEMConfig policy. This property is read-only.","Name":"appSupportsOemConfig","Option":"Write"},{"CIMType":"string","Description":"Android Enterprise profile applicability (AndroidWorkProfile, DeviceOwner, or default (applies to both)). Possible values are: default, androidWorkProfile, androidDeviceOwner.","Name":"profileApplicability","Option":"Write","ValueMap":["default","androidWorkProfile","androidDeviceOwner"],"Values":["default","androidWorkProfile","androidDeviceOwner"]},{"CIMType":"Boolean","Description":"Setting to specify whether to allow ConnectedApps experience for this app.","Name":"connectedAppsEnabled","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Credentials of the Intune Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures an Intune Android Managed Store Application Configuration Policy."},{"ClassName":"MSFT_MicrosoftGraphIntuneSettingsCatalogExclusions","Parameters":[{"CIMType":"String","Description":"Type - Depends on exclusions (excludedPath: Path, excludedFileExtension: File extension, excludedFileName: Process name)","Name":"exclusions_item_type","Option":"Key","ValueMap":["excludedPath","excludedFileExtension","excludedFileName"],"Values":["excludedPath","excludedFileExtension","excludedFileName"]},{"CIMType":"String","Description":"File extension - Depends on exclusions_item_type=excludedFileExtension","Name":"exclusions_item_extension","Option":"Write"},{"CIMType":"String","Description":"File name - exclusions_item_type=excludedFileName","Name":"exclusions_item_name","Option":"Write"},{"CIMType":"String","Description":"Path - exclusions_item_type=excludedPath","Name":"exclusions_item_path","Option":"Write"},{"CIMType":"String","Description":"Is directory (false: Disabled, true: Enabled) - Depends on exclusions_item_type=excludedPath","Name":"exclusions_item_isDirectory","Option":"Write","ValueMap":["false","true"],"Values":["false","true"]}],"Description":"Intune Antivirus Exclusions Policy Linux"},{"ClassName":"MSFT_IntuneAntivirusExclusionsPolicyLinux","Parameters":[{"CIMType":"String","Description":"Policy description","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Policy name","Name":"DisplayName","Option":"Key"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphIntuneSettingsCatalogexclusions[]","Description":"Scan exclusions","Name":"Exclusions","Option":"Write"},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Antivirus Exclusions Policy Linux"},{"ClassName":"MSFT_IntuneAntivirusExclusionsPolicyMacOS","Parameters":[{"CIMType":"String","Description":"Policy description","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Policy name","Name":"DisplayName","Option":"Key"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphIntuneSettingsCatalogexclusions[]","Description":"Scan exclusions","Name":"Exclusions","Option":"Write"},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Antivirus Exclusions Policy for macOS"},{"ClassName":"MSFT_MicrosoftGraphIntuneSettingsCatalogthreatTypeSettings","Parameters":[{"CIMType":"String","Description":"Threat type - Depends on threatTypeSettings (potentially_unwanted_application, archive_bomb)","Name":"threatTypeSettings_item_key","Option":"Key","ValueMap":["potentially_unwanted_application","archive_bomb"],"Values":["potentially_unwanted_application","archive_bomb"]},{"CIMType":"String","Description":"Action to take - Depends on threatTypeSettings (audit, block, off)","Name":"threatTypeSettings_item_value","Option":"Write","ValueMap":["audit","block","off"],"Values":["audit","block","off"]}],"Description":"Intune Antivirus Policy for Linux"},{"ClassName":"MSFT_IntuneAntivirusPolicyLinux","Parameters":[{"CIMType":"String","Description":"Policy description","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Policy name","Name":"DisplayName","Option":"Key"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"Enable cloud delivered protection (false: Disabled, true: Enabled)","Name":"enabled","Option":"Write","ValueMap":["false","true"],"Values":["false","true"]},{"CIMType":"String","Description":"Enable automatic sample submissions (none: None, safe: Safe, all: All)","Name":"automaticSampleSubmissionConsent","Option":"Write","ValueMap":["none","safe","all"],"Values":["none","safe","all"]},{"CIMType":"String","Description":"Diagnostic data collection level (0: optional, 1: required)","Name":"diagnosticLevel","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Automatic security intelligence updates (false: Disabled, true: Enabled)","Name":"automaticDefinitionUpdateEnabled","Option":"Write","ValueMap":["false","true"],"Values":["false","true"]},{"CIMType":"String","Description":"Enable real-time protection (deprecated) (false: Disabled, true: Enabled)","Name":"enableRealTimeProtection","Option":"Write","ValueMap":["false","true"],"Values":["false","true"]},{"CIMType":"String","Description":"Enable passive mode (deprecated) (false: Disabled, true: Enabled)","Name":"passiveMode","Option":"Write","ValueMap":["false","true"],"Values":["false","true"]},{"CIMType":"SInt32","Description":"Scan history size","Name":"scanHistoryMaximumItems","Option":"Write"},{"CIMType":"SInt32","Description":"Scan results retention","Name":"scanResultsRetentionDays","Option":"Write"},{"CIMType":"String","Description":"Exclusions merge (0: merge, 1: admin_only)","Name":"exclusionsMergePolicy","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"MSFT_MicrosoftGraphIntuneSettingsCatalogExclusions[]","Description":"Scan exclusions","Name":"exclusions","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphIntuneSettingsCatalogthreatTypeSettings[]","Description":"Threat type settings","Name":"threatTypeSettings","Option":"Write"},{"CIMType":"String","Description":"Threat type settings merge (0: merge, 1: admin_only)","Name":"threatTypeSettingsMergePolicy","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String[]","Description":"Allowed threats","Name":"allowedThreats","Option":"Write"},{"CIMType":"String[]","Description":"Disallowed threat actions","Name":"disallowedThreatActions","Option":"Write"},{"CIMType":"String","Description":"Enable scanning of archives (false: Disabled, true: Enabled)","Name":"scanArchives","Option":"Write","ValueMap":["false","true"],"Values":["false","true"]},{"CIMType":"String","Description":"Enable scanning after definition update (false: Disabled, true: Enabled)","Name":"scanAfterDefinitionUpdate","Option":"Write","ValueMap":["false","true"],"Values":["false","true"]},{"CIMType":"String","Description":"Enable file hash computation (false: Disabled, true: Enabled)","Name":"enableFileHashComputation","Option":"Write","ValueMap":["false","true"],"Values":["false","true"]},{"CIMType":"String","Description":"Enable behavior monitoring (0: Disabled, 1: Enabled)","Name":"behaviorMonitoring","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Configure cloud block level (normal: Normal, moderate: Moderate, high: High, plus: High_Plus, tolerance: Zero_Tolerance)","Name":"cloudBlockLevel","Option":"Write","ValueMap":["normal","moderate","high","plus","tolerance"],"Values":["normal","moderate","high","plus","tolerance"]},{"CIMType":"SInt32","Description":"maximum on demand scan threads","Name":"maximumOnDemandScanThreads","Option":"Write"},{"CIMType":"String","Description":"Enforcement Level (0: disabled, 1: audit, 2: block)","Name":"networkprotection_enforcementLevel","Option":"Write","ValueMap":["0","1","2"],"Values":["0","1","2"]},{"CIMType":"String[]","Description":"Unmonitored Filesystems","Name":"unmonitoredFilesystems","Option":"Write"},{"CIMType":"String","Description":"non execute mount mute (0: unmute, 1: mute)","Name":"nonExecMountPolicy","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Enforcement Level (0: Realtime, 1: OnDemand, 2: Passive)","Name":"antivirusengine_enforcementLevel","Option":"Write","ValueMap":["0","1","2"],"Values":["0","1","2"]},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Antivirus Policy for Linux"},{"ClassName":"MSFT_IntuneAntivirusPolicyMacOS","Parameters":[{"CIMType":"String","Description":"Policy description","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Policy name","Name":"DisplayName","Option":"Key"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"Enable / disable cloud delivered protection (false: Disabled, true: Enabled)","Name":"enabled","Option":"Write","ValueMap":["false","true"],"Values":["false","true"]},{"CIMType":"String","Description":"Enable / disable automatic sample submissions (false: Disabled, true: Enabled)","Name":"automaticSampleSubmission","Option":"Write","ValueMap":["false","true"],"Values":["false","true"]},{"CIMType":"String","Description":"Diagnostic collection level (0: optional, 1: required)","Name":"diagnosticLevel","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Automatic security intelligence updates (false: Disabled, true: Enabled)","Name":"automaticDefinitionUpdateEnabled","Option":"Write","ValueMap":["false","true"],"Values":["false","true"]},{"CIMType":"String","Description":"Enable real-time protection (deprecated) (false: Disabled, true: Enabled)","Name":"enableRealTimeProtection","Option":"Write","ValueMap":["false","true"],"Values":["false","true"]},{"CIMType":"String","Description":"Enable passive mode (deprecated) (false: Disabled, true: Enabled)","Name":"passiveMode","Option":"Write","ValueMap":["false","true"],"Values":["false","true"]},{"CIMType":"SInt32","Description":"Scan history size","Name":"scanHistoryMaximumItems","Option":"Write"},{"CIMType":"SInt32","Description":"Scan results retention","Name":"scanResultsRetentionDays","Option":"Write"},{"CIMType":"String","Description":"Exclusions merge (0: merge, 1: admin_only)","Name":"exclusionsMergePolicy","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"MSFT_MicrosoftGraphIntuneSettingsCatalogexclusions[]","Description":"Scan exclusions","Name":"exclusions","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphIntuneSettingsCatalogthreatTypeSettings[]","Description":"Threat type settings","Name":"threatTypeSettings","Option":"Write"},{"CIMType":"String","Description":"Threat type settings merge (0: merge, 1: admin_only)","Name":"threatTypeSettingsMergePolicy","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String[]","Description":"Allowed threats","Name":"allowedThreats","Option":"Write"},{"CIMType":"String[]","Description":"Disallowed threat actions","Name":"disallowedThreatActions","Option":"Write"},{"CIMType":"SInt32","Description":"Degree of parallelism for on-demand scans","Name":"maximumOnDemandScanThreads","Option":"Write"},{"CIMType":"String","Description":"Enable file hash computation (false: Disabled, true: Enabled)","Name":"enableFileHashComputation","Option":"Write","ValueMap":["false","true"],"Values":["false","true"]},{"CIMType":"String","Description":"Run a scan after definitions are updated (false: Disabled, true: Enabled)","Name":"scanAfterDefinitionUpdate","Option":"Write","ValueMap":["false","true"],"Values":["false","true"]},{"CIMType":"String","Description":"Scanning inside archive files (false: Disabled, true: Enabled)","Name":"scanArchives","Option":"Write","ValueMap":["false","true"],"Values":["false","true"]},{"CIMType":"String","Description":"Enforcement level (0: disabled, 1: audit, 2: block)","Name":"enforcementLevel","Option":"Write","ValueMap":["0","1","2"],"Values":["0","1","2"]},{"CIMType":"String","Description":"Enforcement level (0: disabled, 1: audit, 2: block)","Name":"enforcementLevel_tamperProtection","Option":"Write","ValueMap":["0","1","2"],"Values":["0","1","2"]},{"CIMType":"String","Description":"Control sign-in to consumer version (0: enabled, 1: disabled)","Name":"consumerExperience","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Show / hide status menu icon (false: Disabled, true: Enabled)","Name":"hideStatusMenuIcon","Option":"Write","ValueMap":["false","true"],"Values":["false","true"]},{"CIMType":"String","Description":"User initiated feedback (0: enabled, 1: disabled)","Name":"userInitiatedFeedback","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Enforcement level (0: passive, 1: on_demand, 2: real_time)","Name":"antivirusengine_enforcementLevel","Option":"Write","ValueMap":["0","1","2"],"Values":["0","1","2"]},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Antivirus Policy for macOS"},{"ClassName":"MSFT_IntuneAntivirusPolicySecurityExperienceWindows10ConfigMgr","Parameters":[{"CIMType":"String","Description":"Policy description","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Policy name","Name":"DisplayName","Option":"Key"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"SInt32","Description":"Disable Account Protection UI (0: (Disable) The users can see the display of the Account protection area in Windows Defender Security Center., 1: (Enable) The users cannot see the display of the Account protection area in Windows Defender Security Center.)","Name":"DisableAccountProtectionUI","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Disable App Browser UI (0: (Disable) The users can see the display of the app and browser protection area in Windows Defender Security Center., 1: (Enable) The users cannot see the display of the app and browser protection area in Windows Defender Security Center.)","Name":"DisableAppBrowserUI","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Disable Clear Tpm Button (0: (Disabled or not configured) The security processor troubleshooting page shows a button that initiates the process to clear the security processor (TPM)., 1: (Enabled) The security processor troubleshooting page will not show a button to initiate the process to clear the security processor (TPM))","Name":"DisableClearTpmButton","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Disable Device Security UI (0: (Disable) The users can see the display of the Device security area in Windows Defender Security Center., 1: (Enable) The users cannot see the display of the Device security area in Windows Defender Security Center.)","Name":"DisableDeviceSecurityUI","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Disable Family UI (0: (Disable) The users can see the display of the family options area in Windows Defender Security Center., 1: (Enable) The users cannot see the display of the family options area in Windows Defender Security Center.)","Name":"DisableFamilyUI","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Disable Health UI (0: (Disable) The users can see the display of the device performance and health area in Windows Defender Security Center., 1: (Enable) The users cannot see the display of the device performance and health area in Windows Defender Security Center.)","Name":"DisableHealthUI","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Disable Network UI (0: (Disable) The users can see the display of the firewall and network protection area in Windows Defender Security Center., 1: (Enable) The users cannot see the display of the firewall and network protection area in Windows Defender Security Center.)","Name":"DisableNetworkUI","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Disable Notifications (0: (Disable) The users can see the display of Windows Defender Security Center notifications., 1: (Enable) The users cannot see the display of Windows Defender Security Center notifications.)","Name":"DisableNotifications","Option":"Write"},{"CIMType":"SInt32","Description":"Disable Enhanced Notifications (0: (Disable) Windows Defender Security Center will display critical and non-critical notifications to users.., 1: (Enable) Windows Defender Security Center only display notifications which are considered critical on clients.)","Name":"DisableEnhancedNotifications","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Disable Tpm Firmware Update Warning (0: (Disable or Not configured) A warning will be displayed if the firmware of the security processor (TPM) should be updated for TPMs that have a vulnerability., 1: (Enabled) No warning will be displayed if the firmware of the security processor (TPM) should be updated.)","Name":"DisableTpmFirmwareUpdateWarning","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Disable Virus UI (0: (Disable) The users can see the display of the virus and threat protection area in Windows Defender Security Center., 1: (Enable) The users cannot see the display of the virus and threat protection area in Windows Defender Security Center.)","Name":"DisableVirusUI","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Hide Ransomware Data Recovery (0: (Disable or not configured) The Ransomware data recovery area will be visible., 1: (Enable) The Ransomware data recovery area is hidden.)","Name":"HideRansomwareDataRecovery","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Hide Windows Security Notification Area Control (0: , 1: Enabled)","Name":"HideWindowsSecurityNotificationAreaControl","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"String","Description":"Company Name","Name":"CompanyName","Option":"Write"},{"CIMType":"String","Description":"Email","Name":"Email","Option":"Write"},{"CIMType":"String","Description":"Phone","Name":"Phone","Option":"Write"},{"CIMType":"String","Description":"URL","Name":"URL","Option":"Write"},{"CIMType":"String","Description":"TamperProtection (Device) (1: Offboarding, 0: Onboarding)","Name":"TamperProtection","Option":"Write","ValueMap":["1","0"],"Values":["1","0"]},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Antivirus Policy Security Experience for Windows10 Config Mgr"},{"ClassName":"MSFT_IntuneAntivirusPolicyWindows10ConfigMgr","Parameters":[{"CIMType":"String","Description":"Policy description","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Policy name","Name":"DisplayName","Option":"Key"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"SInt32","Description":"Allow Archive Scanning (0: Not allowed. Turns off scanning on archived files., 1: Allowed. Scans the archive files.)","Name":"AllowArchiveScanning","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow Behavior Monitoring (0: Not allowed. Turns off behavior monitoring., 1: Allowed. Turns on real-time behavior monitoring.)","Name":"AllowBehaviorMonitoring","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow Cloud Protection (0: Not allowed. Turns off the Microsoft Active Protection Service., 1: Allowed. Turns on the Microsoft Active Protection Service.)","Name":"AllowCloudProtection","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow Email Scanning (0: Not allowed. Turns off email scanning., 1: Allowed. Turns on email scanning.)","Name":"AllowEmailScanning","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow Full Scan On Mapped Network Drives (0: Not allowed. Disables scanning on mapped network drives., 1: Allowed. Scans mapped network drives.)","Name":"AllowFullScanOnMappedNetworkDrives","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow Full Scan Removable Drive Scanning (0: Not allowed. Turns off scanning on removable drives., 1: Allowed. Scans removable drives.)","Name":"AllowFullScanRemovableDriveScanning","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"[Deprecated] Allow Intrusion Prevention System (0: Not allowed., 1: Allowed.)","Name":"AllowIntrusionPreventionSystem","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow scanning of all downloaded files and attachments (0: Not allowed., 1: Allowed.)","Name":"AllowIOAVProtection","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow Realtime Monitoring (0: Not allowed. Turns off the real-time monitoring service., 1: Allowed. Turns on and runs the real-time monitoring service.)","Name":"AllowRealtimeMonitoring","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow Scanning Network Files (0: Not allowed. Turns off scanning of network files., 1: Allowed. Scans network files.)","Name":"AllowScanningNetworkFiles","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow Script Scanning (0: Not allowed., 1: Allowed.)","Name":"AllowScriptScanning","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow User UI Access (0: Not allowed. Prevents users from accessing UI., 1: Allowed. Lets users access UI.)","Name":"AllowUserUIAccess","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Avg CPU Load Factor","Name":"AvgCPULoadFactor","Option":"Write"},{"CIMType":"SInt32","Description":"Check For Signatures Before Running Scan (0: Disabled, 1: Enabled)","Name":"CheckForSignaturesBeforeRunningScan","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Cloud Block Level (0: NotConfigured, 2: High, 4: HighPlus, 6: ZeroTolerance)","Name":"CloudBlockLevel","Option":"Write","ValueMap":[0,2,4,6],"Values":[0,2,4,6]},{"CIMType":"SInt32","Description":"Cloud Extended Timeout","Name":"CloudExtendedTimeout","Option":"Write"},{"CIMType":"SInt32","Description":"Days To Retain Cleaned Malware","Name":"DaysToRetainCleanedMalware","Option":"Write"},{"CIMType":"SInt32","Description":"Disable Catchup Full Scan (0: Enabled, 1: Disabled)","Name":"DisableCatchupFullScan","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Disable Catchup Quick Scan (0: Enabled, 1: Disabled)","Name":"DisableCatchupQuickScan","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Enable Low CPU Priority (0: Disabled, 1: Enabled)","Name":"EnableLowCPUPriority","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"String[]","Description":"Excluded Extensions","Name":"ExcludedExtensions","Option":"Write"},{"CIMType":"String[]","Description":"Excluded Paths","Name":"ExcludedPaths","Option":"Write"},{"CIMType":"String[]","Description":"Excluded Processes","Name":"ExcludedProcesses","Option":"Write"},{"CIMType":"SInt32","Description":"PUA Protection (0: PUA Protection off. Windows Defender will not protect against potentially unwanted applications., 1: PUA Protection on. Detected items are blocked. They will show in history along with other threats., 2: Audit mode. Windows Defender will detect potentially unwanted applications, but take no action. You can review information about the applications Windows Defender would have taken action against by searching for events created by Windows Defender in the Event Viewer.)","Name":"PUAProtection","Option":"Write","ValueMap":[0,1,2],"Values":[0,1,2]},{"CIMType":"SInt32","Description":"Real Time Scan Direction (0: Monitor all files (bi-directional)., 1: Monitor incoming files., 2: Monitor outgoing files.)","Name":"RealTimeScanDirection","Option":"Write","ValueMap":[0,1,2],"Values":[0,1,2]},{"CIMType":"SInt32","Description":"Scan Parameter (1: Quick scan, 2: Full scan)","Name":"ScanParameter","Option":"Write","ValueMap":[1,2],"Values":[1,2]},{"CIMType":"SInt32","Description":"Schedule Quick Scan Time","Name":"ScheduleQuickScanTime","Option":"Write"},{"CIMType":"SInt32","Description":"Schedule Scan Day (0: Every day, 1: Sunday, 2: Monday, 3: Tuesday, 4: Wednesday, 5: Thursday, 6: Friday, 7: Saturday, 8: No scheduled scan)","Name":"ScheduleScanDay","Option":"Write","ValueMap":[0,1,2,3,4,5,6,7,8],"Values":[0,1,2,3,4,5,6,7,8]},{"CIMType":"SInt32","Description":"Schedule Scan Time","Name":"ScheduleScanTime","Option":"Write"},{"CIMType":"String[]","Description":"Signature Update Fallback Order","Name":"SignatureUpdateFallbackOrder","Option":"Write"},{"CIMType":"String[]","Description":"Signature Update File Shares Sources","Name":"SignatureUpdateFileSharesSources","Option":"Write"},{"CIMType":"SInt32","Description":"Signature Update Interval","Name":"SignatureUpdateInterval","Option":"Write"},{"CIMType":"SInt32","Description":"Submit Samples Consent (0: Always prompt., 1: Send safe samples automatically., 2: Never send., 3: Send all samples automatically.)","Name":"SubmitSamplesConsent","Option":"Write","ValueMap":[0,1,2,3],"Values":[0,1,2,3]},{"CIMType":"SInt32","Description":"Allow On Access Protection (0: Not allowed., 1: Allowed.)","Name":"AllowOnAccessProtection","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"String","Description":"Remediation action for High severity threats - Depends on ThreatSeverityDefaultAction (clean: Clean, quarantine: Quarantine, remove: Remove, allow: Allow, userdefined: UserDefined, block: Block)","Name":"HighSeverityThreatDefaultAction","Option":"Write","ValueMap":["clean","quarantine","remove","allow","userdefined","block"],"Values":["clean","quarantine","remove","allow","userdefined","block"]},{"CIMType":"String","Description":"Remediation action for Severe threats - Depends on ThreatSeverityDefaultAction (clean: Clean, quarantine: Quarantine, remove: Remove, allow: Allow, userdefined: UserDefined, block: Block)","Name":"SevereThreatDefaultAction","Option":"Write","ValueMap":["clean","quarantine","remove","allow","userdefined","block"],"Values":["clean","quarantine","remove","allow","userdefined","block"]},{"CIMType":"String","Description":"Remediation action for Low severity threats - Depends on ThreatSeverityDefaultAction (clean: Clean, quarantine: Quarantine, remove: Remove, allow: Allow, userdefined: UserDefined, block: Block)","Name":"LowSeverityThreatDefaultAction","Option":"Write","ValueMap":["clean","quarantine","remove","allow","userdefined","block"],"Values":["clean","quarantine","remove","allow","userdefined","block"]},{"CIMType":"String","Description":"Remediation action for Moderate severity threats - Depends on ThreatSeverityDefaultAction (clean: Clean, quarantine: Quarantine, remove: Remove, allow: Allow, userdefined: UserDefined, block: Block)","Name":"ModerateSeverityThreatDefaultAction","Option":"Write","ValueMap":["clean","quarantine","remove","allow","userdefined","block"],"Values":["clean","quarantine","remove","allow","userdefined","block"]},{"CIMType":"SInt32","Description":"Allow users to view the full History results (0: No, 1: Yes)","Name":"DisablePrivacyMode","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Create a system restore point before computers are cleaned. (0: No, 1: Yes)","Name":"DisableRestorePoint","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Randomize scheduled scan and security intelligence update start times. (0: No, 1: Yes)","Name":"RandomizeScheduleTaskTimes","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"String","Description":"Security Intelligence Location","Name":"SecurityIntelligenceLocation","Option":"Write"},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Antivirus Policy for Windows10 Config Mgr"},{"ClassName":"MSFT_IntuneAntivirusPolicyWindows10SettingCatalog","Parameters":[{"CIMType":"String","Description":"Display name of the endpoint protection policy for Windows 10.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"Identity of the endpoint protection policy for Windows 10.","Name":"Identity","Option":"Write"},{"CIMType":"String","Description":"Description of the endpoint protection policy for Windows 10.","Name":"Description","Option":"Write"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"String","Description":"Tamper protection (Device). (Offboarding, Onboarding, ControlledConfig_Onboarding)","Name":"ControlledConfiguration","Option":"Write","ValueMap":["Onboarding","Offboarding","ControlledConfig_Onboarding"],"Values":["Onboarding","Offboarding","ControlledConfig_Onboarding"]},{"CIMType":"String","Description":"Tamper protection (Device). (Offboarding, Onboarding)","Name":"TamperProtection","Option":"Write","ValueMap":["Onboarding","Offboarding"],"Values":["Onboarding","Offboarding"]},{"CIMType":"String","Description":"Use this policy setting to specify if to display the Account protection area in Windows Defender Security Center. (0: disable feature. 1: enable feature)","Name":"DisableAccountProtectionUI","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Use this policy setting if you want to disable the display of the app and browser protection area in Windows Defender Security Center. (0: disable feature. 1: enable feature)","Name":"DisableAppBrowserUI","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Disable the Clear TPM button in Windows Security. (0: disable feature. 1: enable feature)","Name":"DisableClearTpmButton","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Use this policy setting if you want to disable the display of the Device security area in the Windows Defender Security Center. (0: disable feature. 1: enable feature)","Name":"DisableDeviceSecurityUI","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Use this policy setting if you want to disable the display of the family options area in Windows Defender Security Center. (0: disable feature. 1: enable feature)","Name":"DisableFamilyUI","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Use this policy setting if you want to disable the display of the device performance and health area in Windows Defender Security Center. (0: disable feature. 1: enable feature)","Name":"DisableHealthUI","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Use this policy setting if you want to disable the display of the firewall and network protection area in Windows Defender Security Center. (0: disable feature. 1: enable feature)","Name":"DisableNetworkUI","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Use this policy setting if you want to disable the display of Windows Defender Security Center notifications. (0: disable feature. 1: enable feature)","Name":"DisableEnhancedNotifications","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Hide the recommendation to update TPM Firmware when a vulnerable firmware is detected. (0: disable feature. 1: enable feature)","Name":"DisableTpmFirmwareUpdateWarning","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Use this policy setting if you want to disable the display of the virus and threat protection area in Windows Defender Security Center.  (0: disable feature. 1: enable feature)","Name":"DisableVirusUI","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Use this policy setting to hide the Ransomware data recovery area in Windows Defender Security Center. (0: disable feature. 1: enable feature)","Name":"HideRansomwareDataRecovery","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"This policy setting hides the Windows Security notification area control. (0: disable feature. 1: enable feature)","Name":"HideWindowsSecurityNotificationAreaControl","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Enable this policy to display your company name and contact options in the notifications. (0: disable feature. 1: enable feature)","Name":"EnableCustomizedToasts","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Enable this policy to have your company name and contact options displayed in a contact card fly out in Windows Defender Security Center. (0: disable feature. 1: enable feature)","Name":"EnableInAppCustomization","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"The company name that is displayed to the users. CompanyName is required for both EnableCustomizedToasts and EnableInAppCustomization.","Name":"CompanyName","Option":"Write"},{"CIMType":"String","Description":"The email address that is displayed to users. The default mail application is used to initiate email actions.","Name":"Email","Option":"Write"},{"CIMType":"String","Description":"The phone number or Skype ID that is displayed to users. Skype is used to initiate the call.","Name":"Phone","Option":"Write"},{"CIMType":"String","Description":"The help portal URL that is displayed to users. The default browser is used to initiate this action.","Name":"URL","Option":"Write"},{"CIMType":"String","Description":"Allows or disallows scanning of archives. (0: disable feature. 1: enable feature)","Name":"AllowArchiveScanning","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Allows or disallows Windows Defender Behavior Monitoring functionality. (0: disable feature. 1: enable feature)","Name":"AllowBehaviorMonitoring","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"To best protect your PC, Windows Defender will send information to Microsoft about any problems it finds. Microsoft will analyze that information, learn more about problems affecting you and other customers, and offer improved solutions. (0: disable feature. 1: enable feature)","Name":"AllowCloudProtection","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Allows or disallows Network Protection to enable datagram processing on Windows Server. (0: disable feature. 1: enable feature)","Name":"AllowDatagramProcessingOnWinServer","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Allows or disallows scanning of email. (0: disable feature. 1: enable feature)","Name":"AllowEmailScanning","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Allows or disallows a full scan of mapped network drives. (0: disable feature. 1: enable feature)","Name":"AllowFullScanOnMappedNetworkDrives","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Allows or disallows a full scan of removable drives. During a quick scan, removable drives may still be scanned. (0: disable feature. 1: enable feature)","Name":"AllowFullScanRemovableDriveScanning","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"https://github.com/MicrosoftDocs/memdocs/issues/2250 (0: disable feature. 1: enable feature)","Name":"AllowIntrusionPreventionSystem","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Allows or disallows Windows Defender IOAVP Protection functionality. (0: disable feature. 1: enable feature)","Name":"AllowIOAVProtection","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Allows or disallows Network Protection to be configured into block or audit mode on windows downlevel of RS3. (0: disable feature. 1: enable feature)","Name":"AllowNetworkProtectionDownLevel","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Allows or disallows Windows Defender real-time Monitoring functionality. (0: disable feature. 1: enable feature)","Name":"AllowRealtimeMonitoring","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Allows or disallows a scanning of network files. (0: disable feature. 1: enable feature)","Name":"AllowScanningNetworkFiles","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Allows or disallows Windows Defender Script Scanning functionality. (0: disable feature. 1: enable feature)","Name":"AllowScriptScanning","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Allows or disallows user access to the Windows Defender UI. I disallowed, all Windows Defender notifications will also be suppressed. (0: Prevents users from accessing UI. 1: Lets users access UI)","Name":"AllowUserUIAccess","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"sInt32","Description":"Represents the average CPU load factor for the Windows Defender scan (in percent).","Name":"AvgCPULoadFactor","Option":"Write"},{"CIMType":"sInt32","Description":"Specify the maximum folder depth to extract from archive files for scanning.","Name":"ArchiveMaxDepth","Option":"Write"},{"CIMType":"sInt32","Description":"Specify the maximum size, in KB, of archive files to be extracted and scanned.","Name":"ArchiveMaxSize","Option":"Write"},{"CIMType":"String","Description":"This policy setting allows you to manage whether a check for new virus and spyware definitions will occur before running a scan. (0: disable feature. 1: enable feature)","Name":"CheckForSignaturesBeforeRunningScan","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"This policy setting determines how aggressive Microsoft Defender Antivirus will be in blocking and scanning suspicious files. Value type is integer.(0: Default windows defender blocking level, 2: High blocking level, 4:High+ blocking level, 6:Zero tolerance blocking level)","Name":"CloudBlockLevel","Option":"Write","ValueMap":["0","2","4","6"],"Values":["0","2","4","6"]},{"CIMType":"sInt32","Description":"This feature allows Microsoft Defender Antivirus to block a suspicious file for up to 60 seconds, and scan it in the cloud to make sure it's safe. Value type is integer, range is 0 - 50.","Name":"CloudExtendedTimeout","Option":"Write"},{"CIMType":"sInt32","Description":"Time period (in days) that quarantine items will be stored on the system.","Name":"DaysToRetainCleanedMalware","Option":"Write"},{"CIMType":"String","Description":"This policy setting allows you to configure catch-up scans for scheduled full scans.  (1: disabled, 0: enabled)","Name":"DisableCatchupFullScan","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"This policy setting allows you to configure catch-up scans for scheduled quick scans.  (1: disabled, 0: enabled)","Name":"DisableCatchupQuickScan","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String[]","Description":"Disable Core Service ECS Integration.  (0: disabled, 1: enabled)","Name":"DisableCoreServiceECSIntegration","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String[]","Description":"Disable Core Service Telemetry.  (1: disabled, 0: enabled)","Name":"DisableCoreServiceTelemetry","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Disables or enables DNS over TCP Parsing for Network Protection. (0: enable feature. 1: disable feature)","Name":"DisableDnsOverTcpParsing","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Disables or enables HTTP Parsing for Network Protection. (0: enable feature. 1: disable feature)","Name":"DisableHttpParsing","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Disable Ssh Parsing (1: SSH parsing is disabled, 0: SSH parsing is enabled)","Name":"DisableSshParsing","Option":"Write","ValueMap":["1","0"],"Values":["1","0"]},{"CIMType":"String","Description":"This policy setting allows you to enable or disable low CPU priority for scheduled scans. (0: disable feature. 1: enable feature)","Name":"EnableLowCPUPriority","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"This policy allows you to turn on network protection (block/audit) or off. (0: disabled, 1: block mode, 2: audit mode)","Name":"EnableNetworkProtection","Option":"Write","ValueMap":["0","1","2"],"Values":["0","1","2"]},{"CIMType":"String[]","Description":"Allows an administrator to specify a list of file type extensions to ignore during a scan.","Name":"ExcludedExtensions","Option":"Write"},{"CIMType":"String[]","Description":"Allows an administrator to specify a list of directory paths to ignore during a scan.","Name":"ExcludedPaths","Option":"Write"},{"CIMType":"String[]","Description":"Allows an administrator to specify a list of files opened by processes to ignore during a scan.","Name":"ExcludedProcesses","Option":"Write"},{"CIMType":"String","Description":"Specifies the level of detection for potentially unwanted applications (PUAs). (0: disabled, 1: block mode, 2: audit mode)","Name":"PUAProtection","Option":"Write","ValueMap":["0","1","2"],"Values":["0","1","2"]},{"CIMType":"String","Description":"Enable this policy to specify when devices receive Microsoft Defender engine updates during the monthly gradual rollout. (0: Not configured, 2: Beta Channel, 3: Current Channel (Preview), 4: Current Channel (Staged), 5: Current Channel (Broad), 6: Critical)","Name":"EngineUpdatesChannel","Option":"Write","ValueMap":["0","2","3","4","5","6"],"Values":["0","2","3","4","5","6"]},{"CIMType":"String","Description":"Allow managed devices to update through metered connections. (0: disabled, 1: enabled)","Name":"MeteredConnectionUpdates","Option":"Write"},{"CIMType":"String","Description":"Enable this policy to specify when devices receive Microsoft Defender platform updates during the monthly gradual rollout. (0: Not configured, 2: Beta Channel, 3: Current Channel (Preview), 4: Current Channel (Staged), 5: Current Channel (Broad), 6: Critical)","Name":"PlatformUpdatesChannel","Option":"Write","ValueMap":["0","2","3","4","5","6"],"Values":["0","2","3","4","5","6"]},{"CIMType":"String","Description":"Enable this policy to specify when devices receive Microsoft Defender security intelligence updates during the daily gradual rollout. (0: Not configured, 4: Current Channel (Staged), 5: Current Channel (Broad))","Name":"SecurityIntelligenceUpdatesChannel","Option":"Write","ValueMap":["0","4","5"],"Values":["0","4","5"]},{"CIMType":"String","Description":"Controls which sets of files should be monitored. (0: Monitor all files (bi-directional), 1: Monitor incoming files, 2: Monitor outgoing files)","Name":"RealTimeScanDirection","Option":"Write","ValueMap":["0","1","2"],"Values":["0","1","2"]},{"CIMType":"String","Description":"Selects whether to perform a quick scan or full scan. (1: Quick scan, 2: Full scan)","Name":"ScanParameter","Option":"Write","ValueMap":["1","2"],"Values":["1","2"]},{"CIMType":"sInt32","Description":"Selects the time of day that the Windows Defender quick scan should run.","Name":"ScheduleQuickScanTime","Option":"Write"},{"CIMType":"String","Description":"Selects the day that the Windows Defender scan should run. (0: Every day, 1: Sunday, 2: Monday, 3: Tuesday, 4: Wednesday, 5: Thursday, 6: Friday, 7: Saturday, 8: No scheduled scan)","Name":"ScheduleScanDay","Option":"Write","ValueMap":["0","1","2","3","4","5","6","7","8"],"Values":["0","1","2","3","4","5","6","7","8"]},{"CIMType":"sInt32","Description":"Selects the time of day that the Windows Defender scan should run. Must be between 0 and 1380 minutes.","Name":"ScheduleScanTime","Option":"Write"},{"CIMType":"String","Description":"This setting disables TLS Parsing for Network Protection. (0: enabled, 1: disabled)","Name":"DisableTlsParsing","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Specifies if the start time of the scan is randomized. (0: no randomization, 1: randomized)","Name":"RandomizeScheduleTaskTimes","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"sInt32","Description":"This setting allows you to configure the scheduler randomization in hours. The randomization interval is [1 - 23] hours.","Name":"SchedulerRandomizationTime","Option":"Write"},{"CIMType":"String[]","Description":"This policy setting allows you to define the order in which different definition update sources should be contacted.","Name":"SignatureUpdateFallbackOrder","Option":"Write"},{"CIMType":"String[]","Description":"This policy setting allows you to configure UNC file share sources for downloading definition updates.","Name":"SignatureUpdateFileSharesSources","Option":"Write"},{"CIMType":"sInt32","Description":"Specifies the interval (in hours) that will be used to check for signatures, so instead of using the ScheduleDay and ScheduleTime the check for new signatures will be set according to the interval. Must be between 0 and 24 hours.","Name":"SignatureUpdateInterval","Option":"Write"},{"CIMType":"String","Description":"Checks for the user consent level in Windows Defender to send data. (0: Always prompt, 1: Send safe samples automatically, 2: Never send, 3: Send all samples automatically)","Name":"SubmitSamplesConsent","Option":"Write","ValueMap":["0","1","2","3"],"Values":["0","1","2","3"]},{"CIMType":"String","Description":"This policy setting controls whether or not complex list settings configured by a local administrator are merged with managed settings. (0: enable local admin merge, 1: disable local admin merge)","Name":"DisableLocalAdminMerge","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Allows or disallows Windows Defender On Access Protection functionality. (0: disable feature. 1: enable feature)","Name":"AllowOnAccessProtection","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Allows an administrator to specify low severity threats corresponding action ID to take.","Name":"LowSeverityThreats","Option":"Write","ValueMap":["clean","quarantine","remove","allow","userdefined","block"],"Values":["clean","quarantine","remove","allow","userdefined","block"]},{"CIMType":"String","Description":"Allows an administrator to specify moderate severity threats corresponding action ID to take.","Name":"ModerateSeverityThreats","Option":"Write","ValueMap":["clean","quarantine","remove","allow","userdefined","block"],"Values":["clean","quarantine","remove","allow","userdefined","block"]},{"CIMType":"String","Description":"Allows an administrator to specify high severity threats corresponding action ID to take.","Name":"SevereThreats","Option":"Write","ValueMap":["clean","quarantine","remove","allow","userdefined","block"],"Values":["clean","quarantine","remove","allow","userdefined","block"]},{"CIMType":"String","Description":"Allows an administrator to specify severe threats corresponding action ID to take.","Name":"HighSeverityThreats","Option":"Write","ValueMap":["clean","quarantine","remove","allow","userdefined","block"],"Values":["clean","quarantine","remove","allow","userdefined","block"]},{"CIMType":"String","Description":"Template Id of the policy. 0: Windows Security Experience, 1: Defender Update controls, 2: Microsoft Defender Antivirus exclusions, 3: Microsoft Defender Antivirus","Name":"TemplateId","Option":"Write","ValueMap":["d948ff9b-99cb-4ee0-8012-1fbc09685377_1","e3f74c5a-a6de-411d-aef6-eb15628f3a0a_1","45fea5e9-280d-4da1-9792-fb5736da0ca9_1","804339ad-1553-4478-a742-138fb5807418_1"],"Values":["d948ff9b-99cb-4ee0-8012-1fbc09685377_1","e3f74c5a-a6de-411d-aef6-eb15628f3a0a_1","45fea5e9-280d-4da1-9792-fb5736da0ca9_1","804339ad-1553-4478-a742-138fb5807418_1"]},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Intune Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Name of the Azure Active Directory tenant used for authentication. Format contoso.onmicrosoft.com","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures an Intune Endpoint Protection Antivirus policy for a Windows 10 Device.\nThis policy setting enables the management of Microsoft Defender Antivirus for Windows 10 using the settings catalog."},{"ClassName":"MSFT_IntuneAppAndBrowserIsolationPolicyWindows10","Parameters":[{"CIMType":"String","Description":"Policy description","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Policy name","Name":"DisplayName","Option":"Key"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"SInt32","Description":"Turn on Microsoft Defender Application Guard (0: Disable Microsoft Defender Application Guard, 1: Enable Microsoft Defender Application Guard for Microsoft Edge ONLY, 2: Enable Microsoft Defender Application Guard for isolated Windows environments ONLY, 3: Enable Microsoft Defender Application Guard for Microsoft Edge AND isolated Windows environments)","Name":"AllowWindowsDefenderApplicationGuard","Option":"Write","ValueMap":[0,1,2,3],"Values":[0,1,2,3]},{"CIMType":"SInt32","Description":"Clipboard behavior settings (0: Completely turns Off the clipboard functionality for the Application Guard., 1: Turns On clipboard operation from an isolated session to the host., 2: Turns On clipboard operation from the host to an isolated session., 3: Turns On clipboard operation in both the directions.)","Name":"ClipboardSettings","Option":"Write","ValueMap":[0,1,2,3],"Values":[0,1,2,3]},{"CIMType":"SInt32","Description":"Allow files to download and save to the host operating system (0: The user cannot download files from Edge in the container to the host file system. When the policy is not configured, it is the same as disabled (0)., 1: Turns on the functionality to allow users to download files from Edge in the container to the host file system.)","Name":"SaveFilesToHost","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"String","Description":"Install Windows defender application guard (install: Install)","Name":"InstallWindowsDefenderApplicationGuard","Option":"Write","ValueMap":["install"],"Values":["install"]},{"CIMType":"SInt32","Description":"Clipboard content options (1: Allow text copying., 2: Allow image copying., 3: Allow text and image copying.)","Name":"ClipboardFileType","Option":"Write","ValueMap":[1,2,3],"Values":[1,2,3]},{"CIMType":"SInt32","Description":"Allow data persistence (0: Application Guard discards user-downloaded files and other items (such as, cookies, Favorites, and so on) during machine restart or user log-off., 1: Application Guard saves user-downloaded files and other items (such as, cookies, Favorites, and so on) for use in future Application Guard sessions.)","Name":"AllowPersistence","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow hardware-accelerated rendering (0: Cannot access the vGPU and uses the CPU to support rendering graphics. When the policy is not configured, it is the same as disabled (0)., 1: Turns on the functionality to access the vGPU offloading graphics rendering from the CPU. This can create a faster experience when working with graphics intense websites or watching video within the container.)","Name":"AllowVirtualGPU","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32[]","Description":"Print Settings (0: Disables all print functionality., 1: Enables only XPS printing., 2: Enables only PDF printing., 4: Enables only local printing., 8: Enables only network printing.)","Name":"PrintingSettings","Option":"Write","ValueMap":[0,1,2,4,8],"Values":[0,1,2,4,8]},{"CIMType":"SInt32","Description":"Allow camera and microphone access (0: Microsoft Defender Application Guard cannot access the device's camera and microphone. When the policy is not configured, it is the same as disabled (0)., 1: Turns on the functionality to allow Microsoft Defender Application Guard to access the device's camera and microphone.)","Name":"AllowCameraMicrophoneRedirection","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Audit Application Guard (0: Audit event logs aren't collected for Application Guard., 1: Application Guard inherits its auditing policies from system and starts to audit security events for Application Guard container.)","Name":"AuditApplicationGuard","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"String[]","Description":"Certificate Thumbprints","Name":"CertificateThumbprints","Option":"Write"},{"CIMType":"String[]","Description":"Enterprise IP Range","Name":"EnterpriseIPRange","Option":"Write"},{"CIMType":"String[]","Description":"Enterprise Cloud Resources","Name":"EnterpriseCloudResources","Option":"Write"},{"CIMType":"String[]","Description":"Enterprise Network Domain Names","Name":"EnterpriseNetworkDomainNames","Option":"Write"},{"CIMType":"String[]","Description":"Enterprise Proxy Servers","Name":"EnterpriseProxyServers","Option":"Write"},{"CIMType":"String[]","Description":"Enterprise Internal Proxy Servers","Name":"EnterpriseInternalProxyServers","Option":"Write"},{"CIMType":"String[]","Description":"Neutral Resources","Name":"NeutralResources","Option":"Write"},{"CIMType":"SInt32","Description":"Enterprise Proxy Servers Are Authoritative (1: Enable, 0: Disable)","Name":"EnterpriseProxyServersAreAuthoritative","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Enterprise IP Ranges Are Authoritative (1: Enable, 0: Disable)","Name":"EnterpriseIPRangesAreAuthoritative","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune App And Browser Isolation Policy for Windows10"},{"ClassName":"MSFT_IntuneAppAndBrowserIsolationPolicyWindows10ConfigMgr","Parameters":[{"CIMType":"String","Description":"Policy description","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Policy name","Name":"DisplayName","Option":"Key"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"SInt32","Description":"Turn on Microsoft Defender Application Guard (0: Disable Microsoft Defender Application Guard, 1: Enable Microsoft Defender Application Guard for Microsoft Edge ONLY, 2: Enable Microsoft Defender Application Guard for isolated Windows environments ONLY, 3: Enable Microsoft Defender Application Guard for Microsoft Edge AND isolated Windows environments)","Name":"AllowWindowsDefenderApplicationGuard","Option":"Write","ValueMap":[0,1,2,3],"Values":[0,1,2,3]},{"CIMType":"SInt32","Description":"Clipboard behavior settings (0: Completely turns Off the clipboard functionality for the Application Guard., 1: Turns On clipboard operation from an isolated session to the host., 2: Turns On clipboard operation from the host to an isolated session., 3: Turns On clipboard operation in both the directions.)","Name":"ClipboardSettings","Option":"Write","ValueMap":[0,1,2,3],"Values":[0,1,2,3]},{"CIMType":"SInt32","Description":"Allow files to download and save to the host operating system (0: The user cannot download files from Edge in the container to the host file system. When the policy is not configured, it is the same as disabled (0)., 1: Turns on the functionality to allow users to download files from Edge in the container to the host file system.)","Name":"SaveFilesToHost","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"String","Description":"Install Windows defender application guard (install: Install). Required if AllowWindowsDefenderApplicationGuard is not set to 0.","Name":"InstallWindowsDefenderApplicationGuard","Option":"Write","ValueMap":["install"],"Values":["install"]},{"CIMType":"SInt32","Description":"Clipboard content options (1: Allow text copying., 2: Allow image copying., 3: Allow text and image copying.)","Name":"ClipboardFileType","Option":"Write","ValueMap":[1,2,3],"Values":[1,2,3]},{"CIMType":"SInt32","Description":"Allow data persistence (0: Application Guard discards user-downloaded files and other items (such as, cookies, Favorites, and so on) during machine restart or user log-off., 1: Application Guard saves user-downloaded files and other items (such as, cookies, Favorites, and so on) for use in future Application Guard sessions.)","Name":"AllowPersistence","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow hardware-accelerated rendering (0: Cannot access the vGPU and uses the CPU to support rendering graphics. When the policy is not configured, it is the same as disabled (0)., 1: Turns on the functionality to access the vGPU offloading graphics rendering from the CPU. This can create a faster experience when working with graphics intense websites or watching video within the container.)","Name":"AllowVirtualGPU","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32[]","Description":"Print Settings (0: Disables all print functionality., 1: Enables only XPS printing., 2: Enables only PDF printing., 4: Enables only local printing., 8: Enables only network printing.)","Name":"PrintingSettings","Option":"Write","ValueMap":[0,1,2,4,8],"Values":[0,1,2,4,8]},{"CIMType":"SInt32","Description":"Allow camera and microphone access (0: Microsoft Defender Application Guard cannot access the device's camera and microphone. When the policy is not configured, it is the same as disabled (0)., 1: Turns on the functionality to allow Microsoft Defender Application Guard to access the device's camera and microphone.)","Name":"AllowCameraMicrophoneRedirection","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Audit Application Guard (0: Audit event logs aren't collected for Application Guard., 1: Application Guard inherits its auditing policies from system and starts to audit security events for Application Guard container.)","Name":"AuditApplicationGuard","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"String[]","Description":"Certificate Thumbprints","Name":"CertificateThumbprints","Option":"Write"},{"CIMType":"String[]","Description":"Enterprise IP Range","Name":"EnterpriseIPRange","Option":"Write"},{"CIMType":"String[]","Description":"Enterprise Cloud Resources","Name":"EnterpriseCloudResources","Option":"Write"},{"CIMType":"String[]","Description":"Enterprise Network Domain Names","Name":"EnterpriseNetworkDomainNames","Option":"Write"},{"CIMType":"String[]","Description":"Enterprise Proxy Servers","Name":"EnterpriseProxyServers","Option":"Write"},{"CIMType":"String[]","Description":"Enterprise Internal Proxy Servers","Name":"EnterpriseInternalProxyServers","Option":"Write"},{"CIMType":"String[]","Description":"Neutral Resources","Name":"NeutralResources","Option":"Write"},{"CIMType":"SInt32","Description":"Enterprise Proxy Servers Are Authoritative (1: Enable, 0: Disable)","Name":"EnterpriseProxyServersAreAuthoritative","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Enterprise IP Ranges Are Authoritative (1: Enable, 0: Disable)","Name":"EnterpriseIPRangesAreAuthoritative","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune App And Browser Isolation Policy for Windows10 Config Mgr"},{"ClassName":"MSFT_IntuneAppCategory","Parameters":[{"CIMType":"String","Description":"The name of the app.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"string","Description":"Present ensures the instance exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Configures a resource for navigation property for Intune mobile app categories. Default app categories cannot be renamed."},{"ClassName":"MSFT_MicrosoftGraphAndroidPermissionAction","Parameters":[{"CIMType":"String","Description":"Type of Android permission action. Possible values are: prompt, autoGrant, autoDeny.","Name":"Action","Option":"Write","ValueMap":["prompt","autoGrant","autoDeny"],"Values":["prompt","autoGrant","autoDeny"]},{"CIMType":"String","Description":"Android permission string, defined in the official Android documentation.  Example 'android.permission.READ_CONTACTS'.","Name":"Permission","Option":"Key"}],"Description":"Intune App Configuration Device Policy.\n\nPlease note: A policy can only contain settings of its platform type and the platform type cannot be changed after creation."},{"ClassName":"MSFT_MicrosoftGraphAppConfigurationSettingItem","Parameters":[{"CIMType":"String","Description":"app configuration key.","Name":"AppConfigKey","Option":"Key"},{"CIMType":"String","Description":"app configuration key type. Possible values are: stringType, integerType, realType, booleanType, tokenType.","Name":"AppConfigKeyType","Option":"Key","ValueMap":["stringType","integerType","realType","booleanType","tokenType"],"Values":["stringType","integerType","realType","booleanType","tokenType"]},{"CIMType":"String","Description":"app configuration key value.","Name":"AppConfigKeyValue","Option":"Write"}],"Description":"Intune App Configuration Device Policy.\n\nPlease note: A policy can only contain settings of its platform type and the platform type cannot be changed after creation."},{"ClassName":"MSFT_IntuneAppConfigurationDevicePolicy","Parameters":[{"CIMType":"Boolean","Description":"Setting to specify whether to allow ConnectedApps experience for this Android app.","Name":"ConnectedAppsEnabled","Option":"Write"},{"CIMType":"String","Description":"Android Enterprise app configuration package id.","Name":"PackageId","Option":"Write"},{"CIMType":"String","Description":"Android Enterprise app configuration JSON payload.","Name":"PayloadJson","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphandroidPermissionAction[]","Description":"List of Android app permissions and corresponding permission actions.","Name":"PermissionActions","Option":"Write"},{"CIMType":"String","Description":"Android Enterprise profile applicability (AndroidWorkProfile, DeviceOwner, or default (applies to both)). Possible values are: default, androidWorkProfile, androidDeviceOwner.","Name":"ProfileApplicability","Option":"Write","ValueMap":["default","androidWorkProfile","androidDeviceOwner"],"Values":["default","androidWorkProfile","androidDeviceOwner"]},{"CIMType":"String","Description":"Mdm iOS app configuration Base64 binary. Must not be an empty string if specified.","Name":"EncodedSettingXml","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphappConfigurationSettingItem[]","Description":"iOS app configuration setting items. Must not be an empty collection if specified.","Name":"Settings","Option":"Write"},{"CIMType":"String","Description":"Admin provided description of the Device Configuration.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Admin provided name of the device configuration.","Name":"DisplayName","Option":"Required"},{"CIMType":"String[]","Description":"List of Scope Tags for this App configuration entity.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"String[]","Description":"The associated app.","Name":"TargetedMobileApps","Option":"Write"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Key"},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune App Configuration Device Policy.\n\nPlease note: A policy can only contain settings of its platform type and the platform type cannot be changed after creation."},{"ClassName":"MSFT_IntuneAppConfigurationPolicyCustomSetting","Parameters":[{"CIMType":"String","Description":"Name of the custom setting.","Name":"name","Option":"Write"},{"CIMType":"String","Description":"Value of the custom setting.","Name":"value","Option":"Write"}],"Description":"This resource configures the Intune App configuration policies."},{"ClassName":"MSFT_managedMobileApp","Parameters":[{"CIMType":"String","Description":"Key of the entity.","Name":"id","Option":"Key"},{"CIMType":"MSFT_AppIdentifier","Description":"The identifier for an app with it's operating system type.","Name":"mobileAppIdentifier","Option":"Write"}],"Description":"This resource configures the Intune App configuration policies."},{"ClassName":"MSFT_AppIdentifier","Parameters":[{"CIMType":"String","Description":"AppId iOS.","Name":"bundleID","Option":"Write"},{"CIMType":"String","Description":"AppId Android.","Name":"packageID","Option":"Write"},{"CIMType":"String","Description":"AppId Windows.","Name":"windowsAppId","Option":"Write"}],"Description":"This resource configures the Intune App configuration policies."},{"ClassName":"MSFT_IntuneAppConfigurationPolicy","Parameters":[{"CIMType":"String","Description":"Key of the entity. Read-Only.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"Display name of the app configuration policy.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"Description of the app configuration policy.","Name":"Description","Option":"Write"},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Assignments of the Intune Policy.","Name":"Assignments","Option":"Write"},{"CIMType":"MSFT_IntuneAppConfigurationPolicyCustomSetting[]","Description":"Custom settings for the app configuration policy.","Name":"CustomSettings","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Intune Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"roleScopeTagIds","Option":"Write"},{"CIMType":"String","Description":"The intended app management levels for this policy.","Name":"targetedAppManagementLevels","Option":"Write","ValueMap":["unspecified","unmanaged","mdm","androidEnterprise","androidEnterpriseDedicatedDevicesWithAzureAdSharedMode","androidOpenSourceProjectUserAssociated","androidOpenSourceProjectUserless","unknownFutureValue"],"Values":["unspecified","unmanaged","mdm","androidEnterprise","androidEnterpriseDedicatedDevicesWithAzureAdSharedMode","androidOpenSourceProjectUserAssociated","androidOpenSourceProjectUserless","unknownFutureValue"]},{"CIMType":"String","Description":"Public Apps selection: group or individual.","Name":"appGroupType","Option":"Write","ValueMap":["selectedPublicApps","allCoreMicrosoftApps","allMicrosoftApps","allApps"],"Values":["selectedPublicApps","allCoreMicrosoftApps","allMicrosoftApps","allApps"]},{"CIMType":"MSFT_managedMobileApp[]","Description":"List of apps to which the policy is deployed.","Name":"Apps","Option":"Write"}],"Description":"This resource configures the Intune App configuration policies."},{"ClassName":"MSFT_IntuneAppControlForBusinessPolicyWindows10","Parameters":[{"CIMType":"String","Description":"Policy description","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Policy name","Name":"DisplayName","Option":"Key"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"SInt32","Description":"Configuration settings format (0: Enter xml data, 1: Use built-in controls)","Name":"ConfigureApplicationControlOptions","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"String","Description":"The XML file content of the policy - Depends on ConfigureApplicationControlOptions. Can only be applied if 'ConfigureApplicationControlOptions' is set to '0'.","Name":"Enter_path_of_xml_data","Option":"Write"},{"CIMType":"SInt32[]","Description":"Select additional rules for trusting apps. Can only be applied if 'ConfigureApplicationControlOptions' is set to '1'. Allowed values: (1: Trust apps with good reputation, 2: Trust apps from managed installers)","Name":"ConfigureApplicationControlSelectAdditionalRulesForTrustingApps","Option":"Write","ValueMap":[1,2],"Values":[1,2]},{"CIMType":"SInt32","Description":"Enable App Control for Business policy to trust Windows components and Store apps. Can only be applied if 'ConfigureApplicationControlOptions' is set to '1'. Allowed values: (0: Enforce, 1: Audit only)","Name":"ConfigureApplicationControlEnableAppControlPolicy","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune App Control For Business Policy for Windows10"},{"ClassName":"MSFT_IntuneAppleMDMPushNotificationCertificate","Parameters":[{"CIMType":"String","Description":"The name of the Apple Identifier.","Name":"AppleIdentifier","Option":"Key"},{"CIMType":"String","Description":"The Apple Push notification certificate.","Name":"Certificate","Option":"Write"},{"CIMType":"Boolean","Description":"The boolean indicating DataSharing Conset agreement granted or not between Intune and Apple.","Name":"DataSharingConsetGranted","Option":"Write"},{"CIMType":"string","Description":"Present ensures the instance exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Configures a resource for Apple MDM Push notification certificate used for device enrollment."},{"ClassName":"MSFT_IntuneApplicationControlPolicyWindows10","Parameters":[{"CIMType":"String","Description":"Display name of the endpoint protection application control policy for Windows 10.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"Description of the endpoint protection application control policy for Windows 10.","Name":"Description","Option":"Write"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Assignments of the Intune Policy.","Name":"Assignments","Option":"Write"},{"CIMType":"String","Description":"App locker application control mode","Name":"AppLockerApplicationControl","Option":"Write","ValueMap":["notConfigured","enforceComponentsAndStoreApps","auditComponentsAndStoreApps","enforceComponentsStoreAppsAndSmartlocker","auditComponentsStoreAppsAndSmartlocker"],"Values":["notConfigured","enforceComponentsAndStoreApps","auditComponentsAndStoreApps","enforceComponentsStoreAppsAndSmartlocker","auditComponentsStoreAppsAndSmartlocker"]},{"CIMType":"Boolean","Description":"Indicates whether or not SmartScreen will not present an option for the user to disregard the warning and run the app.","Name":"SmartScreenBlockOverrideForFiles","Option":"Write"},{"CIMType":"Boolean","Description":"Enforce the use of SmartScreen for all users.","Name":"SmartScreenEnableInshell","Option":"Write"},{"CIMType":"string","Description":"Present ensures the site collection exists, absent ensures it is removed","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Intune Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Name of the Azure Active Directory tenant used for authentication. Format contoso.onmicrosoft.com","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures a Intune Endpoint Protection Application Control policy for an Windows 10 Device."},{"ClassName":"MSFT_IntuneAppProtectionPolicyAndroid","Parameters":[{"CIMType":"String","Description":"Display name of the Android App Protection Policy.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"Description of the Android App Protection Policy.","Name":"Description","Option":"Write"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"string[]","Description":"List of allowed Android device models.","Name":"AllowedAndroidDeviceModels","Option":"Write"},{"CIMType":"uint32","Description":"Maximum length of outbound clipboard sharing exceptions.","Name":"AllowedOutboundClipboardSharingExceptionLength","Option":"Write"},{"CIMType":"boolean","Description":"Indicates whether biometric authentication is blocked.","Name":"BiometricAuthenticationBlocked","Option":"Write"},{"CIMType":"uint32","Description":"Number of days to block access after a company portal update deferral.","Name":"BlockAfterCompanyPortalUpdateDeferralInDays","Option":"Write"},{"CIMType":"boolean","Description":"Indicates whether data ingestion into organization documents is blocked.","Name":"BlockDataIngestionIntoOrganizationDocuments","Option":"Write"},{"CIMType":"boolean","Description":"Indicates whether to connect to VPN on launch.","Name":"ConnectToVpnOnLaunch","Option":"Write"},{"CIMType":"string","Description":"Display name of the custom dialer app.","Name":"CustomDialerAppDisplayName","Option":"Write"},{"CIMType":"string","Description":"Package ID of the custom dialer app.","Name":"CustomDialerAppPackageId","Option":"Write"},{"CIMType":"boolean","Description":"Indicates whether device lock is required.","Name":"DeviceLockRequired","Option":"Write"},{"CIMType":"boolean","Description":"Indicates whether fingerprint and biometric authentication are enabled.","Name":"FingerprintAndBiometricEnabled","Option":"Write"},{"CIMType":"boolean","Description":"Indicates whether keyboards are restricted.","Name":"KeyboardsRestricted","Option":"Write"},{"CIMType":"string","Description":"Display name of the messaging redirect app.","Name":"MessagingRedirectAppDisplayName","Option":"Write"},{"CIMType":"string","Description":"Package ID of the messaging redirect app.","Name":"MessagingRedirectAppPackageId","Option":"Write"},{"CIMType":"string","Description":"Minimum required patch version for wipe.","Name":"MinimumWipePatchVersion","Option":"Write"},{"CIMType":"uint32","Description":"Number of previous PIN block counts.","Name":"PreviousPinBlockCount","Option":"Write"},{"CIMType":"uint32","Description":"Number of days to warn after a company portal update deferral.","Name":"WarnAfterCompanyPortalUpdateDeferralInDays","Option":"Write"},{"CIMType":"uint32","Description":"Number of days to wipe after a company portal update deferral.","Name":"WipeAfterCompanyPortalUpdateDeferralInDays","Option":"Write"},{"CIMType":"String[]","Description":"Sources from which data is allowed to be transferred.","Name":"Alloweddataingestionlocations","Option":"Write"},{"CIMType":"String","Description":"Defines a managed app behavior, either block or wipe, if the specified device manufacturer is not allowed.","Name":"AppActionIfAndroidDeviceManufacturerNotAllowed","Option":"Write","ValueMap":["block","wipe","warn","blockWhenSettingIsSupported"],"Values":["block","wipe","warn","blockWhenSettingIsSupported"]},{"CIMType":"String","Description":"Defines a managed app behavior, either block or wipe, if the specified device model is not allowed.","Name":"AppActionIfAndroidDeviceModelNotAllowed","Option":"Write","ValueMap":["block","wipe","warn","blockWhenSettingIsSupported"],"Values":["block","wipe","warn","blockWhenSettingIsSupported"]},{"CIMType":"String","Description":"Defines a managed app behavior, either warn or block, if the specified Android App Verification requirement fails.","Name":"AppActionIfAndroidSafetyNetAppsVerificationFailed","Option":"Write","ValueMap":["block","wipe","warn","blockWhenSettingIsSupported"],"Values":["block","wipe","warn","blockWhenSettingIsSupported"]},{"CIMType":"String","Description":"Defines a managed app behavior, either warn or block, if the specified Android SafetyNet Attestation requirement fails.","Name":"AppActionIfAndroidSafetyNetDeviceAttestationFailed","Option":"Write","ValueMap":["block","wipe","warn","blockWhenSettingIsSupported"],"Values":["block","wipe","warn","blockWhenSettingIsSupported"]},{"CIMType":"String","Description":"Defines a managed app behavior, either block or wipe, when the device is either rooted or jailbroken, if DeviceComplianceRequired is set to true.","Name":"AppActionIfDeviceComplianceRequired","Option":"Write","ValueMap":["block","wipe","warn","blockWhenSettingIsSupported"],"Values":["block","wipe","warn","blockWhenSettingIsSupported"]},{"CIMType":"String","Description":"Defines a managed app behavior, either warn, block, or wipe, if the screen lock is required on an Android device but is not set.","Name":"AppActionIfDeviceLockNotSet","Option":"Write","ValueMap":["block","wipe","warn","blockWhenSettingIsSupported"],"Values":["block","wipe","warn","blockWhenSettingIsSupported"]},{"CIMType":"String","Description":"Defines a managed app behavior, either block or wipe, based on the maximum number of incorrect pin retry attempts.","Name":"AppActionIfMaximumPinRetriesExceeded","Option":"Write","ValueMap":["block","wipe","warn","blockWhenSettingIsSupported"],"Values":["block","wipe","warn","blockWhenSettingIsSupported"]},{"CIMType":"String","Description":"Specifies what action to take in the case where the user is unable to check in because their authentication token is invalid, such as when the user is deleted or disabled in Azure AD.","Name":"appActionIfUnableToAuthenticateUser","Option":"Write","ValueMap":["block","wipe","warn","blockWhenSettingIsSupported"],"Values":["block","wipe","warn","BlockWhenSettingIsSupported"]},{"CIMType":"String","Description":"Determines what action to take if the mobile threat defense threat threshold isn't met. Warn isn't a supported value for this property.","Name":"MobileThreatDefenseRemediationAction","Option":"Write","ValueMap":["block","wipe","warn","blockWhenSettingIsSupported"],"Values":["block","wipe","warn","blockWhenSettingIsSupported"]},{"CIMType":"String","Description":"The classes of dialer apps that are allowed to click-to-open a phone number. Inherited from managedAppProtection.","Name":"DialerRestrictionLevel","Option":"Write","ValueMap":["allApps","managedApps","customApp","blocked"],"Values":["allApps","managedApps","customApp","blocked"]},{"CIMType":"String","Description":"Maximum allowed device threat level, as reported by the MTD app. Inherited from managedAppProtection.","Name":"MaximumAllowedDeviceThreatLevel","Option":"Write","ValueMap":["notConfigured","secured","low","medium","high"],"Values":["notConfigured","secured","low","medium","high"]},{"CIMType":"String","Description":"Specify app notification restriction. Inherited from managedAppProtection.","Name":"NotificationRestriction","Option":"Write","ValueMap":["allow","blockOrganizationalData","block"],"Values":["allow","blockOrganizationalData","block"]},{"CIMType":"String","Description":"Defines how app messaging redirection is protected by an App Protection Policy. Default is anyApp. Inherited from managedAppProtection.","Name":"ProtectedMessagingRedirectAppType","Option":"Write","ValueMap":["anyApp","anyManagedApp","specificApps","blocked"],"Values":["anyApp","anyManagedApp","specificApps","blocked"]},{"CIMType":"String","Description":"Defines the Android SafetyNet Apps Verification requirement for a managed app to work.","Name":"RequiredAndroidSafetyNetAppsVerificationType","Option":"Write","ValueMap":["none","enabled"],"Values":["none","enabled"]},{"CIMType":"String","Description":"Defines the Android SafetyNet Device Attestation requirement for a managed app to work.","Name":"RequiredAndroidSafetyNetDeviceAttestationType","Option":"Write","ValueMap":["none","basicIntegrity","basicIntegrityAndDeviceCertification"],"Values":["none","basicIntegrity","basicIntegrityAndDeviceCertification"]},{"CIMType":"String","Description":"Defines the Android SafetyNet evaluation type requirement for a managed app to work.","Name":"RequiredAndroidSafetyNetEvaluationType","Option":"Write","ValueMap":["basic","hardwareBacked"],"Values":["basic","hardwareBacked"]},{"CIMType":"String","Description":"The intended app management levels for this policy. Inherited from targetedManagedAppProtection.","Name":"TargetedAppManagementLevels","Option":"Write","ValueMap":["unspecified","unmanaged","mdm","androidEnterprise","androidEnterpriseDedicatedDevicesWithAzureAdSharedMode","androidOpenSourceProjectUserAssociated","androidOpenSourceProjectUserless","unknownFutureValue"],"Values":["unspecified","unmanaged","mdm","androidEnterprise","androidEnterpriseDedicatedDevicesWithAzureAdSharedMode","androidOpenSourceProjectUserAssociated","androidOpenSourceProjectUserless","unknownFutureValue"]},{"CIMType":"String[]","Description":"If Keyboard Restriction is enabled, only keyboards in this approved list will be allowed. A key should be Android package id for a keyboard and value should be a friendly name.","Name":"ApprovedKeyboards","Option":"Write"},{"CIMType":"String[]","Description":"App packages in this list will be exempt from the policy and will be able to receive data from managed apps.","Name":"ExemptedAppPackages","Option":"Write"},{"CIMType":"String","Description":"The period after which access is checked when the device is not connected to the internet. Must be an ISO8601 timespan format.","Name":"PeriodOfflineBeforeAccessCheck","Option":"Write"},{"CIMType":"String","Description":"The period after which access is checked when the device is connected to the internet. Must be an ISO8601 timespan format.","Name":"PeriodOnlineBeforeAccessCheck","Option":"Write"},{"CIMType":"String","Description":"Sources from which data is allowed to be transferred. Possible values are: allApps, managedApps, none.","Name":"AllowedInboundDataTransferSources","Option":"Write","ValueMap":["allApps","managedApps","none"],"Values":["allApps","managedApps","none"]},{"CIMType":"String","Description":"Destinations to which data is allowed to be transferred. Possible values are: allApps, managedApps, none.","Name":"AllowedOutboundDataTransferDestinations","Option":"Write","ValueMap":["allApps","managedApps","none"],"Values":["allApps","managedApps","none"]},{"CIMType":"Boolean","Description":"Indicates whether organizational credentials are required for app use.","Name":"OrganizationalCredentialsRequired","Option":"Write"},{"CIMType":"String","Description":"The level to which the clipboard may be shared between apps on the managed device. Possible values are: allApps, managedAppsWithPasteIn, managedApps, blocked.","Name":"AllowedOutboundClipboardSharingLevel","Option":"Write","ValueMap":["allApps","managedAppsWithPasteIn","managedApps","blocked"],"Values":["allApps","managedAppsWithPasteIn","managedApps","blocked"]},{"CIMType":"Boolean","Description":"Indicates whether the backup of a managed app's data is blocked.","Name":"DataBackupBlocked","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether device compliance is required.","Name":"DeviceComplianceRequired","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether internet links should be opened in the managed browser app, or any custom browser specified by CustomBrowserProtocol (for Android) or CustomBrowserPackageId/CustomBrowserDisplayName (for Android).","Name":"ManagedBrowserToOpenLinksRequired","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether users may use the Save As menu item to save a copy of protected files.","Name":"SaveAsBlocked","Option":"Write"},{"CIMType":"String","Description":"The amount of time an app is allowed to remain disconnected from the internet before all managed data it is wiped. Must be an ISO8601 timespan format.","Name":"PeriodOfflineBeforeWipeIsEnforced","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether an app-level pin is required.","Name":"PinRequired","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether use of the app pin is required if the device pin is set.","Name":"DisableAppPinIfDevicePinIsSet","Option":"write"},{"CIMType":"UInt32","Description":"Maximum number of incorrect pin retry attempts before the managed app is either blocked or wiped.","Name":"MaximumPinRetries","Option":"Write"},{"CIMType":"Boolean","Description":"Block simple PIN and require complex PIN to be set.","Name":"SimplePinBlocked","Option":"Write"},{"CIMType":"UInt32","Description":"Minimum pin length required for an app-level pin if PinRequired is set to True.","Name":"MinimumPinLength","Option":"Write"},{"CIMType":"String","Description":"Character set which may be used for an app-level pin if PinRequired is set to True. Possible values are: numeric, alphanumericAndSymbol.","Name":"PinCharacterSet","Option":"Write","ValueMap":["numeric","alphanumericAndSymbol"],"Values":["numeric","alphanumericAndSymbol"]},{"CIMType":"String[]","Description":"Data storage locations where a user may store managed data.","Name":"AllowedDataStorageLocations","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether contacts can be synced to the user's device.","Name":"ContactSyncBlocked","Option":"Write"},{"CIMType":"String","Description":"TimePeriod before the all-level pin must be reset if PinRequired is set to True. Must be an ISO8601 timespan format.","Name":"PeriodBeforePinReset","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether printing is allowed from managed apps.","Name":"PrintBlocked","Option":"Write"},{"CIMType":"Boolean","Description":"Require user to apply Class 3 Biometrics on their Android device.","Name":"RequireClass3Biometrics","Option":"Write"},{"CIMType":"Boolean","Description":"A PIN prompt will override biometric prompts if class 3 biometrics are updated on the device.","Name":"RequirePinAfterBiometricChange","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether use of the fingerprint reader is allowed in place of a pin if PinRequired is set to True.","Name":"FingerprintBlocked","Option":"Write"},{"CIMType":"String[]","Description":"List of IDs representing the Android apps controlled by this protection policy.","Name":"Apps","Option":"Write"},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Assignments of the Android Protection Policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Intune Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"ID of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"ID of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String","Description":"Indicates in which managed browser(s) that internet links should be opened. Used in conjunction with CustomBrowserPackageId, CustomBrowserDisplayName and ManagedBrowserToOpenLinksRequired. Possible values are: notConfigured, microsoftEdge.","Name":"ManagedBrowser","Option":"Write","ValueMap":["notConfigured","microsoftEdge"],"Values":["notConfigured","microsoftEdge"]},{"CIMType":"String","Description":"Versions less than the specified version will block the managed app from accessing company data.","Name":"MinimumRequiredAppVersion","Option":"Write"},{"CIMType":"String","Description":"Versions less than the specified version will block the managed app from accessing company data.","Name":"MinimumRequiredOSVersion","Option":"Write"},{"CIMType":"String","Description":"Versions less than the specified version will block the managed app from accessing company data.","Name":"MinimumRequiredPatchVersion","Option":"Write"},{"CIMType":"String","Description":"Versions less than the specified version will result in warning message on the managed app","Name":"MinimumWarningAppVersion","Option":"Write"},{"CIMType":"String","Description":"Versions less than the specified version will result in warning message on the managed app","Name":"MinimumWarningOSVersion","Option":"Write"},{"CIMType":"String","Description":"Versions less than the specified version will result in warning message on the managed app","Name":"MinimumWarningPatchVersion","Option":"Write"},{"CIMType":"String","Description":"The apps controlled by this protection policy, overrides any values in Apps unless this value is 'selectedPublicApps'.","Name":"AppGroupType","Option":"Write","ValueMap":["allApps","allMicrosoftApps","allCoreMicrosoftApps","selectedPublicApps"],"Values":["allApps","allMicrosoftApps","allCoreMicrosoftApps","selectedPublicApps"]},{"CIMType":"Boolean","Description":"Indicates whether or not to Block the user from taking Screenshots.","Name":"ScreenCaptureBlocked","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not the 'Encrypt org data' value is enabled.  True = require","Name":"EncryptAppData","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not the 'Encrypt org data on enrolled devices' value is enabled.  False = require.  Only functions if EncryptAppData is set to True","Name":"DisableAppEncryptionIfDeviceEncryptionIsEnabled","Option":"Write"},{"CIMType":"String","Description":"The application name for browser associated with the 'Unmanaged Browser ID'. This name will be displayed to users if the specified browser is not installed.","Name":"CustomBrowserDisplayName","Option":"Write"},{"CIMType":"String","Description":"The application ID for a single browser. Web content (http/s) from policy managed applications will open in the specified browser.","Name":"CustomBrowserPackageId","Option":"Write"},{"CIMType":"String","Description":"Id of the Intune policy. To avoid creation of duplicate policies DisplayName will be searched for if the ID is not found","Name":"Id","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures an Intune app protection policy for an Android Device."},{"ClassName":"MSFT_IntuneAppProtectionPolicyiOS","Parameters":[{"CIMType":"String","Description":"Display name of the iOS App Protection Policy.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"Identity of the iOS App Protection Policy.","Name":"Identity","Option":"Write"},{"CIMType":"String","Description":"Description of the iOS App Protection Policy.","Name":"Description","Option":"Write"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"String[]","Description":"Data storage locations where a user may store managed data. Inherited from managedAppProtection.","Name":"AllowedDataIngestionLocations","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates if content sync for widgets is allowed for iOS on App Protection Policies.","Name":"AllowWidgetContentSync","Option":"Write"},{"CIMType":"String","Description":"Defines a managed app behavior, either block or warn, if the user is clocked out (non-working time).","Name":"AppActionIfAccountIsClockedOut","Option":"Write","ValueMap":["block","wipe","warn","blockWhenSettingIsSupported"],"Values":["block","wipe","warn","blockWhenSettingIsSupported"]},{"CIMType":"String","Description":"If set, it will specify what action to take in the case where the user is unable to checkin because their authentication token is invalid. This happens when the user is deleted or disabled in AAD. .","Name":"AppActionIfUnableToAuthenticateUser","Option":"Write","ValueMap":["block","wipe","warn","blockWhenSettingIsSupported"],"Values":["block","wipe","warn","blockWhenSettingIsSupported"]},{"CIMType":"String","Description":"Public Apps selection: group or individual Inherited from targetedManagedAppProtection.","Name":"AppGroupType","Option":"Write","ValueMap":["selectedPublicApps","allCoreMicrosoftApps","allMicrosoftApps","allApps"],"Values":["selectedPublicApps","allCoreMicrosoftApps","allMicrosoftApps","allApps"]},{"CIMType":"boolean","Description":"Indicates whether a user can bring data into org documents.","Name":"BlockDataIngestionIntoOrganizationDocuments","Option":"Write"},{"CIMType":"String","Description":"Protocol of a custom dialer app to click-to-open a phone number on iOS, for example, skype:.","Name":"CustomDialerAppProtocol","Option":"Write"},{"CIMType":"UInt32","Description":"Count of apps to which the current policy is deployed.","Name":"DeployedAppCount","Option":"Write"},{"CIMType":"String","Description":"The classes of dialer apps that are allowed to click-to-open a phone number.","Name":"DialerRestrictionLevel","Option":"Write","ValueMap":["allApps","managedApps","customApp","blocked"],"Values":["allApps","managedApps","customApp","blocked"]},{"CIMType":"String[]","Description":"A list of custom urls that are allowed to invocate an unmanaged app.","Name":"ExemptedUniversalLinks","Option":"Write"},{"CIMType":"String","Description":"A grace period before blocking app access during off clock hours. Must be an ISO8601 timespan format.","Name":"GracePeriodToBlockAppsDuringOffClockHours","Option":"Write"},{"CIMType":"String[]","Description":"A list of custom urls that are allowed to invocate a managed app.","Name":"managedUniversalLinks","Option":"Write"},{"CIMType":"String","Description":"Maximum allowed device threat level, as reported by the MTD app Inherited from managedAppProtection.","Name":"MaximumAllowedDeviceThreatLevel","Option":"Write","ValueMap":["notConfigured","secured","low","medium","high"],"Values":["notConfigured","secured","low","medium","high"]},{"CIMType":"String","Description":"Versions bigger than the specified version will block the managed app from accessing company data. Inherited from managedAppProtection.","Name":"MaximumRequiredOsVersion","Option":"Write"},{"CIMType":"String","Description":"Versions bigger than the specified version will block the managed app from accessing company data. Inherited from managedAppProtection.","Name":"MaximumWarningOsVersion","Option":"Write"},{"CIMType":"String","Description":"Versions bigger than the specified version will block the managed app from accessing company data. Inherited from managedAppProtection.","Name":"MaximumWipeOsVersion","Option":"Write"},{"CIMType":"String","Description":"When a specific app redirection is enforced by protectedMessagingRedirectAppType in an App Protection Policy, this value defines the app url redirect schemes which are allowed to be used.","Name":"MessagingRedirectAppUrlScheme","Option":"Write"},{"CIMType":"String","Description":"Versions less than the specified version will result in warning message on the managed app from accessing company data.","Name":"MinimumWarningSdkVersion","Option":"Write"},{"CIMType":"String","Description":"Indicates how to prioritize which Mobile Threat Defense (MTD) partner is enabled for a given platform, when more than one is enabled. An app can only be actively using a single Mobile Threat Defense partner. When NULL, Microsoft Defender will be given preference. Otherwise setting the value to defenderOverThirdPartyPartner or thirdPartyPartnerOverDefender will make explicit which partner to prioritize.","Name":"MobileThreatDefensePartnerPriority","Option":"Write","ValueMap":["defenderOverThirdPartyPartner","thirdPartyPartnerOverDefender","unknownFutureValue"],"Values":["defenderOverThirdPartyPartner","thirdPartyPartnerOverDefender","unknownFutureValue"]},{"CIMType":"String","Description":"Determines what action to take if the mobile threat defense threat threshold isn't met. Warn isn't a supported value for this property Inherited from managedAppProtection.","Name":"MobileThreatDefenseRemediationAction","Option":"Write","ValueMap":["block","wipe","warn","blockWhenSettingIsSupported"],"Values":["block","wipe","warn","blockWhenSettingIsSupported"]},{"CIMType":"UInt32","Description":"Requires a pin to be unique from the number specified in this property. Inherited from managedAppProtection.","Name":"PreviousPinBlockCount","Option":"Write"},{"CIMType":"String","Description":"Defines how app messaging redirection is protected by an App Protection Policy. Default is anyApp. Inherited from managedAppProtection.","Name":"ProtectedMessagingRedirectAppType","Option":"Write","ValueMap":["anyApp","anyManagedApp","specificApps","blocked"],"Values":["anyApp","anyManagedApp","specificApps","blocked"]},{"CIMType":"Boolean","Description":"Defines if third party keyboards are allowed while accessing a managed app.","Name":"ThirdPartyKeyboardsBlocked","Option":"Write"},{"CIMType":"String","Description":"The period after which access is checked when the device is not connected to the internet. Must be an ISO8601 timespan format.","Name":"PeriodOfflineBeforeAccessCheck","Option":"Write"},{"CIMType":"String","Description":"The period after which access is checked when the device is connected to the internet. Must be an ISO8601 timespan format.","Name":"PeriodOnlineBeforeAccessCheck","Option":"Write"},{"CIMType":"String","Description":"Sources from which data is allowed to be transferred. Possible values are: allApps, managedApps, none.","Name":"AllowedInboundDataTransferSources","Option":"Write","ValueMap":["allApps","managedApps","none"],"Values":["allApps","managedApps","none"]},{"CIMType":"String","Description":"Destinations to which data is allowed to be transferred. Possible values are: allApps, managedApps, none.","Name":"AllowedOutboundDataTransferDestinations","Option":"Write","ValueMap":["allApps","managedApps","none"],"Values":["allApps","managedApps","none"]},{"CIMType":"Boolean","Description":"Indicates whether organizational credentials are required for app use.","Name":"OrganizationalCredentialsRequired","Option":"Write"},{"CIMType":"String","Description":"The level to which the clipboard may be shared between apps on the managed device. Possible values are: allApps, managedAppsWithPasteIn, managedApps, blocked.","Name":"AllowedOutboundClipboardSharingLevel","Option":"Write","ValueMap":["allApps","managedAppsWithPasteIn","managedApps","blocked"],"Values":["allApps","managedAppsWithPasteIn","managedApps","blocked"]},{"CIMType":"Boolean","Description":"Indicates whether the backup of a managed app's data is blocked.","Name":"DataBackupBlocked","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether device compliance is required.","Name":"DeviceComplianceRequired","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether internet links should be opened in the managed browser app, or any custom browser specified by CustomBrowserProtocol (for iOS) or CustomBrowserPackageId/CustomBrowserDisplayName (for Android).","Name":"ManagedBrowserToOpenLinksRequired","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether users may use the Save As menu item to save a copy of protected files.","Name":"SaveAsBlocked","Option":"Write"},{"CIMType":"String","Description":"The amount of time an app is allowed to remain disconnected from the internet before all managed data it is wiped. Must be an ISO8601 timespan format.","Name":"PeriodOfflineBeforeWipeIsEnforced","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether an app-level pin is required.","Name":"PinRequired","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether use of the app pin is required if the device pin is set.","Name":"DisableAppPinIfDevicePinIsSet","Option":"Write"},{"CIMType":"UInt32","Description":"Maximum number of incorrect pin retry attempts before the managed app is either blocked or wiped.","Name":"MaximumPinRetries","Option":"Write"},{"CIMType":"Boolean","Description":"Block simple PIN and require complex PIN to be set.","Name":"SimplePinBlocked","Option":"Write"},{"CIMType":"UInt32","Description":"Minimum pin length required for an app-level pin if PinRequired is set to True.","Name":"MinimumPinLength","Option":"Write"},{"CIMType":"String","Description":"Character set which may be used for an app-level pin if PinRequired is set to True. Possible values are: numeric, alphanumericAndSymbol.","Name":"PinCharacterSet","Option":"Write","ValueMap":["numeric","alphanumericAndSymbol"],"Values":["numeric","alphanumericAndSymbol"]},{"CIMType":"String[]","Description":"Data storage locations where a user may store managed data.","Name":"AllowedDataStorageLocations","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether contacts can be synced to the user's device.","Name":"ContactSyncBlocked","Option":"Write"},{"CIMType":"String","Description":"TimePeriod before the all-level pin must be reset if PinRequired is set to True. Must be an ISO8601 timespan format.","Name":"PeriodBeforePinReset","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether printing is allowed from managed apps.","Name":"PrintBlocked","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether use of the fingerprint reader is allowed in place of a pin if PinRequired is set to True.","Name":"FingerprintBlocked","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether use of the FaceID is allowed in place of a pin if PinRequired is set to True.","Name":"FaceIdBlocked","Option":"Write"},{"CIMType":"String","Description":"Indicates in which managed browser(s) that internet links should be opened. When this property is configured, ManagedBrowserToOpenLinksRequired should be true. Possible values are: notConfigured, microsoftEdge.","Name":"ManagedBrowser","Option":"Write","ValueMap":["notConfigured","microsoftEdge"],"Values":["notConfigured","microsoftEdge"]},{"CIMType":"String","Description":"Versions less than the specified version will block the managed app from accessing company data.","Name":"MinimumRequiredAppVersion","Option":"Write"},{"CIMType":"String","Description":"Versions less than the specified version will result in warning message on the managed app from accessing company data.","Name":"MinimumWarningAppVersion","Option":"Write"},{"CIMType":"String","Description":"Versions less than the specified version will block the managed app from accessing company data.","Name":"MinimumRequiredOSVersion","Option":"Write"},{"CIMType":"String","Description":"Versions less than the specified version will result in warning message on the managed app from accessing company data.","Name":"MinimumWarningOSVersion","Option":"Write"},{"CIMType":"String","Description":"Versions less than the specified version will block the managed app from accessing company data.","Name":"MinimumRequiredSdkVersion","Option":"Write"},{"CIMType":"String","Description":"Versions less than or equal to the specified version will wipe the managed app and the associated company data.","Name":"MinimumWipeOSVersion","Option":"Write"},{"CIMType":"String","Description":"Versions less than or equal to the specified version will wipe the managed app and the associated company data.","Name":"MinimumWipeAppVersion","Option":"Write"},{"CIMType":"String","Description":"Defines a managed app behavior, either block or wipe, when the device is either rooted or jailbroken, if DeviceComplianceRequired is set to true.","Name":"AppActionIfDeviceComplianceRequired","Option":"Write","ValueMap":["block","wipe","warn"],"Values":["block","wipe","warn"]},{"CIMType":"String","Description":"Defines a managed app behavior, either block or wipe, based on maximum number of incorrect pin retry attempts.","Name":"AppActionIfMaximumPinRetriesExceeded","Option":"Write","ValueMap":["block","wipe","warn"],"Values":["block","wipe","warn"]},{"CIMType":"String","Description":"Timeout in minutes for an app pin instead of non biometrics passcode. Must be an ISO8601 timespan format.","Name":"PinRequiredInsteadOfBiometricTimeout","Option":"Write"},{"CIMType":"Uint32","Description":"Specify the number of characters that may be cut or copied from Org data and accounts to any application. This setting overrides the AllowedOutboundClipboardSharingLevel restriction. Default value of '0' means no exception is allowed.","Name":"AllowedOutboundClipboardSharingExceptionLength","Option":"Write"},{"CIMType":"String","Description":"Specify app notification restriction.","Name":"NotificationRestriction","Option":"Write","ValueMap":["allow","blockOrganizationalData","block"],"Values":["allow","blockOrganizationalData","block"]},{"CIMType":"String[]","Description":"The intended app management levels for this policy.","Name":"TargetedAppManagementLevels","Option":"Write","ValueMap":["unspecified","unmanaged","mdm","androidEnterprise"],"Values":["unspecified","unmanaged","mdm","androidEnterprise"]},{"CIMType":"String","Description":"Require app data to be encrypted.","Name":"AppDataEncryptionType","Option":"Write","ValueMap":["useDeviceSettings","afterDeviceRestart","whenDeviceLockedExceptOpenFiles","whenDeviceLocked"],"Values":["useDeviceSettings","afterDeviceRestart","whenDeviceLockedExceptOpenFiles","whenDeviceLocked"]},{"CIMType":"String[]","Description":"Apps in this list will be exempt from the policy and will be able to receive data from managed apps.","Name":"ExemptedAppProtocols","Option":"Write"},{"CIMType":"String","Description":"Versions less than the specified version will block the managed app from accessing company data.","Name":"MinimumWipeSdkVersion","Option":"Write"},{"CIMType":"String[]","Description":"Semicolon separated list of device models allowed, as a string, for the managed app to work.","Name":"AllowedIosDeviceModels","Option":"Write"},{"CIMType":"String","Description":"Defines a managed app behavior, either block or wipe, if the specified device model is not allowed.","Name":"AppActionIfIosDeviceModelNotAllowed","Option":"Write","ValueMap":["block","wipe","warn"],"Values":["block","wipe","warn"]},{"CIMType":"Boolean","Description":"Defines if open-in operation is supported from the managed app to the filesharing locations selected. This setting only applies when AllowedOutboundDataTransferDestinations is set to ManagedApps and DisableProtectionOfManagedOutboundOpenInData is set to False.","Name":"FilterOpenInToOnlyManagedApps","Option":"Write"},{"CIMType":"Boolean","Description":"Disable protection of data transferred to other apps through IOS 'OpenIn' option. This setting is only allowed to be True when AllowedOutboundDataTransferDestinations is set to ManagedApps.","Name":"DisableProtectionOfManagedOutboundOpenInData","Option":"Write"},{"CIMType":"Boolean","Description":"Protect incoming data from unknown source. This setting is only allowed to be True when AllowedInboundDataTransferSources is set to AllApps.","Name":"ProtectInboundDataFromUnknownSources","Option":"Write"},{"CIMType":"String","Description":"A custom browser protocol to open weblink on iOS.","Name":"CustomBrowserProtocol","Option":"Write"},{"CIMType":"String[]","Description":"List of IDs representing the iOS apps controlled by this protection policy.","Name":"Apps","Option":"Write"},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"List of IDs of the groups assigned to this iOS Protection Policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Intune Admin.","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"ID of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"ID of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures an Intune app protection policy for an iOS Device."},{"ClassName":"MSFT_IntuneAppProtectionPolicyWindows10","Parameters":[{"CIMType":"String","Description":"Indicates the sources from which data is allowed to be transferred. Some possible values are allApps or none. Possible values are: allApps, none.","Name":"AllowedInboundDataTransferSources","Option":"Write","ValueMap":["allApps","none"],"Values":["allApps","none"]},{"CIMType":"String","Description":"Indicates the level to which the clipboard may be shared across org & non-org resources. Some possible values are anyDestinationAnySource or none. Possible values are: anyDestinationAnySource, none, orgDestinationAnySource, orgDestinationOrgSource, unknownFutureValue.","Name":"AllowedOutboundClipboardSharingLevel","Option":"Write","ValueMap":["anyDestinationAnySource","none"],"Values":["anyDestinationAnySource","none"]},{"CIMType":"String","Description":"Indicates the destinations to which data is allowed to be transferred. Some possible values are allApps or none. Possible values are: allApps, none.","Name":"AllowedOutboundDataTransferDestinations","Option":"Write","ValueMap":["allApps","none"],"Values":["allApps","none"]},{"CIMType":"String","Description":"If set, it will specify what action to take in the case where the user is unable to checkin because their authentication token is invalid. This happens when the user is deleted or disabled in AAD. Some possible values are block or wipe. If this property is not set, no action will be taken. Possible values are: block, wipe, warn, blockWhenSettingIsSupported.","Name":"AppActionIfUnableToAuthenticateUser","Option":"Write","ValueMap":["block","wipe","warn","blockWhenSettingIsSupported"],"Values":["block","wipe","warn","blockWhenSettingIsSupported"]},{"CIMType":"String","Description":"Maximum allowed device threat level, as reported by the Mobile Threat Defense app. Possible values are: notConfigured, secured, low, medium, high.","Name":"MaximumAllowedDeviceThreatLevel","Option":"Write","ValueMap":["notConfigured","secured","low","medium","high"],"Values":["notConfigured","secured","low","medium","high"]},{"CIMType":"String","Description":"Versions bigger than the specified version will block the managed app from accessing company data. For example: '8.1.0' or '13.1.1'.","Name":"MaximumRequiredOsVersion","Option":"Write"},{"CIMType":"String","Description":"Versions bigger than the specified version will result in warning message on the managed app from accessing company data. For example: '8.1.0' or '13.1.1'.","Name":"MaximumWarningOsVersion","Option":"Write"},{"CIMType":"String","Description":"Versions bigger than the specified version will wipe the managed app and the associated company data. For example: '8.1.0' or '13.1.1'.","Name":"MaximumWipeOsVersion","Option":"Write"},{"CIMType":"String","Description":"Versions less than the specified version will block the managed app from accessing company data. For example: '8.1.0' or '13.1.1'.","Name":"MinimumRequiredAppVersion","Option":"Write"},{"CIMType":"String","Description":"Versions less than the specified version will block the managed app from accessing company data. For example: '8.1.0' or '13.1.1'.","Name":"MinimumRequiredOsVersion","Option":"Write"},{"CIMType":"String","Description":"Versions less than the specified version will block the managed app from accessing company data. For example: '8.1.0' or '13.1.1'.","Name":"MinimumRequiredSdkVersion","Option":"Write"},{"CIMType":"String","Description":"Versions less than the specified version will result in warning message on the managed app from accessing company data. For example: '8.1.0' or '13.1.1'.","Name":"MinimumWarningAppVersion","Option":"Write"},{"CIMType":"String","Description":"Versions less than the specified version will result in warning message on the managed app from accessing company data. For example: '8.1.0' or '13.1.1'.","Name":"MinimumWarningOsVersion","Option":"Write"},{"CIMType":"String","Description":"Versions less than the specified version will wipe the managed app and the associated company data. For example: '8.1.0' or '13.1.1'.","Name":"MinimumWipeAppVersion","Option":"Write"},{"CIMType":"String","Description":"Versions less than the specified version will wipe the managed app and the associated company data. For example: '8.1.0' or '13.1.1'.","Name":"MinimumWipeOsVersion","Option":"Write"},{"CIMType":"String","Description":"Versions less than the specified version will wipe the managed app and the associated company data. For example: '8.1.0' or '13.1.1'.","Name":"MinimumWipeSdkVersion","Option":"Write"},{"CIMType":"String","Description":"Determines what action to take if the mobile threat defense threat threshold isn't met. Some possible values are block or wipe. Warn isn't a supported value for this property. Possible values are: block, wipe, warn, blockWhenSettingIsSupported.","Name":"MobileThreatDefenseRemediationAction","Option":"Write","ValueMap":["block","wipe","warn","blockWhenSettingIsSupported"],"Values":["block","wipe","warn","blockWhenSettingIsSupported"]},{"CIMType":"String","Description":"The period after which access is checked when the device is not connected to the internet. For example, PT5M indicates that the interval is 5 minutes in duration. A timespan value of PT0S indicates that access will be blocked immediately when the device is not connected to the internet.","Name":"PeriodOfflineBeforeAccessCheck","Option":"Write"},{"CIMType":"String","Description":"The amount of time an app is allowed to remain disconnected from the internet before all managed data it is wiped. For example, P5D indicates that the interval is 5 days in duration. A timespan value of PT0S indicates that managed data will never be wiped when the device is not connected to the internet.","Name":"PeriodOfflineBeforeWipeIsEnforced","Option":"Write"},{"CIMType":"Boolean","Description":"When TRUE, indicates that printing is blocked from managed apps. When FALSE, indicates that printing is allowed from managed apps. Default value is FALSE.","Name":"PrintBlocked","Option":"Write"},{"CIMType":"String","Description":"The policy's description.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Policy display name.","Name":"DisplayName","Option":"Key"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"String[]","Description":"List of IDs representing the Windows apps controlled by this protection policy.","Name":"Apps","Option":"Write"},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune App Protection Policy for Windows10"},{"ClassName":"MSFT_IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager","Parameters":[{"CIMType":"String","Description":"Identity of the endpoint protection attack surface protection rules policy for Windows 10.","Name":"Identity","Option":"Write"},{"CIMType":"String","Description":"Display name of the endpoint protection attack surface protection rules policy for Windows 10.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"Description of the endpoint protection attack surface protection rules policy for Windows 10.","Name":"Description","Option":"Write"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Assignments of the endpoint protection attack surface protection rules policy for Windows 10.","Name":"Assignments","Option":"Write"},{"CIMType":"String[]","Description":"Exclude files and paths from attack surface reduction rules","Name":"AttackSurfaceReductionOnlyExclusions","Option":"Write"},{"CIMType":"String","Description":"This rule prevents an application from writing a vulnerable signed driver to disk.","Name":"BlockAbuseOfExploitedVulnerableSignedDrivers","Option":"Write","ValueMap":["off","block","audit","warn"],"Values":["off","block","audit","warn"]},{"CIMType":"String","Description":"This rule prevents attacks by blocking Adobe Reader from creating processes.","Name":"BlockAdobeReaderFromCreatingChildProcesses","Option":"Write","ValueMap":["off","block","audit","warn"],"Values":["off","block","audit","warn"]},{"CIMType":"String","Description":"This rule blocks Office apps from creating child processes. Office apps include Word, Excel, PowerPoint, OneNote, and Access.","Name":"BlockAllOfficeApplicationsFromCreatingChildProcesses","Option":"Write","ValueMap":["off","block","audit","warn"],"Values":["off","block","audit","warn"]},{"CIMType":"String","Description":"This rule helps prevent credential stealing by locking down Local Security Authority Subsystem Service (LSASS).","Name":"BlockCredentialStealingFromWindowsLocalSecurityAuthoritySubsystem","Option":"Write","ValueMap":["off","block","audit","warn"],"Values":["off","block","audit","warn"]},{"CIMType":"String","Description":"This rule blocks the following file types from launching from email opened within the Microsoft Outlook application, or Outlook.com and other popular webmail providers.","Name":"BlockExecutableContentFromEmailClientAndWebmail","Option":"Write","ValueMap":["off","block","audit","warn"],"Values":["off","block","audit","warn"]},{"CIMType":"String","Description":"This rule blocks executable files that don't meet a prevalence, age, or trusted list criteria, such as .exe, .dll, or .scr, from launching.","Name":"BlockExecutableFilesRunningUnlessTheyMeetPrevalenceAgeTrustedListCriterion","Option":"Write","ValueMap":["off","block","audit","warn"],"Values":["off","block","audit","warn"]},{"CIMType":"String","Description":"This rule detects suspicious properties within an obfuscated script.","Name":"BlockExecutionOfPotentiallyObfuscatedScripts","Option":"Write","ValueMap":["off","block","audit","warn"],"Values":["off","block","audit","warn"]},{"CIMType":"String","Description":"This rule prevents scripts from launching potentially malicious downloaded content.","Name":"BlockJavaScriptOrVBScriptFromLaunchingDownloadedExecutableContent","Option":"Write","ValueMap":["off","block","audit","warn"],"Values":["off","block","audit","warn"]},{"CIMType":"String","Description":"This rule prevents Office apps, including Word, Excel, and PowerPoint, from creating potentially malicious executable content, by blocking malicious code from being written to disk.","Name":"BlockOfficeApplicationsFromCreatingExecutableContent","Option":"Write","ValueMap":["off","block","audit","warn"],"Values":["off","block","audit","warn"]},{"CIMType":"String","Description":"This rule blocks code injection attempts from Office apps into other processes.","Name":"BlockOfficeApplicationsFromInjectingCodeIntoOtherProcesses","Option":"Write","ValueMap":["off","block","audit","warn"],"Values":["off","block","audit","warn"]},{"CIMType":"String","Description":"This rule prevents Outlook from creating child processes, while still allowing legitimate Outlook functions.","Name":"BlockOfficeCommunicationAppFromCreatingChildProcesses","Option":"Write","ValueMap":["off","block","audit","warn"],"Values":["off","block","audit","warn"]},{"CIMType":"String","Description":"This rule prevents malware from abusing WMI to attain persistence on a device.","Name":"BlockPersistenceThroughWMIEventSubscription","Option":"Write","ValueMap":["off","block","audit","warn"],"Values":["off","block","audit","warn"]},{"CIMType":"String","Description":"This rule blocks processes created through PsExec and WMI from running.","Name":"BlockProcessCreationsFromPSExecAndWMICommands","Option":"Write","ValueMap":["off","block","audit","warn"],"Values":["off","block","audit","warn"]},{"CIMType":"String","Description":"With this rule, admins can prevent unsigned or untrusted executable files from running from USB removable drives, including SD cards.","Name":"BlockUntrustedUnsignedProcessesThatRunFromUSB","Option":"Write","ValueMap":["off","block","audit","warn"],"Values":["off","block","audit","warn"]},{"CIMType":"String","Description":"This rule prevents VBA macros from calling Win32 APIs.","Name":"BlockWin32APICallsFromOfficeMacros","Option":"Write","ValueMap":["off","block","audit","warn"],"Values":["off","block","audit","warn"]},{"CIMType":"String","Description":"This rule provides an extra layer of protection against ransomware.","Name":"UseAdvancedProtectionAgainstRansomware","Option":"Write","ValueMap":["off","block","audit","warn"],"Values":["off","block","audit","warn"]},{"CIMType":"String[]","Description":"List of additional folders that need to be protected","Name":"ControlledFolderAccessProtectedFolders","Option":"Write"},{"CIMType":"String[]","Description":"List of apps that have access to protected folders.","Name":"ControlledFolderAccessAllowedApplications","Option":"Write"},{"CIMType":"String","Description":"This rule enable Controlled folder access which protects your data by checking apps against a list of known, trusted apps.values 0:disable, 1:enable, 2:audit, 3: Block disk modification only, 4: Audit disk modification only","Name":"EnableControlledFolderAccess","Option":"Write","ValueMap":["0","1","2","3","4"],"Values":["0","1","2","3","4"]},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Intune Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Name of the Azure Active Directory tenant used for authentication. Format contoso.onmicrosoft.com","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures an Intune Endpoint Protection Attack Surface Reduction Rules policy for a Windows 10 Device for Configuration Manager.\nThis policy setting enables setting the state (Block/Audit/Off/Warn) for each attack surface reduction (ASR) rule. Each ASR rule listed can be set to one of the following states (Block/Audit/Off/Warn). The ASR rule ID and state should be added under the Options for this setting. Each entry must be listed as a name value pair. The name defines a valid ASR rule ID, while the value contains the status ID indicating the status of the rule.\n\nFor more information about ASR rule ID and status ID, see Enable Attack Surface Reduction: <https://docs.microsoft.com/en-us/windows/threat-protection/windows-defender-exploit-guard/enable-attack-surface-reduction/>."},{"ClassName":"MSFT_IntuneAzureNetworkConnectionWindows365","Parameters":[{"CIMType":"String","Description":"The fully qualified domain name (FQDN) of the Active Directory domain you want to join. Optional.","Name":"AdDomainName","Option":"Write"},{"CIMType":"String","Description":"The password associated with adDomainUsername. Cannot be exported and must be manually added before deploying the network connection.","Name":"AdDomainPassword","Option":"Write"},{"CIMType":"String","Description":"The username of an Active Directory account (user or service account) that has permissions to create computer objects in Active Directory. Required format: admincontoso.com. Optional.","Name":"AdDomainUsername","Option":"Write"},{"CIMType":"String","Description":"Specifies the method by which a provisioned Cloud PC is joined to Microsoft Entra. The azureADJoin option indicates the absence of an on-premises Active Directory (AD) in the current tenant that results in the Cloud PC device only joining to Microsoft Entra. The hybridAzureADJoin option indicates the presence of an on-premises AD in the current tenant and that the Cloud PC joins both the on-premises AD and Microsoft Entra. The selected option also determines the types of users who can be assigned and can sign into a Cloud PC. The azureADJoin option allows both cloud-only and hybrid users to be assigned and sign in, whereas hybridAzureADJoin is restricted to hybrid users only. The default value is hybridAzureADJoin. The possible values are: hybridAzureADJoin, azureADJoin.","Name":"ConnectionType","Option":"Write","ValueMap":["hybridAzureADJoin","azureADJoin"],"Values":["hybridAzureADJoin","azureADJoin"]},{"CIMType":"String","Description":"The display name for the Azure network connection.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"The organizational unit (OU) in which the computer account is created. If left null, the OU configured as the default (a well-known computer object container) in your Active Directory domain (OU) is used. Optional. Only applicable for the connection type 'hybridAzureADJoin'.","Name":"OrganizationalUnit","Option":"Write"},{"CIMType":"String","Description":"The ID of the target resource group. Required format: /subscriptions/{subscription-id}/resourceGroups/{resourceGroupName}.","Name":"ResourceGroupId","Option":"Required"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"String","Description":"The ID of the target subnet. Required format: /subscriptions/{subscription-id}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkId}/subnets/{subnetName}.","Name":"SubnetId","Option":"Required"},{"CIMType":"String","Description":"The name of the target Azure subscription.","Name":"SubscriptionName","Option":"Required"},{"CIMType":"String","Description":"The ID of the target virtual network. Required format: /subscriptions/{subscription-id}/{resourceGroups/resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}.","Name":"VirtualNetworkId","Option":"Required"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Azure Network Connection for Windows365\n\n**NOTE:** To resolve the subscription and resource group name, the identity requires the `Microsoft.Resources/subscriptions/read` Azure permission.\nYou can either assign it with a built-in role with more permissions, or use a custom Azure RBAC role with this specific permission.\nThe role scope can be configured at management group or at an individual subscription level, but it must be the subscription where the Azure Network Connection was deployed to.\n\nMake sure that the value of `SubscriptionName` is the same as the one in the subnet and resource group specification."},{"ClassName":"MSFT_MicrosoftGraphCloudPcProvisioningPolicyAutopatch","Parameters":[{"CIMType":"String","Description":"The unique identifier (ID) of a Windows Autopatch group. An Autopatch group is a logical container or unit that groups several Microsoft Entra groups and software update policies. Devices with the same Autopatch group ID share unified software update management. The default value is null that indicates that no Autopatch group is associated with the provisioning policy.","Name":"AutopatchGroupId","Option":"Write"},{"CIMType":"String","Description":"The unique display name of a Windows Autopatch group.","Name":"AutopatchGroupDisplayName","Option":"Write"}],"Description":"Intune Cloud Provisioning Policy for Windows365\n\n**Please note:** To deploy an Intune Cloud Provisioning Policy for Windows 365 and you opted to use Autopatch, then you must use `Credentials` as the authentication method.\nThe Microsoft Graph API does not allow Service Principal authentication for Autopatch configuration."},{"ClassName":"MSFT_MicrosoftGraphCloudPcAutopilotConfiguration","Parameters":[{"CIMType":"UInt32","Description":"Indicates the number of minutes allowed for the Autopilot application to apply the device preparation profile (DPP) configurations to the device. If the Autopilot application doesn't finish within the specified time (applicationTimeoutInMinutes), the application error is added to the statusDetail property of the cloudPC object. The supported value is an integer between 10 and 360. Required.","Name":"ApplicationTimeoutInMinutes","Option":"Write"},{"CIMType":"String","Description":"The unique identifier (ID) of the Autopilot device preparation profile (DPP) that links a Windows Autopilot device preparation policy to ensure that devices are ready for users after provisioning. Required.","Name":"DevicePreparationProfileId","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether the access to the device is allowed when the application of Autopilot device preparation profile (DPP) configurations fails or times out. If true, the status of the device is failed and the device is unable to access otherwise, the status of the device is provisionedWithWarnings and the device is allowed to access. The default value is false. Required.","Name":"OnFailureDeviceAccessDenied","Option":"Write"}],"Description":"Intune Cloud Provisioning Policy for Windows365\n\n**Please note:** To deploy an Intune Cloud Provisioning Policy for Windows 365 and you opted to use Autopatch, then you must use `Credentials` as the authentication method.\nThe Microsoft Graph API does not allow Service Principal authentication for Autopatch configuration."},{"ClassName":"MSFT_MicrosoftGraphCloudPcDomainJoinConfiguration","Parameters":[{"CIMType":"String","Description":"Specifies the method by which the provisioned Cloud PC joins Microsoft Entra ID. If you choose the hybridAzureADJoin type, only provide a value for the onPremisesConnectionId property and leave the regionName property empty. If you choose the azureADJoin type, provide a value for either the onPremisesConnectionId or the regionName property. Possible values are: azureADJoin, hybridAzureADJoin.","Name":"DomainJoinType","Option":"Write","ValueMap":["azureADJoin","hybridAzureADJoin"],"Values":["azureADJoin","hybridAzureADJoin"]},{"CIMType":"String","Description":"The geographic location where the region is located. Read-only.","Name":"GeographicLocationType","Option":"Write","ValueMap":["default","asia","australasia","canada","europe","india","africa","usCentral","usEast","usWest","southAmerica","middleEast","centralAmerica","usGovernment","mexico"],"Values":["default","asia","australasia","canada","europe","india","africa","usCentral","usEast","usWest","southAmerica","middleEast","centralAmerica","usGovernment","mexico"]},{"CIMType":"String","Description":"The Azure network connection ID that matches the virtual network IT admins want the provisioning policy to use when they create Cloud PCs. You can use this property in both domain join types: Azure AD joined or Hybrid Microsoft Entra joined. If you enter an onPremisesConnectionId, leave the regionName property empty.","Name":"OnPremisesConnectionId","Option":"Write"},{"CIMType":"String","Description":"The logical geographic group this region belongs to. Multiple regions can belong to one region group. A customer can select a regionGroup when they provision a Cloud PC, and the Cloud PC is put in one of the regions in the group based on resource status. For example, the Europe region group contains the Northern Europe and Western Europe regions.","Name":"RegionGroup","Option":"Write","ValueMap":["asia","australasia","australia","austria","automatic","belgium","brazil","canada","default","denmark","euap","europe","europeUnion","france","germany","hongKong","india","indonesia","ireland","israel","italy","japan","kenya","malaysia","mexico","middleEast","netherlands","newZealand","norway","poland","singapore","southAmerica","southKorea","spain","sweden","switzerland","taiwan","unitedKingdom","unknownFutureValue","usCentral","usEast","usGovernment","usGovernmentDOD","usWest"],"Values":["asia","australasia","australia","austria","automatic","belgium","brazil","canada","default","denmark","euap","europe","europeUnion","france","germany","hongKong","india","indonesia","ireland","israel","italy","japan","kenya","malaysia","mexico","middleEast","netherlands","newZealand","norway","poland","singapore","southAmerica","southKorea","spain","sweden","switzerland","taiwan","unitedKingdom","unknownFutureValue","usCentral","usEast","usGovernment","usGovernmentDOD","usWest"]},{"CIMType":"String","Description":"The supported Azure region where the IT admin wants the provisioning policy to create Cloud PCs. The underlying virtual network is created and managed by the Windows 365 service. This can only be entered if the IT admin chooses Microsoft Entra joined as the domain join type. If you enter a regionName, leave the onPremisesConnectionId property empty. For an automatic selection, choose 'Automatic'.","Name":"RegionName","Option":"Write"},{"CIMType":"String","Description":"Specifies the method by which the provisioned Cloud PC joins Microsoft Entra ID. If you choose the hybridAzureADJoin type, only provide a value for the onPremisesConnectionId property and leave regionName as empty. If you choose the azureADJoin type, provide a value for either onPremisesConnectionId or regionName. The possible values are: azureADJoin, hybridAzureADJoin. The type property is deprecated and will stop returning data on January 31, 2024. Going forward, use the domainJoinType property.","Name":"Type","Option":"Write","ValueMap":["azureADJoin","hybridAzureADJoin"],"Values":["azureADJoin","hybridAzureADJoin"]}],"Description":"Intune Cloud Provisioning Policy for Windows365\n\n**Please note:** To deploy an Intune Cloud Provisioning Policy for Windows 365 and you opted to use Autopatch, then you must use `Credentials` as the authentication method.\nThe Microsoft Graph API does not allow Service Principal authentication for Autopatch configuration."},{"ClassName":"MSFT_MicrosoftGraphMicrosoftManagedDesktop","Parameters":[{"CIMType":"String","Description":"Indicates the provisioning policy associated with Microsoft Managed Desktop settings. Possible values are: notManaged, premiumManaged, standardManaged, starterManaged. The default value is notManaged.","Name":"ManagedType","Option":"Write","ValueMap":["notManaged","premiumManaged","standardManaged","starterManaged"],"Values":["notManaged","premiumManaged","standardManaged","starterManaged"]},{"CIMType":"String","Description":"The name of the Microsoft Managed Desktop profile that the Windows 365 Cloud PC is associated with.","Name":"Profile","Option":"Write"},{"CIMType":"String","Description":"Indicates whether the provisioning policy enables Microsoft Managed Desktop and, if enabled, specifies the type of plan managing the device. Possible values are: notManaged, premiumManaged, standardManaged, starterManaged. The type property is deprecated and will stop returning data on January 31, 2024. Going forward, use the managedType property.","Name":"Type","Option":"Write","ValueMap":["notManaged","premiumManaged","standardManaged","starterManaged"],"Values":["notManaged","premiumManaged","standardManaged","starterManaged"]}],"Description":"Intune Cloud Provisioning Policy for Windows365\n\n**Please note:** To deploy an Intune Cloud Provisioning Policy for Windows 365 and you opted to use Autopatch, then you must use `Credentials` as the authentication method.\nThe Microsoft Graph API does not allow Service Principal authentication for Autopatch configuration."},{"ClassName":"MSFT_MicrosoftGraphCloudPcWindowsSetting","Parameters":[{"CIMType":"String","Description":"The Windows language or region tag to use for language pack configuration and localization of the Cloud PC. The default value is en-US, which corresponds to English (United States).","Name":"Locale","Option":"Write"}],"Description":"Intune Cloud Provisioning Policy for Windows365\n\n**Please note:** To deploy an Intune Cloud Provisioning Policy for Windows 365 and you opted to use Autopatch, then you must use `Credentials` as the authentication method.\nThe Microsoft Graph API does not allow Service Principal authentication for Autopatch configuration."},{"ClassName":"MSFT_MicrosoftGraphCloudPcWindowsSettings","Parameters":[{"CIMType":"String","Description":"The Windows language/region tag to use for language pack configuration and localization of the Cloud PC. The default value is en-US, which corresponds to English (United States).","Name":"Language","Option":"Write"}],"Description":"Intune Cloud Provisioning Policy for Windows365\n\n**Please note:** To deploy an Intune Cloud Provisioning Policy for Windows 365 and you opted to use Autopatch, then you must use `Credentials` as the authentication method.\nThe Microsoft Graph API does not allow Service Principal authentication for Autopatch configuration."},{"ClassName":"MSFT_IntuneCloudProvisioningPolicyWindows365","Parameters":[{"CIMType":"MSFT_MicrosoftGraphcloudPcProvisioningPolicyAutopatch","Description":"Indicates the Windows Autopatch settings for Cloud PCs using this provisioning policy. The settings take effect when the tenant enrolls in Autopatch and the managedType of the microsoftManagedDesktop property is set as starterManaged.","Name":"Autopatch","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphcloudPcAutopilotConfiguration","Description":"The specific settings for Windows Autopilot that enable Windows 365 customers to experience it on Cloud PC. Supports $select.","Name":"AutopilotConfiguration","Option":"Write"},{"CIMType":"String","Description":"The template used to name Cloud PCs provisioned using this policy. The template can contain custom text and replacement tokens, including %USERNAME:x% and %RAND:x%, which represent the user's name and a randomly generated number, respectively. For example, CPC-%USERNAME:4%-%RAND:5% means that the name of the Cloud PC starts with CPC-, followed by a four-character username, a - character, and then five random characters. The total length of the text generated by the template can't exceed 15 characters.","Name":"CloudPcNamingTemplate","Option":"Write"},{"CIMType":"String","Description":"The provisioning policy description.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"The display name for the provisioning policy.","Name":"DisplayName","Option":"Key"},{"CIMType":"MSFT_MicrosoftGraphcloudPcDomainJoinConfiguration[]","Description":"Specifies a list ordered by priority on how Cloud PCs join Microsoft Entra ID (Azure AD). Supports $select.","Name":"DomainJoinConfigurations","Option":"Write"},{"CIMType":"Boolean","Description":"True if single sign-on can access the provisioned Cloud PC. False indicates that the provisioned Cloud PC doesn't support this feature. The default value is false. Windows 365 users can use single sign-on to authenticate to Microsoft Entra ID with passwordless options (for example, FIDO keys) to access their Cloud PC. Optional.","Name":"EnableSingleSignOn","Option":"Write"},{"CIMType":"String","Description":"The display name of the operating system image that is used for provisioning. For example, Windows 11 Preview + Microsoft 365 Apps 23H2 23H2.","Name":"ImageDisplayName","Option":"Write"},{"CIMType":"String","Description":"The unique identifier that represents an operating system image that is used for provisioning new Cloud PCs. The format for a gallery type image is: {publisherNameofferNameskuName}. Supported values for each of the parameters are:publisher: Microsoftwindowsdesktop offer: windows-ent-cpc sku: 21h1-ent-cpc-m365, 21h1-ent-cpc-os, 20h2-ent-cpc-m365, 20h2-ent-cpc-os, 20h1-ent-cpc-m365, 20h1-ent-cpc-os, 19h2-ent-cpc-m365, and 19h2-ent-cpc-os","Name":"ImageId","Option":"Write"},{"CIMType":"String","Description":"The type of operating system image (custom or gallery) that is used for provisioning on Cloud PCs. Possible values are: gallery, custom. The default value is gallery.","Name":"ImageType","Option":"Write","ValueMap":["gallery","custom"],"Values":["gallery","custom"]},{"CIMType":"Boolean","Description":"When true, the local admin is enabled for Cloud PCs false indicates that the local admin isn't enabled for Cloud PCs. The default value is false.","Name":"LocalAdminEnabled","Option":"Write"},{"CIMType":"String","Description":"Specifies the type of licenses to be used when provisioning Cloud PCs using this policy. The possible values are dedicated, shared, sharedByUser, sharedByEntraGroup. The shared member is deprecated and will stop returning on April 30, 2027 going forward, use the sharedByUser member. For example, a dedicated service plan can be assigned to only one user and provision only one Cloud PC. The shared and sharedByUser plans require customers to purchase a shared service plan. Each shared license purchased can enable up to three Cloud PCs, with only one user signed in at a time. The sharedByEntraGroup plan also requires the purchase of a shared service plan. Each shared license under this plan can enable one Cloud PC, which is shared for the group according to the assignments of this policy. By default, the license type is dedicated if the provisioningType isn't specified when you create the cloudPcProvisioningPolicy. You can't change this property after the cloudPcProvisioningPolicy is created.","Name":"ProvisioningType","Option":"Write","ValueMap":["dedicated","shared","sharedByUser","sharedByEntraGroup","reserve"],"Values":["dedicated","shared","sharedByUser","sharedByEntraGroup","reserve"]},{"CIMType":"String[]","Description":"The Role Scope Tag Ids","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"String","Description":"Specifies the type of cloud object the end user can access. Possible values are: cloudPc, cloudApp. cloudPc indicates that the end user can access the entire desktop. cloudApp indicates that the end user can only access apps published under this provisioning policy. The type can't be changed once the provisioning policy is created. If not specified during creation, the default value is cloudPc. When cloudApp is selected, the provisioningType must be sharedByEntraGroup. Cannot be changed after creation.","Name":"UserExperienceType","Option":"Write","ValueMap":["cloudPc","cloudApp"],"Values":["cloudPc","cloudApp"]},{"CIMType":"MSFT_MicrosoftGraphcloudPcWindowsSetting","Description":"Indicates a specific Windows setting to configure during the creation of Cloud PCs for this provisioning policy. Supports $select.","Name":"WindowsSetting","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphcloudPcWindowsSettings","Description":"Specific Windows settings to configure during the creation of Cloud PCs for this provisioning policy. Supports $select. The windowsSettings property is deprecated and will stop returning data on January 31, 2024. Going forward, use the windowsSetting property.","Name":"WindowsSettings","Option":"Write"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Cloud Provisioning Policy for Windows365\n\n**Please note:** To deploy an Intune Cloud Provisioning Policy for Windows 365 and you opted to use Autopatch, then you must use `Credentials` as the authentication method.\nThe Microsoft Graph API does not allow Service Principal authentication for Autopatch configuration."},{"ClassName":"MSFT_IntuneDeviceIdentifier","Parameters":[{"CIMType":"String","Description":"Unique identifier for the imported device identity.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"Imported Device Identifier","Name":"importedDeviceIdentifier","Option":"Key"},{"CIMType":"String","Description":"Type of Imported Device Identity. Possible values are: unknown, imei, serialNumber, manufacturerModelSerial.","Name":"importedDeviceIdentityType","Option":"Write","ValueMap":["unknown","imei","serialNumber","manufacturerModelSerial"],"Values":["unknown","imei","serialNumber","manufacturerModelSerial"]},{"CIMType":"String","Description":"Description for the device identity.","Name":"description","Option":"Write"},{"CIMType":"String","Description":"Platform of the device (e.g., Windows, Android, iOS).","Name":"platform","Option":"Write"}],"Description":"This resource manages Intune corporate device identifiers used to pre-register devices as corporate-owned. Identifiers can include serial numbers, IMEI numbers, or manufacturer/model/serial combinations.\n\n**Important:** This resource enforces the desired state by:\n- Adding identifiers that are in the configuration but not in Intune\n- **Removing identifiers that are in Intune but NOT in the configuration**\n\nThis ensures the Intune corporate identifiers exactly match your configuration as the single source of truth.\n\n## Graph API Endpoints\n\n- GET/POST: `/beta/deviceManagement/importedDeviceIdentities`\n- DELETE: `/beta/deviceManagement/importedDeviceIdentities/{id}`\n\n## Cloud Support\n\nThis resource is cloud-agnostic and works with:\n- Microsoft 365 Global (Commercial)\n- Microsoft 365 GCC\n- Microsoft 365 GCC High\n- Microsoft 365 DoD\n\nThe resource automatically uses the correct Graph API endpoint based on your cloud environment."},{"ClassName":"MSFT_IntuneCorporateDeviceIdentifier","Parameters":[{"CIMType":"String","Description":"Only valid value is 'Yes'.","Name":"IsSingleInstance","Option":"Key","ValueMap":["Yes"],"Values":["Yes"]},{"CIMType":"MSFT_IntuneDeviceIdentifier[]","Description":"Array of corporate device identifiers.","Name":"Devices","Option":"Write"},{"CIMType":"string","Description":"Present ensures the identifiers exist, absent ensures all are removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Intune Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource manages Intune corporate device identifiers used to pre-register devices as corporate-owned. Identifiers can include serial numbers, IMEI numbers, or manufacturer/model/serial combinations.\n\n**Important:** This resource enforces the desired state by:\n- Adding identifiers that are in the configuration but not in Intune\n- **Removing identifiers that are in Intune but NOT in the configuration**\n\nThis ensures the Intune corporate identifiers exactly match your configuration as the single source of truth.\n\n## Graph API Endpoints\n\n- GET/POST: `/beta/deviceManagement/importedDeviceIdentities`\n- DELETE: `/beta/deviceManagement/importedDeviceIdentities/{id}`\n\n## Cloud Support\n\nThis resource is cloud-agnostic and works with:\n- Microsoft 365 Global (Commercial)\n- Microsoft 365 GCC\n- Microsoft 365 GCC High\n- Microsoft 365 DoD\n\nThe resource automatically uses the correct Graph API endpoint based on your cloud environment."},{"ClassName":"MSFT_MicrosoftGraphCompanyPortalBlockedAction","Parameters":[{"CIMType":"String","Description":"Device Action. Possible values are: unknown, remove, reset.","Name":"Action","Option":"Write","ValueMap":["unknown","remove","reset"],"Values":["unknown","remove","reset"]},{"CIMType":"String","Description":"Device ownership type. Possible values are: unknown, company, personal.","Name":"OwnerType","Option":"Write","ValueMap":["unknown","company","personal"],"Values":["unknown","company","personal"]},{"CIMType":"String","Description":"Device OS/Platform. Possible values are: android, androidForWork, iOS, macOS, windowsPhone81, windows81AndLater, windows10AndLater, androidWorkProfile, unknown.","Name":"Platform","Option":"Write","ValueMap":["android","androidForWork","iOS","macOS","windowsPhone81","windows81AndLater","windows10AndLater","androidWorkProfile","unknown","androidAOSP","androidMobileApplicationManagement","iOSMobileApplicationManagement","unknownFutureValue","windowsMobileApplicationManagement"],"Values":["android","androidForWork","iOS","macOS","windowsPhone81","windows81AndLater","windows10AndLater","androidWorkProfile","unknown","androidAOSP","androidMobileApplicationManagement","iOSMobileApplicationManagement","unknownFutureValue","windowsMobileApplicationManagement"]}],"Description":"Intune Customization Branding Profile\n\n**Attention**: Can only be updated using the delegated `Credentials` authentication method."},{"ClassName":"MSFT_MicrosoftGraphMimeContent","Parameters":[{"CIMType":"String","Description":"Indicates the content mime type.","Name":"Type","Option":"Write"},{"CIMType":"String","Description":"The Base64 encoded string content.","Name":"Value","Option":"Write"}],"Description":"Intune Customization Branding Profile\n\n**Attention**: Can only be updated using the delegated `Credentials` authentication method."},{"ClassName":"MSFT_MicrosoftGraphRgbColor","Parameters":[{"CIMType":"String","Description":"Blue value","Name":"B","Option":"Write"},{"CIMType":"String","Description":"Green value","Name":"G","Option":"Write"},{"CIMType":"String","Description":"Red value","Name":"R","Option":"Write"}],"Description":"Intune Customization Branding Profile\n\n**Attention**: Can only be updated using the delegated `Credentials` authentication method."},{"ClassName":"MSFT_IntuneCustomizationBrandingProfile","Parameters":[{"CIMType":"MSFT_MicrosoftGraphcompanyPortalBlockedAction[]","Description":"Collection of blocked actions on the company portal as per platform and device ownership types.","Name":"CompanyPortalBlockedActions","Option":"Write"},{"CIMType":"String","Description":"E-mail address of the person/organization responsible for IT support","Name":"ContactITEmailAddress","Option":"Write"},{"CIMType":"String","Description":"Name of the person/organization responsible for IT support","Name":"ContactITName","Option":"Write"},{"CIMType":"String","Description":"Text comments regarding the person/organization responsible for IT support","Name":"ContactITNotes","Option":"Write"},{"CIMType":"String","Description":"Phone number of the person/organization responsible for IT support","Name":"ContactITPhoneNumber","Option":"Write"},{"CIMType":"String","Description":"Text comments regarding what the admin has access to on the device","Name":"CustomCanSeePrivacyMessage","Option":"Write"},{"CIMType":"String","Description":"Text comments regarding what the admin doesn't have access to on the device","Name":"CustomCantSeePrivacyMessage","Option":"Write"},{"CIMType":"Boolean","Description":"Boolean that indicates if Device Category Selection will be shown in Company Portal","Name":"DisableDeviceCategorySelection","Option":"Write"},{"CIMType":"String","Description":"Company/organization name that is displayed to end users","Name":"DisplayName","Option":"Required"},{"CIMType":"String","Description":"Customized device enrollment flow displayed to the end user . Possible values are: availableWithPrompts, availableWithoutPrompts, unavailable.","Name":"EnrollmentAvailability","Option":"Write","ValueMap":["availableWithPrompts","availableWithoutPrompts","unavailable"],"Values":["availableWithPrompts","availableWithoutPrompts","unavailable"]},{"CIMType":"MSFT_MicrosoftGraphmimeContent","Description":"Customized image displayed in Company Portal apps landing page","Name":"LandingPageCustomizedImage","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphmimeContent","Description":"Logo image displayed in Company Portal apps which have a light background behind the logo","Name":"LightBackgroundLogo","Option":"Write"},{"CIMType":"String","Description":"Display name of the company/organizations IT helpdesk site","Name":"OnlineSupportSiteName","Option":"Write"},{"CIMType":"String","Description":"URL to the company/organizations IT helpdesk site","Name":"OnlineSupportSiteUrl","Option":"Write"},{"CIMType":"String","Description":"URL to the company/organizations privacy policy","Name":"PrivacyUrl","Option":"Write"},{"CIMType":"String","Description":"Description of the profile","Name":"ProfileDescription","Option":"Write"},{"CIMType":"String","Description":"Name of the profile","Name":"ProfileName","Option":"Key"},{"CIMType":"String[]","Description":"List of scope tags assigned to the branding profile","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"Boolean","Description":"Boolean that indicates if AzureAD Enterprise Apps will be shown in Company Portal","Name":"ShowAzureADEnterpriseApps","Option":"Write"},{"CIMType":"Boolean","Description":"Boolean that indicates if Configuration Manager Apps will be shown in Company Portal","Name":"ShowConfigurationManagerApps","Option":"Write"},{"CIMType":"Boolean","Description":"Boolean that represents whether the administrator-supplied display name will be shown next to the logo image or not","Name":"ShowDisplayNameNextToLogo","Option":"Write"},{"CIMType":"Boolean","Description":"Boolean that represents whether the administrator-supplied logo images are shown or not","Name":"ShowLogo","Option":"Write"},{"CIMType":"Boolean","Description":"Boolean that indicates if Office WebApps will be shown in Company Portal","Name":"ShowOfficeWebApps","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphrgbColor","Description":"Primary theme color used in the Company Portal applications and web portal","Name":"ThemeColor","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphmimeContent","Description":"Logo image displayed in Company Portal apps which have a theme color background behind the logo","Name":"ThemeColorLogo","Option":"Write"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Customization Branding Profile\n\n**Attention**: Can only be updated using the delegated `Credentials` authentication method."},{"ClassName":"MSFT_MicrosoftGraphIntuneSettingsCatalogExclusionsV2","Parameters":[{"CIMType":"String","Description":"Type - (excludedPath: Path, excludedFileName: Process name)","Name":"exclusions_item_type","Option":"Key","ValueMap":["excludedPath","excludedFileName"],"Values":["excludedPath","excludedFileName"]},{"CIMType":"String","Description":"Path","Name":"exclusions_item_path","Option":"Write"},{"CIMType":"String","Description":"Process name","Name":"exclusions_item_name","Option":"Write"},{"CIMType":"String","Description":"Is directory (false: Disabled, true: Enabled)","Name":"exclusions_item_isDirectory","Option":"Write","ValueMap":["false","true"],"Values":["false","true"]}],"Description":"Intune Defender Global Exclusions Policy for Linux. Can be found under Endpoint Security > Endpoint detection and response > Create policy: Platform - Linux, Profile - Microsoft Defender Global Exclusions (AV + EDR)"},{"ClassName":"MSFT_IntuneDefenderGlobalExclusionsPolicyLinux","Parameters":[{"CIMType":"String","Description":"Policy description","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Policy name","Name":"DisplayName","Option":"Key"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphIntuneSettingsCatalogExclusionsV2[]","Description":"Global Exclusions","Name":"Exclusions","Option":"Write"},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Defender Global Exclusions Policy for Linux. Can be found under Endpoint Security > Endpoint detection and response > Create policy: Platform - Linux, Profile - Microsoft Defender Global Exclusions (AV + EDR)"},{"ClassName":"MSFT_IntuneDerivedCredential","Parameters":[{"CIMType":"String","Description":"The name of the app category.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"The URL that will be accessible to end users as they retrieve a derived credential using the Company Portal.","Name":"HelpUrl","Option":"Write"},{"CIMType":"Uint32","Description":"The nominal percentage of time before certificate renewal is initiated by the client.","Name":"RenewalThresholdPercentage","Option":"Write"},{"CIMType":"String","Description":"Supported values for the derived credential issuer.","Name":"Issuer","Option":"Write","ValueMap":["intercede","entrustDatacard","purebred"],"Values":["intercede","entrustDatacard","purebred"]},{"CIMType":"String","Description":"Supported values for the notification type to use.","Name":"NotificationType","Option":"Write","ValueMap":["none","email","companyPortal","companyPortal","email"],"Values":["none","email","companyPortal","companyPortal","email"]},{"CIMType":"String","Description":"Supported values for the notification type to use.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Intune Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Name of the Azure Active Directory tenant used for authentication. Format contoso.onmicrosoft.com","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resources configures derived credentials in Intune."},{"ClassName":"MSFT_IntuneDeviceAndAppManagementAssignmentFilter","Parameters":[{"CIMType":"String","Description":"DisplayName of the Assignment Filter.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"Key of the Assignment Filter.","Name":"Identity","Option":"Write"},{"CIMType":"String","Description":"Description of the Assignment Filter.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Indicates filter is applied to either 'devices' or 'apps' management type. Default is 'devices'.","Name":"AssignmentFilterManagementType","Option":"Write","ValueMap":["apps","devices"],"Values":["apps","devices"]},{"CIMType":"String","Description":"Rule definition of the Assignment Filter.","Name":"Rule","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Intune Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Name of the Azure Active Directory tenant used for authentication. Format contoso.onmicrosoft.com","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource represents the properties of the Intune Assignment Filter.\nFor more information: <https://docs.microsoft.com/en-us/graph/api/resources/intune-policyset-deviceandappmanagementassignmentfilter?view=graph-rest-beta/>\n\n**Please note:** After creating a filter, it is not possible to update the `AssignmentFilterManagementType` property. You have to remove and recreate the filter to update it."},{"ClassName":"MSFT_IntuneDeviceCategory","Parameters":[{"CIMType":"String","Description":"Display name of the device category.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"Description of the device category.","Name":"Description","Option":"Write"},{"CIMType":"string","Description":"Present ensures the category exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Intune Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures the Intune device categories."},{"ClassName":"MSFT_IntuneDeviceCleanupRuleV2","Parameters":[{"CIMType":"String","Description":"Indicates the description for the device clean up rule.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Indicates the managed device platform for which the admin wants to create the device clean up rule. Possible values are: all, androidAOSP, androidDeviceAdministrator, androidDedicatedAndFullyManagedCorporateOwnedWorkProfile, chromeOS, androidPersonallyOwnedWorkProfile, ios, macOS, windows, windowsHolographic, unknownFutureValue, visionOS, tvOS.","Name":"DeviceCleanupRulePlatformType","Option":"Write","ValueMap":["all","androidAOSP","androidDeviceAdministrator","androidDedicatedAndFullyManagedCorporateOwnedWorkProfile","chromeOS","androidPersonallyOwnedWorkProfile","ios","macOS","windows","windowsHolographic","unknownFutureValue","visionOS","tvOS"],"Values":["all","androidAOSP","androidDeviceAdministrator","androidDedicatedAndFullyManagedCorporateOwnedWorkProfile","chromeOS","androidPersonallyOwnedWorkProfile","ios","macOS","windows","windowsHolographic","unknownFutureValue","visionOS","tvOS"]},{"CIMType":"UInt32","Description":"Indicates the number of days when the device has not contacted Intune. Valid values 0 to 2147483647","Name":"DeviceInactivityBeforeRetirementInDays","Option":"Write"},{"CIMType":"String","Description":"Indicates the display name of the device cleanup rule.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Device Cleanup Rule V2.\n\nOnly one instance of each platform can be configured. Multiple cleanup rules for the same platform are not supported."},{"ClassName":"MSFT_DeviceManagementNotificationMessageTemplate","Parameters":[{"CIMType":"Boolean","Description":"If this is the default message template.","Name":"IsDefault","Option":"Write"},{"CIMType":"String","Description":"The locale of the message template.","Name":"Locale","Option":"Write","ValueMap":["ar-sa","bg-bg","cs-cz","da-dk","de-de","el-gr","en-gb","en-us","es-es","es-mx","et-ee","fi-fi","fr-ca","fr-fr","he-il","hr-hr","hu-hu","it-it","ja-jp","ko-kr","lt-lt","lv-lv","nb-no","nl-nl","pl-pl","pt-br","pt-pt","ro-ro","sk-sk","sl-si","ru-ru","sr-Latn-rs","sv-se","th-th","tr-tr","uk-ua","zh-cn","zh-tw"],"Values":["ar-sa","bg-bg","cs-cz","da-dk","de-de","el-gr","en-gb","en-us","es-es","es-mx","et-ee","fi-fi","fr-ca","fr-fr","he-il","hr-hr","hu-hu","it-it","ja-jp","ko-kr","lt-lt","lv-lv","nb-no","nl-nl","pl-pl","pt-br","pt-pt","ro-ro","sk-sk","sl-si","ru-ru","sr-Latn-rs","sv-se","th-th","tr-tr","uk-ua","zh-cn","zh-tw"]},{"CIMType":"String","Description":"The body of the message template","Name":"MessageTemplate","Option":"Write"},{"CIMType":"String","Description":"The subject of the message template.","Name":"Subject","Option":"Write"}],"Description":"Intune Device Compliance Notification Message Template"},{"ClassName":"MSFT_IntuneDeviceComplianceNotificationMessageTemplate","Parameters":[{"CIMType":"String[]","Description":"The Message Template Branding Options. Branding is defined in the Intune Admin Console. Possible values are: none, includeCompanyLogo, includeCompanyName, includeContactInformation, includeCompanyPortalLink, includeDeviceDetails","Name":"BrandingOptions","Option":"Write","ValueMap":["none","includeCompanyLogo","includeCompanyName","includeContactInformation","includeCompanyPortalLink","includeDeviceDetails"],"Values":["none","includeCompanyLogo","includeCompanyName","includeContactInformation","includeCompanyPortalLink","includeDeviceDetails"]},{"CIMType":"MSFT_DeviceManagementNotificationMessageTemplate[]","Description":"The localized notification message templates.","Name":"LocalizedNotificationMessages","Option":"Write"},{"CIMType":"String","Description":"Display name for the Notification Message Template.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Display name for the Notification Message Template.","Name":"DisplayName","Option":"Key"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Device Compliance Notification Message Template"},{"ClassName":"MSFT_scheduledActionConfigurations","Parameters":[{"CIMType":"String","Description":"The unique identifier of the action configuration.","Name":"id","Option":"Write"},{"CIMType":"Uint32","Description":"Number of hours to wait till the action will be enforced. Valid values 0 to 8760.","Name":"gracePeriodHours","Option":"Write"},{"CIMType":"String","Description":"The action to take.","Name":"actionType","Option":"Write","ValueMap":["notification","block","retire","remoteLock","pushNotification"],"Values":["notification","block","retire","remoteLock","pushNotification"]},{"CIMType":"String","Description":"The notification Message template to use.","Name":"notificationTemplateId","Option":"Write"},{"CIMType":"String[]","Description":"A list of group IDs to specify who to CC this notification message to.","Name":"notificationMessageCCList","Option":"Write"}],"Description":"This resource configures the settings of Android Work Profile device compliance policies in your cloud-based organization.\nLabeled in Intune as `Fully managed, dedicated, and corporate-owned work profile` policy type under `Android Enterprise`.\n\n## Parameters\n\n### Microsoft Defender for Endpoint - _for Personally-Owned Work Profile_\n\n**Require the device to be at or under the machine risk score:**\nSelect the maximum allowed machine risk score for devices evaluated by Microsoft Defender for Endpoint. Devices which exceed this score get marked as noncompliant.\n\n* Not configured (_default_)\n* Clear\n* Low\n* Medium\n* High\n\n### Device Health - _for Personally-Owned Work Profile_\n\n**Rooted devices:**\n\n* Not configured (_default_) - This setting isn't evaluated for compliance or non-compliance.\n* Block - Mark rooted (jailbroken) devices as not compliant.\n\n**Require the device to be at or under the Device Threat Level:**\nSelect the maximum allowed device threat level evaluated by your mobile threat defense service. Devices that exceed this threat level are marked noncompliant. To use this setting, choose the allowed threat level:\n\n* Not configured (_default_) - This setting isn't evaluated for compliance or non-compliance.\n* Secured - This option is the most secure, and means that the device can't have any threats. If the device is detected with any level of threats, it's evaluated as noncompliant.\n* Low - The device is evaluated as compliant if only low-level threats are present. Anything higher puts the device in a noncompliant status.\n* Medium - The device is evaluated as compliant if the threats that are present on the device are low or medium level. If the device is detected to have high-level threats, it's determined to be noncompliant.\n* High - This option is the least secure, as it allows all threat levels. It may be useful if you're using this solution only for reporting purposes.\n\n### Google Play Protect - _for Personally-Owned Work Profile_\n\n**Google Play Services is configured:**\n\n* Not configured (_default_) - This setting isn't evaluated for compliance or non-compliance.\n* Require - Require that the Google Play services app is installed and enabled. Google Play services allows security updates, and is a base-level dependency for many security features on certified-Google devices.\n\n**Up-to-date security provider:**\n\n* Not configured (_default_) - This setting isn't evaluated for compliance or non-compliance.\n* Require - Require that an up-to-date security provider can protect a device from known vulnerabilities.\n\n**SafetyNet device attestation:**\nEnter the level of SafetyNet attestation that must be met. Your options:\n\n* Not configured (_default_) - Setting isn't evaluated for compliance or non-compliance.\n* Check basic integrity\n* Check basic integrity & certified devices\n\nNote:\n\n* On Android Enterprise devices, Threat scan on apps is a device configuration policy. Using a configuration policy, administrators can enable the setting on a device. See Android Enterprise device restriction settings.\n\n### Device Properties - _for Personally-Owned Work Profile_\n\n**Operating System Version - _for Personally-Owned Work Profile_:**\n\n* Minimum OS version\n  When a device doesn't meet the minimum OS version requirement, it's reported as non-compliant. A link with information on how to upgrade is shown. The end user can upgrade their device, and then access organization resources.\n\n  _By default, no version is configured._\n\n**Maximum OS version:**\nWhen a device is using an OS version later than the version in the rule, access to organization resources is blocked. The user is asked to contact their IT administrator. Until a rule is changed to allow the OS version, this device can't access organization resources.\n\n  _By default, no version is configured._\n\n### System security - for _Personally-Owned Work Profile_\n\n**Require a password to unlock mobile devices:**\n\n* Not configured (_default_) - This setting isn't evaluated for compliance or non-compliance.\n* Require - Users must enter a password before they can access their device.\n\n  _This setting applies at the device level. If you only need to require a password at the Personally-Owned Work Profile level, then use a configuration policy. See Android Enterprise device configuration settings._\n\n**Required password type:**\nChoose if a password should include only numeric characters, or a mix of numerals and other characters. Your options:\n\n* Device Default\n* Low security biometric\n* At least numeric (_default_): Enter the minimum password length a user must enter, between 4 and 16 characters.\n* Numeric complex: Enter the minimum password length a user must enter, between 4 and 16 characters.\n* At least alphabetic: Enter the minimum password length a user must enter, between 4 and 16 characters.\n* At least alphanumeric: Enter the minimum password length a user must enter, between 4 and 16 characters.\n* At least alphanumeric with symbols: Enter the minimum password length a user must enter, between 4 and 16 characters.\n\nDepending on the password type you select, the following settings are available:\n\n* Maximum minutes of inactivity before password is required\n* Number of days until password expires\n* Minimum password length\n* Number of previous passwords to prevent reuse\n\n### Encryption - _for Personally-Owned Work Profile_\n\n**Encryption of data storage on device:**\n\n* Not configured (_default_) - This setting isn't evaluated for compliance or non-compliance.\n* Require - Encrypt data storage on your devices.\n\n  You don't have to configure this setting because Android Enterprise devices enforce encryption.\n\n### Device Security - _for Personally-Owned Work Profile_\n\n**Block apps from unknown sources:**\n\n* Not configured (_default_) - This setting isn't evaluated for compliance or non-compliance.\n* Block - Block devices with Security > Unknown Sources enabled sources (supported on Android 4.0 through Android 7.x. Not supported by Android 8.0 and later).\n\n_To side-load apps, unknown sources must be allowed. If you're not side-loading Android apps, then set this feature to Block to enable this compliance policy._\n\n**Company portal app runtime integrity:**\n\n* Not configured (_default_) - This setting isn't evaluated for compliance or non-compliance.\n* Require - Choose Require to confirm the Company Portal app meets all the following requirements:\n  * Has the default runtime environment installed\n  * Is properly signed\n  * Isn't in debug-mode\n  * Is installed from a known source\n\n* **Block USB debugging on device:**\n\n* Not configured (_default_) - This setting isn't evaluated for compliance or non-compliance.\n* Block - Prevent devices from using the USB debugging feature.\n\n_You don't have to configure this setting because USB debugging is already disabled on Android Enterprise devices._\n\n**Minimum security patch level:**\nSelect the oldest security patch level a device can have. Devices that aren't at least at this patch level are noncompliant. The date must be entered in the YYYY-MM-DD format.\n\n_By default, no date is configured._"},{"ClassName":"MSFT_IntuneDeviceCompliancePolicyAndroidDeviceOwner","Parameters":[{"CIMType":"String","Description":"Display name of the Android Device Owner device compliance policy.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"Description of the Android Device Owner device compliance policy.","Name":"Description","Option":"Write"},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Assignments of the Intune Policy.","Name":"Assignments","Option":"Write"},{"CIMType":"String","Description":"Minimum Android security patch level.","Name":"MinAndroidSecurityPatchLevel","Option":"Write"},{"CIMType":"Uint32","Description":"Indicates the minimum number of letter characters required for device password. Valid values 1 to 16.","Name":"PasswordMinimumLetterCharacters","Option":"Write"},{"CIMType":"Uint32","Description":"Indicates the minimum number of lower case characters required for device password. Valid values 1 to 16.","Name":"PasswordMinimumLowerCaseCharacters","Option":"Write"},{"CIMType":"Uint32","Description":"Indicates the minimum number of non-letter characters required for device password. Valid values 1 to 16.","Name":"PasswordMinimumNonLetterCharacters","Option":"Write"},{"CIMType":"Uint32","Description":"Indicates the minimum number of numeric characters required for device password. Valid values 1 to 16.","Name":"PasswordMinimumNumericCharacters","Option":"Write"},{"CIMType":"Uint32","Description":"Indicates the minimum number of symbol characters required for device password. Valid values 1 to 16.","Name":"PasswordMinimumSymbolCharacters","Option":"Write"},{"CIMType":"Uint32","Description":"Indicates the minimum number of upper case letter characters required for device password. Valid values 1 to 16.","Name":"PasswordMinimumUpperCaseCharacters","Option":"Write"},{"CIMType":"Boolean","Description":"Require device to have no pending Android system updates.","Name":"RequireNoPendingSystemUpdates","Option":"Write"},{"CIMType":"String","Description":"Require a specific Play Integrity evaluation type for compliance. Possible values are: basic, hardwareBacked.","Name":"SecurityRequiredAndroidSafetyNetEvaluationType","Option":"Write","ValueMap":["basic","hardwareBacked"],"Values":["basic","hardwareBacked"]},{"CIMType":"MSFT_scheduledActionConfigurations[]","Description":"Specifies the non-compliance actions.","Name":"ScheduledActionsForRule","Option":"Write"},{"CIMType":"Boolean","Description":"DeviceThreatProtectionEnabled of the Android Device Owner device compliance policy.","Name":"DeviceThreatProtectionEnabled","Option":"Write"},{"CIMType":"String","Description":"DeviceThreatProtectionRequiredSecurityLevel of the Android Device Owner device compliance policy.","Name":"DeviceThreatProtectionRequiredSecurityLevel","Option":"Write"},{"CIMType":"String","Description":"AdvancedThreatProtectionRequiredSecurityLevel of the Android Device Owner device compliance policy.","Name":"AdvancedThreatProtectionRequiredSecurityLevel","Option":"Write"},{"CIMType":"Boolean","Description":"SecurityRequireSafetyNetAttestationBasicIntegrity of the Android Device Owner device compliance policy.","Name":"SecurityRequireSafetyNetAttestationBasicIntegrity","Option":"Write"},{"CIMType":"Boolean","Description":"SecurityRequireSafetyNetAttestationCertifiedDevice of the Android Device Owner device compliance policy.","Name":"SecurityRequireSafetyNetAttestationCertifiedDevice","Option":"Write"},{"CIMType":"String","Description":"osMinimumVersion of the Android Device Owner device compliance policy.","Name":"osMinimumVersion","Option":"Write"},{"CIMType":"String","Description":"osMaximumVersion of the Android Device Owner device compliance policy.","Name":"osMaximumVersion","Option":"Write"},{"CIMType":"Boolean","Description":"PasswordRequired of the Android Device Owner device compliance policy.","Name":"passwordRequired","Option":"Write"},{"CIMType":"Uint32","Description":"PasswordMinimumLength of the Android Device Owner device compliance policy.","Name":"passwordMinimumLength","Option":"Write"},{"CIMType":"String","Description":"PasswordRequiredType of the Android Device Owner device compliance policy.","Name":"PasswordRequiredType","Option":"Write","ValueMap":["deviceDefault","alphabetic","alphanumeric","alphanumericWithSymbols","lowSecurityBiometric","numeric","numericComplex","any"],"Values":["deviceDefault","alphabetic","alphanumeric","alphanumericWithSymbols","lowSecurityBiometric","numeric","numericComplex","any"]},{"CIMType":"Uint32","Description":"PasswordMinutesOfInactivityBeforeLock of the Android Device Owner device compliance policy.","Name":"PasswordMinutesOfInactivityBeforeLock","Option":"Write"},{"CIMType":"Uint32","Description":"PasswordExpirationDays of the Android Device Owner device compliance policy.","Name":"PasswordExpirationDays","Option":"Write"},{"CIMType":"Uint32","Description":"PasswordPreviousPasswordCountToBlock of the Android Device Owner device compliance policy.","Name":"PasswordPreviousPasswordCountToBlock","Option":"Write"},{"CIMType":"Boolean","Description":"StorageRequireEncryption of the Android Device Owner device compliance policy.","Name":"StorageRequireEncryption","Option":"Write"},{"CIMType":"Boolean","Description":"SecurityRequireIntuneAppIntegrity of the Android Device Owner device compliance policy.","Name":"SecurityRequireIntuneAppIntegrity","Option":"Write"},{"CIMType":"Boolean","Description":"Block rooted Android devices.","Name":"SecurityBlockJailbrokenDevices","Option":"Write"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance. Inherited from deviceConfiguration","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"String","Description":"Present ensures the policy exists, absent ensures it is removed","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Intune Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures the settings of Android Work Profile device compliance policies in your cloud-based organization.\nLabeled in Intune as `Fully managed, dedicated, and corporate-owned work profile` policy type under `Android Enterprise`.\n\n## Parameters\n\n### Microsoft Defender for Endpoint - _for Personally-Owned Work Profile_\n\n**Require the device to be at or under the machine risk score:**\nSelect the maximum allowed machine risk score for devices evaluated by Microsoft Defender for Endpoint. Devices which exceed this score get marked as noncompliant.\n\n* Not configured (_default_)\n* Clear\n* Low\n* Medium\n* High\n\n### Device Health - _for Personally-Owned Work Profile_\n\n**Rooted devices:**\n\n* Not configured (_default_) - This setting isn't evaluated for compliance or non-compliance.\n* Block - Mark rooted (jailbroken) devices as not compliant.\n\n**Require the device to be at or under the Device Threat Level:**\nSelect the maximum allowed device threat level evaluated by your mobile threat defense service. Devices that exceed this threat level are marked noncompliant. To use this setting, choose the allowed threat level:\n\n* Not configured (_default_) - This setting isn't evaluated for compliance or non-compliance.\n* Secured - This option is the most secure, and means that the device can't have any threats. If the device is detected with any level of threats, it's evaluated as noncompliant.\n* Low - The device is evaluated as compliant if only low-level threats are present. Anything higher puts the device in a noncompliant status.\n* Medium - The device is evaluated as compliant if the threats that are present on the device are low or medium level. If the device is detected to have high-level threats, it's determined to be noncompliant.\n* High - This option is the least secure, as it allows all threat levels. It may be useful if you're using this solution only for reporting purposes.\n\n### Google Play Protect - _for Personally-Owned Work Profile_\n\n**Google Play Services is configured:**\n\n* Not configured (_default_) - This setting isn't evaluated for compliance or non-compliance.\n* Require - Require that the Google Play services app is installed and enabled. Google Play services allows security updates, and is a base-level dependency for many security features on certified-Google devices.\n\n**Up-to-date security provider:**\n\n* Not configured (_default_) - This setting isn't evaluated for compliance or non-compliance.\n* Require - Require that an up-to-date security provider can protect a device from known vulnerabilities.\n\n**SafetyNet device attestation:**\nEnter the level of SafetyNet attestation that must be met. Your options:\n\n* Not configured (_default_) - Setting isn't evaluated for compliance or non-compliance.\n* Check basic integrity\n* Check basic integrity & certified devices\n\nNote:\n\n* On Android Enterprise devices, Threat scan on apps is a device configuration policy. Using a configuration policy, administrators can enable the setting on a device. See Android Enterprise device restriction settings.\n\n### Device Properties - _for Personally-Owned Work Profile_\n\n**Operating System Version - _for Personally-Owned Work Profile_:**\n\n* Minimum OS version\n  When a device doesn't meet the minimum OS version requirement, it's reported as non-compliant. A link with information on how to upgrade is shown. The end user can upgrade their device, and then access organization resources.\n\n  _By default, no version is configured._\n\n**Maximum OS version:**\nWhen a device is using an OS version later than the version in the rule, access to organization resources is blocked. The user is asked to contact their IT administrator. Until a rule is changed to allow the OS version, this device can't access organization resources.\n\n  _By default, no version is configured._\n\n### System security - for _Personally-Owned Work Profile_\n\n**Require a password to unlock mobile devices:**\n\n* Not configured (_default_) - This setting isn't evaluated for compliance or non-compliance.\n* Require - Users must enter a password before they can access their device.\n\n  _This setting applies at the device level. If you only need to require a password at the Personally-Owned Work Profile level, then use a configuration policy. See Android Enterprise device configuration settings._\n\n**Required password type:**\nChoose if a password should include only numeric characters, or a mix of numerals and other characters. Your options:\n\n* Device Default\n* Low security biometric\n* At least numeric (_default_): Enter the minimum password length a user must enter, between 4 and 16 characters.\n* Numeric complex: Enter the minimum password length a user must enter, between 4 and 16 characters.\n* At least alphabetic: Enter the minimum password length a user must enter, between 4 and 16 characters.\n* At least alphanumeric: Enter the minimum password length a user must enter, between 4 and 16 characters.\n* At least alphanumeric with symbols: Enter the minimum password length a user must enter, between 4 and 16 characters.\n\nDepending on the password type you select, the following settings are available:\n\n* Maximum minutes of inactivity before password is required\n* Number of days until password expires\n* Minimum password length\n* Number of previous passwords to prevent reuse\n\n### Encryption - _for Personally-Owned Work Profile_\n\n**Encryption of data storage on device:**\n\n* Not configured (_default_) - This setting isn't evaluated for compliance or non-compliance.\n* Require - Encrypt data storage on your devices.\n\n  You don't have to configure this setting because Android Enterprise devices enforce encryption.\n\n### Device Security - _for Personally-Owned Work Profile_\n\n**Block apps from unknown sources:**\n\n* Not configured (_default_) - This setting isn't evaluated for compliance or non-compliance.\n* Block - Block devices with Security > Unknown Sources enabled sources (supported on Android 4.0 through Android 7.x. Not supported by Android 8.0 and later).\n\n_To side-load apps, unknown sources must be allowed. If you're not side-loading Android apps, then set this feature to Block to enable this compliance policy._\n\n**Company portal app runtime integrity:**\n\n* Not configured (_default_) - This setting isn't evaluated for compliance or non-compliance.\n* Require - Choose Require to confirm the Company Portal app meets all the following requirements:\n  * Has the default runtime environment installed\n  * Is properly signed\n  * Isn't in debug-mode\n  * Is installed from a known source\n\n* **Block USB debugging on device:**\n\n* Not configured (_default_) - This setting isn't evaluated for compliance or non-compliance.\n* Block - Prevent devices from using the USB debugging feature.\n\n_You don't have to configure this setting because USB debugging is already disabled on Android Enterprise devices._\n\n**Minimum security patch level:**\nSelect the oldest security patch level a device can have. Devices that aren't at least at this patch level are noncompliant. The date must be entered in the YYYY-MM-DD format.\n\n_By default, no date is configured._"},{"ClassName":"MSFT_IntuneDeviceCompliancePolicyAndroidWorkProfile","Parameters":[{"CIMType":"String","Description":"Display name of the AndroidWorkProfile device compliance policy.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"Description of the AndroidWorkProfile device compliance policy.","Name":"Description","Option":"Write"},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Assignments of the Intune Policy.","Name":"Assignments","Option":"Write"},{"CIMType":"String","Description":"The password complexity types that can be set on Android. One of: NONE, LOW, MEDIUM, HIGH. This is an API targeted to Android 11+.","Name":"RequiredPasswordComplexity","Option":"Write","ValueMap":["none","low","medium","high"],"Values":["none","low","medium","high"]},{"CIMType":"Boolean","Description":"Setting securityBlockDeviceAdministratorManagedDevices to true enhances security by preventing devices managed through the legacy device administrator method from accessing corporate resources.","Name":"SecurityBlockDeviceAdministratorManagedDevices","Option":"Write"},{"CIMType":"String[]","Description":"Specify applications that users are prohibited from installing or using on their devices.","Name":"RestrictedApps","Option":"Write"},{"CIMType":"String","Description":"Specifies Android Work Profile password type.","Name":"WorkProfilePasswordRequiredType","Option":"Write","ValueMap":["deviceDefault","lowSecurityBiometric","required","atLeastNumeric","numericComplex","atLeastAlphabetic","atLeastAlphanumeric","alphanumericWithSymbols"],"Values":["deviceDefault","lowSecurityBiometric","required","atLeastNumeric","numericComplex","atLeastAlphabetic","atLeastAlphanumeric","alphanumericWithSymbols"]},{"CIMType":"String","Description":"Specifies Android Work Profile password complexity.","Name":"WorkProfileRequiredPasswordComplexity","Option":"Write","ValueMap":["None","Low","Medium","High"],"Values":["None","Low","Medium","High"]},{"CIMType":"Boolean","Description":"Specifies if Android Work Profile password is required.","Name":"WorkProfileRequirePassword","Option":"Write"},{"CIMType":"Uint32","Description":"Specifies the number of previous passwords that cannot be reused in an Android Work Profile compliance policy.","Name":"WorkProfilePreviousPasswordBlockCount","Option":"Write"},{"CIMType":"Uint32","Description":"Defines the duration of inactivity (in minutes) after which the screen is locked.","Name":"WorkProfileInactiveBeforeScreenLockInMinutes","Option":"Write"},{"CIMType":"Uint32","Description":"Specifies the minimum number of characters required in a password for an Android Work Profile.","Name":"WorkProfilePasswordMinimumLength","Option":"Write"},{"CIMType":"Uint32","Description":"Specifies the number of days before a password expires for an Android Work Profile.","Name":"WorkProfilePasswordExpirationInDays","Option":"Write"},{"CIMType":"MSFT_scheduledActionConfigurations[]","Description":"Specifies the non-compliance actions.","Name":"ScheduledActionsForRule","Option":"Write"},{"CIMType":"Boolean","Description":"PasswordRequired of the AndroidWorkProfile device compliance policy.","Name":"PasswordRequired","Option":"Write"},{"CIMType":"Uint32","Description":"PasswordMinimumLength of the AndroidWorkProfile device compliance policy.","Name":"PasswordMinimumLength","Option":"Write"},{"CIMType":"String","Description":"PasswordRequiredType of the AndroidWorkProfile device compliance policy.","Name":"PasswordRequiredType","Option":"Write","ValueMap":["deviceDefault","alphabetic","alphanumeric","alphanumericWithSymbols","lowSecurityBiometric","numeric","numericComplex","any"],"Values":["deviceDefault","alphabetic","alphanumeric","alphanumericWithSymbols","lowSecurityBiometric","numeric","numericComplex","any"]},{"CIMType":"Uint32","Description":"PasswordMinutesOfInactivityBeforeLock of the AndroidWorkProfile device compliance policy.","Name":"PasswordMinutesOfInactivityBeforeLock","Option":"Write"},{"CIMType":"Uint32","Description":"PasswordExpirationDays of the AndroidWorkProfile device compliance policy.","Name":"PasswordExpirationDays","Option":"Write"},{"CIMType":"Uint32","Description":"PasswordPreviousPasswordBlockCount of the AndroidWorkProfile device compliance policy.","Name":"PasswordPreviousPasswordBlockCount","Option":"Write"},{"CIMType":"Uint32","Description":"PasswordSignInFailureCountBeforeFactoryReset of the AndroidWorkProfile device compliance policy.","Name":"PasswordSignInFailureCountBeforeFactoryReset","Option":"Write"},{"CIMType":"Boolean","Description":"SecurityPreventInstallAppsFromUnknownSources of the AndroidWorkProfile device compliance policy.","Name":"SecurityPreventInstallAppsFromUnknownSources","Option":"Write"},{"CIMType":"Boolean","Description":"SecurityDisableUsbDebugging of the AndroidWorkProfile device compliance policy.","Name":"SecurityDisableUsbDebugging","Option":"Write"},{"CIMType":"Boolean","Description":"SecurityRequireVerifyApps of the AndroidWorkProfile device compliance policy.","Name":"SecurityRequireVerifyApps","Option":"Write"},{"CIMType":"Boolean","Description":"DeviceThreatProtectionEnabled of the AndroidWorkProfile device compliance policy.","Name":"DeviceThreatProtectionEnabled","Option":"Write"},{"CIMType":"String","Description":"DeviceThreatProtectionRequiredSecurityLevel of the AndroidWorkProfile device compliance policy.","Name":"DeviceThreatProtectionRequiredSecurityLevel","Option":"Write","ValueMap":["unavailable","secured","low","medium","high","notSet"],"Values":["unavailable","secured","low","medium","high","notSet"]},{"CIMType":"String","Description":"AdvancedThreatProtectionRequiredSecurityLevel of the AndroidWorkProfile device compliance policy.","Name":"AdvancedThreatProtectionRequiredSecurityLevel","Option":"Write","ValueMap":["unavailable","secured","low","medium","high","notSet"],"Values":["unavailable","secured","low","medium","high","notSet"]},{"CIMType":"Boolean","Description":"SecurityBlockJailbrokenDevices of the AndroidWorkProfile device compliance policy.","Name":"SecurityBlockJailbrokenDevices","Option":"Write"},{"CIMType":"String","Description":"OsMinimumVersion of the AndroidWorkProfile device compliance policy.","Name":"OsMinimumVersion","Option":"Write"},{"CIMType":"String","Description":"OsMaximumVersion of the AndroidWorkProfile device compliance policy.","Name":"OsMaximumVersion","Option":"Write"},{"CIMType":"String","Description":"MinAndroidSecurityPatchLevel of the AndroidWorkProfile device compliance policy.","Name":"MinAndroidSecurityPatchLevel","Option":"Write"},{"CIMType":"Boolean","Description":"StorageRequireEncryption of the AndroidWorkProfile device compliance policy.","Name":"StorageRequireEncryption","Option":"Write"},{"CIMType":"Boolean","Description":"SecurityRequireSafetyNetAttestationBasicIntegrity of the AndroidWorkProfile device compliance policy.","Name":"SecurityRequireSafetyNetAttestationBasicIntegrity","Option":"Write"},{"CIMType":"Boolean","Description":"SecurityRequireSafetyNetAttestationCertifiedDevice of the AndroidWorkProfile device compliance policy.","Name":"SecurityRequireSafetyNetAttestationCertifiedDevice","Option":"Write"},{"CIMType":"Boolean","Description":"SecurityRequireGooglePlayServices of the AndroidWorkProfile device compliance policy.","Name":"SecurityRequireGooglePlayServices","Option":"Write"},{"CIMType":"Boolean","Description":"SecurityRequireUpToDateSecurityProviders of the AndroidWorkProfile device compliance policy.","Name":"SecurityRequireUpToDateSecurityProviders","Option":"Write"},{"CIMType":"Boolean","Description":"SecurityRequireCompanyPortalAppIntegrity of the AndroidWorkProfile device compliance policy.","Name":"SecurityRequireCompanyPortalAppIntegrity","Option":"Write"},{"CIMType":"String","Description":"Require a specific SafetyNet evaluation type for compliance.","Name":"SecurityRequiredAndroidSafetyNetEvaluationType","Option":"Write","ValueMap":["basic","hardwareBacked"],"Values":["basic","hardwareBacked"]},{"CIMType":"String","Description":"RoleScopeTagIds of the AndroidWorkProfile device compliance policy.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Intune Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures the settings of Android Work Profile device compliance policies in your cloud-based organization.\nLabeled in Intune as `Personally-owned work profile` policy type under `Android Enterprise`.\n\n## Parameters\n\n### Microsoft Defender for Endpoint - _for Personally-Owned Work Profile_\n\n**Require the device to be at or under the machine risk score:**\nSelect the maximum allowed machine risk score for devices evaluated by Microsoft Defender for Endpoint. Devices which exceed this score get marked as noncompliant.\n\n* Not configured (_default_)\n* Clear\n* Low\n* Medium\n* High\n\n### Device Health - _for Personally-Owned Work Profile_\n\n**Rooted devices:**\n\n* Not configured (_default_) - This setting isn't evaluated for compliance or non-compliance.\n* Block - Mark rooted (jailbroken) devices as not compliant.\n\n**Require the device to be at or under the Device Threat Level:**\nSelect the maximum allowed device threat level evaluated by your mobile threat defense service. Devices that exceed this threat level are marked noncompliant. To use this setting, choose the allowed threat level:\n\n* Not configured (_default_) - This setting isn't evaluated for compliance or non-compliance.\n* Secured - This option is the most secure, and means that the device can't have any threats. If the device is detected with any level of threats, it's evaluated as noncompliant.\n* Low - The device is evaluated as compliant if only low-level threats are present. Anything higher puts the device in a noncompliant status.\n* Medium - The device is evaluated as compliant if the threats that are present on the device are low or medium level. If the device is detected to have high-level threats, it's determined to be noncompliant.\n* High - This option is the least secure, as it allows all threat levels. It may be useful if you're using this solution only for reporting purposes.\n\n### Google Play Protect - _for Personally-Owned Work Profile_\n\n**Google Play Services is configured:**\n\n* Not configured (_default_) - This setting isn't evaluated for compliance or non-compliance.\n* Require - Require that the Google Play services app is installed and enabled. Google Play services allows security updates, and is a base-level dependency for many security features on certified-Google devices.\n\n**Up-to-date security provider:**\n\n* Not configured (_default_) - This setting isn't evaluated for compliance or non-compliance.\n* Require - Require that an up-to-date security provider can protect a device from known vulnerabilities.\n\n**SafetyNet device attestation:**\nEnter the level of SafetyNet attestation that must be met. Your options:\n\n* Not configured (_default_) - Setting isn't evaluated for compliance or non-compliance.\n* Check basic integrity\n* Check basic integrity & certified devices\n\nNote:\n\n* On Android Enterprise devices, Threat scan on apps is a device configuration policy. Using a configuration policy, administrators can enable the setting on a device. See Android Enterprise device restriction settings.\n\n### Device Properties - _for Personally-Owned Work Profile_\n\n**Operating System Version - _for Personally-Owned Work Profile_:**\n\n* Minimum OS version\n  When a device doesn't meet the minimum OS version requirement, it's reported as non-compliant. A link with information on how to upgrade is shown. The end user can upgrade their device, and then access organization resources.\n\n  _By default, no version is configured._\n\n**Maximum OS version**\nWhen a device is using an OS version later than the version in the rule, access to organization resources is blocked. The user is asked to contact their IT administrator. Until a rule is changed to allow the OS version, this device can't access organization resources.\n\n_By default, no version is configured._\n\n### System security - for _Personally-Owned Work Profile_\n\n**Require a password to unlock mobile devices:**\n\n* Not configured (_default_) - This setting isn't evaluated for compliance or non-compliance.\n* Require - Users must enter a password before they can access their device.\n\n_This setting applies at the device level. If you only need to require a password at the Personally-Owned Work Profile level, then use a configuration policy. See Android Enterprise device configuration settings._\n\n**Required password type:**\nChoose if a password should include only numeric characters, or a mix of numerals and other characters. Your options:\n\n* Device Default\n* Low security biometric\n* At least numeric (_default_): Enter the minimum password length a user must enter, between 4 and 16 characters.\n* Numeric complex: Enter the minimum password length a user must enter, between 4 and 16 characters.\n* At least alphabetic: Enter the minimum password length a user must enter, between 4 and 16 characters.\n* At least alphanumeric: Enter the minimum password length a user must enter, between 4 and 16 characters.\n* At least alphanumeric with symbols: Enter the minimum password length a user must enter, between 4 and 16 characters.\n\nDepending on the password type you select, the following settings are available:\n\n* Maximum minutes of inactivity before password is required\n* Number of days until password expires\n* Minimum password length\n* Number of previous passwords to prevent reuse\n\n### Encryption - _for Personally-Owned Work Profile_\n\n**Encryption of data storage on device:**\n\n* Not configured (_default_) - This setting isn't evaluated for compliance or non-compliance.\n* Require - Encrypt data storage on your devices.\n\nYou don't have to configure this setting because Android Enterprise devices enforce encryption.\n\n### Device Security - _for Personally-Owned Work Profile_\n\n**Block apps from unknown sources:**\n\n* Not configured (_default_) - This setting isn't evaluated for compliance or non-compliance.\n* Block - Block devices with Security > Unknown Sources enabled sources (supported on Android 4.0 through Android 7.x. Not supported by Android 8.0 and later).\n\n_To side-load apps, unknown sources must be allowed. If you're not side-loading Android apps, then set this feature to Block to enable this compliance policy._\n\n**Company portal app runtime integrity:**\n\n* Not configured (_default_) - This setting isn't evaluated for compliance or non-compliance.\n* Require - Choose Require to confirm the Company Portal app meets all the following requirements:\n  * Has the default runtime environment installed\n  * Is properly signed\n  * Isn't in debug-mode\n  * Is installed from a known source\n\n**Block USB debugging on device:**\n\n* Not configured (_default_) - This setting isn't evaluated for compliance or non-compliance.\n* Block - Prevent devices from using the USB debugging feature.\n\n_You don't have to configure this setting because USB debugging is already disabled on Android Enterprise devices._\n\n**Minimum security patch level:**\n\n* Select the oldest security patch level a device can have. Devices that aren't at least at this patch level are noncompliant. The date must be entered in the YYYY-MM-DD format.\n\n_By default, no date is configured._"},{"ClassName":"MSFT_appListItem","Parameters":[{"CIMType":"String","Description":"The application name.","Name":"name","Option":"Write"},{"CIMType":"String","Description":"The publisher of the application.","Name":"publisher","Option":"Write"},{"CIMType":"String","Description":"The Store URL of the application.","Name":"appStoreUrl","Option":"Write"},{"CIMType":"String","Description":"The application or bundle identifier of the application.","Name":"appId","Option":"Key"}],"Description":"This resource configures the Intune compliance policies for iOs devices."},{"ClassName":"MSFT_IntuneDeviceCompliancePolicyiOs","Parameters":[{"CIMType":"String","Description":"Display name of the iOS device compliance policy.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"Description of the iOS device compliance policy.","Name":"Description","Option":"Write"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Assignments of the Intune Policy.","Name":"Assignments","Option":"Write"},{"CIMType":"Boolean","Description":"PasscodeBlockSimple of the iOS device compliance policy.","Name":"PasscodeBlockSimple","Option":"Write"},{"CIMType":"Uint32","Description":"PasscodeExpirationDays of the iOS device compliance policy.","Name":"PasscodeExpirationDays","Option":"Write"},{"CIMType":"Uint32","Description":"PasscodeMinimumLength of the iOS device compliance policy.","Name":"PasscodeMinimumLength","Option":"Write"},{"CIMType":"Uint32","Description":"PasscodeMinutesOfInactivityBeforeLock of the iOS device compliance policy.","Name":"PasscodeMinutesOfInactivityBeforeLock","Option":"Write"},{"CIMType":"Uint32","Description":"Minutes of inactivity before the screen times out.","Name":"PasscodeMinutesOfInactivityBeforeScreenTimeout","Option":"Write"},{"CIMType":"Uint32","Description":"PasscodePreviousPasscodeBlockCount of the iOS device compliance policy.","Name":"PasscodePreviousPasscodeBlockCount","Option":"Write"},{"CIMType":"Uint32","Description":"PasscodeMinimumCharacterSetCount of the iOS device compliance policy.","Name":"PasscodeMinimumCharacterSetCount","Option":"Write"},{"CIMType":"String","Description":"PasscodeRequiredType of the iOS device compliance policy.","Name":"PasscodeRequiredType","Option":"Write","ValueMap":["deviceDefault","alphanumeric","numeric"],"Values":["deviceDefault","alphanumeric","numeric"]},{"CIMType":"Boolean","Description":"PasscodeRequired of the iOS device compliance policy.","Name":"PasscodeRequired","Option":"Write"},{"CIMType":"String","Description":"OsMinimumVersion of the iOS device compliance policy.","Name":"OsMinimumVersion","Option":"Write"},{"CIMType":"String","Description":"OsMaximumVersion of the iOS device compliance policy.","Name":"OsMaximumVersion","Option":"Write"},{"CIMType":"String","Description":"Minimum IOS build version.","Name":"OsMinimumBuildVersion","Option":"Write"},{"CIMType":"String","Description":"Maximum IOS build version.","Name":"OsMaximumBuildVersion","Option":"Write"},{"CIMType":"Boolean","Description":"SecurityBlockJailbrokenDevices of the iOS device compliance policy.","Name":"SecurityBlockJailbrokenDevices","Option":"Write"},{"CIMType":"Boolean","Description":"DeviceThreatProtectionEnabled of the iOS device compliance policy.","Name":"DeviceThreatProtectionEnabled","Option":"Write"},{"CIMType":"String","Description":"Require Mobile Threat Protection minimum risk level to report noncompliance.","Name":"DeviceThreatProtectionRequiredSecurityLevel","Option":"Write","ValueMap":["unavailable","secured","low","medium","high","notSet"],"Values":["unavailable","secured","low","medium","high","notSet"]},{"CIMType":"String","Description":"MDATP Require Mobile Threat Protection minimum risk level to report noncompliance.","Name":"AdvancedThreatProtectionRequiredSecurityLevel","Option":"Write","ValueMap":["unavailable","secured","low","medium","high","notSet"],"Values":["unavailable","secured","low","medium","high","notSet"]},{"CIMType":"Boolean","Description":"ManagedEmailProfileRequired of the iOS device compliance policy.","Name":"ManagedEmailProfileRequired","Option":"Write"},{"CIMType":"MSFT_appListItem[]","Description":"Credentials of the Intune Admin","Name":"RestrictedApps","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Intune Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures the Intune compliance policies for iOs devices."},{"ClassName":"MSFT_IntuneDeviceCompliancePolicyMacOS","Parameters":[{"CIMType":"String","Description":"Display name of the MacOS device compliance policy.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"Description of the MacOS device compliance policy.","Name":"Description","Option":"Write"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Assignments of the Intune Policy.","Name":"Assignments","Option":"Write"},{"CIMType":"Boolean","Description":"PasswordRequired of the MacOS device compliance policy.","Name":"PasswordRequired","Option":"Write"},{"CIMType":"Boolean","Description":"PasswordBlockSimple of the MacOS device compliance policy.","Name":"PasswordBlockSimple","Option":"Write"},{"CIMType":"Uint32","Description":"PasswordExpirationDays of the MacOS device compliance policy.","Name":"PasswordExpirationDays","Option":"Write"},{"CIMType":"Uint32","Description":"PasswordMinimumLength of the MacOS device compliance policy.","Name":"PasswordMinimumLength","Option":"Write"},{"CIMType":"Uint32","Description":"PasswordMinutesOfInactivityBeforeLock of the MacOS device compliance policy.","Name":"PasswordMinutesOfInactivityBeforeLock","Option":"Write"},{"CIMType":"Uint32","Description":"PasswordPreviousPasswordBlockCount of the MacOS device compliance policy.","Name":"PasswordPreviousPasswordBlockCount","Option":"Write"},{"CIMType":"Uint32","Description":"PasswordMinimumCharacterSetCount of the MacOS device compliance policy.","Name":"PasswordMinimumCharacterSetCount","Option":"Write"},{"CIMType":"String","Description":"PasswordRequiredType of the MacOS device compliance policy.","Name":"PasswordRequiredType","Option":"Write","ValueMap":["DeviceDefault","Alphanumeric","Numeric"],"Values":["DeviceDefault","Alphanumeric","Numeric"]},{"CIMType":"String","Description":"OsMinimumVersion of the MacOS device compliance policy.","Name":"OsMinimumVersion","Option":"Write"},{"CIMType":"String","Description":"OsMaximumVersion of the MacOS device compliance policy.","Name":"OsMaximumVersion","Option":"Write"},{"CIMType":"String","Description":"Minimum MacOS build version.","Name":"OsMinimumBuildVersion","Option":"Write"},{"CIMType":"String","Description":"Maximum MacOS build version.","Name":"OsMaximumBuildVersion","Option":"Write"},{"CIMType":"Boolean","Description":"SystemIntegrityProtectionEnabled of the MacOS device compliance policy.","Name":"SystemIntegrityProtectionEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"DeviceThreatProtectionEnabled of the MacOS device compliance policy.","Name":"DeviceThreatProtectionEnabled","Option":"Write"},{"CIMType":"String","Description":"DeviceThreatProtectionRequiredSecurityLevel of the MacOS device compliance policy.","Name":"DeviceThreatProtectionRequiredSecurityLevel","Option":"Write","ValueMap":["Unavailable","Secured","Low","Medium","High","NotSet"],"Values":["Unavailable","Secured","Low","Medium","High","NotSet"]},{"CIMType":"String","Description":"AdvancedThreatProtectionRequiredSecurityLevel of the MacOS device compliance policy.","Name":"AdvancedThreatProtectionRequiredSecurityLevel","Option":"Write","ValueMap":["Unavailable","Secured","Low","Medium","High","NotSet"],"Values":["Unavailable","Secured","Low","Medium","High","NotSet"]},{"CIMType":"Boolean","Description":"StorageRequireEncryption of the MacOS device compliance policy.","Name":"StorageRequireEncryption","Option":"Write"},{"CIMType":"String","Description":"System and Privacy setting that determines which download locations apps can be run from on a macOS device.","Name":"GatekeeperAllowedAppSource","Option":"Write","ValueMap":["notConfigured","macAppStore","macAppStoreAndIdentifiedDevelopers","anywhere"],"Values":["notConfigured","macAppStore","macAppStoreAndIdentifiedDevelopers","anywhere"]},{"CIMType":"Boolean","Description":"FirewallEnabled of the MacOS device compliance policy.","Name":"FirewallEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"FirewallBlockAllIncoming of the MacOS device compliance policy.","Name":"FirewallBlockAllIncoming","Option":"Write"},{"CIMType":"Boolean","Description":"FirewallEnableStealthMode of the MacOS device compliance policy.","Name":"FirewallEnableStealthMode","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Intune Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures the settings of MacOS compliance policies\nin your cloud-based organization.\n\n## Parameters\n\n### Device Health\n\n**Require a system integrity protection:**\n\n* Not configured _(default)_ - This setting isn't evaluated for compliance or non-compliance.\n* Require - Require macOS devices to have System Integrity Protection enabled.\n\n### Device Properties\n\n**Minimum OS required:**\nWhen a device doesn't meet the minimum OS version requirement, it's reported as non-compliant. A link with information on how to upgrade is shown. The device user can choose to upgrade their device. After that, they can access organization resources.\n\n**Maximum OS version allowed:**\nWhen a device uses an OS version later than the version in the rule, access to organization resources is blocked. The device user is asked to contact their IT administrator. The device can't access organization resources until a rule changes to allow the OS version.\n\n**Minimum OS build version:**\nWhen Apple publishes security updates, the build number is typically updated, not the OS version. Use this feature to enter a minimum allowed build number on the device.\n\n**Maximum OS build version:**\nWhen Apple publishes security updates, the build number is typically updated, not the OS version. Use this feature to enter a maximum allowed build number on the device.\n\n## System security settings\n\n### Password\n\n**Require a password to unlock mobile devices:**\n\n* Not configured _(default)_\n* Require Users must enter a password before they can access their device.\n\n**Simple passwords:**\n\n* Not configured _(default)_ - Users can create passwords simple like 1234 or 1111.\n* Block - Users can't create simple passwords, such as 1234 or 1111.\n\n**Minimum password length:**\n\n* Enter the minimum number of digits or characters that the password must have.\n\n**Password type:**\n\n* Choose if a password should have only Numeric characters, or if there should be a mix of numbers and other characters (Alphanumeric).\n\n**Number of non-alphanumeric characters in password:**\n\n* Enter the minimum number of special characters, such as &, #, %, !, and so on, that must be in the password.\n\nSetting a higher number requires the user to create a password that is more complex.\n\n**Maximum minutes of inactivity before password is required:**\n\n* Enter the idle time before the user must reenter their password.\n\n**Password expiration (days):**\n\n* Select the number of days before the password expires, and they must create a new one.\n\n**Number of previous passwords to prevent reuse:**\n\n* Enter the number of previously used passwords that can't be used.\n\n### Encryption\n\n**Encryption of data storage on device:**\n\n* Not configured (_default_)\n* Require - Use _Require_ to encrypt data storage on your devices.\n\n### Device Security\n\nFirewall protects devices from unauthorized network access. You can use Firewall to control connections on a per-application basis.\n\n**Firewall:**\n\n* Not configured _(default)_ - This setting leaves the firewall turned off, and network traffic is allowed (not blocked).\n* Enable - Use Enable to help protect devices from unauthorized access. Enabling this feature allows you to handle incoming internet connections, and use stealth mode.\n\n**Incoming connections:**\n\n* Not configured _(default)_ - Allows incoming connections and sharing services.\n* Block - Block all incoming network connections except the connections required for basic internet services, such as DHCP, Bonjour, and IPSec. This setting also blocks all sharing services, including screen sharing, remote access, iTunes music sharing, and more.\n\n**Stealth Mode:**\n\n* Not configured _(default)_ - This setting leaves stealth mode turned off.\n* Enable - Turn on stealth mode to prevent devices from responding to probing requests, which can be made my malicious users. When enabled, the device continues to answer incoming requests for authorized apps.\n\n### Gatekeeper\n\nFor more information, see Gatekeeper on macOS.\n\n**Allow apps downloaded from these locations:**\nAllows supported applications to be installed on your devices from different locations. Your location options:\n\n* Not configured _(default)_ - The gatekeeper option has no impact on compliance or non-compliance.\n* Mac App Store - Only install apps for the Mac app store. Apps can't be installed from third parties nor identified developers. If a user selects Gatekeeper to install apps outside the Mac App Store, then the device is considered not compliant.\n* Mac App Store and identified developers - Install apps for the Mac app store and from identified developers. macOS checks the identity of developers, and does some other checks to verify app integrity. If a user selects Gatekeeper to install apps outside these options, then the device is considered not compliant.\n* Anywhere - Apps can be installed from anywhere, and by any developer. This option is the least secure."},{"ClassName":"MSFT_MicrosoftGraphOperatingSystemVersionRange","Parameters":[{"CIMType":"String","Description":"The description of this range (e.g. Valid 1702 builds)","Name":"Description","Option":"Key"},{"CIMType":"String","Description":"The lowest inclusive version that this range contains.","Name":"LowestVersion","Option":"Key"},{"CIMType":"String","Description":"The highest inclusive version that this range contains.","Name":"HighestVersion","Option":"Key"}],"Description":"This resource configures the settings of Windows 10 compliance policies\nin your cloud-based organization.\n\n## Parameters\n\n### Device Health\n\n#### Windows Health Attestation Service evaluation rules\n\n**Require BitLocker:**\n  Windows BitLocker Drive Encryption encrypts all data stored on the Windows operating system volume. BitLocker uses the Trusted Platform Module (TPM) to help protect the Windows operating system and user data. It also helps confirm that a computer isn't tampered with, even if its left unattended, lost, or stolen. If the computer is equipped with a compatible TPM, BitLocker uses the TPM to lock the encryption keys that protect the data. As a result, the keys can't be accessed until the TPM verifies the state of the computer.\n\n* Not configured _(default)_ - This setting isn't evaluated for compliance or non-compliance.\n* Require - The device can protect data that's stored on the drive from unauthorized access when the system is off, or hibernates.\n\n  Device HealthAttestation CSP - BitLockerStatus\n\n**Require Secure Boot to be enabled on the device:**\n\n* Not configured _(default)_ - This setting isn't evaluated for compliance or non-compliance.\n* Require - The system is forced to boot to a factory trusted state. The core components that are used to boot the machine must have correct cryptographic signatures that are trusted by the organization that manufactured the device. The UEFI firmware verifies the signature before it lets the machine start. If any files are tampered with, which breaks their signature, the system doesn't boot.\n\n### Device Properties\n\n#### Operating System Version\n\nTo discover build versions for all Windows 10 Feature Updates and Cumulative Updates (to be used in some of the fields below), see Windows 10 release information. Be sure to include the 10.0. prefix before the build numbers, as the following examples illustrate.\n\n**Minimum OS version:**\nEnter the minimum allowed version in the major.minor.build.revision number format. To get the correct value, open a command prompt, and type ver. The ver command returns the version in the following format:\n\nMicrosoft Windows [Version 10.0.17134.1]\n\nWhen a device has an earlier version than the OS version you enter, it's reported as noncompliant. A link with information on how to upgrade is shown. The end user can choose to upgrade their device. After they upgrade, they can access company resources.\n\n**Maximum OS version:**\nEnter the maximum allowed version, in the major.minor.build.revision number format. To get the correct value, open a command prompt, and type ver. The ver command returns the version in the following format:\n\nMicrosoft Windows [Version 10.0.17134.1]\n\nWhen a device is using an OS version later than the version entered, access to organization resources is blocked. The end user is asked to contact their IT administrator. The device can't access organization resources until the rule is changed to allow the OS version.\n\n**Minimum OS required for mobile devices:**\nEnter the minimum allowed version, in the major.minor.build number format.\n\nWhen a device has an earlier version that the OS version you enter, it's reported as noncompliant. A link with information on how to upgrade is shown. The end user can choose to upgrade their device. After they upgrade, they can access company resources.\n\n**Maximum OS required for mobile devices:**\nEnter the maximum allowed version, in the major.minor.build number.\n\nWhen a device is using an OS version later than the version entered, access to organization resources is blocked. The end user is asked to contact their IT administrator. The device can't access organization resources until the rule is changed to allow the OS version.\n\n**Valid operating system builds:**\nSpecify a list of minimum and maximum operating system builds. Valid operating system builds provides additional flexibility when compared against minimum and maximum OS versions. Consider a scenario where minimum OS version is set to 10.0.18362.xxx (Windows 10 1903) and maximum OS version is set to 10.0.18363.xxx (Windows 10 1909). This configuration can allow a Windows 10 1903 device that doesn't have recent cumulative updates installed to be identified as compliant. Minimum and maximum OS versions might be suitable if you have standardized on a single Windows 10 release, but might not address your requirements if you need to use multiple builds, each with specific patch levels. In such a case, consider leveraging valid operating system builds instead, which allows multiple builds to be specified as per the following example.\n\nExample:\nThe following table is an example of a range for the acceptable operating systems versions for different Windows 10 releases. In this example, three different Feature Updates have been allowed (1809, 1909 and 2004). Specifically, only those versions of Windows and which have applied cumulative updates from June to September 2020 will be considered to be compliant. This is sample data only. The table includes a first column that includes any text you want to describe the entry, followed by the minimum and maximum OS version for that entry. The second and third columns must adhere to valid OS build versions in the major.minor.build.revision number format. After you define one or more entries, you can Export the list as a comma-separated values (CSV) file.\n\n| Description                 | Minimum OS version | Maximum OS version |\n|-----------------------------|--------------------|--------------------|\n| Win 10 2004 (Jun-Sept 2020) | 10.0.19041.329     | 10.0.19041.508     |\n| Win 10 1909 (Jun-Sept 2020) | 10.0.18363.900     | 10.0.18363.1110    |\n| Win 10 1809 (Jun-Sept 2020) | 10.0.17763.1282    | 10.0.17763.1490    |\n\n### Configuration Manager Compliance\n\nApplies only to co-managed devices running Windows 10 and later. Intune-only devices return a not available status.\n\n**Require device compliance from Configuration Manager:**\n\n* Not configured _(default)_ - Intune doesn't check for any of the Configuration Manager settings for compliance.\n* Require - Require all settings (configuration items) in Configuration Manager to be compliant.\n\n### System Security\n\n#### Password\n\n**Require a password to unlock mobile devices:**\n\n* Not configured _(default)_ - This setting isn't evaluated for compliance or non-compliance.\n* Require - Users must enter a password before they can access their device.\n\n**Simple passwords:**\n\n* Not configured _(default)_ - Users can create simple passwords, such as 1234 or 1111.\n* Block - Users can't create simple passwords, such as 1234 or 1111.\n\n**Password type:**\nChoose the type of password or PIN required. Your options:\n\n* Device _(default)_  - Require a password, numeric PIN, or alphanumeric PIN\n* Numeric - Require a password or numeric PIN\n* Alphanumeric - Require a password, or alphanumeric PIN.\n\nWhen set to Alphanumeric, the following settings are available:\n\n* Password complexity:\n  * Require digits and lowercase letters _(default)_\n  * Require digits, lowercase letters, and uppercase letters\n  * Require digits, lowercase letters, uppercase letters, and special characters\n\n**Minimum password length:**\nEnter the minimum number of digits or characters that the password must have.\n\n**Maximum minutes of inactivity before password is required:**\nEnter the idle time before the user must reenter their password.\n\n**Password expiration (days):**\nEnter the number of days before the password expires, and they must create a new one, from 1-730.\n\n**Number of previous passwords to prevent reuse:**\nEnter the number of previously used passwords that can't be used.\n\n**Require password when device returns from idle state (Mobile and Holographic):**\n\n* Not configured _(default)_\n* Require - Require device users to enter the password every time the device returns from an idle state.\n\n**Important**\nWhen the password requirement is changed on a Windows desktop, users are impacted the next time they sign in, as that's when the device goes from idle to active. Users with passwords that meet the requirement are still prompted to change their passwords.\n\n### Encryption\n\n**Encryption of data storage on a device:**\nThis setting applies to all drives on a device.\n\n* Not configured _(default)_\n* Require - Use Require to encrypt data storage on your devices.\n\n**Note**\nThe Encryption of data storage on a device setting generically checks for the presence of encryption on the device, more specifically at the OS drive level. Currently, Intune supports only the encryption check with BitLocker. For a more robust encryption setting, consider using Require BitLocker, which leverages Windows Device Health Attestation to validate Bitlocker status at the TPM level.\n\n### Device Security\n\n**Firewall:**\n\n* Not configured _(default)_ - Intune doesn't control the Microsoft Defender Firewall, nor change existing settings.\n* Require - Turn on the Microsoft Defender Firewall, and prevent users from turning it off.\n\n**Note**\nIf the device immediately syncs after a reboot, or immediately syncs waking from sleep, then this setting may report as an Error. This scenario might not affect the overall device compliance status. To re-evaluate the compliance status, manually sync the device.\n\n**Trusted Platform Module (TPM):**\n\n* Not configured _(default)_ - Intune doesn't check the device for a TPM chip version.\n* Require - Intune checks the TPM chip version for compliance. The device is compliant if the TPM chip version is greater than 0 (zero). The device isn't compliant if there isn't a TPM version on the device.\n\n**Antivirus:**\n\n* Not configured _(default)_ - Intune doesn't check for any antivirus solutions installed on the device.\n* Require - Check compliance using antivirus solutions that are registered with Windows Security Center, such as Symantec and Microsoft Defender.\n\n**Antispyware:**\n\n* Not configured _(default)_ - Intune doesn't check for any antispyware solutions installed on the device.\n* Require - Check compliance using antispyware solutions that are registered with Windows Security Center, such as Symantec and Microsoft Defender.\n\n### Defender\n\nThe following compliance settings are supported with Windows 10 Desktop.\n\n**Microsoft Defender Antimalware:**\n\n* Not configured _(default)_ - Intune doesn't control the service, nor change existing settings.\n* Require - Turn on the Microsoft Defender anti-malware service, and prevent users from turning it off.\n\n**Microsoft Defender Antimalware minimum version:**\nEnter the minimum allowed version of Microsoft Defender anti-malware service. For example, enter 4.11.0.0. When left blank, any version of the Microsoft Defender anti-malware service can be used.\n\nBy _(default)_, no version is configured.\n\n**Microsoft Defender Antimalware security intelligence up-to-date:**\nControls the Windows Security virus and threat protection updates on the devices.\n\n* Not configured _(default)_ - Intune doesn't enforce any requirements.\n* Require - Force the Microsoft Defender security intelligence be up-to-date.\n\n**Real-time protection:**\n\n* Not configured (_(default)_) - Intune doesn't control this feature, nor change existing settings.\n* Require - Turn on real-time protection, which scans for malware, spyware, and other unwanted software.\n\n### Microsoft Defender for Endpoint\n\n#### Microsoft Defender for Endpoint rules\n\nFor additional information on Microsoft Defender for Endpoint integration in conditional access scenarios, see Configure Conditional Access in Microsoft Defender for Endpoint.\n\n**Require the device to be at or under the machine risk score:**\nUse this setting to take the risk assessment from your defense threat services as a condition for compliance. Choose the maximum allowed threat level:\n\n* Not configured (_(default)_)\n* Clear -This option is the most secure, as the device can't have any threats. If the device is detected as having any level of threats, it's evaluated as non-compliant.\n* Low - The device is evaluated as compliant if only low-level threats are present. Anything higher puts the device in a non-compliant status.\n* Medium - The device is evaluated as compliant if existing threats on the device are low or medium level. If the device is detected to have high-level threats, it's determined to be non-compliant.\n* High - This option is the least secure, and allows all threat levels. It may be useful if you're using this solution only for reporting purposes.\n\n### Windows Holographic for Business\n\nWindows Holographic for Business uses the Windows 10 and later platform. Windows Holographic for Business supports the following setting:\n\n**System Security > Encryption > Encryption of data storage on device.**\nTo verify device encryption on the Microsoft HoloLens, see Verify device encryption.\n\n### Surface Hub\n\nSurface Hub uses the Windows 10 and later platform. Surface Hubs are supported for both compliance and Conditional Access. To enable these features on Surface Hubs, we recommend you enable Windows 10 automatic enrollment in Intune (requires Azure Active Directory (Azure AD)), and target the Surface Hub devices as device groups. Surface Hubs are required to be Azure AD joined for compliance and Conditional Access to work.\n\nFor guidance, see set up enrollment for Windows devices.\n\nSpecial consideration for Surface Hubs running Windows 10 Team OS:\nSurface Hubs that run Windows 10 Team OS do not support the Microsoft Defender for Endpoint and Password compliance policies at this time. Therefore, for Surface Hubs that run Windows 10 Team OS set the following two settings to their _(default)_ of _Not configured_:\n\n* In the category Password, set Require a password to unlock mobile devices to the _(default)_ of Not configured.\n* In the category Microsoft Defender for Endpoint, set Require the device to be at or under the machine risk score to the _(default)_ of Not configured."},{"ClassName":"MSFT_MicrosoftGraphDeviceCompliancePolicyScript","Parameters":[{"CIMType":"String","Description":"Device compliance script name.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"Rules content of the custom settings.","Name":"RulesContent","Option":"Write"}],"Description":"This resource configures the settings of Windows 10 compliance policies\nin your cloud-based organization.\n\n## Parameters\n\n### Device Health\n\n#### Windows Health Attestation Service evaluation rules\n\n**Require BitLocker:**\n  Windows BitLocker Drive Encryption encrypts all data stored on the Windows operating system volume. BitLocker uses the Trusted Platform Module (TPM) to help protect the Windows operating system and user data. It also helps confirm that a computer isn't tampered with, even if its left unattended, lost, or stolen. If the computer is equipped with a compatible TPM, BitLocker uses the TPM to lock the encryption keys that protect the data. As a result, the keys can't be accessed until the TPM verifies the state of the computer.\n\n* Not configured _(default)_ - This setting isn't evaluated for compliance or non-compliance.\n* Require - The device can protect data that's stored on the drive from unauthorized access when the system is off, or hibernates.\n\n  Device HealthAttestation CSP - BitLockerStatus\n\n**Require Secure Boot to be enabled on the device:**\n\n* Not configured _(default)_ - This setting isn't evaluated for compliance or non-compliance.\n* Require - The system is forced to boot to a factory trusted state. The core components that are used to boot the machine must have correct cryptographic signatures that are trusted by the organization that manufactured the device. The UEFI firmware verifies the signature before it lets the machine start. If any files are tampered with, which breaks their signature, the system doesn't boot.\n\n### Device Properties\n\n#### Operating System Version\n\nTo discover build versions for all Windows 10 Feature Updates and Cumulative Updates (to be used in some of the fields below), see Windows 10 release information. Be sure to include the 10.0. prefix before the build numbers, as the following examples illustrate.\n\n**Minimum OS version:**\nEnter the minimum allowed version in the major.minor.build.revision number format. To get the correct value, open a command prompt, and type ver. The ver command returns the version in the following format:\n\nMicrosoft Windows [Version 10.0.17134.1]\n\nWhen a device has an earlier version than the OS version you enter, it's reported as noncompliant. A link with information on how to upgrade is shown. The end user can choose to upgrade their device. After they upgrade, they can access company resources.\n\n**Maximum OS version:**\nEnter the maximum allowed version, in the major.minor.build.revision number format. To get the correct value, open a command prompt, and type ver. The ver command returns the version in the following format:\n\nMicrosoft Windows [Version 10.0.17134.1]\n\nWhen a device is using an OS version later than the version entered, access to organization resources is blocked. The end user is asked to contact their IT administrator. The device can't access organization resources until the rule is changed to allow the OS version.\n\n**Minimum OS required for mobile devices:**\nEnter the minimum allowed version, in the major.minor.build number format.\n\nWhen a device has an earlier version that the OS version you enter, it's reported as noncompliant. A link with information on how to upgrade is shown. The end user can choose to upgrade their device. After they upgrade, they can access company resources.\n\n**Maximum OS required for mobile devices:**\nEnter the maximum allowed version, in the major.minor.build number.\n\nWhen a device is using an OS version later than the version entered, access to organization resources is blocked. The end user is asked to contact their IT administrator. The device can't access organization resources until the rule is changed to allow the OS version.\n\n**Valid operating system builds:**\nSpecify a list of minimum and maximum operating system builds. Valid operating system builds provides additional flexibility when compared against minimum and maximum OS versions. Consider a scenario where minimum OS version is set to 10.0.18362.xxx (Windows 10 1903) and maximum OS version is set to 10.0.18363.xxx (Windows 10 1909). This configuration can allow a Windows 10 1903 device that doesn't have recent cumulative updates installed to be identified as compliant. Minimum and maximum OS versions might be suitable if you have standardized on a single Windows 10 release, but might not address your requirements if you need to use multiple builds, each with specific patch levels. In such a case, consider leveraging valid operating system builds instead, which allows multiple builds to be specified as per the following example.\n\nExample:\nThe following table is an example of a range for the acceptable operating systems versions for different Windows 10 releases. In this example, three different Feature Updates have been allowed (1809, 1909 and 2004). Specifically, only those versions of Windows and which have applied cumulative updates from June to September 2020 will be considered to be compliant. This is sample data only. The table includes a first column that includes any text you want to describe the entry, followed by the minimum and maximum OS version for that entry. The second and third columns must adhere to valid OS build versions in the major.minor.build.revision number format. After you define one or more entries, you can Export the list as a comma-separated values (CSV) file.\n\n| Description                 | Minimum OS version | Maximum OS version |\n|-----------------------------|--------------------|--------------------|\n| Win 10 2004 (Jun-Sept 2020) | 10.0.19041.329     | 10.0.19041.508     |\n| Win 10 1909 (Jun-Sept 2020) | 10.0.18363.900     | 10.0.18363.1110    |\n| Win 10 1809 (Jun-Sept 2020) | 10.0.17763.1282    | 10.0.17763.1490    |\n\n### Configuration Manager Compliance\n\nApplies only to co-managed devices running Windows 10 and later. Intune-only devices return a not available status.\n\n**Require device compliance from Configuration Manager:**\n\n* Not configured _(default)_ - Intune doesn't check for any of the Configuration Manager settings for compliance.\n* Require - Require all settings (configuration items) in Configuration Manager to be compliant.\n\n### System Security\n\n#### Password\n\n**Require a password to unlock mobile devices:**\n\n* Not configured _(default)_ - This setting isn't evaluated for compliance or non-compliance.\n* Require - Users must enter a password before they can access their device.\n\n**Simple passwords:**\n\n* Not configured _(default)_ - Users can create simple passwords, such as 1234 or 1111.\n* Block - Users can't create simple passwords, such as 1234 or 1111.\n\n**Password type:**\nChoose the type of password or PIN required. Your options:\n\n* Device _(default)_  - Require a password, numeric PIN, or alphanumeric PIN\n* Numeric - Require a password or numeric PIN\n* Alphanumeric - Require a password, or alphanumeric PIN.\n\nWhen set to Alphanumeric, the following settings are available:\n\n* Password complexity:\n  * Require digits and lowercase letters _(default)_\n  * Require digits, lowercase letters, and uppercase letters\n  * Require digits, lowercase letters, uppercase letters, and special characters\n\n**Minimum password length:**\nEnter the minimum number of digits or characters that the password must have.\n\n**Maximum minutes of inactivity before password is required:**\nEnter the idle time before the user must reenter their password.\n\n**Password expiration (days):**\nEnter the number of days before the password expires, and they must create a new one, from 1-730.\n\n**Number of previous passwords to prevent reuse:**\nEnter the number of previously used passwords that can't be used.\n\n**Require password when device returns from idle state (Mobile and Holographic):**\n\n* Not configured _(default)_\n* Require - Require device users to enter the password every time the device returns from an idle state.\n\n**Important**\nWhen the password requirement is changed on a Windows desktop, users are impacted the next time they sign in, as that's when the device goes from idle to active. Users with passwords that meet the requirement are still prompted to change their passwords.\n\n### Encryption\n\n**Encryption of data storage on a device:**\nThis setting applies to all drives on a device.\n\n* Not configured _(default)_\n* Require - Use Require to encrypt data storage on your devices.\n\n**Note**\nThe Encryption of data storage on a device setting generically checks for the presence of encryption on the device, more specifically at the OS drive level. Currently, Intune supports only the encryption check with BitLocker. For a more robust encryption setting, consider using Require BitLocker, which leverages Windows Device Health Attestation to validate Bitlocker status at the TPM level.\n\n### Device Security\n\n**Firewall:**\n\n* Not configured _(default)_ - Intune doesn't control the Microsoft Defender Firewall, nor change existing settings.\n* Require - Turn on the Microsoft Defender Firewall, and prevent users from turning it off.\n\n**Note**\nIf the device immediately syncs after a reboot, or immediately syncs waking from sleep, then this setting may report as an Error. This scenario might not affect the overall device compliance status. To re-evaluate the compliance status, manually sync the device.\n\n**Trusted Platform Module (TPM):**\n\n* Not configured _(default)_ - Intune doesn't check the device for a TPM chip version.\n* Require - Intune checks the TPM chip version for compliance. The device is compliant if the TPM chip version is greater than 0 (zero). The device isn't compliant if there isn't a TPM version on the device.\n\n**Antivirus:**\n\n* Not configured _(default)_ - Intune doesn't check for any antivirus solutions installed on the device.\n* Require - Check compliance using antivirus solutions that are registered with Windows Security Center, such as Symantec and Microsoft Defender.\n\n**Antispyware:**\n\n* Not configured _(default)_ - Intune doesn't check for any antispyware solutions installed on the device.\n* Require - Check compliance using antispyware solutions that are registered with Windows Security Center, such as Symantec and Microsoft Defender.\n\n### Defender\n\nThe following compliance settings are supported with Windows 10 Desktop.\n\n**Microsoft Defender Antimalware:**\n\n* Not configured _(default)_ - Intune doesn't control the service, nor change existing settings.\n* Require - Turn on the Microsoft Defender anti-malware service, and prevent users from turning it off.\n\n**Microsoft Defender Antimalware minimum version:**\nEnter the minimum allowed version of Microsoft Defender anti-malware service. For example, enter 4.11.0.0. When left blank, any version of the Microsoft Defender anti-malware service can be used.\n\nBy _(default)_, no version is configured.\n\n**Microsoft Defender Antimalware security intelligence up-to-date:**\nControls the Windows Security virus and threat protection updates on the devices.\n\n* Not configured _(default)_ - Intune doesn't enforce any requirements.\n* Require - Force the Microsoft Defender security intelligence be up-to-date.\n\n**Real-time protection:**\n\n* Not configured (_(default)_) - Intune doesn't control this feature, nor change existing settings.\n* Require - Turn on real-time protection, which scans for malware, spyware, and other unwanted software.\n\n### Microsoft Defender for Endpoint\n\n#### Microsoft Defender for Endpoint rules\n\nFor additional information on Microsoft Defender for Endpoint integration in conditional access scenarios, see Configure Conditional Access in Microsoft Defender for Endpoint.\n\n**Require the device to be at or under the machine risk score:**\nUse this setting to take the risk assessment from your defense threat services as a condition for compliance. Choose the maximum allowed threat level:\n\n* Not configured (_(default)_)\n* Clear -This option is the most secure, as the device can't have any threats. If the device is detected as having any level of threats, it's evaluated as non-compliant.\n* Low - The device is evaluated as compliant if only low-level threats are present. Anything higher puts the device in a non-compliant status.\n* Medium - The device is evaluated as compliant if existing threats on the device are low or medium level. If the device is detected to have high-level threats, it's determined to be non-compliant.\n* High - This option is the least secure, and allows all threat levels. It may be useful if you're using this solution only for reporting purposes.\n\n### Windows Holographic for Business\n\nWindows Holographic for Business uses the Windows 10 and later platform. Windows Holographic for Business supports the following setting:\n\n**System Security > Encryption > Encryption of data storage on device.**\nTo verify device encryption on the Microsoft HoloLens, see Verify device encryption.\n\n### Surface Hub\n\nSurface Hub uses the Windows 10 and later platform. Surface Hubs are supported for both compliance and Conditional Access. To enable these features on Surface Hubs, we recommend you enable Windows 10 automatic enrollment in Intune (requires Azure Active Directory (Azure AD)), and target the Surface Hub devices as device groups. Surface Hubs are required to be Azure AD joined for compliance and Conditional Access to work.\n\nFor guidance, see set up enrollment for Windows devices.\n\nSpecial consideration for Surface Hubs running Windows 10 Team OS:\nSurface Hubs that run Windows 10 Team OS do not support the Microsoft Defender for Endpoint and Password compliance policies at this time. Therefore, for Surface Hubs that run Windows 10 Team OS set the following two settings to their _(default)_ of _Not configured_:\n\n* In the category Password, set Require a password to unlock mobile devices to the _(default)_ of Not configured.\n* In the category Microsoft Defender for Endpoint, set Require the device to be at or under the machine risk score to the _(default)_ of Not configured."},{"ClassName":"MSFT_MicrosoftGraphDeviceComplianceScheduledActionsForRuleConfiguration","Parameters":[{"CIMType":"String","Description":"The action type of the compliance policy action.","Name":"ActionType","Option":"Write","ValueMap":["block","notification","retire"],"Values":["block","notification","retire"]},{"CIMType":"Uint32","Description":"Number of hours the device can be in grace period.","Name":"GracePeriodHours","Option":"Write"},{"CIMType":"String[]","Description":"Display names of the groups that should be notified if the compliance fails.","Name":"NotificationMessageCCList","Option":"Write"},{"CIMType":"String","Description":"Display name of the Notification Template used in the compliance policy. Can only be used with ActionType 'notification'.","Name":"NotificationTemplate","Option":"Write"}],"Description":"This resource configures the settings of Windows 10 compliance policies\nin your cloud-based organization.\n\n## Parameters\n\n### Device Health\n\n#### Windows Health Attestation Service evaluation rules\n\n**Require BitLocker:**\n  Windows BitLocker Drive Encryption encrypts all data stored on the Windows operating system volume. BitLocker uses the Trusted Platform Module (TPM) to help protect the Windows operating system and user data. It also helps confirm that a computer isn't tampered with, even if its left unattended, lost, or stolen. If the computer is equipped with a compatible TPM, BitLocker uses the TPM to lock the encryption keys that protect the data. As a result, the keys can't be accessed until the TPM verifies the state of the computer.\n\n* Not configured _(default)_ - This setting isn't evaluated for compliance or non-compliance.\n* Require - The device can protect data that's stored on the drive from unauthorized access when the system is off, or hibernates.\n\n  Device HealthAttestation CSP - BitLockerStatus\n\n**Require Secure Boot to be enabled on the device:**\n\n* Not configured _(default)_ - This setting isn't evaluated for compliance or non-compliance.\n* Require - The system is forced to boot to a factory trusted state. The core components that are used to boot the machine must have correct cryptographic signatures that are trusted by the organization that manufactured the device. The UEFI firmware verifies the signature before it lets the machine start. If any files are tampered with, which breaks their signature, the system doesn't boot.\n\n### Device Properties\n\n#### Operating System Version\n\nTo discover build versions for all Windows 10 Feature Updates and Cumulative Updates (to be used in some of the fields below), see Windows 10 release information. Be sure to include the 10.0. prefix before the build numbers, as the following examples illustrate.\n\n**Minimum OS version:**\nEnter the minimum allowed version in the major.minor.build.revision number format. To get the correct value, open a command prompt, and type ver. The ver command returns the version in the following format:\n\nMicrosoft Windows [Version 10.0.17134.1]\n\nWhen a device has an earlier version than the OS version you enter, it's reported as noncompliant. A link with information on how to upgrade is shown. The end user can choose to upgrade their device. After they upgrade, they can access company resources.\n\n**Maximum OS version:**\nEnter the maximum allowed version, in the major.minor.build.revision number format. To get the correct value, open a command prompt, and type ver. The ver command returns the version in the following format:\n\nMicrosoft Windows [Version 10.0.17134.1]\n\nWhen a device is using an OS version later than the version entered, access to organization resources is blocked. The end user is asked to contact their IT administrator. The device can't access organization resources until the rule is changed to allow the OS version.\n\n**Minimum OS required for mobile devices:**\nEnter the minimum allowed version, in the major.minor.build number format.\n\nWhen a device has an earlier version that the OS version you enter, it's reported as noncompliant. A link with information on how to upgrade is shown. The end user can choose to upgrade their device. After they upgrade, they can access company resources.\n\n**Maximum OS required for mobile devices:**\nEnter the maximum allowed version, in the major.minor.build number.\n\nWhen a device is using an OS version later than the version entered, access to organization resources is blocked. The end user is asked to contact their IT administrator. The device can't access organization resources until the rule is changed to allow the OS version.\n\n**Valid operating system builds:**\nSpecify a list of minimum and maximum operating system builds. Valid operating system builds provides additional flexibility when compared against minimum and maximum OS versions. Consider a scenario where minimum OS version is set to 10.0.18362.xxx (Windows 10 1903) and maximum OS version is set to 10.0.18363.xxx (Windows 10 1909). This configuration can allow a Windows 10 1903 device that doesn't have recent cumulative updates installed to be identified as compliant. Minimum and maximum OS versions might be suitable if you have standardized on a single Windows 10 release, but might not address your requirements if you need to use multiple builds, each with specific patch levels. In such a case, consider leveraging valid operating system builds instead, which allows multiple builds to be specified as per the following example.\n\nExample:\nThe following table is an example of a range for the acceptable operating systems versions for different Windows 10 releases. In this example, three different Feature Updates have been allowed (1809, 1909 and 2004). Specifically, only those versions of Windows and which have applied cumulative updates from June to September 2020 will be considered to be compliant. This is sample data only. The table includes a first column that includes any text you want to describe the entry, followed by the minimum and maximum OS version for that entry. The second and third columns must adhere to valid OS build versions in the major.minor.build.revision number format. After you define one or more entries, you can Export the list as a comma-separated values (CSV) file.\n\n| Description                 | Minimum OS version | Maximum OS version |\n|-----------------------------|--------------------|--------------------|\n| Win 10 2004 (Jun-Sept 2020) | 10.0.19041.329     | 10.0.19041.508     |\n| Win 10 1909 (Jun-Sept 2020) | 10.0.18363.900     | 10.0.18363.1110    |\n| Win 10 1809 (Jun-Sept 2020) | 10.0.17763.1282    | 10.0.17763.1490    |\n\n### Configuration Manager Compliance\n\nApplies only to co-managed devices running Windows 10 and later. Intune-only devices return a not available status.\n\n**Require device compliance from Configuration Manager:**\n\n* Not configured _(default)_ - Intune doesn't check for any of the Configuration Manager settings for compliance.\n* Require - Require all settings (configuration items) in Configuration Manager to be compliant.\n\n### System Security\n\n#### Password\n\n**Require a password to unlock mobile devices:**\n\n* Not configured _(default)_ - This setting isn't evaluated for compliance or non-compliance.\n* Require - Users must enter a password before they can access their device.\n\n**Simple passwords:**\n\n* Not configured _(default)_ - Users can create simple passwords, such as 1234 or 1111.\n* Block - Users can't create simple passwords, such as 1234 or 1111.\n\n**Password type:**\nChoose the type of password or PIN required. Your options:\n\n* Device _(default)_  - Require a password, numeric PIN, or alphanumeric PIN\n* Numeric - Require a password or numeric PIN\n* Alphanumeric - Require a password, or alphanumeric PIN.\n\nWhen set to Alphanumeric, the following settings are available:\n\n* Password complexity:\n  * Require digits and lowercase letters _(default)_\n  * Require digits, lowercase letters, and uppercase letters\n  * Require digits, lowercase letters, uppercase letters, and special characters\n\n**Minimum password length:**\nEnter the minimum number of digits or characters that the password must have.\n\n**Maximum minutes of inactivity before password is required:**\nEnter the idle time before the user must reenter their password.\n\n**Password expiration (days):**\nEnter the number of days before the password expires, and they must create a new one, from 1-730.\n\n**Number of previous passwords to prevent reuse:**\nEnter the number of previously used passwords that can't be used.\n\n**Require password when device returns from idle state (Mobile and Holographic):**\n\n* Not configured _(default)_\n* Require - Require device users to enter the password every time the device returns from an idle state.\n\n**Important**\nWhen the password requirement is changed on a Windows desktop, users are impacted the next time they sign in, as that's when the device goes from idle to active. Users with passwords that meet the requirement are still prompted to change their passwords.\n\n### Encryption\n\n**Encryption of data storage on a device:**\nThis setting applies to all drives on a device.\n\n* Not configured _(default)_\n* Require - Use Require to encrypt data storage on your devices.\n\n**Note**\nThe Encryption of data storage on a device setting generically checks for the presence of encryption on the device, more specifically at the OS drive level. Currently, Intune supports only the encryption check with BitLocker. For a more robust encryption setting, consider using Require BitLocker, which leverages Windows Device Health Attestation to validate Bitlocker status at the TPM level.\n\n### Device Security\n\n**Firewall:**\n\n* Not configured _(default)_ - Intune doesn't control the Microsoft Defender Firewall, nor change existing settings.\n* Require - Turn on the Microsoft Defender Firewall, and prevent users from turning it off.\n\n**Note**\nIf the device immediately syncs after a reboot, or immediately syncs waking from sleep, then this setting may report as an Error. This scenario might not affect the overall device compliance status. To re-evaluate the compliance status, manually sync the device.\n\n**Trusted Platform Module (TPM):**\n\n* Not configured _(default)_ - Intune doesn't check the device for a TPM chip version.\n* Require - Intune checks the TPM chip version for compliance. The device is compliant if the TPM chip version is greater than 0 (zero). The device isn't compliant if there isn't a TPM version on the device.\n\n**Antivirus:**\n\n* Not configured _(default)_ - Intune doesn't check for any antivirus solutions installed on the device.\n* Require - Check compliance using antivirus solutions that are registered with Windows Security Center, such as Symantec and Microsoft Defender.\n\n**Antispyware:**\n\n* Not configured _(default)_ - Intune doesn't check for any antispyware solutions installed on the device.\n* Require - Check compliance using antispyware solutions that are registered with Windows Security Center, such as Symantec and Microsoft Defender.\n\n### Defender\n\nThe following compliance settings are supported with Windows 10 Desktop.\n\n**Microsoft Defender Antimalware:**\n\n* Not configured _(default)_ - Intune doesn't control the service, nor change existing settings.\n* Require - Turn on the Microsoft Defender anti-malware service, and prevent users from turning it off.\n\n**Microsoft Defender Antimalware minimum version:**\nEnter the minimum allowed version of Microsoft Defender anti-malware service. For example, enter 4.11.0.0. When left blank, any version of the Microsoft Defender anti-malware service can be used.\n\nBy _(default)_, no version is configured.\n\n**Microsoft Defender Antimalware security intelligence up-to-date:**\nControls the Windows Security virus and threat protection updates on the devices.\n\n* Not configured _(default)_ - Intune doesn't enforce any requirements.\n* Require - Force the Microsoft Defender security intelligence be up-to-date.\n\n**Real-time protection:**\n\n* Not configured (_(default)_) - Intune doesn't control this feature, nor change existing settings.\n* Require - Turn on real-time protection, which scans for malware, spyware, and other unwanted software.\n\n### Microsoft Defender for Endpoint\n\n#### Microsoft Defender for Endpoint rules\n\nFor additional information on Microsoft Defender for Endpoint integration in conditional access scenarios, see Configure Conditional Access in Microsoft Defender for Endpoint.\n\n**Require the device to be at or under the machine risk score:**\nUse this setting to take the risk assessment from your defense threat services as a condition for compliance. Choose the maximum allowed threat level:\n\n* Not configured (_(default)_)\n* Clear -This option is the most secure, as the device can't have any threats. If the device is detected as having any level of threats, it's evaluated as non-compliant.\n* Low - The device is evaluated as compliant if only low-level threats are present. Anything higher puts the device in a non-compliant status.\n* Medium - The device is evaluated as compliant if existing threats on the device are low or medium level. If the device is detected to have high-level threats, it's determined to be non-compliant.\n* High - This option is the least secure, and allows all threat levels. It may be useful if you're using this solution only for reporting purposes.\n\n### Windows Holographic for Business\n\nWindows Holographic for Business uses the Windows 10 and later platform. Windows Holographic for Business supports the following setting:\n\n**System Security > Encryption > Encryption of data storage on device.**\nTo verify device encryption on the Microsoft HoloLens, see Verify device encryption.\n\n### Surface Hub\n\nSurface Hub uses the Windows 10 and later platform. Surface Hubs are supported for both compliance and Conditional Access. To enable these features on Surface Hubs, we recommend you enable Windows 10 automatic enrollment in Intune (requires Azure Active Directory (Azure AD)), and target the Surface Hub devices as device groups. Surface Hubs are required to be Azure AD joined for compliance and Conditional Access to work.\n\nFor guidance, see set up enrollment for Windows devices.\n\nSpecial consideration for Surface Hubs running Windows 10 Team OS:\nSurface Hubs that run Windows 10 Team OS do not support the Microsoft Defender for Endpoint and Password compliance policies at this time. Therefore, for Surface Hubs that run Windows 10 Team OS set the following two settings to their _(default)_ of _Not configured_:\n\n* In the category Password, set Require a password to unlock mobile devices to the _(default)_ of Not configured.\n* In the category Microsoft Defender for Endpoint, set Require the device to be at or under the machine risk score to the _(default)_ of Not configured."},{"ClassName":"MSFT_IntuneDeviceCompliancePolicyWindows10","Parameters":[{"CIMType":"String","Description":"The id of the Windows 10 device compliance policy.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"Display name of the Windows 10 device compliance policy.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"Description of the Windows 10 device compliance policy.","Name":"Description","Option":"Write"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"Boolean","Description":"PasswordRequired of the Windows 10 device compliance policy.","Name":"PasswordRequired","Option":"Write"},{"CIMType":"Boolean","Description":"PasswordBlockSimple of the Windows 10 device compliance policy.","Name":"PasswordBlockSimple","Option":"Write"},{"CIMType":"Boolean","Description":"PasswordRequiredToUnlockFromIdle of the Windows 10 device compliance policy.","Name":"PasswordRequiredToUnlockFromIdle","Option":"Write"},{"CIMType":"Uint32","Description":"PasswordMinutesOfInactivityBeforeLock of the Windows 10 device compliance policy.","Name":"PasswordMinutesOfInactivityBeforeLock","Option":"Write"},{"CIMType":"Uint32","Description":"PasswordExpirationDays of the Windows 10 device compliance policy.","Name":"PasswordExpirationDays","Option":"Write"},{"CIMType":"Uint32","Description":"PasswordMinimumLength of the Windows 10 device compliance policy.","Name":"PasswordMinimumLength","Option":"Write"},{"CIMType":"Uint32","Description":"PasswordMinimumCharacterSetCount of the Windows 10 device compliance policy.","Name":"PasswordMinimumCharacterSetCount","Option":"Write"},{"CIMType":"String","Description":"PasswordRequiredType of the Windows 10 device compliance policy.","Name":"PasswordRequiredType","Option":"Write","ValueMap":["DeviceDefault","Alphanumeric","Numeric"],"Values":["DeviceDefault","Alphanumeric","Numeric"]},{"CIMType":"Uint32","Description":"PasswordPreviousPasswordBlockCount of the Windows 10 device compliance policy.","Name":"PasswordPreviousPasswordBlockCount","Option":"Write"},{"CIMType":"Boolean","Description":"RequireHealthyDeviceReport of the Windows 10 device compliance policy.","Name":"RequireHealthyDeviceReport","Option":"Write"},{"CIMType":"String","Description":"OsMinimumVersion of the Windows 10 device compliance policy.","Name":"OsMinimumVersion","Option":"Write"},{"CIMType":"String","Description":"OsMaximumVersion of the Windows 10 device compliance policy.","Name":"OsMaximumVersion","Option":"Write"},{"CIMType":"String","Description":"MobileOsMinimumVersion of the Windows 10 device compliance policy.","Name":"MobileOsMinimumVersion","Option":"Write"},{"CIMType":"String","Description":"MobileOsMaximumVersion of the Windows 10 device compliance policy.","Name":"MobileOsMaximumVersion","Option":"Write"},{"CIMType":"Boolean","Description":"EarlyLaunchAntiMalwareDriverEnabled of the Windows 10 device compliance policy.","Name":"EarlyLaunchAntiMalwareDriverEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"BitLockerEnabled of the Windows 10 device compliance policy.","Name":"BitLockerEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"SecureBootEnabled of the Windows 10 device compliance policy.","Name":"SecureBootEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"CodeIntegrityEnabled of the Windows 10 device compliance policy.","Name":"CodeIntegrityEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"StorageRequireEncryption of the Windows 10 device compliance policy.","Name":"StorageRequireEncryption","Option":"Write"},{"CIMType":"Boolean","Description":"ActiveFirewallRequired of the Windows 10 device compliance policy.","Name":"ActiveFirewallRequired","Option":"Write"},{"CIMType":"Boolean","Description":"DefenderEnabled of the Windows 10 device compliance policy.","Name":"DefenderEnabled","Option":"Write"},{"CIMType":"String","Description":"DefenderVersion of the Windows 10 device compliance policy.","Name":"DefenderVersion","Option":"Write"},{"CIMType":"Boolean","Description":"SignatureOutOfDate of the Windows 10 device compliance policy.","Name":"SignatureOutOfDate","Option":"Write"},{"CIMType":"Boolean","Description":"RTPEnabled of the Windows 10 device compliance policy.","Name":"RTPEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"AntivirusRequired of the Windows 10 device compliance policy.","Name":"AntivirusRequired","Option":"Write"},{"CIMType":"Boolean","Description":"AntiSpywareRequired of the Windows 10 device compliance policy.","Name":"AntiSpywareRequired","Option":"Write"},{"CIMType":"Boolean","Description":"DeviceThreatProtectionEnabled of the Windows 10 device compliance policy.","Name":"DeviceThreatProtectionEnabled","Option":"Write"},{"CIMType":"String","Description":"DeviceThreatProtectionRequiredSecurityLevel of the Windows 10 device compliance policy.","Name":"DeviceThreatProtectionRequiredSecurityLevel","Option":"Write","ValueMap":["Unavailable","Secured","Low","Medium","High","NotSet"],"Values":["Unavailable","Secured","Low","Medium","High","NotSet"]},{"CIMType":"Boolean","Description":"ConfigurationManagerComplianceRequired of the Windows 10 device compliance policy.","Name":"ConfigurationManagerComplianceRequired","Option":"Write"},{"CIMType":"Boolean","Description":"TpmRequired of the Windows 10 device compliance policy.","Name":"TpmRequired","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphDeviceCompliancePolicyScript","Description":"DeviceCompliancePolicyScript of the Windows 10 device compliance policy.","Name":"DeviceCompliancePolicyScript","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphOperatingSystemVersionRange[]","Description":"ValidOperatingSystemBuildRanges of the Windows 10 device compliance policy.","Name":"ValidOperatingSystemBuildRanges","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphDeviceComplianceScheduledActionsForRuleConfiguration[]","Description":"Actions to take for noncompliant devices.","Name":"ScheduledActionsForRule","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Intune Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures the settings of Windows 10 compliance policies\nin your cloud-based organization.\n\n## Parameters\n\n### Device Health\n\n#### Windows Health Attestation Service evaluation rules\n\n**Require BitLocker:**\n  Windows BitLocker Drive Encryption encrypts all data stored on the Windows operating system volume. BitLocker uses the Trusted Platform Module (TPM) to help protect the Windows operating system and user data. It also helps confirm that a computer isn't tampered with, even if its left unattended, lost, or stolen. If the computer is equipped with a compatible TPM, BitLocker uses the TPM to lock the encryption keys that protect the data. As a result, the keys can't be accessed until the TPM verifies the state of the computer.\n\n* Not configured _(default)_ - This setting isn't evaluated for compliance or non-compliance.\n* Require - The device can protect data that's stored on the drive from unauthorized access when the system is off, or hibernates.\n\n  Device HealthAttestation CSP - BitLockerStatus\n\n**Require Secure Boot to be enabled on the device:**\n\n* Not configured _(default)_ - This setting isn't evaluated for compliance or non-compliance.\n* Require - The system is forced to boot to a factory trusted state. The core components that are used to boot the machine must have correct cryptographic signatures that are trusted by the organization that manufactured the device. The UEFI firmware verifies the signature before it lets the machine start. If any files are tampered with, which breaks their signature, the system doesn't boot.\n\n### Device Properties\n\n#### Operating System Version\n\nTo discover build versions for all Windows 10 Feature Updates and Cumulative Updates (to be used in some of the fields below), see Windows 10 release information. Be sure to include the 10.0. prefix before the build numbers, as the following examples illustrate.\n\n**Minimum OS version:**\nEnter the minimum allowed version in the major.minor.build.revision number format. To get the correct value, open a command prompt, and type ver. The ver command returns the version in the following format:\n\nMicrosoft Windows [Version 10.0.17134.1]\n\nWhen a device has an earlier version than the OS version you enter, it's reported as noncompliant. A link with information on how to upgrade is shown. The end user can choose to upgrade their device. After they upgrade, they can access company resources.\n\n**Maximum OS version:**\nEnter the maximum allowed version, in the major.minor.build.revision number format. To get the correct value, open a command prompt, and type ver. The ver command returns the version in the following format:\n\nMicrosoft Windows [Version 10.0.17134.1]\n\nWhen a device is using an OS version later than the version entered, access to organization resources is blocked. The end user is asked to contact their IT administrator. The device can't access organization resources until the rule is changed to allow the OS version.\n\n**Minimum OS required for mobile devices:**\nEnter the minimum allowed version, in the major.minor.build number format.\n\nWhen a device has an earlier version that the OS version you enter, it's reported as noncompliant. A link with information on how to upgrade is shown. The end user can choose to upgrade their device. After they upgrade, they can access company resources.\n\n**Maximum OS required for mobile devices:**\nEnter the maximum allowed version, in the major.minor.build number.\n\nWhen a device is using an OS version later than the version entered, access to organization resources is blocked. The end user is asked to contact their IT administrator. The device can't access organization resources until the rule is changed to allow the OS version.\n\n**Valid operating system builds:**\nSpecify a list of minimum and maximum operating system builds. Valid operating system builds provides additional flexibility when compared against minimum and maximum OS versions. Consider a scenario where minimum OS version is set to 10.0.18362.xxx (Windows 10 1903) and maximum OS version is set to 10.0.18363.xxx (Windows 10 1909). This configuration can allow a Windows 10 1903 device that doesn't have recent cumulative updates installed to be identified as compliant. Minimum and maximum OS versions might be suitable if you have standardized on a single Windows 10 release, but might not address your requirements if you need to use multiple builds, each with specific patch levels. In such a case, consider leveraging valid operating system builds instead, which allows multiple builds to be specified as per the following example.\n\nExample:\nThe following table is an example of a range for the acceptable operating systems versions for different Windows 10 releases. In this example, three different Feature Updates have been allowed (1809, 1909 and 2004). Specifically, only those versions of Windows and which have applied cumulative updates from June to September 2020 will be considered to be compliant. This is sample data only. The table includes a first column that includes any text you want to describe the entry, followed by the minimum and maximum OS version for that entry. The second and third columns must adhere to valid OS build versions in the major.minor.build.revision number format. After you define one or more entries, you can Export the list as a comma-separated values (CSV) file.\n\n| Description                 | Minimum OS version | Maximum OS version |\n|-----------------------------|--------------------|--------------------|\n| Win 10 2004 (Jun-Sept 2020) | 10.0.19041.329     | 10.0.19041.508     |\n| Win 10 1909 (Jun-Sept 2020) | 10.0.18363.900     | 10.0.18363.1110    |\n| Win 10 1809 (Jun-Sept 2020) | 10.0.17763.1282    | 10.0.17763.1490    |\n\n### Configuration Manager Compliance\n\nApplies only to co-managed devices running Windows 10 and later. Intune-only devices return a not available status.\n\n**Require device compliance from Configuration Manager:**\n\n* Not configured _(default)_ - Intune doesn't check for any of the Configuration Manager settings for compliance.\n* Require - Require all settings (configuration items) in Configuration Manager to be compliant.\n\n### System Security\n\n#### Password\n\n**Require a password to unlock mobile devices:**\n\n* Not configured _(default)_ - This setting isn't evaluated for compliance or non-compliance.\n* Require - Users must enter a password before they can access their device.\n\n**Simple passwords:**\n\n* Not configured _(default)_ - Users can create simple passwords, such as 1234 or 1111.\n* Block - Users can't create simple passwords, such as 1234 or 1111.\n\n**Password type:**\nChoose the type of password or PIN required. Your options:\n\n* Device _(default)_  - Require a password, numeric PIN, or alphanumeric PIN\n* Numeric - Require a password or numeric PIN\n* Alphanumeric - Require a password, or alphanumeric PIN.\n\nWhen set to Alphanumeric, the following settings are available:\n\n* Password complexity:\n  * Require digits and lowercase letters _(default)_\n  * Require digits, lowercase letters, and uppercase letters\n  * Require digits, lowercase letters, uppercase letters, and special characters\n\n**Minimum password length:**\nEnter the minimum number of digits or characters that the password must have.\n\n**Maximum minutes of inactivity before password is required:**\nEnter the idle time before the user must reenter their password.\n\n**Password expiration (days):**\nEnter the number of days before the password expires, and they must create a new one, from 1-730.\n\n**Number of previous passwords to prevent reuse:**\nEnter the number of previously used passwords that can't be used.\n\n**Require password when device returns from idle state (Mobile and Holographic):**\n\n* Not configured _(default)_\n* Require - Require device users to enter the password every time the device returns from an idle state.\n\n**Important**\nWhen the password requirement is changed on a Windows desktop, users are impacted the next time they sign in, as that's when the device goes from idle to active. Users with passwords that meet the requirement are still prompted to change their passwords.\n\n### Encryption\n\n**Encryption of data storage on a device:**\nThis setting applies to all drives on a device.\n\n* Not configured _(default)_\n* Require - Use Require to encrypt data storage on your devices.\n\n**Note**\nThe Encryption of data storage on a device setting generically checks for the presence of encryption on the device, more specifically at the OS drive level. Currently, Intune supports only the encryption check with BitLocker. For a more robust encryption setting, consider using Require BitLocker, which leverages Windows Device Health Attestation to validate Bitlocker status at the TPM level.\n\n### Device Security\n\n**Firewall:**\n\n* Not configured _(default)_ - Intune doesn't control the Microsoft Defender Firewall, nor change existing settings.\n* Require - Turn on the Microsoft Defender Firewall, and prevent users from turning it off.\n\n**Note**\nIf the device immediately syncs after a reboot, or immediately syncs waking from sleep, then this setting may report as an Error. This scenario might not affect the overall device compliance status. To re-evaluate the compliance status, manually sync the device.\n\n**Trusted Platform Module (TPM):**\n\n* Not configured _(default)_ - Intune doesn't check the device for a TPM chip version.\n* Require - Intune checks the TPM chip version for compliance. The device is compliant if the TPM chip version is greater than 0 (zero). The device isn't compliant if there isn't a TPM version on the device.\n\n**Antivirus:**\n\n* Not configured _(default)_ - Intune doesn't check for any antivirus solutions installed on the device.\n* Require - Check compliance using antivirus solutions that are registered with Windows Security Center, such as Symantec and Microsoft Defender.\n\n**Antispyware:**\n\n* Not configured _(default)_ - Intune doesn't check for any antispyware solutions installed on the device.\n* Require - Check compliance using antispyware solutions that are registered with Windows Security Center, such as Symantec and Microsoft Defender.\n\n### Defender\n\nThe following compliance settings are supported with Windows 10 Desktop.\n\n**Microsoft Defender Antimalware:**\n\n* Not configured _(default)_ - Intune doesn't control the service, nor change existing settings.\n* Require - Turn on the Microsoft Defender anti-malware service, and prevent users from turning it off.\n\n**Microsoft Defender Antimalware minimum version:**\nEnter the minimum allowed version of Microsoft Defender anti-malware service. For example, enter 4.11.0.0. When left blank, any version of the Microsoft Defender anti-malware service can be used.\n\nBy _(default)_, no version is configured.\n\n**Microsoft Defender Antimalware security intelligence up-to-date:**\nControls the Windows Security virus and threat protection updates on the devices.\n\n* Not configured _(default)_ - Intune doesn't enforce any requirements.\n* Require - Force the Microsoft Defender security intelligence be up-to-date.\n\n**Real-time protection:**\n\n* Not configured (_(default)_) - Intune doesn't control this feature, nor change existing settings.\n* Require - Turn on real-time protection, which scans for malware, spyware, and other unwanted software.\n\n### Microsoft Defender for Endpoint\n\n#### Microsoft Defender for Endpoint rules\n\nFor additional information on Microsoft Defender for Endpoint integration in conditional access scenarios, see Configure Conditional Access in Microsoft Defender for Endpoint.\n\n**Require the device to be at or under the machine risk score:**\nUse this setting to take the risk assessment from your defense threat services as a condition for compliance. Choose the maximum allowed threat level:\n\n* Not configured (_(default)_)\n* Clear -This option is the most secure, as the device can't have any threats. If the device is detected as having any level of threats, it's evaluated as non-compliant.\n* Low - The device is evaluated as compliant if only low-level threats are present. Anything higher puts the device in a non-compliant status.\n* Medium - The device is evaluated as compliant if existing threats on the device are low or medium level. If the device is detected to have high-level threats, it's determined to be non-compliant.\n* High - This option is the least secure, and allows all threat levels. It may be useful if you're using this solution only for reporting purposes.\n\n### Windows Holographic for Business\n\nWindows Holographic for Business uses the Windows 10 and later platform. Windows Holographic for Business supports the following setting:\n\n**System Security > Encryption > Encryption of data storage on device.**\nTo verify device encryption on the Microsoft HoloLens, see Verify device encryption.\n\n### Surface Hub\n\nSurface Hub uses the Windows 10 and later platform. Surface Hubs are supported for both compliance and Conditional Access. To enable these features on Surface Hubs, we recommend you enable Windows 10 automatic enrollment in Intune (requires Azure Active Directory (Azure AD)), and target the Surface Hub devices as device groups. Surface Hubs are required to be Azure AD joined for compliance and Conditional Access to work.\n\nFor guidance, see set up enrollment for Windows devices.\n\nSpecial consideration for Surface Hubs running Windows 10 Team OS:\nSurface Hubs that run Windows 10 Team OS do not support the Microsoft Defender for Endpoint and Password compliance policies at this time. Therefore, for Surface Hubs that run Windows 10 Team OS set the following two settings to their _(default)_ of _Not configured_:\n\n* In the category Password, set Require a password to unlock mobile devices to the _(default)_ of Not configured.\n* In the category Microsoft Defender for Endpoint, set Require the device to be at or under the machine risk score to the _(default)_ of Not configured."},{"ClassName":"MSFT_IntuneDeviceComplianceScriptLinux","Parameters":[{"CIMType":"String","Description":"Description of the compliance script.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Name of the compliance script.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"The compliance discovery script. Cannot be empty.","Name":"DiscoveryScript","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Device Compliance Script for Linux"},{"ClassName":"MSFT_IntuneDeviceComplianceScriptWindows10","Parameters":[{"CIMType":"String","Description":"Optional description for the device compliance script.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Name of the device compliance script.","Name":"DisplayName","Option":"Key"},{"CIMType":"Boolean","Description":"Indicate whether the script signature needs be checked.","Name":"EnforceSignatureCheck","Option":"Write"},{"CIMType":"String","Description":"Publisher of the script.","Name":"Publisher","Option":"Write"},{"CIMType":"String[]","Description":"List of Scope Tag IDs for this PowerShellScript instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"Boolean","Description":"A value indicating whether the PowerShell script should run as 32-bit","Name":"RunAs32Bit","Option":"Write"},{"CIMType":"String","Description":"Indicates the type of execution context. Possible values are: system, user.","Name":"RunAsAccount","Option":"Write","ValueMap":["system","user"],"Values":["system","user"]},{"CIMType":"String","Description":"The script content in Base64.","Name":"DetectionScriptContent","Option":"Write"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Device Compliance Script for Windows10"},{"ClassName":"MSFT_IntuneGroupPolicyDefinitionValueDefinition","Parameters":[{"CIMType":"String","Description":"The localized full category path for the policy.","Name":"CategoryPath","Option":"Write"},{"CIMType":"String","Description":"Identifies the type of groups the policy can be applied to. Possible values are: user, machine.","Name":"ClassType","Option":"Write","ValueMap":["user","machine"],"Values":["user","machine"]},{"CIMType":"String","Description":"The localized policy name.","Name":"DisplayName","Option":"Write"},{"CIMType":"String","Description":"The localized explanation or help text associated with the policy. The default value is empty.","Name":"ExplainText","Option":"Write"},{"CIMType":"String","Description":"The category id of the parent category","Name":"GroupPolicyCategoryId","Option":"Write"},{"CIMType":"Boolean","Description":"Signifies whether or not there are related definitions to this definition","Name":"HasRelatedDefinitions","Option":"Write"},{"CIMType":"String","Description":"Minimum required CSP version for device configuration in this definition","Name":"MinDeviceCspVersion","Option":"Write"},{"CIMType":"String","Description":"Minimum required CSP version for user configuration in this definition","Name":"MinUserCspVersion","Option":"Write"},{"CIMType":"String","Description":"Specifies the type of group policy. Possible values are: admxBacked, admxIngested.","Name":"PolicyType","Option":"Write","ValueMap":["admxBacked","admxIngested"],"Values":["admxBacked","admxIngested"]},{"CIMType":"String","Description":"Localized string used to specify what operating system or application version is affected by the policy.","Name":"SupportedOn","Option":"Write"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"}],"Description":"Intune Device Configuration Administrative Template Policy for Windows10"},{"ClassName":"MSFT_IntuneGroupPolicyDefinitionValue","Parameters":[{"CIMType":"String","Description":"Specifies how the value should be configured. This can be either as a Policy or as a Preference. Possible values are: policy, preference.","Name":"ConfigurationType","Option":"Write","ValueMap":["policy","preference"],"Values":["policy","preference"]},{"CIMType":"Boolean","Description":"Enables or disables the associated group policy definition.","Name":"Enabled","Option":"Write"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"MSFT_IntuneGroupPolicyDefinitionValueDefinition","Description":"The associated group policy definition with the value. Read-Only.","Name":"Definition","Option":"Write"},{"CIMType":"MSFT_IntuneGroupPolicyDefinitionValuePresentationValue[]","Description":"The associated group policy presentation values with the definition value.","Name":"PresentationValues","Option":"Write"}],"Description":"Intune Device Configuration Administrative Template Policy for Windows10"},{"ClassName":"MSFT_IntuneGroupPolicyDefinitionValuePresentationValue","Parameters":[{"CIMType":"Boolean","Description":"A value for the associated presentation.","Name":"BooleanValue","Option":"Write"},{"CIMType":"Uint64","Description":"A value for the associated presentation.","Name":"DecimalValue","Option":"Write"},{"CIMType":"String","Description":"A value for the associated presentation.","Name":"StringValue","Option":"Write"},{"CIMType":"MSFT_IntuneGroupPolicyDefinitionValuePresentationValueKeyValuePair[]","Description":"A list of pairs for the associated presentation.","Name":"KeyValuePairValues","Option":"Write"},{"CIMType":"String[]","Description":"A list of pairs for the associated presentation.","Name":"StringValues","Option":"Write"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"The unique identifier for presentation definition. Read-only.","Name":"PresentationDefinitionId","Option":"Write"},{"CIMType":"String","Description":"The label of the presentation definition. Read-only.","Name":"PresentationDefinitionLabel","Option":"Write"},{"CIMType":"String","Description":"A value for the associated presentation.","Name":"odataType","Option":"Write","ValueMap":["#microsoft.graph.groupPolicyPresentationValueBoolean","#microsoft.graph.groupPolicyPresentationValueDecimal","#microsoft.graph.groupPolicyPresentationValueList","#microsoft.graph.groupPolicyPresentationValueLongDecimal","#microsoft.graph.groupPolicyPresentationValueMultiText","#microsoft.graph.groupPolicyPresentationValueText"],"Values":["#microsoft.graph.groupPolicyPresentationValueBoolean","#microsoft.graph.groupPolicyPresentationValueDecimal","#microsoft.graph.groupPolicyPresentationValueList","#microsoft.graph.groupPolicyPresentationValueLongDecimal","#microsoft.graph.groupPolicyPresentationValueMultiText","#microsoft.graph.groupPolicyPresentationValueText"]}],"Description":"Intune Device Configuration Administrative Template Policy for Windows10"},{"ClassName":"MSFT_IntuneGroupPolicyDefinitionValuePresentationValueKeyValuePair","Parameters":[{"CIMType":"String","Description":"Value for this key-value pair.","Name":"Value","Option":"Write"},{"CIMType":"String","Description":"Name for this key-value pair.","Name":"Name","Option":"Write"}],"Description":"Intune Device Configuration Administrative Template Policy for Windows10"},{"ClassName":"MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10","Parameters":[{"CIMType":"String","Description":"User provided description for the resource object.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"User provided name for the resource object.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"Type of definitions configured for this policy. Possible values are: unknown, custom, builtIn, mixed, unknownFutureValue.","Name":"PolicyConfigurationIngestionType","Option":"Write","ValueMap":["unknown","custom","builtIn","mixed","unknownFutureValue"],"Values":["unknown","custom","builtIn","mixed","unknownFutureValue"]},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"MSFT_IntuneGroupPolicyDefinitionValue[]","Description":"The list of enabled or disabled group policy definition values for the configuration.","Name":"DefinitionValues","Option":"Write"},{"CIMType":"String[]","Description":"List of Scope Tag IDs for this policy instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Device Configuration Administrative Template Policy for Windows10"},{"ClassName":"MSFT_IntuneDeviceConfigurationCustomPolicyiOS","Parameters":[{"CIMType":"String","Description":"Id of the Intune policy.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"Display name of the Intune policy.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"Admin provided description of the Device Configuration. Inherited from managedDeviceMobileAppConfiguration","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Name that is displayed to the user.","Name":"PayloadName","Option":"Write"},{"CIMType":"String","Description":"Payload file name (*.mobileconfig, *.xml).","Name":"PayloadFileName","Option":"Write"},{"CIMType":"String","Description":"Payload. (UTF8 encoded byte array)","Name":"Payload","Option":"Write"},{"CIMType":"string[]","Description":"Role Scope Tag IDs","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"String","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Credentials of the Intune Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures an Intune iOS Custom Configuration Policy."},{"ClassName":"MSFT_MicrosoftGraphOmaSetting","Parameters":[{"CIMType":"String","Description":"Description.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Display Name.","Name":"DisplayName","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether the value field is encrypted. This property is read-only.","Name":"IsEncrypted","Option":"Write"},{"CIMType":"String","Description":"OMA.","Name":"OmaUri","Option":"Write"},{"CIMType":"String","Description":"ReferenceId for looking up secret for decryption. This property is read-only.","Name":"SecretReferenceValueId","Option":"Write"},{"CIMType":"String","Description":"File name associated with the Value property (.cer)","Name":"FileName","Option":"Write"},{"CIMType":"String","Description":"Value. (Base64 encoded string)","Name":"Value","Option":"Write"},{"CIMType":"Boolean","Description":"By setting to true, the CSP (configuration service provider) specified in the OMA-URI will perform a get, instead of set","Name":"IsReadOnly","Option":"Write"},{"CIMType":"String","Description":"The type of the entity.","Name":"odataType","Option":"Write","ValueMap":["#microsoft.graph.omaSettingBase64","#microsoft.graph.omaSettingBoolean","#microsoft.graph.omaSettingDateTime","#microsoft.graph.omaSettingFloatingPoint","#microsoft.graph.omaSettingInteger","#microsoft.graph.omaSettingString","#microsoft.graph.omaSettingStringXml"],"Values":["#microsoft.graph.omaSettingBase64","#microsoft.graph.omaSettingBoolean","#microsoft.graph.omaSettingDateTime","#microsoft.graph.omaSettingFloatingPoint","#microsoft.graph.omaSettingInteger","#microsoft.graph.omaSettingString","#microsoft.graph.omaSettingStringXml"]}],"Description":"Intune Device Configuration Custom Policy for Windows10"},{"ClassName":"MSFT_IntuneDeviceConfigurationCustomPolicyWindows10","Parameters":[{"CIMType":"String","Description":"Admin provided name of the device configuration.","Name":"DisplayName","Option":"Key"},{"CIMType":"MSFT_MicrosoftGraphomaSetting[]","Description":"OMA settings. This collection can contain a maximum of 1000 elements.","Name":"OmaSettings","Option":"Write"},{"CIMType":"String","Description":"Admin provided description of the Device Configuration.","Name":"Description","Option":"Write"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Device Configuration Custom Policy for Windows10"},{"ClassName":"MSFT_IntuneDeviceConfigurationDefenderForEndpointOnboardingPolicyWindows10","Parameters":[{"CIMType":"Boolean","Description":"Auto populate onboarding blob programmatically from Advanced Threat protection service","Name":"AdvancedThreatProtectionAutoPopulateOnboardingBlob","Option":"Write"},{"CIMType":"String","Description":"Windows Defender AdvancedThreatProtection Offboarding Blob.","Name":"AdvancedThreatProtectionOffboardingBlob","Option":"Write"},{"CIMType":"String","Description":"Name of the file from which AdvancedThreatProtectionOffboardingBlob was obtained.","Name":"AdvancedThreatProtectionOffboardingFilename","Option":"Write"},{"CIMType":"String","Description":"Windows Defender AdvancedThreatProtection Onboarding Blob.","Name":"AdvancedThreatProtectionOnboardingBlob","Option":"Write"},{"CIMType":"String","Description":"Name of the file from which AdvancedThreatProtectionOnboardingBlob was obtained.","Name":"AdvancedThreatProtectionOnboardingFilename","Option":"Write"},{"CIMType":"Boolean","Description":"Windows Defender AdvancedThreatProtection 'Allow Sample Sharing' Rule","Name":"AllowSampleSharing","Option":"Write"},{"CIMType":"Boolean","Description":"Expedite Windows Defender Advanced Threat Protection telemetry reporting frequency.","Name":"EnableExpeditedTelemetryReporting","Option":"Write"},{"CIMType":"String","Description":"Admin provided description of the Device Configuration.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Admin provided name of the device configuration.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Device Configuration Defender For Endpoint Onboarding Policy for Windows10"},{"ClassName":"MSFT_MicrosoftGraphDeliveryOptimizationBandwidth","Parameters":[{"CIMType":"UInt64","Description":"Specifies the maximum download bandwidth in KiloBytes/second that the device can use across all concurrent download activities using Delivery Optimization. Valid values 0 to 4294967295","Name":"MaximumDownloadBandwidthInKilobytesPerSecond","Option":"Write"},{"CIMType":"UInt64","Description":"Specifies the maximum upload bandwidth in KiloBytes/second that a device will use across all concurrent upload activity using Delivery Optimization (0-4000000). Valid values 0 to 4000000 The default value is 0, which permits unlimited possible bandwidth (optimized for minimal usage of upload bandwidth). Valid values 0 to 4000000","Name":"MaximumUploadBandwidthInKilobytesPerSecond","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphDeliveryOptimizationBandwidthBusinessHoursLimit","Description":"Background download percentage hours.","Name":"BandwidthBackgroundPercentageHours","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphDeliveryOptimizationBandwidthBusinessHoursLimit","Description":"Foreground download percentage hours.","Name":"BandwidthForegroundPercentageHours","Option":"Write"},{"CIMType":"UInt32","Description":"Specifies the maximum background download bandwidth that Delivery Optimization uses across all concurrent download activities as a percentage of available download bandwidth (0-100). Valid values 0 to 100","Name":"MaximumBackgroundBandwidthPercentage","Option":"Write"},{"CIMType":"UInt32","Description":"Specifies the maximum foreground download bandwidth that Delivery Optimization uses across all concurrent download activities as a percentage of available download bandwidth (0-100). Valid values 0 to 100 The default value 0 (zero) means that Delivery Optimization dynamically adjusts to use the available bandwidth for foreground downloads. Valid values 0 to 100","Name":"MaximumForegroundBandwidthPercentage","Option":"Write"},{"CIMType":"String","Description":"The type of the entity.","Name":"odataType","Option":"Write","ValueMap":["#microsoft.graph.deliveryOptimizationBandwidthAbsolute","#microsoft.graph.deliveryOptimizationBandwidthHoursWithPercentage","#microsoft.graph.deliveryOptimizationBandwidthPercentage"],"Values":["#microsoft.graph.deliveryOptimizationBandwidthAbsolute","#microsoft.graph.deliveryOptimizationBandwidthHoursWithPercentage","#microsoft.graph.deliveryOptimizationBandwidthPercentage"]}],"Description":"Intune Device Configuration Delivery Optimization Policy for Windows10"},{"ClassName":"MSFT_MicrosoftGraphDeliveryOptimizationBandwidthBusinessHoursLimit","Parameters":[{"CIMType":"UInt32","Description":"Specifies the beginning of business hours using a 24-hour clock (0-23). Valid values 0 to 23","Name":"BandwidthBeginBusinessHours","Option":"Write"},{"CIMType":"UInt32","Description":"Specifies the end of business hours using a 24-hour clock (0-23). Valid values 0 to 23","Name":"BandwidthEndBusinessHours","Option":"Write"},{"CIMType":"UInt32","Description":"Specifies the percentage of bandwidth to limit during business hours (0-100). Valid values 0 to 100","Name":"BandwidthPercentageDuringBusinessHours","Option":"Write"},{"CIMType":"UInt32","Description":"Specifies the percentage of bandwidth to limit outsidse business hours (0-100). Valid values 0 to 100","Name":"BandwidthPercentageOutsideBusinessHours","Option":"Write"}],"Description":"Intune Device Configuration Delivery Optimization Policy for Windows10"},{"ClassName":"MSFT_MicrosoftGraphDeliveryOptimizationGroupIdSource","Parameters":[{"CIMType":"String","Description":"Specifies an arbitrary group ID that the device belongs to","Name":"GroupIdCustom","Option":"Write"},{"CIMType":"String","Description":"Set this policy to restrict peer selection to a specific source. Possible values are: notConfigured, adSite, authenticatedDomainSid, dhcpUserOption, dnsSuffix.","Name":"GroupIdSourceOption","Option":"Write","ValueMap":["notConfigured","adSite","authenticatedDomainSid","dhcpUserOption","dnsSuffix"],"Values":["notConfigured","adSite","authenticatedDomainSid","dhcpUserOption","dnsSuffix"]},{"CIMType":"String","Description":"The type of the entity.","Name":"odataType","Option":"Write","ValueMap":["#microsoft.graph.deliveryOptimizationGroupIdCustom","#microsoft.graph.deliveryOptimizationGroupIdSourceOptions"],"Values":["#microsoft.graph.deliveryOptimizationGroupIdCustom","#microsoft.graph.deliveryOptimizationGroupIdSourceOptions"]}],"Description":"Intune Device Configuration Delivery Optimization Policy for Windows10"},{"ClassName":"MSFT_MicrosoftGraphDeliveryOptimizationMaxCacheSize","Parameters":[{"CIMType":"UInt64","Description":"Specifies the maximum size in GB of Delivery Optimization cache. Valid values 0 to 4294967295","Name":"MaximumCacheSizeInGigabytes","Option":"Write"},{"CIMType":"UInt32","Description":"Specifies the maximum cache size that Delivery Optimization can utilize, as a percentage of disk size (1-100). Valid values 1 to 100","Name":"MaximumCacheSizePercentage","Option":"Write"},{"CIMType":"String","Description":"The type of the entity.","Name":"odataType","Option":"Write","ValueMap":["#microsoft.graph.deliveryOptimizationMaxCacheSizeAbsolute","#microsoft.graph.deliveryOptimizationMaxCacheSizePercentage"],"Values":["#microsoft.graph.deliveryOptimizationMaxCacheSizeAbsolute","#microsoft.graph.deliveryOptimizationMaxCacheSizePercentage"]}],"Description":"Intune Device Configuration Delivery Optimization Policy for Windows10"},{"ClassName":"MSFT_IntuneDeviceConfigurationDeliveryOptimizationPolicyWindows10","Parameters":[{"CIMType":"UInt64","Description":"Specifies number of seconds to delay an HTTP source in a background download that is allowed to use peer-to-peer. Valid values 0 to 4294967295","Name":"BackgroundDownloadFromHttpDelayInSeconds","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphdeliveryOptimizationBandwidth","Description":"Specifies foreground and background bandwidth usage using percentages, absolutes, or hours.","Name":"BandwidthMode","Option":"Write"},{"CIMType":"UInt32","Description":"Specifies number of seconds to delay a fall back from cache servers to an HTTP source for a background download. Valid values 0 to 2592000.","Name":"CacheServerBackgroundDownloadFallbackToHttpDelayInSeconds","Option":"Write"},{"CIMType":"UInt32","Description":"Specifies number of seconds to delay a fall back from cache servers to an HTTP source for a foreground download. Valid values 0 to 2592000.","Name":"CacheServerForegroundDownloadFallbackToHttpDelayInSeconds","Option":"Write"},{"CIMType":"String[]","Description":"Specifies cache servers host names.","Name":"CacheServerHostNames","Option":"Write"},{"CIMType":"String","Description":"Specifies the download method that delivery optimization can use to manage network bandwidth consumption for large content distribution scenarios. Possible values are: userDefined, httpOnly, httpWithPeeringNat, httpWithPeeringPrivateGroup, httpWithInternetPeering, simpleDownload, bypassMode.","Name":"DeliveryOptimizationMode","Option":"Write","ValueMap":["userDefined","httpOnly","httpWithPeeringNat","httpWithPeeringPrivateGroup","httpWithInternetPeering","simpleDownload","bypassMode"],"Values":["userDefined","httpOnly","httpWithPeeringNat","httpWithPeeringPrivateGroup","httpWithInternetPeering","simpleDownload","bypassMode"]},{"CIMType":"UInt64","Description":"Specifies number of seconds to delay an HTTP source in a foreground download that is allowed to use peer-to-peer (0-86400). Valid values 0 to 86400 Specifying 0 sets Delivery Optimization to manage this setting using the cloud service. Valid values 0 to 86400","Name":"ForegroundDownloadFromHttpDelayInSeconds","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphdeliveryOptimizationGroupIdSource","Description":"Specifies to restrict peer selection to a specific source. The options set in this policy only apply to Delivery Optimization mode Group (2) download mode. If Group (2) isn't set as Download mode, this policy will be ignored. For option 3 - DHCP Option ID, the client will query DHCP Option ID 234 and use the returned GUID value as the Group ID.","Name":"GroupIdSource","Option":"Write"},{"CIMType":"UInt32","Description":"Specifies the maximum time in days that each file is held in the Delivery Optimization cache after downloading successfully (0-3650). Valid values 0 to 3650","Name":"MaximumCacheAgeInDays","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphdeliveryOptimizationMaxCacheSize","Description":"Specifies the maximum cache size that Delivery Optimization either as a percentage or in GB.","Name":"MaximumCacheSize","Option":"Write"},{"CIMType":"UInt32","Description":"Specifies the minimum battery percentage to allow the device to upload data (0-100). Valid values 0 to 100 The default value is 0. The value 0 (zero) means 'not limited' and the cloud service default value will be used. Valid values 0 to 100","Name":"MinimumBatteryPercentageAllowedToUpload","Option":"Write"},{"CIMType":"UInt32","Description":"Specifies the minimum disk size in GB to use Peer Caching (1-100000). Valid values 1 to 100000 Recommended values: 64 GB to 256 GB. Valid values 1 to 100000","Name":"MinimumDiskSizeAllowedToPeerInGigabytes","Option":"Write"},{"CIMType":"UInt32","Description":"Specifies the minimum content file size in MB enabled to use Peer Caching (1-100000). Valid values 1 to 100000 Recommended values: 1 MB to 100,000 MB. Valid values 1 to 100000","Name":"MinimumFileSizeToCacheInMegabytes","Option":"Write"},{"CIMType":"UInt32","Description":"Specifies the minimum RAM size in GB to use Peer Caching (1-100000). Valid values 1 to 100000","Name":"MinimumRamAllowedToPeerInGigabytes","Option":"Write"},{"CIMType":"String","Description":"Specifies the drive that Delivery Optimization should use for its cache.","Name":"ModifyCacheLocation","Option":"Write"},{"CIMType":"String","Description":"Specifies to restrict peer selection via selected option.","Name":"RestrictPeerSelectionBy","Option":"Write","ValueMap":["notConfigured","subnetMask"],"Values":["notConfigured","subnetMask"]},{"CIMType":"String","Description":"Specifies whether the device is allowed to participate in Peer Caching while connected via VPN to the domain network.","Name":"VpnPeerCaching","Option":"Write","ValueMap":["notConfigured","enabled","disabled"],"Values":["notConfigured","enabled","disabled"]},{"CIMType":"String","Description":"Admin provided description of the Device Configuration.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Admin provided name of the device configuration.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Device Configuration Delivery Optimization Policy for Windows10"},{"ClassName":"MSFT_IntuneDeviceConfigurationDeliveryOptimizationPolicyWindows10V2","Parameters":[{"CIMType":"String","Description":"Policy description","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Policy name","Name":"DisplayName","Option":"Key"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"SInt32","Description":"DO Download Mode (0: HTTP only, no peering, 1: HTTP blended with peering behind the same NAT, 2: HTTP blended with peering across a private group, 3: HTTP blended with Internet peering, 99: HTTP only, no peering, no use of DO cloud service, 100: Bypass mode, deprecated in Windows 11)","Name":"DODownloadMode","Option":"Write","ValueMap":[0,1,2,3,99,100],"Values":[0,1,2,3,99,100]},{"CIMType":"SInt32","Description":"DO Restrict Peer Selection By (0: None, 1: Subnet mask, 2: Local discovery (DNS-SD))","Name":"DORestrictPeerSelectionBy","Option":"Write","ValueMap":[0,1,2],"Values":[0,1,2]},{"CIMType":"SInt32","Description":"DO Group Id Source (0: Not Set, 1: AD site, 2: Authenticated domain SID, 3: DHCP Option ID, 4: DNS Suffix, 5: Entra ID Tenant ID)","Name":"DOGroupIdSource","Option":"Write","ValueMap":[0,1,2,3,4,5],"Values":[0,1,2,3,4,5]},{"CIMType":"String","Description":"DO Group Id","Name":"DOGroupId","Option":"Write"},{"CIMType":"SInt32","Description":"DO Max Foreground Download Bandwidth","Name":"DOMaxForegroundDownloadBandwidth","Option":"Write"},{"CIMType":"SInt32","Description":"DO Max Background Download Bandwidth","Name":"DOMaxBackgroundDownloadBandwidth","Option":"Write"},{"CIMType":"SInt32","Description":"DO Percentage Max Foreground Bandwidth","Name":"DOPercentageMaxForegroundBandwidth","Option":"Write"},{"CIMType":"SInt32","Description":"DO Percentage Max Background Bandwidth","Name":"DOPercentageMaxBackgroundBandwidth","Option":"Write"},{"CIMType":"SInt32","Description":"Set Business Hours to Limit Foreground Download Bandwidth (0: Disabled, 1: Enabled)","Name":"SetHoursToLimitForegroundDownloadBandwidth","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"String","Description":"To: (Device) - Depends on SetHoursToLimitForegroundDownloadBandwidth (0: 12 AM, 1: 1 AM, 2: 2 AM, 3: 3 AM, 4: 4 AM, 5: 5 AM, 6: 6 AM, 7: 7 AM, 8: 8 AM, 9: 9 AM, 10: 10 AM, 11: 11 AM, 12: 12 PM, 13: 1 PM, 14: 2 PM, 15: 3 PM, 16: 4 PM, 17: 5 PM, 18: 6 PM, 19: 7 PM, 20: 8 PM, 21: 9 PM, 22: 10 PM, 23: 11 PM)","Name":"SetHoursToLimitForegroundDownloadBandwidthTo","Option":"Write","ValueMap":["0","1","2","3","4","5","6","7","8","9","10","11","12","13","14","15","16","17","18","19","20","21","22","23"],"Values":["0","1","2","3","4","5","6","7","8","9","10","11","12","13","14","15","16","17","18","19","20","21","22","23"]},{"CIMType":"String","Description":"From: (Device) - Depends on SetHoursToLimitForegroundDownloadBandwidth (0: 12 AM, 1: 1 AM, 2: 2 AM, 3: 3 AM, 4: 4 AM, 5: 5 AM, 6: 6 AM, 7: 7 AM, 8: 8 AM, 9: 9 AM, 10: 10 AM, 11: 11 AM, 12: 12 PM, 13: 1 PM, 14: 2 PM, 15: 3 PM, 16: 4 PM, 17: 5 PM, 18: 6 PM, 19: 7 PM, 20: 8 PM, 21: 9 PM, 22: 10 PM, 23: 11 PM)","Name":"SetHoursToLimitForegroundDownloadBandwidthFrom","Option":"Write","ValueMap":["0","1","2","3","4","5","6","7","8","9","10","11","12","13","14","15","16","17","18","19","20","21","22","23"],"Values":["0","1","2","3","4","5","6","7","8","9","10","11","12","13","14","15","16","17","18","19","20","21","22","23"]},{"CIMType":"SInt32","Description":"Maximum Foreground Download Bandwidth (percentage) during Business Hours: - Depends on SetHoursToLimitForegroundDownloadBandwidth","Name":"SetHoursToLimitForegroundDownloadBandwidthIn","Option":"Write"},{"CIMType":"SInt32","Description":"Maximum Foreground Download Bandwidth (percentage) outside of Business Hours: - Depends on SetHoursToLimitForegroundDownloadBandwidth","Name":"SetHoursToLimitForegroundDownloadBandwidthOut","Option":"Write"},{"CIMType":"SInt32","Description":"Set Business Hours to Limit Background Download Bandwidth (0: Disabled, 1: Enabled)","Name":"SetHoursToLimitBackgroundDownloadBandwidth","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Maximum Background Download Bandwidth (percentage) outside of Business Hours: - Depends on SetHoursToLimitBackgroundDownloadBandwidth","Name":"SetHoursToLimitBackgroundDownloadBandwidthOut","Option":"Write"},{"CIMType":"String","Description":"From: (Device) - Depends on SetHoursToLimitBackgroundDownloadBandwidth (0: 12 AM, 1: 1 AM, 2: 2 AM, 3: 3 AM, 4: 4 AM, 5: 5 AM, 6: 6 AM, 7: 7 AM, 8: 8 AM, 9: 9 AM, 10: 10 AM, 11: 11 AM, 12: 12 PM, 13: 1 PM, 14: 2 PM, 15: 3 PM, 16: 4 PM, 17: 5 PM, 18: 6 PM, 19: 7 PM, 20: 8 PM, 21: 9 PM, 22: 10 PM, 23: 11 PM)","Name":"SetHoursToLimitBackgroundDownloadBandwidthFrom","Option":"Write","ValueMap":["0","1","2","3","4","5","6","7","8","9","10","11","12","13","14","15","16","17","18","19","20","21","22","23"],"Values":["0","1","2","3","4","5","6","7","8","9","10","11","12","13","14","15","16","17","18","19","20","21","22","23"]},{"CIMType":"SInt32","Description":"Maximum Background Download Bandwidth (percentage) during Business Hours: - Depends on SetHoursToLimitBackgroundDownloadBandwidth","Name":"SetHoursToLimitBackgroundDownloadBandwidthIn","Option":"Write"},{"CIMType":"String","Description":"To: (Device) - Depends on SetHoursToLimitBackgroundDownloadBandwidth (0: 12 AM, 1: 1 AM, 2: 2 AM, 3: 3 AM, 4: 4 AM, 5: 5 AM, 6: 6 AM, 7: 7 AM, 8: 8 AM, 9: 9 AM, 10: 10 AM, 11: 11 AM, 12: 12 PM, 13: 1 PM, 14: 2 PM, 15: 3 PM, 16: 4 PM, 17: 5 PM, 18: 6 PM, 19: 7 PM, 20: 8 PM, 21: 9 PM, 22: 10 PM, 23: 11 PM)","Name":"SetHoursToLimitBackgroundDownloadBandwidthTo","Option":"Write","ValueMap":["0","1","2","3","4","5","6","7","8","9","10","11","12","13","14","15","16","17","18","19","20","21","22","23"],"Values":["0","1","2","3","4","5","6","7","8","9","10","11","12","13","14","15","16","17","18","19","20","21","22","23"]},{"CIMType":"SInt32","Description":"DO Delay Foreground Download From Http","Name":"DODelayForegroundDownloadFromHttp","Option":"Write"},{"CIMType":"SInt32","Description":"DO Delay Background Download From Http","Name":"DODelayBackgroundDownloadFromHttp","Option":"Write"},{"CIMType":"SInt32","Description":"DO Min RAM Allowed To Peer","Name":"DOMinRAMAllowedToPeer","Option":"Write"},{"CIMType":"SInt32","Description":"DO Min Disk Size Allowed To Peer","Name":"DOMinDiskSizeAllowedToPeer","Option":"Write"},{"CIMType":"SInt32","Description":"DO Min File Size To Cache","Name":"DOMinFileSizeToCache","Option":"Write"},{"CIMType":"SInt32","Description":"DO Min Battery Percentage Allowed To Upload","Name":"DOMinBatteryPercentageAllowedToUpload","Option":"Write"},{"CIMType":"String","Description":"DO Modify Cache Drive","Name":"DOModifyCacheDrive","Option":"Write"},{"CIMType":"SInt32","Description":"DO Max Cache Age","Name":"DOMaxCacheAge","Option":"Write"},{"CIMType":"SInt32","Description":"DO Absolute Max Cache Size","Name":"DOAbsoluteMaxCacheSize","Option":"Write"},{"CIMType":"SInt32","Description":"DO Max Cache Size","Name":"DOMaxCacheSize","Option":"Write"},{"CIMType":"SInt32","Description":"DO Allow VPN Peer Caching (0: Not allowed, 1: Allowed)","Name":"DOAllowVPNPeerCaching","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"String[]","Description":"DO Cache Host","Name":"DOCacheHost","Option":"Write"},{"CIMType":"SInt32","Description":"DO Cache Host Source","Name":"DOCacheHostSource","Option":"Write"},{"CIMType":"SInt32","Description":"DO Disallow Cache Server Downloads On VPN (0: Not Set, 1: Enabled)","Name":"DODisallowCacheServerDownloadsOnVPN","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"DO Delay Cache Server Fallback Foreground","Name":"DODelayCacheServerFallbackForeground","Option":"Write"},{"CIMType":"SInt32","Description":"DO Delay Cache Server Fallback Background","Name":"DODelayCacheServerFallbackBackground","Option":"Write"},{"CIMType":"SInt32","Description":"DO Min Background Qos","Name":"DOMinBackgroundQos","Option":"Write"},{"CIMType":"SInt32","Description":"DO Monthly Upload Data Cap","Name":"DOMonthlyUploadDataCap","Option":"Write"},{"CIMType":"String[]","Description":"DO Vpn Keywords","Name":"DOVpnKeywords","Option":"Write"},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Device Configuration Delivery Optimization Policy for Windows10 Setting Catalog"},{"ClassName":"MSFT_IntuneDeviceConfigurationDomainJoinPolicyWindows10","Parameters":[{"CIMType":"String","Description":"Active Directory domain name to join.","Name":"ActiveDirectoryDomainName","Option":"Write"},{"CIMType":"String","Description":"Fixed prefix to be used for computer name.","Name":"ComputerNameStaticPrefix","Option":"Write"},{"CIMType":"UInt32","Description":"Dynamically generated characters used as suffix for computer name. Valid values 3 to 14","Name":"ComputerNameSuffixRandomCharCount","Option":"Write"},{"CIMType":"String","Description":"Organizational unit (OU) where the computer account will be created. If this parameter is NULL, the well known computer object container will be used as published in the domain.","Name":"OrganizationalUnit","Option":"Write"},{"CIMType":"String","Description":"Admin provided description of the Device Configuration.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Admin provided name of the device configuration.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Device Configuration Domain Join Policy for Windows10"},{"ClassName":"MSFT_IntuneDeviceConfigurationEmailProfilePolicyWindows10","Parameters":[{"CIMType":"String","Description":"Account name.","Name":"AccountName","Option":"Write"},{"CIMType":"String","Description":"Duration of email to sync. Possible values are: userDefined, oneDay, threeDays, oneWeek, twoWeeks, oneMonth, unlimited.","Name":"DurationOfEmailToSync","Option":"Write","ValueMap":["userDefined","oneDay","threeDays","oneWeek","twoWeeks","oneMonth","unlimited"],"Values":["userDefined","oneDay","threeDays","oneWeek","twoWeeks","oneMonth","unlimited"]},{"CIMType":"String","Description":"Email attribute that is picked from AAD and injected into this profile before installing on the device. Possible values are: userPrincipalName, primarySmtpAddress.","Name":"EmailAddressSource","Option":"Write","ValueMap":["userPrincipalName","primarySmtpAddress"],"Values":["userPrincipalName","primarySmtpAddress"]},{"CIMType":"String","Description":"Email sync schedule. Possible values are: userDefined, asMessagesArrive, manual, fifteenMinutes, thirtyMinutes, sixtyMinutes, basedOnMyUsage.","Name":"EmailSyncSchedule","Option":"Write","ValueMap":["userDefined","asMessagesArrive","manual","fifteenMinutes","thirtyMinutes","sixtyMinutes","basedOnMyUsage"],"Values":["userDefined","asMessagesArrive","manual","fifteenMinutes","thirtyMinutes","sixtyMinutes","basedOnMyUsage"]},{"CIMType":"String","Description":"Exchange location that (URL) that the native mail app connects to.","Name":"HostName","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to use SSL.","Name":"RequireSsl","Option":"Write"},{"CIMType":"Boolean","Description":"Whether or not to sync the calendar.","Name":"SyncCalendar","Option":"Write"},{"CIMType":"Boolean","Description":"Whether or not to sync contacts.","Name":"SyncContacts","Option":"Write"},{"CIMType":"Boolean","Description":"Whether or not to sync tasks.","Name":"SyncTasks","Option":"Write"},{"CIMType":"String","Description":"Custom domain name value used while generating an email profile before installing on the device.","Name":"CustomDomainName","Option":"Write"},{"CIMType":"String","Description":"UserDomainname attribute that is picked from AAD and injected into this profile before installing on the device. Possible values are: fullDomainName, netBiosDomainName.","Name":"UserDomainNameSource","Option":"Write","ValueMap":["fullDomainName","netBiosDomainName"],"Values":["fullDomainName","netBiosDomainName"]},{"CIMType":"String","Description":"Name of the AAD field, that will be used to retrieve UserName for email profile. Possible values are: userPrincipalName, primarySmtpAddress, samAccountName.","Name":"UsernameAADSource","Option":"Write","ValueMap":["userPrincipalName","primarySmtpAddress","samAccountName"],"Values":["userPrincipalName","primarySmtpAddress","samAccountName"]},{"CIMType":"String","Description":"Username attribute that is picked from AAD and injected into this profile before installing on the device. Possible values are: userPrincipalName, primarySmtpAddress.","Name":"UsernameSource","Option":"Write","ValueMap":["userPrincipalName","primarySmtpAddress"],"Values":["userPrincipalName","primarySmtpAddress"]},{"CIMType":"String","Description":"Admin provided description of the Device Configuration.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Admin provided name of the device configuration.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Device Configuration Email Profile Policy for Windows10"},{"ClassName":"MSFT_MicrosoftGraphBitLockerFixedDrivePolicy","Parameters":[{"CIMType":"String","Description":"Select the encryption method for fixed drives. Possible values are: aesCbc128, aesCbc256, xtsAes128, xtsAes256.","Name":"EncryptionMethod","Option":"Write","ValueMap":["aesCbc128","aesCbc256","xtsAes128","xtsAes256"],"Values":["aesCbc128","aesCbc256","xtsAes128","xtsAes256"]},{"CIMType":"MSFT_MicrosoftGraphBitLockerRecoveryOptions","Description":"This policy setting allows you to control how BitLocker-protected fixed data drives are recovered in the absence of the required credentials. This policy setting is applied when you turn on BitLocker.","Name":"RecoveryOptions","Option":"Write"},{"CIMType":"Boolean","Description":"This policy setting determines whether BitLocker protection is required for fixed data drives to be writable on a computer.","Name":"RequireEncryptionForWriteAccess","Option":"Write"}],"Description":"Intune Device Configuration Endpoint Protection Policy for Windows10"},{"ClassName":"MSFT_MicrosoftGraphBitLockerRecoveryOptions","Parameters":[{"CIMType":"Boolean","Description":"Indicates whether to block certificate-based data recovery agent.","Name":"BlockDataRecoveryAgent","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to enable BitLocker until recovery information is stored in AD DS.","Name":"EnableBitLockerAfterRecoveryInformationToStore","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to allow BitLocker recovery information to store in AD DS.","Name":"EnableRecoveryInformationSaveToStore","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to allow showing recovery options in BitLocker Setup Wizard for fixed or system disk.","Name":"HideRecoveryOptions","Option":"Write"},{"CIMType":"String","Description":"Configure what pieces of BitLocker recovery information are stored to AD DS. Possible values are: passwordAndKey, passwordOnly.","Name":"RecoveryInformationToStore","Option":"Write","ValueMap":["passwordAndKey","passwordOnly"],"Values":["passwordAndKey","passwordOnly"]},{"CIMType":"String","Description":"Indicates whether users are allowed or required to generate a 256-bit recovery key for fixed or system disk. Possible values are: blocked, required, allowed, notConfigured.","Name":"RecoveryKeyUsage","Option":"Write","ValueMap":["blocked","required","allowed","notConfigured"],"Values":["blocked","required","allowed","notConfigured"]},{"CIMType":"String","Description":"Indicates whether users are allowed or required to generate a 48-digit recovery password for fixed or system disk. Possible values are: blocked, required, allowed, notConfigured.","Name":"RecoveryPasswordUsage","Option":"Write","ValueMap":["blocked","required","allowed","notConfigured"],"Values":["blocked","required","allowed","notConfigured"]}],"Description":"Intune Device Configuration Endpoint Protection Policy for Windows10"},{"ClassName":"MSFT_MicrosoftGraphBitLockerRemovableDrivePolicy","Parameters":[{"CIMType":"Boolean","Description":"This policy setting determines whether BitLocker protection is required for removable data drives to be writable on a computer.","Name":"BlockCrossOrganizationWriteAccess","Option":"Write"},{"CIMType":"String","Description":"Select the encryption method for removable  drives. Possible values are: aesCbc128, aesCbc256, xtsAes128, xtsAes256.","Name":"EncryptionMethod","Option":"Write","ValueMap":["aesCbc128","aesCbc256","xtsAes128","xtsAes256"],"Values":["aesCbc128","aesCbc256","xtsAes128","xtsAes256"]},{"CIMType":"Boolean","Description":"Indicates whether to block write access to devices configured in another organization.  If requireEncryptionForWriteAccess is false, this value does not affect.","Name":"RequireEncryptionForWriteAccess","Option":"Write"}],"Description":"Intune Device Configuration Endpoint Protection Policy for Windows10"},{"ClassName":"MSFT_MicrosoftGraphBitLockerSystemDrivePolicy","Parameters":[{"CIMType":"String","Description":"Select the encryption method for operating system drives. Possible values are: aesCbc128, aesCbc256, xtsAes128, xtsAes256.","Name":"EncryptionMethod","Option":"Write","ValueMap":["aesCbc128","aesCbc256","xtsAes128","xtsAes256"],"Values":["aesCbc128","aesCbc256","xtsAes128","xtsAes256"]},{"CIMType":"UInt32","Description":"Indicates the minimum length of startup pin. Valid values 4 to 20","Name":"MinimumPinLength","Option":"Write"},{"CIMType":"Boolean","Description":"Enable pre-boot recovery message and Url. If requireStartupAuthentication is false, this value does not affect.","Name":"PrebootRecoveryEnableMessageAndUrl","Option":"Write"},{"CIMType":"String","Description":"Defines a custom recovery message.","Name":"PrebootRecoveryMessage","Option":"Write"},{"CIMType":"String","Description":"Defines a custom recovery URL.","Name":"PrebootRecoveryUrl","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphBitLockerRecoveryOptions","Description":"Allows to recover BitLocker encrypted operating system drives in the absence of the required startup key information. This policy setting is applied when you turn on BitLocker.","Name":"RecoveryOptions","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether to allow BitLocker without a compatible TPM (requires a password or a startup key on a USB flash drive).","Name":"StartupAuthenticationBlockWithoutTpmChip","Option":"Write"},{"CIMType":"Boolean","Description":"Require additional authentication at startup.","Name":"StartupAuthenticationRequired","Option":"Write"},{"CIMType":"String","Description":"Indicates if TPM startup key is allowed/required/disallowed. Possible values are: blocked, required, allowed, notConfigured.","Name":"StartupAuthenticationTpmKeyUsage","Option":"Write","ValueMap":["blocked","required","allowed","notConfigured"],"Values":["blocked","required","allowed","notConfigured"]},{"CIMType":"String","Description":"Indicates if TPM startup pin key and key are allowed/required/disallowed. Possible values are: blocked, required, allowed, notConfigured.","Name":"StartupAuthenticationTpmPinAndKeyUsage","Option":"Write","ValueMap":["blocked","required","allowed","notConfigured"],"Values":["blocked","required","allowed","notConfigured"]},{"CIMType":"String","Description":"Indicates if TPM startup pin is allowed/required/disallowed. Possible values are: blocked, required, allowed, notConfigured.","Name":"StartupAuthenticationTpmPinUsage","Option":"Write","ValueMap":["blocked","required","allowed","notConfigured"],"Values":["blocked","required","allowed","notConfigured"]},{"CIMType":"String","Description":"Indicates if TPM startup is allowed/required/disallowed. Possible values are: blocked, required, allowed, notConfigured.","Name":"StartupAuthenticationTpmUsage","Option":"Write","ValueMap":["blocked","required","allowed","notConfigured"],"Values":["blocked","required","allowed","notConfigured"]}],"Description":"Intune Device Configuration Endpoint Protection Policy for Windows10"},{"ClassName":"MSFT_MicrosoftGraphDefenderDetectedMalwareActions","Parameters":[{"CIMType":"String","Description":"Indicates a Defender action to take for high severity Malware threat detected. Possible values are: deviceDefault, clean, quarantine, remove, allow, userDefined, block.","Name":"HighSeverity","Option":"Write","ValueMap":["deviceDefault","clean","quarantine","remove","allow","userDefined","block"],"Values":["deviceDefault","clean","quarantine","remove","allow","userDefined","block"]},{"CIMType":"String","Description":"Indicates a Defender action to take for low severity Malware threat detected. Possible values are: deviceDefault, clean, quarantine, remove, allow, userDefined, block.","Name":"LowSeverity","Option":"Write","ValueMap":["deviceDefault","clean","quarantine","remove","allow","userDefined","block"],"Values":["deviceDefault","clean","quarantine","remove","allow","userDefined","block"]},{"CIMType":"String","Description":"Indicates a Defender action to take for moderate severity Malware threat detected. Possible values are: deviceDefault, clean, quarantine, remove, allow, userDefined, block.","Name":"ModerateSeverity","Option":"Write","ValueMap":["deviceDefault","clean","quarantine","remove","allow","userDefined","block"],"Values":["deviceDefault","clean","quarantine","remove","allow","userDefined","block"]},{"CIMType":"String","Description":"Indicates a Defender action to take for severe severity Malware threat detected. Possible values are: deviceDefault, clean, quarantine, remove, allow, userDefined, block.","Name":"SevereSeverity","Option":"Write","ValueMap":["deviceDefault","clean","quarantine","remove","allow","userDefined","block"],"Values":["deviceDefault","clean","quarantine","remove","allow","userDefined","block"]}],"Description":"Intune Device Configuration Endpoint Protection Policy for Windows10"},{"ClassName":"MSFT_MicrosoftGraphWindowsFirewallNetworkProfile","Parameters":[{"CIMType":"Boolean","Description":"Configures the firewall to merge authorized application rules from group policy with those from local store instead of ignoring the local store rules. When AuthorizedApplicationRulesFromGroupPolicyNotMerged and AuthorizedApplicationRulesFromGroupPolicyMerged are both true, AuthorizedApplicationRulesFromGroupPolicyMerged takes priority.","Name":"AuthorizedApplicationRulesFromGroupPolicyMerged","Option":"Write"},{"CIMType":"Boolean","Description":"Configures the firewall to prevent merging authorized application rules from group policy with those from local store instead of ignoring the local store rules. When AuthorizedApplicationRulesFromGroupPolicyNotMerged and AuthorizedApplicationRulesFromGroupPolicyMerged are both true, AuthorizedApplicationRulesFromGroupPolicyMerged takes priority.","Name":"AuthorizedApplicationRulesFromGroupPolicyNotMerged","Option":"Write"},{"CIMType":"Boolean","Description":"Configures the firewall to merge connection security rules from group policy with those from local store instead of ignoring the local store rules. When ConnectionSecurityRulesFromGroupPolicyNotMerged and ConnectionSecurityRulesFromGroupPolicyMerged are both true, ConnectionSecurityRulesFromGroupPolicyMerged takes priority.","Name":"ConnectionSecurityRulesFromGroupPolicyMerged","Option":"Write"},{"CIMType":"Boolean","Description":"Configures the firewall to prevent merging connection security rules from group policy with those from local store instead of ignoring the local store rules. When ConnectionSecurityRulesFromGroupPolicyNotMerged and ConnectionSecurityRulesFromGroupPolicyMerged are both true, ConnectionSecurityRulesFromGroupPolicyMerged takes priority.","Name":"ConnectionSecurityRulesFromGroupPolicyNotMerged","Option":"Write"},{"CIMType":"String","Description":"Configures the host device to allow or block the firewall and advanced security enforcement for the network profile. Possible values are: notConfigured, blocked, allowed.","Name":"FirewallEnabled","Option":"Write","ValueMap":["notConfigured","blocked","allowed"],"Values":["notConfigured","blocked","allowed"]},{"CIMType":"Boolean","Description":"Configures the firewall to merge global port rules from group policy with those from local store instead of ignoring the local store rules. When GlobalPortRulesFromGroupPolicyNotMerged and GlobalPortRulesFromGroupPolicyMerged are both true, GlobalPortRulesFromGroupPolicyMerged takes priority.","Name":"GlobalPortRulesFromGroupPolicyMerged","Option":"Write"},{"CIMType":"Boolean","Description":"Configures the firewall to prevent merging global port rules from group policy with those from local store instead of ignoring the local store rules. When GlobalPortRulesFromGroupPolicyNotMerged and GlobalPortRulesFromGroupPolicyMerged are both true, GlobalPortRulesFromGroupPolicyMerged takes priority.","Name":"GlobalPortRulesFromGroupPolicyNotMerged","Option":"Write"},{"CIMType":"Boolean","Description":"Configures the firewall to block all incoming connections by default. When InboundConnectionsRequired and InboundConnectionsBlocked are both true, InboundConnectionsBlocked takes priority.","Name":"InboundConnectionsBlocked","Option":"Write"},{"CIMType":"Boolean","Description":"Configures the firewall to allow all incoming connections by default. When InboundConnectionsRequired and InboundConnectionsBlocked are both true, InboundConnectionsBlocked takes priority.","Name":"InboundConnectionsRequired","Option":"Write"},{"CIMType":"Boolean","Description":"Prevents the firewall from displaying notifications when an application is blocked from listening on a port. When InboundNotificationsRequired and InboundNotificationsBlocked are both true, InboundNotificationsBlocked takes priority.","Name":"InboundNotificationsBlocked","Option":"Write"},{"CIMType":"Boolean","Description":"Allows the firewall to display notifications when an application is blocked from listening on a port. When InboundNotificationsRequired and InboundNotificationsBlocked are both true, InboundNotificationsBlocked takes priority.","Name":"InboundNotificationsRequired","Option":"Write"},{"CIMType":"Boolean","Description":"Configures the firewall to block all incoming traffic regardless of other policy settings. When IncomingTrafficRequired and IncomingTrafficBlocked are both true, IncomingTrafficBlocked takes priority.","Name":"IncomingTrafficBlocked","Option":"Write"},{"CIMType":"Boolean","Description":"Configures the firewall to allow incoming traffic pursuant to other policy settings. When IncomingTrafficRequired and IncomingTrafficBlocked are both true, IncomingTrafficBlocked takes priority.","Name":"IncomingTrafficRequired","Option":"Write"},{"CIMType":"Boolean","Description":"Configures the firewall to block all outgoing connections by default. When OutboundConnectionsRequired and OutboundConnectionsBlocked are both true, OutboundConnectionsBlocked takes priority. This setting will get applied to Windows releases version 1809 and above.","Name":"OutboundConnectionsBlocked","Option":"Write"},{"CIMType":"Boolean","Description":"Configures the firewall to allow all outgoing connections by default. When OutboundConnectionsRequired and OutboundConnectionsBlocked are both true, OutboundConnectionsBlocked takes priority. This setting will get applied to Windows releases version 1809 and above.","Name":"OutboundConnectionsRequired","Option":"Write"},{"CIMType":"Boolean","Description":"Configures the firewall to merge Firewall Rule policies from group policy with those from local store instead of ignoring the local store rules. When PolicyRulesFromGroupPolicyNotMerged and PolicyRulesFromGroupPolicyMerged are both true, PolicyRulesFromGroupPolicyMerged takes priority.","Name":"PolicyRulesFromGroupPolicyMerged","Option":"Write"},{"CIMType":"Boolean","Description":"Configures the firewall to prevent merging Firewall Rule policies from group policy with those from local store instead of ignoring the local store rules. When PolicyRulesFromGroupPolicyNotMerged and PolicyRulesFromGroupPolicyMerged are both true, PolicyRulesFromGroupPolicyMerged takes priority.","Name":"PolicyRulesFromGroupPolicyNotMerged","Option":"Write"},{"CIMType":"Boolean","Description":"Configures the firewall to allow the host computer to respond to unsolicited network traffic of that traffic is secured by IPSec even when stealthModeBlocked is set to true. When SecuredPacketExemptionBlocked and SecuredPacketExemptionAllowed are both true, SecuredPacketExemptionAllowed takes priority.","Name":"SecuredPacketExemptionAllowed","Option":"Write"},{"CIMType":"Boolean","Description":"Configures the firewall to block the host computer to respond to unsolicited network traffic of that traffic is secured by IPSec even when stealthModeBlocked is set to true. When SecuredPacketExemptionBlocked and SecuredPacketExemptionAllowed are both true, SecuredPacketExemptionAllowed takes priority.","Name":"SecuredPacketExemptionBlocked","Option":"Write"},{"CIMType":"Boolean","Description":"Prevent the server from operating in stealth mode. When StealthModeRequired and StealthModeBlocked are both true, StealthModeBlocked takes priority.","Name":"StealthModeBlocked","Option":"Write"},{"CIMType":"Boolean","Description":"Allow the server to operate in stealth mode. When StealthModeRequired and StealthModeBlocked are both true, StealthModeBlocked takes priority.","Name":"StealthModeRequired","Option":"Write"},{"CIMType":"Boolean","Description":"Configures the firewall to block unicast responses to multicast broadcast traffic. When UnicastResponsesToMulticastBroadcastsRequired and UnicastResponsesToMulticastBroadcastsBlocked are both true, UnicastResponsesToMulticastBroadcastsBlocked takes priority.","Name":"UnicastResponsesToMulticastBroadcastsBlocked","Option":"Write"},{"CIMType":"Boolean","Description":"Configures the firewall to allow unicast responses to multicast broadcast traffic. When UnicastResponsesToMulticastBroadcastsRequired and UnicastResponsesToMulticastBroadcastsBlocked are both true, UnicastResponsesToMulticastBroadcastsBlocked takes priority.","Name":"UnicastResponsesToMulticastBroadcastsRequired","Option":"Write"}],"Description":"Intune Device Configuration Endpoint Protection Policy for Windows10"},{"ClassName":"MSFT_MicrosoftGraphWindowsFirewallRule","Parameters":[{"CIMType":"String","Description":"The action the rule enforces. If not specified, the default is Allowed. Possible values are: notConfigured, blocked, allowed.","Name":"Action","Option":"Write","ValueMap":["notConfigured","blocked","allowed"],"Values":["notConfigured","blocked","allowed"]},{"CIMType":"String","Description":"The description of the rule.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"The display name of the rule. Does not need to be unique.","Name":"DisplayName","Option":"Write"},{"CIMType":"String","Description":"Indicates whether edge traversal is enabled or disabled for this rule. The EdgeTraversal setting indicates that specific inbound traffic is allowed to tunnel through NATs and other edge devices using the Teredo tunneling technology. In order for this setting to work correctly, the application or service with the inbound firewall rule needs to support IPv6. The primary application of this setting allows listeners on the host to be globally addressable through a Teredo IPv6 address. New rules have the EdgeTraversal property disabled by default. Possible values are: notConfigured, blocked, allowed.","Name":"EdgeTraversal","Option":"Write","ValueMap":["notConfigured","blocked","allowed"],"Values":["notConfigured","blocked","allowed"]},{"CIMType":"String","Description":"The full file path of an app that's affected by the firewall rule.","Name":"FilePath","Option":"Write"},{"CIMType":"String[]","Description":"The interface types of the rule. Possible values are: notConfigured, remoteAccess, wireless, lan.","Name":"InterfaceTypes","Option":"Write","ValueMap":["notConfigured","remoteAccess","wireless","lan"],"Values":["notConfigured","remoteAccess","wireless","lan"]},{"CIMType":"String[]","Description":"List of local addresses covered by the rule. Default is any address. Valid tokens include:'' indicates any local address. If present, this must be the only token included.A subnet can be specified using either the subnet mask or network prefix notation. If neither a subnet mask nor a network prefix is specified, the subnet mask defaults to 255.255.255.255.A valid IPv6 address.An IPv4 address range in the format of 'start address - end address' with no spaces included.An IPv6 address range in the format of 'start address - end address' with no spaces included.","Name":"LocalAddressRanges","Option":"Write"},{"CIMType":"String[]","Description":"List of local port ranges. For example, '100-120', '200', '300-320'. If not specified, the default is All.","Name":"LocalPortRanges","Option":"Write"},{"CIMType":"String","Description":"Specifies the list of authorized local users for the app container. This is a string in Security Descriptor Definition Language (SDDL) format.","Name":"LocalUserAuthorizations","Option":"Write"},{"CIMType":"String","Description":"The package family name of a Microsoft Store application that's affected by the firewall rule.","Name":"PackageFamilyName","Option":"Write"},{"CIMType":"String","Description":"Specifies the profiles to which the rule belongs. If not specified, the default is All. Possible values are: notConfigured, domain, private, public.","Name":"ProfileTypes","Option":"Write"},{"CIMType":"UInt32","Description":"0-255 number representing the IP protocol (TCP = 6, UDP = 17). If not specified, the default is All. Valid values 0 to 255","Name":"Protocol","Option":"Write"},{"CIMType":"String[]","Description":"List of tokens specifying the remote addresses covered by the rule. Tokens are case insensitive. Default is any address. Valid tokens include:'' indicates any remote address. If present, this must be the only token included.'Defaultgateway''DHCP''DNS''WINS''Intranet' (supported on Windows versions 1809+)'RmtIntranet' (supported on Windows versions 1809+)'Internet' (supported on Windows versions 1809+)'Ply2Renders' (supported on Windows versions 1809+)'LocalSubnet' indicates any local address on the local subnet.A subnet can be specified using either the subnet mask or network prefix notation. If neither a subnet mask nor a network prefix is specified, the subnet mask defaults to 255.255.255.255.A valid IPv6 address.An IPv4 address range in the format of 'start address - end address' with no spaces included.An IPv6 address range in the format of 'start address - end address' with no spaces included.","Name":"RemoteAddressRanges","Option":"Write"},{"CIMType":"String[]","Description":"List of remote port ranges. For example, '100-120', '200', '300-320'. If not specified, the default is All.","Name":"RemotePortRanges","Option":"Write"},{"CIMType":"String","Description":"The name used in cases when a service, not an application, is sending or receiving traffic.","Name":"ServiceName","Option":"Write"},{"CIMType":"String","Description":"The traffic direction that the rule is enabled for. If not specified, the default is Out. Possible values are: notConfigured, out, in.","Name":"TrafficDirection","Option":"Write","ValueMap":["notConfigured","out","in"],"Values":["notConfigured","out","in"]}],"Description":"Intune Device Configuration Endpoint Protection Policy for Windows10"},{"ClassName":"MSFT_MicrosoftGraphDeviceManagementUserRightsSetting","Parameters":[{"CIMType":"MSFT_MicrosoftGraphDeviceManagementUserRightsLocalUserOrGroup[]","Description":"Representing a collection of local users or groups which will be set on device if the state of this setting is Allowed. This collection can contain a maximum of 500 elements.","Name":"LocalUsersOrGroups","Option":"Write"},{"CIMType":"String","Description":"Representing the current state of this user rights setting. Possible values are: notConfigured, blocked, allowed.","Name":"State","Option":"Write","ValueMap":["notConfigured","blocked","allowed"],"Values":["notConfigured","blocked","allowed"]}],"Description":"Intune Device Configuration Endpoint Protection Policy for Windows10"},{"ClassName":"MSFT_MicrosoftGraphDeviceManagementUserRightsLocalUserOrGroup","Parameters":[{"CIMType":"String","Description":"Admins description of this local user or group.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"The name of this local user or group.","Name":"Name","Option":"Write"},{"CIMType":"String","Description":"The security identifier of this local user or group (e.g. S-1-5-32-544).","Name":"SecurityIdentifier","Option":"Write"}],"Description":"Intune Device Configuration Endpoint Protection Policy for Windows10"},{"ClassName":"MSFT_IntuneDeviceConfigurationEndpointProtectionPolicyWindows10","Parameters":[{"CIMType":"Boolean","Description":"Gets or sets whether applications inside Microsoft Defender Application Guard can access the devices camera and microphone.","Name":"ApplicationGuardAllowCameraMicrophoneRedirection","Option":"Write"},{"CIMType":"Boolean","Description":"Allow users to download files from Edge in the application guard container and save them on the host file system","Name":"ApplicationGuardAllowFileSaveOnHost","Option":"Write"},{"CIMType":"Boolean","Description":"Allow persisting user generated data inside the App Guard Container (favorites, cookies, web passwords, etc.)","Name":"ApplicationGuardAllowPersistence","Option":"Write"},{"CIMType":"Boolean","Description":"Allow printing to Local Printers from Container","Name":"ApplicationGuardAllowPrintToLocalPrinters","Option":"Write"},{"CIMType":"Boolean","Description":"Allow printing to Network Printers from Container","Name":"ApplicationGuardAllowPrintToNetworkPrinters","Option":"Write"},{"CIMType":"Boolean","Description":"Allow printing to PDF from Container","Name":"ApplicationGuardAllowPrintToPDF","Option":"Write"},{"CIMType":"Boolean","Description":"Allow printing to XPS from Container","Name":"ApplicationGuardAllowPrintToXPS","Option":"Write"},{"CIMType":"Boolean","Description":"Allow application guard to use virtual GPU","Name":"ApplicationGuardAllowVirtualGPU","Option":"Write"},{"CIMType":"String","Description":"Block clipboard to share data from Host to Container, or from Container to Host, or both ways, or neither ways. Possible values are: notConfigured, blockBoth, blockHostToContainer, blockContainerToHost, blockNone.","Name":"ApplicationGuardBlockClipboardSharing","Option":"Write","ValueMap":["notConfigured","blockBoth","blockHostToContainer","blockContainerToHost","blockNone"],"Values":["notConfigured","blockBoth","blockHostToContainer","blockContainerToHost","blockNone"]},{"CIMType":"String","Description":"Block clipboard to transfer image file, text file or neither of them. Possible values are: notConfigured, blockImageAndTextFile, blockImageFile, blockNone, blockTextFile.","Name":"ApplicationGuardBlockFileTransfer","Option":"Write","ValueMap":["notConfigured","blockImageAndTextFile","blockImageFile","blockNone","blockTextFile"],"Values":["notConfigured","blockImageAndTextFile","blockImageFile","blockNone","blockTextFile"]},{"CIMType":"Boolean","Description":"Block enterprise sites to load non-enterprise content, such as third party plug-ins","Name":"ApplicationGuardBlockNonEnterpriseContent","Option":"Write"},{"CIMType":"String[]","Description":"Allows certain device level Root Certificates to be shared with the Microsoft Defender Application Guard container.","Name":"ApplicationGuardCertificateThumbprints","Option":"Write"},{"CIMType":"Boolean","Description":"Enable Windows Defender Application Guard","Name":"ApplicationGuardEnabled","Option":"Write"},{"CIMType":"String","Description":"Enable Windows Defender Application Guard for newer Windows builds. Possible values are: notConfigured, enabledForEdge, enabledForOffice, enabledForEdgeAndOffice.","Name":"ApplicationGuardEnabledOptions","Option":"Write","ValueMap":["notConfigured","enabledForEdge","enabledForOffice","enabledForEdgeAndOffice"],"Values":["notConfigured","enabledForEdge","enabledForOffice","enabledForEdgeAndOffice"]},{"CIMType":"Boolean","Description":"Force auditing will persist Windows logs and events to meet security/compliance criteria (sample events are user login-logoff, use of privilege rights, software installation, system changes, etc.)","Name":"ApplicationGuardForceAuditing","Option":"Write"},{"CIMType":"String","Description":"Enables the Admin to choose what types of app to allow on devices. Possible values are: notConfigured, enforceComponentsAndStoreApps, auditComponentsAndStoreApps, enforceComponentsStoreAppsAndSmartlocker, auditComponentsStoreAppsAndSmartlocker.","Name":"AppLockerApplicationControl","Option":"Write","ValueMap":["notConfigured","enforceComponentsAndStoreApps","auditComponentsAndStoreApps","enforceComponentsStoreAppsAndSmartlocker","auditComponentsStoreAppsAndSmartlocker"],"Values":["notConfigured","enforceComponentsAndStoreApps","auditComponentsAndStoreApps","enforceComponentsStoreAppsAndSmartlocker","auditComponentsStoreAppsAndSmartlocker"]},{"CIMType":"Boolean","Description":"Allows the admin to allow standard users to enable encryption during Azure AD Join.","Name":"BitLockerAllowStandardUserEncryption","Option":"Write"},{"CIMType":"Boolean","Description":"Allows the Admin to disable the warning prompt for other disk encryption on the user machines.","Name":"BitLockerDisableWarningForOtherDiskEncryption","Option":"Write"},{"CIMType":"Boolean","Description":"Allows the admin to require encryption to be turned on using BitLocker. This policy is valid only for a mobile SKU.","Name":"BitLockerEnableStorageCardEncryptionOnMobile","Option":"Write"},{"CIMType":"Boolean","Description":"Allows the admin to require encryption to be turned on using BitLocker.","Name":"BitLockerEncryptDevice","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphbitLockerFixedDrivePolicy","Description":"BitLocker Fixed Drive Policy.","Name":"BitLockerFixedDrivePolicy","Option":"Write"},{"CIMType":"String","Description":"This setting initiates a client-driven recovery password rotation after an OS drive recovery (either by using bootmgr or WinRE). Possible values are: notConfigured, disabled, enabledForAzureAd, enabledForAzureAdAndHybrid.","Name":"BitLockerRecoveryPasswordRotation","Option":"Write","ValueMap":["notConfigured","disabled","enabledForAzureAd","enabledForAzureAdAndHybrid"],"Values":["notConfigured","disabled","enabledForAzureAd","enabledForAzureAdAndHybrid"]},{"CIMType":"MSFT_MicrosoftGraphbitLockerRemovableDrivePolicy","Description":"BitLocker Removable Drive Policy.","Name":"BitLockerRemovableDrivePolicy","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphbitLockerSystemDrivePolicy","Description":"BitLocker System Drive Policy.","Name":"BitLockerSystemDrivePolicy","Option":"Write"},{"CIMType":"String[]","Description":"List of folder paths to be added to the list of protected folders","Name":"DefenderAdditionalGuardedFolders","Option":"Write"},{"CIMType":"String","Description":"Value indicating the behavior of Adobe Reader from creating child processes. Possible values are: userDefined, enable, auditMode, warn, notConfigured.","Name":"DefenderAdobeReaderLaunchChildProcess","Option":"Write","ValueMap":["userDefined","enable","auditMode","warn","notConfigured"],"Values":["userDefined","enable","auditMode","warn","notConfigured"]},{"CIMType":"String","Description":"Value indicating use of advanced protection against ransomeware. Possible values are: userDefined, enable, auditMode, warn, notConfigured.","Name":"DefenderAdvancedRansomewareProtectionType","Option":"Write","ValueMap":["userDefined","enable","auditMode","warn","notConfigured"],"Values":["userDefined","enable","auditMode","warn","notConfigured"]},{"CIMType":"Boolean","Description":"Allows or disallows Windows Defender Behavior Monitoring functionality.","Name":"DefenderAllowBehaviorMonitoring","Option":"Write"},{"CIMType":"Boolean","Description":"To best protect your PC, Windows Defender will send information to Microsoft about any problems it finds. Microsoft will analyze that information, learn more about problems affecting you and other customers, and offer improved solutions.","Name":"DefenderAllowCloudProtection","Option":"Write"},{"CIMType":"Boolean","Description":"Allows or disallows user access to the Windows Defender UI. If disallowed, all Windows Defender notifications will also be suppressed.","Name":"DefenderAllowEndUserAccess","Option":"Write"},{"CIMType":"Boolean","Description":"Allows or disallows Windows Defender Intrusion Prevention functionality.","Name":"DefenderAllowIntrusionPreventionSystem","Option":"Write"},{"CIMType":"Boolean","Description":"Allows or disallows Windows Defender On Access Protection functionality.","Name":"DefenderAllowOnAccessProtection","Option":"Write"},{"CIMType":"Boolean","Description":"Allows or disallows Windows Defender Realtime Monitoring functionality.","Name":"DefenderAllowRealTimeMonitoring","Option":"Write"},{"CIMType":"Boolean","Description":"Allows or disallows scanning of archives.","Name":"DefenderAllowScanArchiveFiles","Option":"Write"},{"CIMType":"Boolean","Description":"Allows or disallows Windows Defender IOAVP Protection functionality.","Name":"DefenderAllowScanDownloads","Option":"Write"},{"CIMType":"Boolean","Description":"Allows or disallows a scanning of network files.","Name":"DefenderAllowScanNetworkFiles","Option":"Write"},{"CIMType":"Boolean","Description":"Allows or disallows a full scan of removable drives. During a quick scan, removable drives may still be scanned.","Name":"DefenderAllowScanRemovableDrivesDuringFullScan","Option":"Write"},{"CIMType":"Boolean","Description":"Allows or disallows Windows Defender Script Scanning functionality.","Name":"DefenderAllowScanScriptsLoadedInInternetExplorer","Option":"Write"},{"CIMType":"String[]","Description":"List of exe files and folders to be excluded from attack surface reduction rules","Name":"DefenderAttackSurfaceReductionExcludedPaths","Option":"Write"},{"CIMType":"Boolean","Description":"Allows or disallows user access to the Windows Defender UI. If disallowed, all Windows Defender notifications will also be suppressed.","Name":"DefenderBlockEndUserAccess","Option":"Write"},{"CIMType":"String","Description":"Value indicating the behavior ofBlock persistence through WMI event subscription. Possible values are: userDefined, block, auditMode, warn, disable.","Name":"DefenderBlockPersistenceThroughWmiType","Option":"Write","ValueMap":["userDefined","block","auditMode","warn","disable"],"Values":["userDefined","block","auditMode","warn","disable"]},{"CIMType":"Boolean","Description":"This policy setting allows you to manage whether a check for new virus and spyware definitions will occur before running a scan.","Name":"DefenderCheckForSignaturesBeforeRunningScan","Option":"Write"},{"CIMType":"String","Description":"Added in Windows 10, version 1709. This policy setting determines how aggressive Windows Defender Antivirus will be in blocking and scanning suspicious files. Value type is integer. This feature requires the 'Join Microsoft MAPS' setting enabled in order to function. Possible values are: notConfigured, high, highPlus, zeroTolerance.","Name":"DefenderCloudBlockLevel","Option":"Write","ValueMap":["notConfigured","high","highPlus","zeroTolerance"],"Values":["notConfigured","high","highPlus","zeroTolerance"]},{"CIMType":"UInt32","Description":"Added in Windows 10, version 1709. This feature allows Windows Defender Antivirus to block a suspicious file for up to 60 seconds, and scan it in the cloud to make sure it's safe. Value type is integer, range is 0 - 50. This feature depends on three other MAPS settings the must all be enabled- 'Configure the 'Block at First Sight' feature 'Join Microsoft MAPS' 'Send file samples when further analysis is required'. Valid values 0 to 50","Name":"DefenderCloudExtendedTimeoutInSeconds","Option":"Write"},{"CIMType":"UInt32","Description":"Time period (in days) that quarantine items will be stored on the system. Valid values 0 to 90","Name":"DefenderDaysBeforeDeletingQuarantinedMalware","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphdefenderDetectedMalwareActions","Description":"Allows an administrator to specify any valid threat severity levels and the corresponding default action ID to take.","Name":"DefenderDetectedMalwareActions","Option":"Write"},{"CIMType":"Boolean","Description":"Allows or disallows Windows Defender Behavior Monitoring functionality.","Name":"DefenderDisableBehaviorMonitoring","Option":"Write"},{"CIMType":"Boolean","Description":"This policy setting allows you to configure catch-up scans for scheduled full scans. A catch-up scan is a scan that is initiated because a regularly scheduled scan was missed. Usually these scheduled scans are missed because the computer was turned off at the scheduled time.","Name":"DefenderDisableCatchupFullScan","Option":"Write"},{"CIMType":"Boolean","Description":"This policy setting allows you to configure catch-up scans for scheduled quick scans. A catch-up scan is a scan that is initiated because a regularly scheduled scan was missed. Usually these scheduled scans are missed because the computer was turned off at the scheduled time.","Name":"DefenderDisableCatchupQuickScan","Option":"Write"},{"CIMType":"Boolean","Description":"To best protect your PC, Windows Defender will send information to Microsoft about any problems it finds. Microsoft will analyze that information, learn more about problems affecting you and other customers, and offer improved solutions.","Name":"DefenderDisableCloudProtection","Option":"Write"},{"CIMType":"Boolean","Description":"Allows or disallows Windows Defender Intrusion Prevention functionality.","Name":"DefenderDisableIntrusionPreventionSystem","Option":"Write"},{"CIMType":"Boolean","Description":"Allows or disallows Windows Defender On Access Protection functionality.","Name":"DefenderDisableOnAccessProtection","Option":"Write"},{"CIMType":"Boolean","Description":"Allows or disallows Windows Defender Realtime Monitoring functionality.","Name":"DefenderDisableRealTimeMonitoring","Option":"Write"},{"CIMType":"Boolean","Description":"Allows or disallows scanning of archives.","Name":"DefenderDisableScanArchiveFiles","Option":"Write"},{"CIMType":"Boolean","Description":"Allows or disallows Windows Defender IOAVP Protection functionality.","Name":"DefenderDisableScanDownloads","Option":"Write"},{"CIMType":"Boolean","Description":"Allows or disallows a scanning of network files.","Name":"DefenderDisableScanNetworkFiles","Option":"Write"},{"CIMType":"Boolean","Description":"Allows or disallows a full scan of removable drives. During a quick scan, removable drives may still be scanned.","Name":"DefenderDisableScanRemovableDrivesDuringFullScan","Option":"Write"},{"CIMType":"Boolean","Description":"Allows or disallows Windows Defender Script Scanning functionality.","Name":"DefenderDisableScanScriptsLoadedInInternetExplorer","Option":"Write"},{"CIMType":"String","Description":"Value indicating if execution of executable content (exe, dll, ps, js, vbs, etc) should be dropped from email (webmail/mail-client). Possible values are: userDefined, enable, auditMode, warn, notConfigured.","Name":"DefenderEmailContentExecution","Option":"Write","ValueMap":["userDefined","enable","auditMode","warn","notConfigured"],"Values":["userDefined","enable","auditMode","warn","notConfigured"]},{"CIMType":"String","Description":"Value indicating if execution of executable content (exe, dll, ps, js, vbs, etc) should be dropped from email (webmail/mail-client). Possible values are: userDefined, block, auditMode, warn, disable.","Name":"DefenderEmailContentExecutionType","Option":"Write","ValueMap":["userDefined","block","auditMode","warn","disable"],"Values":["userDefined","block","auditMode","warn","disable"]},{"CIMType":"Boolean","Description":"This policy setting allows you to enable or disable low CPU priority for scheduled scans.","Name":"DefenderEnableLowCpuPriority","Option":"Write"},{"CIMType":"Boolean","Description":"Allows or disallows scanning of email.","Name":"DefenderEnableScanIncomingMail","Option":"Write"},{"CIMType":"Boolean","Description":"Allows or disallows a full scan of mapped network drives.","Name":"DefenderEnableScanMappedNetworkDrivesDuringFullScan","Option":"Write"},{"CIMType":"String","Description":"Xml content containing information regarding exploit protection details.","Name":"DefenderExploitProtectionXml","Option":"Write"},{"CIMType":"String","Description":"Name of the file from which DefenderExploitProtectionXml was obtained.","Name":"DefenderExploitProtectionXmlFileName","Option":"Write"},{"CIMType":"String[]","Description":"File extensions to exclude from scans and real time protection.","Name":"DefenderFileExtensionsToExclude","Option":"Write"},{"CIMType":"String[]","Description":"Files and folder to exclude from scans and real time protection.","Name":"DefenderFilesAndFoldersToExclude","Option":"Write"},{"CIMType":"String[]","Description":"List of paths to exe that are allowed to access protected folders","Name":"DefenderGuardedFoldersAllowedAppPaths","Option":"Write"},{"CIMType":"String","Description":"Value indicating the behavior of protected folders. Possible values are: userDefined, enable, auditMode, blockDiskModification, auditDiskModification.","Name":"DefenderGuardMyFoldersType","Option":"Write","ValueMap":["userDefined","enable","auditMode","blockDiskModification","auditDiskModification"],"Values":["userDefined","enable","auditMode","blockDiskModification","auditDiskModification"]},{"CIMType":"String","Description":"Value indicating the behavior of NetworkProtection. Possible values are: userDefined, enable, auditMode, warn, notConfigured.","Name":"DefenderNetworkProtectionType","Option":"Write","ValueMap":["userDefined","enable","auditMode","warn","notConfigured"],"Values":["userDefined","enable","auditMode","warn","notConfigured"]},{"CIMType":"String","Description":"Value indicating the behavior of Office applications/macros creating or launching executable content. Possible values are: userDefined, enable, auditMode, warn, notConfigured.","Name":"DefenderOfficeAppsExecutableContentCreationOrLaunch","Option":"Write","ValueMap":["userDefined","enable","auditMode","warn","notConfigured"],"Values":["userDefined","enable","auditMode","warn","notConfigured"]},{"CIMType":"String","Description":"Value indicating the behavior of Office applications/macros creating or launching executable content. Possible values are: userDefined, block, auditMode, warn, disable.","Name":"DefenderOfficeAppsExecutableContentCreationOrLaunchType","Option":"Write","ValueMap":["userDefined","block","auditMode","warn","disable"],"Values":["userDefined","block","auditMode","warn","disable"]},{"CIMType":"String","Description":"Value indicating the behavior of Office application launching child processes. Possible values are: userDefined, enable, auditMode, warn, notConfigured.","Name":"DefenderOfficeAppsLaunchChildProcess","Option":"Write","ValueMap":["userDefined","enable","auditMode","warn","notConfigured"],"Values":["userDefined","enable","auditMode","warn","notConfigured"]},{"CIMType":"String","Description":"Value indicating the behavior of Office application launching child processes. Possible values are: userDefined, block, auditMode, warn, disable.","Name":"DefenderOfficeAppsLaunchChildProcessType","Option":"Write","ValueMap":["userDefined","block","auditMode","warn","disable"],"Values":["userDefined","block","auditMode","warn","disable"]},{"CIMType":"String","Description":"Value indicating the behavior of Office applications injecting into other processes. Possible values are: userDefined, enable, auditMode, warn, notConfigured.","Name":"DefenderOfficeAppsOtherProcessInjection","Option":"Write","ValueMap":["userDefined","enable","auditMode","warn","notConfigured"],"Values":["userDefined","enable","auditMode","warn","notConfigured"]},{"CIMType":"String","Description":"Value indicating the behavior ofOffice applications injecting into other processes. Possible values are: userDefined, block, auditMode, warn, disable.","Name":"DefenderOfficeAppsOtherProcessInjectionType","Option":"Write","ValueMap":["userDefined","block","auditMode","warn","disable"],"Values":["userDefined","block","auditMode","warn","disable"]},{"CIMType":"String","Description":"Value indicating the behavior of Office communication applications, including Microsoft Outlook, from creating child processes. Possible values are: userDefined, enable, auditMode, warn, notConfigured.","Name":"DefenderOfficeCommunicationAppsLaunchChildProcess","Option":"Write","ValueMap":["userDefined","enable","auditMode","warn","notConfigured"],"Values":["userDefined","enable","auditMode","warn","notConfigured"]},{"CIMType":"String","Description":"Value indicating the behavior of Win32 imports from Macro code in Office. Possible values are: userDefined, enable, auditMode, warn, notConfigured.","Name":"DefenderOfficeMacroCodeAllowWin32Imports","Option":"Write","ValueMap":["userDefined","enable","auditMode","warn","notConfigured"],"Values":["userDefined","enable","auditMode","warn","notConfigured"]},{"CIMType":"String","Description":"Value indicating the behavior of Win32 imports from Macro code in Office. Possible values are: userDefined, block, auditMode, warn, disable.","Name":"DefenderOfficeMacroCodeAllowWin32ImportsType","Option":"Write","ValueMap":["userDefined","block","auditMode","warn","disable"],"Values":["userDefined","block","auditMode","warn","disable"]},{"CIMType":"String","Description":"Added in Windows 10, version 1607. Specifies the level of detection for potentially unwanted applications (PUAs). Windows Defender alerts you when potentially unwanted software is being downloaded or attempts to install itself on your computer. Possible values are: userDefined, enable, auditMode, warn, notConfigured.","Name":"DefenderPotentiallyUnwantedAppAction","Option":"Write","ValueMap":["userDefined","enable","auditMode","warn","notConfigured"],"Values":["userDefined","enable","auditMode","warn","notConfigured"]},{"CIMType":"String","Description":"Value indicating if credential stealing from the Windows local security authority subsystem is permitted. Possible values are: userDefined, enable, auditMode, warn, notConfigured.","Name":"DefenderPreventCredentialStealingType","Option":"Write","ValueMap":["userDefined","enable","auditMode","warn","notConfigured"],"Values":["userDefined","enable","auditMode","warn","notConfigured"]},{"CIMType":"String","Description":"Value indicating response to process creations originating from PSExec and WMI commands. Possible values are: userDefined, enable, auditMode, warn, notConfigured.","Name":"DefenderProcessCreation","Option":"Write","ValueMap":["userDefined","enable","auditMode","warn","notConfigured"],"Values":["userDefined","enable","auditMode","warn","notConfigured"]},{"CIMType":"String","Description":"Value indicating response to process creations originating from PSExec and WMI commands. Possible values are: userDefined, block, auditMode, warn, disable.","Name":"DefenderProcessCreationType","Option":"Write","ValueMap":["userDefined","block","auditMode","warn","disable"],"Values":["userDefined","block","auditMode","warn","disable"]},{"CIMType":"String[]","Description":"Processes to exclude from scans and real time protection.","Name":"DefenderProcessesToExclude","Option":"Write"},{"CIMType":"String","Description":"Controls which sets of files should be monitored. Possible values are: monitorAllFiles, monitorIncomingFilesOnly, monitorOutgoingFilesOnly.","Name":"DefenderScanDirection","Option":"Write","ValueMap":["monitorAllFiles","monitorIncomingFilesOnly","monitorOutgoingFilesOnly"],"Values":["monitorAllFiles","monitorIncomingFilesOnly","monitorOutgoingFilesOnly"]},{"CIMType":"UInt32","Description":"Represents the average CPU load factor for the Windows Defender scan (in percent). The default value is 50. Valid values 0 to 100","Name":"DefenderScanMaxCpuPercentage","Option":"Write"},{"CIMType":"String","Description":"Selects whether to perform a quick scan or full scan. Possible values are: userDefined, disabled, quick, full.","Name":"DefenderScanType","Option":"Write","ValueMap":["userDefined","disabled","quick","full"],"Values":["userDefined","disabled","quick","full"]},{"CIMType":"String","Description":"Selects the time of day that the Windows Defender quick scan should run. For example, a value of 0=12:00AM, a value of 60=1:00AM, a value of 120=2:00, and so on, up to a value of 1380=11:00PM. The default value is 120","Name":"DefenderScheduledQuickScanTime","Option":"Write"},{"CIMType":"String","Description":"Selects the day that the Windows Defender scan should run. Possible values are: userDefined, everyday, sunday, monday, tuesday, wednesday, thursday, friday, saturday, noScheduledScan.","Name":"DefenderScheduledScanDay","Option":"Write","ValueMap":["userDefined","everyday","sunday","monday","tuesday","wednesday","thursday","friday","saturday","noScheduledScan"],"Values":["userDefined","everyday","sunday","monday","tuesday","wednesday","thursday","friday","saturday","noScheduledScan"]},{"CIMType":"String","Description":"Selects the time of day that the Windows Defender scan should run.","Name":"DefenderScheduledScanTime","Option":"Write"},{"CIMType":"String","Description":"Value indicating the behavior of js/vbs executing payload downloaded from Internet. Possible values are: userDefined, enable, auditMode, warn, notConfigured.","Name":"DefenderScriptDownloadedPayloadExecution","Option":"Write","ValueMap":["userDefined","enable","auditMode","warn","notConfigured"],"Values":["userDefined","enable","auditMode","warn","notConfigured"]},{"CIMType":"String","Description":"Value indicating the behavior of js/vbs executing payload downloaded from Internet. Possible values are: userDefined, block, auditMode, warn, disable.","Name":"DefenderScriptDownloadedPayloadExecutionType","Option":"Write","ValueMap":["userDefined","block","auditMode","warn","disable"],"Values":["userDefined","block","auditMode","warn","disable"]},{"CIMType":"String","Description":"Value indicating the behavior of obfuscated js/vbs/ps/macro code. Possible values are: userDefined, enable, auditMode, warn, notConfigured.","Name":"DefenderScriptObfuscatedMacroCode","Option":"Write","ValueMap":["userDefined","enable","auditMode","warn","notConfigured"],"Values":["userDefined","enable","auditMode","warn","notConfigured"]},{"CIMType":"String","Description":"Value indicating the behavior of obfuscated js/vbs/ps/macro code. Possible values are: userDefined, block, auditMode, warn, disable.","Name":"DefenderScriptObfuscatedMacroCodeType","Option":"Write","ValueMap":["userDefined","block","auditMode","warn","disable"],"Values":["userDefined","block","auditMode","warn","disable"]},{"CIMType":"Boolean","Description":"Indicates whether or not to block user from overriding Exploit Protection settings.","Name":"DefenderSecurityCenterBlockExploitProtectionOverride","Option":"Write"},{"CIMType":"Boolean","Description":"Used to disable the display of the account protection area.","Name":"DefenderSecurityCenterDisableAccountUI","Option":"Write"},{"CIMType":"Boolean","Description":"Used to disable the display of the app and browser protection area.","Name":"DefenderSecurityCenterDisableAppBrowserUI","Option":"Write"},{"CIMType":"Boolean","Description":"Used to disable the display of the Clear TPM button.","Name":"DefenderSecurityCenterDisableClearTpmUI","Option":"Write"},{"CIMType":"Boolean","Description":"Used to disable the display of the family options area.","Name":"DefenderSecurityCenterDisableFamilyUI","Option":"Write"},{"CIMType":"Boolean","Description":"Used to disable the display of the hardware protection area.","Name":"DefenderSecurityCenterDisableHardwareUI","Option":"Write"},{"CIMType":"Boolean","Description":"Used to disable the display of the device performance and health area.","Name":"DefenderSecurityCenterDisableHealthUI","Option":"Write"},{"CIMType":"Boolean","Description":"Used to disable the display of the firewall and network protection area.","Name":"DefenderSecurityCenterDisableNetworkUI","Option":"Write"},{"CIMType":"Boolean","Description":"Used to disable the display of the notification area control. The user needs to either sign out and sign in or reboot the computer for this setting to take effect.","Name":"DefenderSecurityCenterDisableNotificationAreaUI","Option":"Write"},{"CIMType":"Boolean","Description":"Used to disable the display of the ransomware protection area.","Name":"DefenderSecurityCenterDisableRansomwareUI","Option":"Write"},{"CIMType":"Boolean","Description":"Used to disable the display of the secure boot area under Device security.","Name":"DefenderSecurityCenterDisableSecureBootUI","Option":"Write"},{"CIMType":"Boolean","Description":"Used to disable the display of the security process troubleshooting under Device security.","Name":"DefenderSecurityCenterDisableTroubleshootingUI","Option":"Write"},{"CIMType":"Boolean","Description":"Used to disable the display of the virus and threat protection area.","Name":"DefenderSecurityCenterDisableVirusUI","Option":"Write"},{"CIMType":"Boolean","Description":"Used to disable the display of update TPM Firmware when a vulnerable firmware is detected.","Name":"DefenderSecurityCenterDisableVulnerableTpmFirmwareUpdateUI","Option":"Write"},{"CIMType":"String","Description":"The email address that is displayed to users.","Name":"DefenderSecurityCenterHelpEmail","Option":"Write"},{"CIMType":"String","Description":"The phone number or Skype ID that is displayed to users.","Name":"DefenderSecurityCenterHelpPhone","Option":"Write"},{"CIMType":"String","Description":"The help portal URL this is displayed to users.","Name":"DefenderSecurityCenterHelpURL","Option":"Write"},{"CIMType":"String","Description":"Configure where to display IT contact information to end users. Possible values are: notConfigured, displayInAppAndInNotifications, displayOnlyInApp, displayOnlyInNotifications.","Name":"DefenderSecurityCenterITContactDisplay","Option":"Write","ValueMap":["notConfigured","displayInAppAndInNotifications","displayOnlyInApp","displayOnlyInNotifications"],"Values":["notConfigured","displayInAppAndInNotifications","displayOnlyInApp","displayOnlyInNotifications"]},{"CIMType":"String","Description":"Notifications to show from the displayed areas of app. Possible values are: notConfigured, blockNoncriticalNotifications, blockAllNotifications.","Name":"DefenderSecurityCenterNotificationsFromApp","Option":"Write","ValueMap":["notConfigured","blockNoncriticalNotifications","blockAllNotifications"],"Values":["notConfigured","blockNoncriticalNotifications","blockAllNotifications"]},{"CIMType":"String","Description":"The company name that is displayed to the users.","Name":"DefenderSecurityCenterOrganizationDisplayName","Option":"Write"},{"CIMType":"UInt32","Description":"Specifies the interval (in hours) that will be used to check for signatures, so instead of using the ScheduleDay and ScheduleTime the check for new signatures will be set according to the interval. Valid values 0 to 24","Name":"DefenderSignatureUpdateIntervalInHours","Option":"Write"},{"CIMType":"String","Description":"Checks for the user consent level in Windows Defender to send data. Possible values are: sendSafeSamplesAutomatically, alwaysPrompt, neverSend, sendAllSamplesAutomatically.","Name":"DefenderSubmitSamplesConsentType","Option":"Write","ValueMap":["sendSafeSamplesAutomatically","alwaysPrompt","neverSend","sendAllSamplesAutomatically"],"Values":["sendSafeSamplesAutomatically","alwaysPrompt","neverSend","sendAllSamplesAutomatically"]},{"CIMType":"String","Description":"Value indicating response to executables that don't meet a prevalence, age, or trusted list criteria. Possible values are: userDefined, enable, auditMode, warn, notConfigured.","Name":"DefenderUntrustedExecutable","Option":"Write","ValueMap":["userDefined","enable","auditMode","warn","notConfigured"],"Values":["userDefined","enable","auditMode","warn","notConfigured"]},{"CIMType":"String","Description":"Value indicating response to executables that don't meet a prevalence, age, or trusted list criteria. Possible values are: userDefined, block, auditMode, warn, disable.","Name":"DefenderUntrustedExecutableType","Option":"Write","ValueMap":["userDefined","block","auditMode","warn","disable"],"Values":["userDefined","block","auditMode","warn","disable"]},{"CIMType":"String","Description":"Value indicating response to untrusted and unsigned processes that run from USB. Possible values are: userDefined, enable, auditMode, warn, notConfigured.","Name":"DefenderUntrustedUSBProcess","Option":"Write","ValueMap":["userDefined","enable","auditMode","warn","notConfigured"],"Values":["userDefined","enable","auditMode","warn","notConfigured"]},{"CIMType":"String","Description":"Value indicating response to untrusted and unsigned processes that run from USB. Possible values are: userDefined, block, auditMode, warn, disable.","Name":"DefenderUntrustedUSBProcessType","Option":"Write","ValueMap":["userDefined","block","auditMode","warn","disable"],"Values":["userDefined","block","auditMode","warn","disable"]},{"CIMType":"Boolean","Description":"This property will be deprecated in May 2019 and will be replaced with property DeviceGuardSecureBootWithDMA. Specifies whether Platform Security Level is enabled at next reboot.","Name":"DeviceGuardEnableSecureBootWithDMA","Option":"Write"},{"CIMType":"Boolean","Description":"Turns On Virtualization Based Security(VBS).","Name":"DeviceGuardEnableVirtualizationBasedSecurity","Option":"Write"},{"CIMType":"String","Description":"Allows the IT admin to configure the launch of System Guard. Possible values are: notConfigured, enabled, disabled.","Name":"DeviceGuardLaunchSystemGuard","Option":"Write","ValueMap":["notConfigured","enabled","disabled"],"Values":["notConfigured","enabled","disabled"]},{"CIMType":"String","Description":"Turn on Credential Guard when Platform Security Level with Secure Boot and Virtualization Based Security are both enabled. Possible values are: notConfigured, enableWithUEFILock, enableWithoutUEFILock, disable.","Name":"DeviceGuardLocalSystemAuthorityCredentialGuardSettings","Option":"Write","ValueMap":["notConfigured","enableWithUEFILock","enableWithoutUEFILock","disable"],"Values":["notConfigured","enableWithUEFILock","enableWithoutUEFILock","disable"]},{"CIMType":"String","Description":"Specifies whether Platform Security Level is enabled at next reboot. Possible values are: notConfigured, withoutDMA, withDMA.","Name":"DeviceGuardSecureBootWithDMA","Option":"Write","ValueMap":["notConfigured","withoutDMA","withDMA"],"Values":["notConfigured","withoutDMA","withDMA"]},{"CIMType":"String","Description":"This policy is intended to provide additional security against external DMA capable devices. It allows for more control over the enumeration of external DMA capable devices incompatible with DMA Remapping/device memory isolation and sandboxing. This policy only takes effect when Kernel DMA Protection is supported and enabled by the system firmware. Kernel DMA Protection is a platform feature that cannot be controlled via policy or by end user. It has to be supported by the system at the time of manufacturing. To check if the system supports Kernel DMA Protection, please check the Kernel DMA Protection field in the Summary page of MSINFO32.exe. Possible values are: deviceDefault, blockAll, allowAll.","Name":"DmaGuardDeviceEnumerationPolicy","Option":"Write","ValueMap":["deviceDefault","blockAll","allowAll"],"Values":["deviceDefault","blockAll","allowAll"]},{"CIMType":"Boolean","Description":"Blocks stateful FTP connections to the device","Name":"FirewallBlockStatefulFTP","Option":"Write"},{"CIMType":"String","Description":"Specify how the certificate revocation list is to be enforced. Possible values are: deviceDefault, none, attempt, require.","Name":"FirewallCertificateRevocationListCheckMethod","Option":"Write","ValueMap":["deviceDefault","none","attempt","require"],"Values":["deviceDefault","none","attempt","require"]},{"CIMType":"UInt32","Description":"Configures the idle timeout for security associations, in seconds, from 300 to 3600 inclusive. This is the period after which security associations will expire and be deleted. Valid values 300 to 3600","Name":"FirewallIdleTimeoutForSecurityAssociationInSeconds","Option":"Write"},{"CIMType":"Boolean","Description":"Configures IPSec exemptions to allow both IPv4 and IPv6 DHCP traffic","Name":"FirewallIPSecExemptionsAllowDHCP","Option":"Write"},{"CIMType":"Boolean","Description":"Configures IPSec exemptions to allow ICMP","Name":"FirewallIPSecExemptionsAllowICMP","Option":"Write"},{"CIMType":"Boolean","Description":"Configures IPSec exemptions to allow neighbor discovery IPv6 ICMP type-codes","Name":"FirewallIPSecExemptionsAllowNeighborDiscovery","Option":"Write"},{"CIMType":"Boolean","Description":"Configures IPSec exemptions to allow router discovery IPv6 ICMP type-codes","Name":"FirewallIPSecExemptionsAllowRouterDiscovery","Option":"Write"},{"CIMType":"Boolean","Description":"Configures IPSec exemptions to no exemptions","Name":"FirewallIPSecExemptionsNone","Option":"Write"},{"CIMType":"Boolean","Description":"If an authentication set is not fully supported by a keying module, direct the module to ignore only unsupported authentication suites rather than the entire set","Name":"FirewallMergeKeyingModuleSettings","Option":"Write"},{"CIMType":"String","Description":"Configures how packet queueing should be applied in the tunnel gateway scenario. Possible values are: deviceDefault, disabled, queueInbound, queueOutbound, queueBoth.","Name":"FirewallPacketQueueingMethod","Option":"Write","ValueMap":["deviceDefault","disabled","queueInbound","queueOutbound","queueBoth"],"Values":["deviceDefault","disabled","queueInbound","queueOutbound","queueBoth"]},{"CIMType":"String","Description":"Select the preshared key encoding to be used. Possible values are: deviceDefault, none, utF8.","Name":"FirewallPreSharedKeyEncodingMethod","Option":"Write","ValueMap":["deviceDefault","none","utF8"],"Values":["deviceDefault","none","utF8"]},{"CIMType":"MSFT_MicrosoftGraphwindowsFirewallNetworkProfile","Description":"Configures the firewall profile settings for domain networks","Name":"FirewallProfileDomain","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphwindowsFirewallNetworkProfile","Description":"Configures the firewall profile settings for private networks","Name":"FirewallProfilePrivate","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphwindowsFirewallNetworkProfile","Description":"Configures the firewall profile settings for public networks","Name":"FirewallProfilePublic","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphwindowsFirewallRule[]","Description":"Configures the firewall rule settings. This collection can contain a maximum of 150 elements.","Name":"FirewallRules","Option":"Write"},{"CIMType":"String","Description":"This security setting determines which challenge/response authentication protocol is used for network logons. Possible values are: lmAndNltm, lmNtlmAndNtlmV2, lmAndNtlmOnly, lmAndNtlmV2, lmNtlmV2AndNotLm, lmNtlmV2AndNotLmOrNtm.","Name":"LanManagerAuthenticationLevel","Option":"Write","ValueMap":["lmAndNltm","lmNtlmAndNtlmV2","lmAndNtlmOnly","lmAndNtlmV2","lmNtlmV2AndNotLm","lmNtlmV2AndNotLmOrNtm"],"Values":["lmAndNltm","lmNtlmAndNtlmV2","lmAndNtlmOnly","lmAndNtlmV2","lmNtlmV2AndNotLm","lmNtlmV2AndNotLmOrNtm"]},{"CIMType":"Boolean","Description":"If enabled,the SMB client will allow insecure guest logons. If not configured, the SMB client will reject insecure guest logons.","Name":"LanManagerWorkstationDisableInsecureGuestLogons","Option":"Write"},{"CIMType":"String","Description":"Define a different account name to be associated with the security identifier (SID) for the account 'Administrator'.","Name":"LocalSecurityOptionsAdministratorAccountName","Option":"Write"},{"CIMType":"String","Description":"Define the behavior of the elevation prompt for admins in Admin Approval Mode. Possible values are: notConfigured, elevateWithoutPrompting, promptForCredentialsOnTheSecureDesktop, promptForConsentOnTheSecureDesktop, promptForCredentials, promptForConsent, promptForConsentForNonWindowsBinaries.","Name":"LocalSecurityOptionsAdministratorElevationPromptBehavior","Option":"Write","ValueMap":["notConfigured","elevateWithoutPrompting","promptForCredentialsOnTheSecureDesktop","promptForConsentOnTheSecureDesktop","promptForCredentials","promptForConsent","promptForConsentForNonWindowsBinaries"],"Values":["notConfigured","elevateWithoutPrompting","promptForCredentialsOnTheSecureDesktop","promptForConsentOnTheSecureDesktop","promptForCredentials","promptForConsent","promptForConsentForNonWindowsBinaries"]},{"CIMType":"Boolean","Description":"This security setting determines whether to allows anonymous users to perform certain activities, such as enumerating the names of domain accounts and network shares.","Name":"LocalSecurityOptionsAllowAnonymousEnumerationOfSAMAccountsAndShares","Option":"Write"},{"CIMType":"Boolean","Description":"Block PKU2U authentication requests to this device to use online identities.","Name":"LocalSecurityOptionsAllowPKU2UAuthenticationRequests","Option":"Write"},{"CIMType":"String","Description":"Edit the default Security Descriptor Definition Language string to allow or deny users and groups to make remote calls to the SAM.","Name":"LocalSecurityOptionsAllowRemoteCallsToSecurityAccountsManager","Option":"Write"},{"CIMType":"Boolean","Description":"UI helper boolean for LocalSecurityOptionsAllowRemoteCallsToSecurityAccountsManager entity","Name":"LocalSecurityOptionsAllowRemoteCallsToSecurityAccountsManagerHelperBool","Option":"Write"},{"CIMType":"Boolean","Description":"This security setting determines whether a computer can be shut down without having to log on to Windows.","Name":"LocalSecurityOptionsAllowSystemToBeShutDownWithoutHavingToLogOn","Option":"Write"},{"CIMType":"Boolean","Description":"Allow UIAccess apps to prompt for elevation without using the secure desktop.","Name":"LocalSecurityOptionsAllowUIAccessApplicationElevation","Option":"Write"},{"CIMType":"Boolean","Description":"Allow UIAccess apps to prompt for elevation without using the secure desktop.Default is enabled","Name":"LocalSecurityOptionsAllowUIAccessApplicationsForSecureLocations","Option":"Write"},{"CIMType":"Boolean","Description":"Prevent a portable computer from being undocked without having to log in.","Name":"LocalSecurityOptionsAllowUndockWithoutHavingToLogon","Option":"Write"},{"CIMType":"Boolean","Description":"Prevent users from adding new Microsoft accounts to this computer.","Name":"LocalSecurityOptionsBlockMicrosoftAccounts","Option":"Write"},{"CIMType":"Boolean","Description":"Enable Local accounts that are not password protected to log on from locations other than the physical device.Default is enabled","Name":"LocalSecurityOptionsBlockRemoteLogonWithBlankPassword","Option":"Write"},{"CIMType":"Boolean","Description":"Enabling this settings allows only interactively logged on user to access CD-ROM media.","Name":"LocalSecurityOptionsBlockRemoteOpticalDriveAccess","Option":"Write"},{"CIMType":"Boolean","Description":"Restrict installing printer drivers as part of connecting to a shared printer to admins only.","Name":"LocalSecurityOptionsBlockUsersInstallingPrinterDrivers","Option":"Write"},{"CIMType":"Boolean","Description":"This security setting determines whether the virtual memory pagefile is cleared when the system is shut down.","Name":"LocalSecurityOptionsClearVirtualMemoryPageFile","Option":"Write"},{"CIMType":"Boolean","Description":"This security setting determines whether packet signing is required by the SMB client component.","Name":"LocalSecurityOptionsClientDigitallySignCommunicationsAlways","Option":"Write"},{"CIMType":"Boolean","Description":"If this security setting is enabled, the Server Message Block (SMB) redirector is allowed to send plaintext passwords to non-Microsoft SMB servers that do not support password encryption during authentication.","Name":"LocalSecurityOptionsClientSendUnencryptedPasswordToThirdPartySMBServers","Option":"Write"},{"CIMType":"Boolean","Description":"App installations requiring elevated privileges will prompt for admin credentials.Default is enabled","Name":"LocalSecurityOptionsDetectApplicationInstallationsAndPromptForElevation","Option":"Write"},{"CIMType":"Boolean","Description":"Determines whether the Local Administrator account is enabled or disabled.","Name":"LocalSecurityOptionsDisableAdministratorAccount","Option":"Write"},{"CIMType":"Boolean","Description":"This security setting determines whether the SMB client attempts to negotiate SMB packet signing.","Name":"LocalSecurityOptionsDisableClientDigitallySignCommunicationsIfServerAgrees","Option":"Write"},{"CIMType":"Boolean","Description":"Determines if the Guest account is enabled or disabled.","Name":"LocalSecurityOptionsDisableGuestAccount","Option":"Write"},{"CIMType":"Boolean","Description":"This security setting determines whether packet signing is required by the SMB server component.","Name":"LocalSecurityOptionsDisableServerDigitallySignCommunicationsAlways","Option":"Write"},{"CIMType":"Boolean","Description":"This security setting determines whether the SMB server will negotiate SMB packet signing with clients that request it.","Name":"LocalSecurityOptionsDisableServerDigitallySignCommunicationsIfClientAgrees","Option":"Write"},{"CIMType":"Boolean","Description":"This security setting determines what additional permissions will be granted for anonymous connections to the computer.","Name":"LocalSecurityOptionsDoNotAllowAnonymousEnumerationOfSAMAccounts","Option":"Write"},{"CIMType":"Boolean","Description":"Require CTRL+ALT+DEL to be pressed before a user can log on.","Name":"LocalSecurityOptionsDoNotRequireCtrlAltDel","Option":"Write"},{"CIMType":"Boolean","Description":"This security setting determines if, at the next password change, the LAN Manager (LM) hash value for the new password is stored. Its not stored by default.","Name":"LocalSecurityOptionsDoNotStoreLANManagerHashValueOnNextPasswordChange","Option":"Write"},{"CIMType":"String","Description":"Define who is allowed to format and eject removable NTFS media. Possible values are: notConfigured, administrators, administratorsAndPowerUsers, administratorsAndInteractiveUsers.","Name":"LocalSecurityOptionsFormatAndEjectOfRemovableMediaAllowedUser","Option":"Write","ValueMap":["notConfigured","administrators","administratorsAndPowerUsers","administratorsAndInteractiveUsers"],"Values":["notConfigured","administrators","administratorsAndPowerUsers","administratorsAndInteractiveUsers"]},{"CIMType":"String","Description":"Define a different account name to be associated with the security identifier (SID) for the account 'Guest'.","Name":"LocalSecurityOptionsGuestAccountName","Option":"Write"},{"CIMType":"Boolean","Description":"Do not display the username of the last person who signed in on this device.","Name":"LocalSecurityOptionsHideLastSignedInUser","Option":"Write"},{"CIMType":"Boolean","Description":"Do not display the username of the person signing in to this device after credentials are entered and before the devices desktop is shown.","Name":"LocalSecurityOptionsHideUsernameAtSignIn","Option":"Write"},{"CIMType":"String","Description":"Configure the user information that is displayed when the session is locked. If not configured, user display name, domain and username are shown. Possible values are: notConfigured, administrators, administratorsAndPowerUsers, administratorsAndInteractiveUsers.","Name":"LocalSecurityOptionsInformationDisplayedOnLockScreen","Option":"Write","ValueMap":["notConfigured","administrators","administratorsAndPowerUsers","administratorsAndInteractiveUsers"],"Values":["notConfigured","administrators","administratorsAndPowerUsers","administratorsAndInteractiveUsers"]},{"CIMType":"String","Description":"Configure the user information that is displayed when the session is locked. If not configured, user display name, domain and username are shown. Possible values are: notConfigured, userDisplayNameDomainUser, userDisplayNameOnly, doNotDisplayUser.","Name":"LocalSecurityOptionsInformationShownOnLockScreen","Option":"Write","ValueMap":["notConfigured","userDisplayNameDomainUser","userDisplayNameOnly","doNotDisplayUser"],"Values":["notConfigured","userDisplayNameDomainUser","userDisplayNameOnly","doNotDisplayUser"]},{"CIMType":"String","Description":"Set message text for users attempting to log in.","Name":"LocalSecurityOptionsLogOnMessageText","Option":"Write"},{"CIMType":"String","Description":"Set message title for users attempting to log in.","Name":"LocalSecurityOptionsLogOnMessageTitle","Option":"Write"},{"CIMType":"UInt32","Description":"Define maximum minutes of inactivity on the interactive desktops login screen until the screen saver runs. Valid values 0 to 9999","Name":"LocalSecurityOptionsMachineInactivityLimit","Option":"Write"},{"CIMType":"UInt32","Description":"Define maximum minutes of inactivity on the interactive desktops login screen until the screen saver runs. Valid values 0 to 9999","Name":"LocalSecurityOptionsMachineInactivityLimitInMinutes","Option":"Write"},{"CIMType":"String","Description":"This security setting allows a client to require the negotiation of 128-bit encryption and/or NTLMv2 session security. Possible values are: none, requireNtmlV2SessionSecurity, require128BitEncryption, ntlmV2And128BitEncryption.","Name":"LocalSecurityOptionsMinimumSessionSecurityForNtlmSspBasedClients","Option":"Write","ValueMap":["none","requireNtmlV2SessionSecurity","require128BitEncryption","ntlmV2And128BitEncryption"],"Values":["none","requireNtmlV2SessionSecurity","require128BitEncryption","ntlmV2And128BitEncryption"]},{"CIMType":"String","Description":"This security setting allows a server to require the negotiation of 128-bit encryption and/or NTLMv2 session security. Possible values are: none, requireNtmlV2SessionSecurity, require128BitEncryption, ntlmV2And128BitEncryption.","Name":"LocalSecurityOptionsMinimumSessionSecurityForNtlmSspBasedServers","Option":"Write","ValueMap":["none","requireNtmlV2SessionSecurity","require128BitEncryption","ntlmV2And128BitEncryption"],"Values":["none","requireNtmlV2SessionSecurity","require128BitEncryption","ntlmV2And128BitEncryption"]},{"CIMType":"Boolean","Description":"Enforce PKI certification path validation for a given executable file before it is permitted to run.","Name":"LocalSecurityOptionsOnlyElevateSignedExecutables","Option":"Write"},{"CIMType":"Boolean","Description":"By default, this security setting restricts anonymous access to shares and pipes to the settings for named pipes that can be accessed anonymously and Shares that can be accessed anonymously","Name":"LocalSecurityOptionsRestrictAnonymousAccessToNamedPipesAndShares","Option":"Write"},{"CIMType":"String","Description":"This security setting determines what happens when the smart card for a logged-on user is removed from the smart card reader. Possible values are: noAction, lockWorkstation, forceLogoff, disconnectRemoteDesktopSession.","Name":"LocalSecurityOptionsSmartCardRemovalBehavior","Option":"Write","ValueMap":["noAction","lockWorkstation","forceLogoff","disconnectRemoteDesktopSession"],"Values":["noAction","lockWorkstation","forceLogoff","disconnectRemoteDesktopSession"]},{"CIMType":"String","Description":"Define the behavior of the elevation prompt for standard users. Possible values are: notConfigured, automaticallyDenyElevationRequests, promptForCredentialsOnTheSecureDesktop, promptForCredentials.","Name":"LocalSecurityOptionsStandardUserElevationPromptBehavior","Option":"Write","ValueMap":["notConfigured","automaticallyDenyElevationRequests","promptForCredentialsOnTheSecureDesktop","promptForCredentials"],"Values":["notConfigured","automaticallyDenyElevationRequests","promptForCredentialsOnTheSecureDesktop","promptForCredentials"]},{"CIMType":"Boolean","Description":"Enable all elevation requests to go to the interactive user's desktop rather than the secure desktop. Prompt behavior policy settings for admins and standard users are used.","Name":"LocalSecurityOptionsSwitchToSecureDesktopWhenPromptingForElevation","Option":"Write"},{"CIMType":"Boolean","Description":"Defines whether the built-in admin account uses Admin Approval Mode or runs all apps with full admin privileges.Default is enabled","Name":"LocalSecurityOptionsUseAdminApprovalMode","Option":"Write"},{"CIMType":"Boolean","Description":"Define whether Admin Approval Mode and all UAC policy settings are enabled, default is enabled","Name":"LocalSecurityOptionsUseAdminApprovalModeForAdministrators","Option":"Write"},{"CIMType":"Boolean","Description":"Virtualize file and registry write failures to per user locations","Name":"LocalSecurityOptionsVirtualizeFileAndRegistryWriteFailuresToPerUserLocations","Option":"Write"},{"CIMType":"Boolean","Description":"Allows IT Admins to control whether users can can ignore SmartScreen warnings and run malicious files.","Name":"SmartScreenBlockOverrideForFiles","Option":"Write"},{"CIMType":"Boolean","Description":"Allows IT Admins to configure SmartScreen for Windows.","Name":"SmartScreenEnableInShell","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphdeviceManagementUserRightsSetting","Description":"This user right is used by Credential Manager during Backup/Restore. Users' saved credentials might be compromised if this privilege is given to other entities. Only states NotConfigured and Allowed are supported","Name":"UserRightsAccessCredentialManagerAsTrustedCaller","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphdeviceManagementUserRightsSetting","Description":"This user right allows a process to impersonate any user without authentication. The process can therefore gain access to the same local resources as that user. Only states NotConfigured and Allowed are supported","Name":"UserRightsActAsPartOfTheOperatingSystem","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphdeviceManagementUserRightsSetting","Description":"This user right determines which users and groups are allowed to connect to the computer over the network. State Allowed is supported.","Name":"UserRightsAllowAccessFromNetwork","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphdeviceManagementUserRightsSetting","Description":"This user right determines which users can bypass file, directory, registry, and other persistent objects permissions when backing up files and directories. Only states NotConfigured and Allowed are supported","Name":"UserRightsBackupData","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphdeviceManagementUserRightsSetting","Description":"This user right determines which users and groups are block from connecting to the computer over the network. State Block is supported.","Name":"UserRightsBlockAccessFromNetwork","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphdeviceManagementUserRightsSetting","Description":"This user right determines which users and groups can change the time and date on the internal clock of the computer. Only states NotConfigured and Allowed are supported","Name":"UserRightsChangeSystemTime","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphdeviceManagementUserRightsSetting","Description":"This security setting determines whether users can create global objects that are available to all sessions. Users who can create global objects could affect processes that run under other users' sessions, which could lead to application failure or data corruption. Only states NotConfigured and Allowed are supported","Name":"UserRightsCreateGlobalObjects","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphdeviceManagementUserRightsSetting","Description":"This user right determines which users and groups can call an internal API to create and change the size of a page file. Only states NotConfigured and Allowed are supported","Name":"UserRightsCreatePageFile","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphdeviceManagementUserRightsSetting","Description":"This user right determines which accounts can be used by processes to create a directory object using the object manager. Only states NotConfigured and Allowed are supported","Name":"UserRightsCreatePermanentSharedObjects","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphdeviceManagementUserRightsSetting","Description":"This user right determines if the user can create a symbolic link from the computer to which they are logged on. Only states NotConfigured and Allowed are supported","Name":"UserRightsCreateSymbolicLinks","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphdeviceManagementUserRightsSetting","Description":"This user right determines which users/groups can be used by processes to create a token that can then be used to get access to any local resources when the process uses an internal API to create an access token. Only states NotConfigured and Allowed are supported","Name":"UserRightsCreateToken","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphdeviceManagementUserRightsSetting","Description":"This user right determines which users can attach a debugger to any process or to the kernel. Only states NotConfigured and Allowed are supported","Name":"UserRightsDebugPrograms","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphdeviceManagementUserRightsSetting","Description":"This user right determines which users can set the Trusted for Delegation setting on a user or computer object. Only states NotConfigured and Allowed are supported.","Name":"UserRightsDelegation","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphdeviceManagementUserRightsSetting","Description":"This user right determines which users cannot log on to the computer. States NotConfigured, Blocked are supported","Name":"UserRightsDenyLocalLogOn","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphdeviceManagementUserRightsSetting","Description":"This user right determines which accounts can be used by a process to add entries to the security log. The security log is used to trace unauthorized system access.  Only states NotConfigured and Allowed are supported.","Name":"UserRightsGenerateSecurityAudits","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphdeviceManagementUserRightsSetting","Description":"Assigning this user right to a user allows programs running on behalf of that user to impersonate a client. Requiring this user right for this kind of impersonation prevents an unauthorized user from convincing a client to connect to a service that they have created and then impersonating that client, which can elevate the unauthorized user's permissions to administrative or system levels. Only states NotConfigured and Allowed are supported.","Name":"UserRightsImpersonateClient","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphdeviceManagementUserRightsSetting","Description":"This user right determines which accounts can use a process with Write Property access to another process to increase the execution priority assigned to the other process. Only states NotConfigured and Allowed are supported.","Name":"UserRightsIncreaseSchedulingPriority","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphdeviceManagementUserRightsSetting","Description":"This user right determines which users can dynamically load and unload device drivers or other code in to kernel mode. Only states NotConfigured and Allowed are supported.","Name":"UserRightsLoadUnloadDrivers","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphdeviceManagementUserRightsSetting","Description":"This user right determines which users can log on to the computer. States NotConfigured, Allowed are supported","Name":"UserRightsLocalLogOn","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphdeviceManagementUserRightsSetting","Description":"This user right determines which accounts can use a process to keep data in physical memory, which prevents the system from paging the data to virtual memory on disk. Only states NotConfigured and Allowed are supported.","Name":"UserRightsLockMemory","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphdeviceManagementUserRightsSetting","Description":"This user right determines which users can specify object access auditing options for individual resources, such as files, Active Directory objects, and registry keys. Only states NotConfigured and Allowed are supported.","Name":"UserRightsManageAuditingAndSecurityLogs","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphdeviceManagementUserRightsSetting","Description":"This user right determines which users and groups can run maintenance tasks on a volume, such as remote defragmentation. Only states NotConfigured and Allowed are supported.","Name":"UserRightsManageVolumes","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphdeviceManagementUserRightsSetting","Description":"This user right determines who can modify firmware environment values. Only states NotConfigured and Allowed are supported.","Name":"UserRightsModifyFirmwareEnvironment","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphdeviceManagementUserRightsSetting","Description":"This user right determines which user accounts can modify the integrity label of objects, such as files, registry keys, or processes owned by other users. Only states NotConfigured and Allowed are supported.","Name":"UserRightsModifyObjectLabels","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphdeviceManagementUserRightsSetting","Description":"This user right determines which users can use performance monitoring tools to monitor the performance of system processes. Only states NotConfigured and Allowed are supported.","Name":"UserRightsProfileSingleProcess","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphdeviceManagementUserRightsSetting","Description":"This user right determines which users and groups are prohibited from logging on as a Remote Desktop Services client. Only states NotConfigured and Blocked are supported","Name":"UserRightsRemoteDesktopServicesLogOn","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphdeviceManagementUserRightsSetting","Description":"This user right determines which users are allowed to shut down a computer from a remote location on the network. Misuse of this user right can result in a denial of service. Only states NotConfigured and Allowed are supported.","Name":"UserRightsRemoteShutdown","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphdeviceManagementUserRightsSetting","Description":"This user right determines which users can bypass file, directory, registry, and other persistent objects permissions when restoring backed up files and directories, and determines which users can set any valid security principal as the owner of an object. Only states NotConfigured and Allowed are supported.","Name":"UserRightsRestoreData","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphdeviceManagementUserRightsSetting","Description":"This user right determines which users can take ownership of any securable object in the system, including Active Directory objects, files and folders, printers, registry keys, processes, and threads. Only states NotConfigured and Allowed are supported.","Name":"UserRightsTakeOwnership","Option":"Write"},{"CIMType":"String","Description":"Configure windows defender TamperProtection settings. Possible values are: notConfigured, enable, disable.","Name":"WindowsDefenderTamperProtection","Option":"Write","ValueMap":["notConfigured","enable","disable"],"Values":["notConfigured","enable","disable"]},{"CIMType":"String","Description":"This setting determines whether the Accessory management service's start type is Automatic(2), Manual(3), Disabled(4). Default: Manual. Possible values are: manual, automatic, disabled.","Name":"XboxServicesAccessoryManagementServiceStartupMode","Option":"Write","ValueMap":["manual","automatic","disabled"],"Values":["manual","automatic","disabled"]},{"CIMType":"Boolean","Description":"This setting determines whether xbox game save is enabled (1) or disabled (0).","Name":"XboxServicesEnableXboxGameSaveTask","Option":"Write"},{"CIMType":"String","Description":"This setting determines whether Live Auth Manager service's start type is Automatic(2), Manual(3), Disabled(4). Default: Manual. Possible values are: manual, automatic, disabled.","Name":"XboxServicesLiveAuthManagerServiceStartupMode","Option":"Write","ValueMap":["manual","automatic","disabled"],"Values":["manual","automatic","disabled"]},{"CIMType":"String","Description":"This setting determines whether Live Game save service's start type is Automatic(2), Manual(3), Disabled(4). Default: Manual. Possible values are: manual, automatic, disabled.","Name":"XboxServicesLiveGameSaveServiceStartupMode","Option":"Write","ValueMap":["manual","automatic","disabled"],"Values":["manual","automatic","disabled"]},{"CIMType":"String","Description":"This setting determines whether Networking service's start type is Automatic(2), Manual(3), Disabled(4). Default: Manual. Possible values are: manual, automatic, disabled.","Name":"XboxServicesLiveNetworkingServiceStartupMode","Option":"Write","ValueMap":["manual","automatic","disabled"],"Values":["manual","automatic","disabled"]},{"CIMType":"String","Description":"Admin provided description of the Device Configuration.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Admin provided name of the device configuration.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Device Configuration Endpoint Protection Policy for Windows10"},{"ClassName":"MSFT_IntuneDeviceConfigurationFirmwareInterfacePolicyWindows10","Parameters":[{"CIMType":"String","Description":"Defines whether a user is allowed to enable Bluetooth. Possible values are: notConfigured, enabled, disabled.","Name":"Bluetooth","Option":"Write","ValueMap":["notConfigured","enabled","disabled"],"Values":["notConfigured","enabled","disabled"]},{"CIMType":"String","Description":"Defines whether a user is allowed to boot from built-in network adapters. Possible values are: notConfigured, enabled, disabled.","Name":"BootFromBuiltInNetworkAdapters","Option":"Write","ValueMap":["notConfigured","enabled","disabled"],"Values":["notConfigured","enabled","disabled"]},{"CIMType":"String","Description":"Defines whether a user is allowed to boot from external media. Possible values are: notConfigured, enabled, disabled.","Name":"BootFromExternalMedia","Option":"Write","ValueMap":["notConfigured","enabled","disabled"],"Values":["notConfigured","enabled","disabled"]},{"CIMType":"String","Description":"Defines whether built-in cameras are enabled. Possible values are: notConfigured, enabled, disabled.","Name":"Cameras","Option":"Write","ValueMap":["notConfigured","enabled","disabled"],"Values":["notConfigured","enabled","disabled"]},{"CIMType":"String","Description":"Defines the permission level granted to users to change UEFI settings. Possible values are: notConfiguredOnly, none.","Name":"ChangeUefiSettingsPermission","Option":"Write","ValueMap":["notConfiguredOnly","none"],"Values":["notConfiguredOnly","none"]},{"CIMType":"String","Description":"Defines whether a user is allowed to enable Front Camera. Possible values are: notConfigured, enabled, disabled.","Name":"FrontCamera","Option":"Write","ValueMap":["notConfigured","enabled","disabled"],"Values":["notConfigured","enabled","disabled"]},{"CIMType":"String","Description":"Defines whether a user is allowed to enable Infrared camera. Possible values are: notConfigured, enabled, disabled.","Name":"InfraredCamera","Option":"Write","ValueMap":["notConfigured","enabled","disabled"],"Values":["notConfigured","enabled","disabled"]},{"CIMType":"String","Description":"Defines whether a user is allowed to enable Microphone. Possible values are: notConfigured, enabled, disabled.","Name":"Microphone","Option":"Write","ValueMap":["notConfigured","enabled","disabled"],"Values":["notConfigured","enabled","disabled"]},{"CIMType":"String","Description":"Defines whether built-in microphones or speakers are enabled. Possible values are: notConfigured, enabled, disabled.","Name":"MicrophonesAndSpeakers","Option":"Write","ValueMap":["notConfigured","enabled","disabled"],"Values":["notConfigured","enabled","disabled"]},{"CIMType":"String","Description":"Defines whether a user is allowed to enable Near Field Communication. Possible values are: notConfigured, enabled, disabled.","Name":"NearFieldCommunication","Option":"Write","ValueMap":["notConfigured","enabled","disabled"],"Values":["notConfigured","enabled","disabled"]},{"CIMType":"String","Description":"Defines whether built-in radios e.g. WIFI, NFC, Bluetooth, are enabled. Possible values are: notConfigured, enabled, disabled.","Name":"Radios","Option":"Write","ValueMap":["notConfigured","enabled","disabled"],"Values":["notConfigured","enabled","disabled"]},{"CIMType":"String","Description":"Defines whether a user is allowed to enable rear camera. Possible values are: notConfigured, enabled, disabled.","Name":"RearCamera","Option":"Write","ValueMap":["notConfigured","enabled","disabled"],"Values":["notConfigured","enabled","disabled"]},{"CIMType":"String","Description":"Defines whether a user is allowed to enable SD Card Port. Possible values are: notConfigured, enabled, disabled.","Name":"SdCard","Option":"Write","ValueMap":["notConfigured","enabled","disabled"],"Values":["notConfigured","enabled","disabled"]},{"CIMType":"String","Description":"Defines whether a user is allowed to enable Simultaneous MultiThreading. Possible values are: notConfigured, enabled, disabled.","Name":"SimultaneousMultiThreading","Option":"Write","ValueMap":["notConfigured","enabled","disabled"],"Values":["notConfigured","enabled","disabled"]},{"CIMType":"String","Description":"Defines whether a user is allowed to enable USB Type A Port. Possible values are: notConfigured, enabled, disabled.","Name":"UsbTypeAPort","Option":"Write","ValueMap":["notConfigured","enabled","disabled"],"Values":["notConfigured","enabled","disabled"]},{"CIMType":"String","Description":"Defines whether CPU and IO virtualization is enabled. Possible values are: notConfigured, enabled, disabled.","Name":"VirtualizationOfCpuAndIO","Option":"Write","ValueMap":["notConfigured","enabled","disabled"],"Values":["notConfigured","enabled","disabled"]},{"CIMType":"String","Description":"Defines whether a user is allowed to enable Wake on LAN. Possible values are: notConfigured, enabled, disabled.","Name":"WakeOnLAN","Option":"Write","ValueMap":["notConfigured","enabled","disabled"],"Values":["notConfigured","enabled","disabled"]},{"CIMType":"String","Description":"Defines whether a user is allowed to enable Wake On Power. Possible values are: notConfigured, enabled, disabled.","Name":"WakeOnPower","Option":"Write","ValueMap":["notConfigured","enabled","disabled"],"Values":["notConfigured","enabled","disabled"]},{"CIMType":"String","Description":"Defines whether a user is allowed to enable WiFi. Possible values are: notConfigured, enabled, disabled.","Name":"WiFi","Option":"Write","ValueMap":["notConfigured","enabled","disabled"],"Values":["notConfigured","enabled","disabled"]},{"CIMType":"String","Description":"Defines whether a user is allowed to enable Windows Platform Binary Table. Possible values are: notConfigured, enabled, disabled.","Name":"WindowsPlatformBinaryTable","Option":"Write","ValueMap":["notConfigured","enabled","disabled"],"Values":["notConfigured","enabled","disabled"]},{"CIMType":"String","Description":"Defines whether a user is allowed to enable Wireless Wide Area Network. Possible values are: notConfigured, enabled, disabled.","Name":"WirelessWideAreaNetwork","Option":"Write","ValueMap":["notConfigured","enabled","disabled"],"Values":["notConfigured","enabled","disabled"]},{"CIMType":"String","Description":"Admin provided description of the Device Configuration.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Admin provided name of the device configuration.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Device Configuration Firmware Interface Policy for Windows10"},{"ClassName":"MSFT_IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10","Parameters":[{"CIMType":"String","Description":"Enables device health monitoring on the device. Possible values are: notConfigured, enabled, disabled.","Name":"AllowDeviceHealthMonitoring","Option":"Write","ValueMap":["notConfigured","enabled","disabled"],"Values":["notConfigured","enabled","disabled"]},{"CIMType":"String","Description":"Specifies custom set of events collected from the device where health monitoring is enabled","Name":"ConfigDeviceHealthMonitoringCustomScope","Option":"Write"},{"CIMType":"String[]","Description":"Specifies set of events collected from the device where health monitoring is enabled. Possible values are: undefined, healthMonitoring, bootPerformance, windowsUpdates, privilegeManagement.","Name":"ConfigDeviceHealthMonitoringScope","Option":"Write","ValueMap":["undefined","healthMonitoring","bootPerformance","windowsUpdates","privilegeManagement"],"Values":["undefined","healthMonitoring","bootPerformance","windowsUpdates","privilegeManagement"]},{"CIMType":"String","Description":"Admin provided description of the Device Configuration.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Admin provided name of the device configuration.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Device Configuration Health Monitoring Configuration Policy for Windows10"},{"ClassName":"MSFT_IntuneDeviceConfigurationIdentityProtectionPolicyWindows10","Parameters":[{"CIMType":"Boolean","Description":"Boolean value used to enable enhanced anti-spoofing for facial feature recognition on Windows Hello face authentication.","Name":"EnhancedAntiSpoofingForFacialFeaturesEnabled","Option":"Write"},{"CIMType":"UInt32","Description":"Integer value specifies the period (in days) that a PIN can be used before the system requires the user to change it. Valid values are 0 to 730 inclusive. Valid values 0 to 730","Name":"PinExpirationInDays","Option":"Write"},{"CIMType":"String","Description":"This value configures the use of lowercase characters in the Windows Hello for Business PIN. Possible values are: blocked, required, allowed, notConfigured.","Name":"PinLowercaseCharactersUsage","Option":"Write","ValueMap":["blocked","required","allowed","notConfigured"],"Values":["blocked","required","allowed","notConfigured"]},{"CIMType":"UInt32","Description":"Integer value that sets the maximum number of characters allowed for the work PIN. Valid values are 4 to 127 inclusive and greater than or equal to the value set for the minimum PIN. Valid values 4 to 127","Name":"PinMaximumLength","Option":"Write"},{"CIMType":"UInt32","Description":"Integer value that sets the minimum number of characters required for the Windows Hello for Business PIN. Valid values are 4 to 127 inclusive and less than or equal to the value set for the maximum PIN. Valid values 4 to 127","Name":"PinMinimumLength","Option":"Write"},{"CIMType":"UInt32","Description":"Controls the ability to prevent users from using past PINs. This must be set between 0 and 50, inclusive, and the current PIN of the user is included in that count. If set to 0, previous PINs are not stored. PIN history is not preserved through a PIN reset. Valid values 0 to 50","Name":"PinPreviousBlockCount","Option":"Write"},{"CIMType":"Boolean","Description":"Boolean value that enables a user to change their PIN by using the Windows Hello for Business PIN recovery service.","Name":"PinRecoveryEnabled","Option":"Write"},{"CIMType":"String","Description":"Controls the ability to use special characters in the Windows Hello for Business PIN. Possible values are: blocked, required, allowed, notConfigured.","Name":"PinSpecialCharactersUsage","Option":"Write","ValueMap":["blocked","required","allowed","notConfigured"],"Values":["blocked","required","allowed","notConfigured"]},{"CIMType":"String","Description":"This value configures the use of uppercase characters in the Windows Hello for Business PIN. Possible values are: blocked, required, allowed, notConfigured.","Name":"PinUppercaseCharactersUsage","Option":"Write","ValueMap":["blocked","required","allowed","notConfigured"],"Values":["blocked","required","allowed","notConfigured"]},{"CIMType":"Boolean","Description":"Controls whether to require a Trusted Platform Module (TPM) for provisioning Windows Hello for Business. A TPM provides an additional security benefit in that data stored on it cannot be used on other devices. If set to False, all devices can provision Windows Hello for Business even if there is not a usable TPM.","Name":"SecurityDeviceRequired","Option":"Write"},{"CIMType":"Boolean","Description":"Controls the use of biometric gestures, such as face and fingerprint, as an alternative to the Windows Hello for Business PIN.  If set to False, biometric gestures are not allowed. Users must still configure a PIN as a backup in case of failures.","Name":"UnlockWithBiometricsEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"Boolean value that enables Windows Hello for Business to use certificates to authenticate on-premise resources.","Name":"UseCertificatesForOnPremisesAuthEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"Boolean value used to enable the Windows Hello security key as a logon credential.","Name":"UseSecurityKeyForSignin","Option":"Write"},{"CIMType":"Boolean","Description":"Boolean value that blocks Windows Hello for Business as a method for signing into Windows.","Name":"WindowsHelloForBusinessBlocked","Option":"Write"},{"CIMType":"String","Description":"Admin provided description of the Device Configuration.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Admin provided name of the device configuration.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Device Configuration Identity Protection Policy for Windows10"},{"ClassName":"MSFT_IntuneDeviceConfigurationImportedPfxCertificatePolicyWindows10","Parameters":[{"CIMType":"String","Description":"Intended Purpose of the Certificate Profile - which could be Unassigned, SmimeEncryption, SmimeSigning etc. Possible values are: unassigned, smimeEncryption, smimeSigning, vpn, wifi.","Name":"IntendedPurpose","Option":"Write","ValueMap":["unassigned","smimeEncryption","smimeSigning","vpn","wifi"],"Values":["unassigned","smimeEncryption","smimeSigning","vpn","wifi"]},{"CIMType":"String","Description":"Scale for the Certificate Validity Period. Possible values are: days, months, years.","Name":"CertificateValidityPeriodScale","Option":"Write","ValueMap":["days","months","years"],"Values":["days","months","years"]},{"CIMType":"UInt32","Description":"Value for the Certificate Validity Period","Name":"CertificateValidityPeriodValue","Option":"Write"},{"CIMType":"String","Description":"Key Storage Provider (KSP). Possible values are: useTpmKspOtherwiseUseSoftwareKsp, useTpmKspOtherwiseFail, usePassportForWorkKspOtherwiseFail, useSoftwareKsp.","Name":"KeyStorageProvider","Option":"Write","ValueMap":["useTpmKspOtherwiseUseSoftwareKsp","useTpmKspOtherwiseFail","usePassportForWorkKspOtherwiseFail","useSoftwareKsp"],"Values":["useTpmKspOtherwiseUseSoftwareKsp","useTpmKspOtherwiseFail","usePassportForWorkKspOtherwiseFail","useSoftwareKsp"]},{"CIMType":"UInt32","Description":"Certificate renewal threshold percentage. Valid values 1 to 99","Name":"RenewalThresholdPercentage","Option":"Write"},{"CIMType":"String","Description":"Certificate Subject Alternative Name Type. Possible values are: none, emailAddress, userPrincipalName, customAzureADAttribute, domainNameService, universalResourceIdentifier.","Name":"SubjectAlternativeNameType","Option":"Write","ValueMap":["none","emailAddress","userPrincipalName","customAzureADAttribute","domainNameService","universalResourceIdentifier"],"Values":["none","emailAddress","userPrincipalName","customAzureADAttribute","domainNameService","universalResourceIdentifier"]},{"CIMType":"String","Description":"Certificate Subject Name Format. Possible values are: commonName, commonNameIncludingEmail, commonNameAsEmail, custom, commonNameAsIMEI, commonNameAsSerialNumber, commonNameAsAadDeviceId, commonNameAsIntuneDeviceId, commonNameAsDurableDeviceId.","Name":"SubjectNameFormat","Option":"Write","ValueMap":["commonName","commonNameIncludingEmail","commonNameAsEmail","custom","commonNameAsIMEI","commonNameAsSerialNumber","commonNameAsAadDeviceId","commonNameAsIntuneDeviceId","commonNameAsDurableDeviceId"],"Values":["commonName","commonNameIncludingEmail","commonNameAsEmail","custom","commonNameAsIMEI","commonNameAsSerialNumber","commonNameAsAadDeviceId","commonNameAsIntuneDeviceId","commonNameAsDurableDeviceId"]},{"CIMType":"String","Description":"Admin provided description of the Device Configuration.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Admin provided name of the device configuration.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Device Configuration Imported Pfx Certificate Policy for Windows10"},{"ClassName":"MSFT_MicrosoftGraphWindowsKioskProfile","Parameters":[{"CIMType":"MSFT_MicrosoftGraphWindowsKioskAppConfiguration","Description":"The App configuration that will be used for this kiosk configuration.","Name":"AppConfiguration","Option":"Write"},{"CIMType":"String","Description":"This is a friendly name used to identify a group of applications, the layout of these apps on the start menu and the users to whom this kiosk configuration is assigned.","Name":"ProfileName","Option":"Key"},{"CIMType":"MSFT_MicrosoftGraphWindowsKioskUser[]","Description":"The user accounts that will be locked to this kiosk configuration. This collection can contain a maximum of 100 elements.","Name":"UserAccountsConfiguration","Option":"Write"}],"Description":"Intune Device Configuration Kiosk Policy for Windows10"},{"ClassName":"MSFT_MicrosoftGraphWindowsKioskAppConfiguration","Parameters":[{"CIMType":"Boolean","Description":"This setting allows access to Downloads folder in file explorer.","Name":"AllowAccessToDownloadsFolder","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphWindowsKioskAppBase[]","Description":"These are the only Windows Store Apps that will be available to launch from the Start menu. This collection can contain a maximum of 128 elements.","Name":"Apps","Option":"Write"},{"CIMType":"Boolean","Description":"This setting indicates that desktop apps are allowed. Default to true.","Name":"DisallowDesktopApps","Option":"Write"},{"CIMType":"Boolean","Description":"This setting allows the admin to specify whether the Task Bar is shown or not.","Name":"ShowTaskBar","Option":"Write"},{"CIMType":"String","Description":"Allows admins to override the default Start layout and prevents the user from changing it.The layout is modified by specifying an XML file based on a layout modification schema. XML needs to be in Binary format.","Name":"StartMenuLayoutXml","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphWindowsKioskUWPApp","Description":"This is the only Application User Model ID (AUMID) that will be available to launch use while in Kiosk Mode","Name":"UwpApp","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphWindowsKioskWin32App","Description":"This is the win32 app that will be available to launch use while in Kiosk Mode","Name":"Win32App","Option":"Write"},{"CIMType":"String","Description":"The type of the entity.","Name":"odataType","Option":"Write","ValueMap":["#microsoft.graph.windowsKioskMultipleApps","#microsoft.graph.windowsKioskSingleUWPApp","#microsoft.graph.windowsKioskSingleWin32App"],"Values":["#microsoft.graph.windowsKioskMultipleApps","#microsoft.graph.windowsKioskSingleUWPApp","#microsoft.graph.windowsKioskSingleWin32App"]}],"Description":"Intune Device Configuration Kiosk Policy for Windows10"},{"ClassName":"MSFT_MicrosoftGraphWindowsKioskAppBase","Parameters":[{"CIMType":"String","Description":"The app type. Possible values are: unknown, store, desktop, aumId.","Name":"AppType","Option":"Required","ValueMap":["unknown","store","desktop","aumId"],"Values":["unknown","store","desktop","aumId"]},{"CIMType":"Boolean","Description":"Allow the app to be auto-launched in multi-app kiosk mode","Name":"AutoLaunch","Option":"Write"},{"CIMType":"String","Description":"Represents the friendly name of an app","Name":"Name","Option":"Write"},{"CIMType":"String","Description":"The app tile size for the start layout. Possible values are: hidden, small, medium, wide, large.","Name":"StartLayoutTileSize","Option":"Write","ValueMap":["hidden","small","medium","wide","large"],"Values":["hidden","small","medium","wide","large"]},{"CIMType":"String","Description":"Define the DesktopApplicationID of the app","Name":"DesktopApplicationId","Option":"Write"},{"CIMType":"String","Description":"Define the DesktopApplicationLinkPath of the app","Name":"DesktopApplicationLinkPath","Option":"Write"},{"CIMType":"String","Description":"Define the path of a desktop app","Name":"Path","Option":"Write"},{"CIMType":"String","Description":"This references an Intune App that will be target to the same assignments as Kiosk configuration","Name":"AppId","Option":"Write"},{"CIMType":"String","Description":"This is the only Application User Model ID (AUMID) that will be available to launch use while in Kiosk Mode","Name":"AppUserModelId","Option":"Write"},{"CIMType":"String","Description":"This references an contained App from an Intune App","Name":"ContainedAppId","Option":"Write"},{"CIMType":"String","Description":"This is the classicapppath to be used by v4 Win32 app while in Kiosk Mode","Name":"ClassicAppPath","Option":"Write"},{"CIMType":"String","Description":"Edge kiosk (url) for Edge kiosk mode","Name":"EdgeKiosk","Option":"Write"},{"CIMType":"UInt32","Description":"Edge kiosk idle timeout in minutes for Edge kiosk mode. Valid values 0 to 1440","Name":"EdgeKioskIdleTimeoutMinutes","Option":"Write"},{"CIMType":"String","Description":"Edge kiosk type for Edge kiosk mode. Possible values are: publicBrowsing, fullScreen.","Name":"EdgeKioskType","Option":"Write","ValueMap":["publicBrowsing","fullScreen"],"Values":["publicBrowsing","fullScreen"]},{"CIMType":"Boolean","Description":"Edge first run flag for Edge kiosk mode","Name":"EdgeNoFirstRun","Option":"Write"},{"CIMType":"String","Description":"The type of the entity.","Name":"odataType","Option":"Required","ValueMap":["#microsoft.graph.windowsKioskDesktopApp","#microsoft.graph.windowsKioskUWPApp","#microsoft.graph.windowsKioskWin32App"],"Values":["#microsoft.graph.windowsKioskDesktopApp","#microsoft.graph.windowsKioskUWPApp","#microsoft.graph.windowsKioskWin32App"]}],"Description":"Intune Device Configuration Kiosk Policy for Windows10"},{"ClassName":"MSFT_MicrosoftGraphWindowsKioskUWPApp","Parameters":[{"CIMType":"String","Description":"This references an Intune App that will be target to the same assignments as Kiosk configuration","Name":"AppId","Option":"Write"},{"CIMType":"String","Description":"This is the only Application User Model ID (AUMID) that will be available to launch use while in Kiosk Mode","Name":"AppUserModelId","Option":"Write"},{"CIMType":"String","Description":"This references an contained App from an Intune App","Name":"ContainedAppId","Option":"Write"},{"CIMType":"String","Description":"The app type. Possible values are: unknown, store, desktop, aumId.","Name":"AppType","Option":"Write","ValueMap":["unknown","store","desktop","aumId"],"Values":["unknown","store","desktop","aumId"]},{"CIMType":"Boolean","Description":"Allow the app to be auto-launched in multi-app kiosk mode","Name":"AutoLaunch","Option":"Write"},{"CIMType":"String","Description":"Represents the friendly name of an app","Name":"Name","Option":"Write"},{"CIMType":"String","Description":"The app tile size for the start layout. Possible values are: hidden, small, medium, wide, large.","Name":"StartLayoutTileSize","Option":"Write","ValueMap":["hidden","small","medium","wide","large"],"Values":["hidden","small","medium","wide","large"]},{"CIMType":"String","Description":"Define the DesktopApplicationID of the app","Name":"DesktopApplicationId","Option":"Write"},{"CIMType":"String","Description":"Define the DesktopApplicationLinkPath of the app","Name":"DesktopApplicationLinkPath","Option":"Write"},{"CIMType":"String","Description":"Define the path of a desktop app","Name":"Path","Option":"Write"},{"CIMType":"String","Description":"This is the classicapppath to be used by v4 Win32 app while in Kiosk Mode","Name":"ClassicAppPath","Option":"Write"},{"CIMType":"String","Description":"Edge kiosk (url) for Edge kiosk mode","Name":"EdgeKiosk","Option":"Write"},{"CIMType":"UInt32","Description":"Edge kiosk idle timeout in minutes for Edge kiosk mode. Valid values 0 to 1440","Name":"EdgeKioskIdleTimeoutMinutes","Option":"Write"},{"CIMType":"String","Description":"Edge kiosk type for Edge kiosk mode. Possible values are: publicBrowsing, fullScreen.","Name":"EdgeKioskType","Option":"Write","ValueMap":["publicBrowsing","fullScreen"],"Values":["publicBrowsing","fullScreen"]},{"CIMType":"Boolean","Description":"Edge first run flag for Edge kiosk mode","Name":"EdgeNoFirstRun","Option":"Write"},{"CIMType":"String","Description":"The type of the entity.","Name":"odataType","Option":"Required","ValueMap":["#microsoft.graph.windowsKioskDesktopApp","#microsoft.graph.windowsKioskUWPApp","#microsoft.graph.windowsKioskWin32App"],"Values":["#microsoft.graph.windowsKioskDesktopApp","#microsoft.graph.windowsKioskUWPApp","#microsoft.graph.windowsKioskWin32App"]}],"Description":"Intune Device Configuration Kiosk Policy for Windows10"},{"ClassName":"MSFT_MicrosoftGraphWindowsKioskWin32App","Parameters":[{"CIMType":"String","Description":"This is the classicapppath to be used by v4 Win32 app while in Kiosk Mode","Name":"ClassicAppPath","Option":"Write"},{"CIMType":"String","Description":"Edge kiosk (url) for Edge kiosk mode","Name":"EdgeKiosk","Option":"Write"},{"CIMType":"UInt32","Description":"Edge kiosk idle timeout in minutes for Edge kiosk mode. Valid values 0 to 1440","Name":"EdgeKioskIdleTimeoutMinutes","Option":"Write"},{"CIMType":"String","Description":"Edge kiosk type for Edge kiosk mode. Possible values are: publicBrowsing, fullScreen.","Name":"EdgeKioskType","Option":"Write","ValueMap":["publicBrowsing","fullScreen"],"Values":["publicBrowsing","fullScreen"]},{"CIMType":"Boolean","Description":"Edge first run flag for Edge kiosk mode","Name":"EdgeNoFirstRun","Option":"Write"},{"CIMType":"String","Description":"The app type. Possible values are: unknown, store, desktop, aumId.","Name":"AppType","Option":"Write","ValueMap":["unknown","store","desktop","aumId"],"Values":["unknown","store","desktop","aumId"]},{"CIMType":"Boolean","Description":"Allow the app to be auto-launched in multi-app kiosk mode","Name":"AutoLaunch","Option":"Write"},{"CIMType":"String","Description":"Represents the friendly name of an app","Name":"Name","Option":"Write"},{"CIMType":"String","Description":"The app tile size for the start layout. Possible values are: hidden, small, medium, wide, large.","Name":"StartLayoutTileSize","Option":"Write","ValueMap":["hidden","small","medium","wide","large"],"Values":["hidden","small","medium","wide","large"]},{"CIMType":"String","Description":"Define the DesktopApplicationID of the app","Name":"DesktopApplicationId","Option":"Write"},{"CIMType":"String","Description":"Define the DesktopApplicationLinkPath of the app","Name":"DesktopApplicationLinkPath","Option":"Write"},{"CIMType":"String","Description":"Define the path of a desktop app","Name":"Path","Option":"Write"},{"CIMType":"String","Description":"This references an Intune App that will be target to the same assignments as Kiosk configuration","Name":"AppId","Option":"Write"},{"CIMType":"String","Description":"This is the only Application User Model ID (AUMID) that will be available to launch use while in Kiosk Mode","Name":"AppUserModelId","Option":"Write"},{"CIMType":"String","Description":"This references an contained App from an Intune App","Name":"ContainedAppId","Option":"Write"},{"CIMType":"String","Description":"The type of the entity.","Name":"odataType","Option":"Required","ValueMap":["#microsoft.graph.windowsKioskDesktopApp","#microsoft.graph.windowsKioskUWPApp","#microsoft.graph.windowsKioskWin32App"],"Values":["#microsoft.graph.windowsKioskDesktopApp","#microsoft.graph.windowsKioskUWPApp","#microsoft.graph.windowsKioskWin32App"]}],"Description":"Intune Device Configuration Kiosk Policy for Windows10"},{"ClassName":"MSFT_MicrosoftGraphWindowsKioskUser","Parameters":[{"CIMType":"String","Description":"The name of the AD group that will be locked to this kiosk configuration","Name":"GroupName","Option":"Write"},{"CIMType":"String","Description":"The display name of the AzureAD group that will be locked to this kiosk configuration","Name":"DisplayName","Option":"Write"},{"CIMType":"String","Description":"The ID of the AzureAD group that will be locked to this kiosk configuration","Name":"GroupId","Option":"Write"},{"CIMType":"String","Description":"The ID of the AzureAD user that will be locked to this kiosk configuration","Name":"UserId","Option":"Write"},{"CIMType":"String","Description":"The user accounts that will be locked to this kiosk configuration","Name":"UserPrincipalName","Option":"Write"},{"CIMType":"String","Description":"The local user that will be locked to this kiosk configuration","Name":"UserName","Option":"Write"},{"CIMType":"String","Description":"The type of the entity.","Name":"odataType","Option":"Required","ValueMap":["#microsoft.graph.windowsKioskActiveDirectoryGroup","#microsoft.graph.windowsKioskAutologon","#microsoft.graph.windowsKioskAzureADGroup","#microsoft.graph.windowsKioskAzureADUser","#microsoft.graph.windowsKioskLocalGroup","#microsoft.graph.windowsKioskLocalUser","#microsoft.graph.windowsKioskVisitor"],"Values":["#microsoft.graph.windowsKioskActiveDirectoryGroup","#microsoft.graph.windowsKioskAutologon","#microsoft.graph.windowsKioskAzureADGroup","#microsoft.graph.windowsKioskAzureADUser","#microsoft.graph.windowsKioskLocalGroup","#microsoft.graph.windowsKioskLocalUser","#microsoft.graph.windowsKioskVisitor"]}],"Description":"Intune Device Configuration Kiosk Policy for Windows10"},{"ClassName":"MSFT_MicrosoftGraphWindowsKioskForceUpdateSchedule","Parameters":[{"CIMType":"UInt32","Description":"Day of month. Valid values 1 to 31","Name":"DayofMonth","Option":"Write"},{"CIMType":"String","Description":"Day of week. Possible values are: sunday, monday, tuesday, wednesday, thursday, friday, saturday.","Name":"DayofWeek","Option":"Write","ValueMap":["sunday","monday","tuesday","wednesday","thursday","friday","saturday"],"Values":["sunday","monday","tuesday","wednesday","thursday","friday","saturday"]},{"CIMType":"String","Description":"Recurrence schedule. Possible values are: none, daily, weekly, monthly.","Name":"Recurrence","Option":"Write","ValueMap":["none","daily","weekly","monthly"],"Values":["none","daily","weekly","monthly"]},{"CIMType":"Boolean","Description":"If true, runs the task immediately if StartDateTime is in the past, else, runs at the next recurrence.","Name":"RunImmediatelyIfAfterStartDateTime","Option":"Write"},{"CIMType":"String","Description":"The start time for the force restart.","Name":"StartDateTime","Option":"Write"}],"Description":"Intune Device Configuration Kiosk Policy for Windows10"},{"ClassName":"MSFT_IntuneDeviceConfigurationKioskPolicyWindows10","Parameters":[{"CIMType":"Boolean","Description":"Enable public browsing kiosk mode for the Microsoft Edge browser. The Default is false.","Name":"EdgeKioskEnablePublicBrowsing","Option":"Write"},{"CIMType":"String[]","Description":"Specify URLs that the kiosk browser is allowed to navigate to","Name":"KioskBrowserBlockedUrlExceptions","Option":"Write"},{"CIMType":"String[]","Description":"Specify URLs that the kiosk browsers should not navigate to","Name":"KioskBrowserBlockedURLs","Option":"Write"},{"CIMType":"String","Description":"Specify the default URL the browser should navigate to on launch.","Name":"KioskBrowserDefaultUrl","Option":"Write"},{"CIMType":"Boolean","Description":"Enable the kiosk browser's end session button. By default, the end session button is disabled.","Name":"KioskBrowserEnableEndSessionButton","Option":"Write"},{"CIMType":"Boolean","Description":"Enable the kiosk browser's home button. By default, the home button is disabled.","Name":"KioskBrowserEnableHomeButton","Option":"Write"},{"CIMType":"Boolean","Description":"Enable the kiosk browser's navigation buttons(forward/back). By default, the navigation buttons are disabled.","Name":"KioskBrowserEnableNavigationButtons","Option":"Write"},{"CIMType":"UInt32","Description":"Specify the number of minutes the session is idle until the kiosk browser restarts in a fresh state.  Valid values are 1-1440. Valid values 1 to 1440","Name":"KioskBrowserRestartOnIdleTimeInMinutes","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphwindowsKioskProfile[]","Description":"This policy setting allows to define a list of Kiosk profiles for a Kiosk configuration. This collection can contain a maximum of 3 elements.","Name":"KioskProfiles","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphwindowsKioskForceUpdateSchedule","Description":"force update schedule for Kiosk devices.","Name":"WindowsKioskForceUpdateSchedule","Option":"Write"},{"CIMType":"String","Description":"Admin provided description of the Device Configuration.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Admin provided name of the device configuration.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Device Configuration Kiosk Policy for Windows10"},{"ClassName":"MSFT_MicrosoftGraphWindowsNetworkIsolationPolicy","Parameters":[{"CIMType":"MSFT_MicrosoftGraphProxiedDomain1[]","Description":"Contains a list of enterprise resource domains hosted in the cloud that need to be protected. Connections to these resources are considered enterprise data. If a proxy is paired with a cloud resource, traffic to the cloud resource will be routed through the enterprise network via the denoted proxy server (on Port 80). A proxy server used for this purpose must also be configured using the EnterpriseInternalProxyServers policy. This collection can contain a maximum of 500 elements.","Name":"EnterpriseCloudResources","Option":"Write"},{"CIMType":"String[]","Description":"This is the comma-separated list of internal proxy servers. For example, '157.54.14.28, 157.54.11.118, 10.202.14.167, 157.53.14.163, 157.69.210.59'. These proxies have been configured by the admin to connect to specific resources on the Internet. They are considered to be enterprise network locations. The proxies are only leveraged in configuring the EnterpriseCloudResources policy to force traffic to the matched cloud resources through these proxies.","Name":"EnterpriseInternalProxyServers","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphIpRange1[]","Description":"Sets the enterprise IP ranges that define the computers in the enterprise network. Data that comes from those computers will be considered part of the enterprise and protected. These locations will be considered a safe destination for enterprise data to be shared to. This collection can contain a maximum of 500 elements.","Name":"EnterpriseIPRanges","Option":"Write"},{"CIMType":"Boolean","Description":"Boolean value that tells the client to accept the configured list and not to use heuristics to attempt to find other subnets. Default is false.","Name":"EnterpriseIPRangesAreAuthoritative","Option":"Write"},{"CIMType":"String[]","Description":"This is the list of domains that comprise the boundaries of the enterprise. Data from one of these domains that is sent to a device will be considered enterprise data and protected. These locations will be considered a safe destination for enterprise data to be shared to.","Name":"EnterpriseNetworkDomainNames","Option":"Write"},{"CIMType":"String[]","Description":"This is a list of proxy servers. Any server not on this list is considered non-enterprise.","Name":"EnterpriseProxyServers","Option":"Write"},{"CIMType":"Boolean","Description":"Boolean value that tells the client to accept the configured list of proxies and not try to detect other work proxies. Default is false","Name":"EnterpriseProxyServersAreAuthoritative","Option":"Write"},{"CIMType":"String[]","Description":"List of domain names that can used for work or personal resource.","Name":"NeutralDomainResources","Option":"Write"}],"Description":"Intune Device Configuration Network Boundary Policy for Windows10"},{"ClassName":"MSFT_MicrosoftGraphProxiedDomain1","Parameters":[{"CIMType":"String","Description":"The IP address or FQDN","Name":"IpAddressOrFQDN","Option":"Key"},{"CIMType":"String","Description":"Proxy IP or FQDN","Name":"Proxy","Option":"Write"}],"Description":"Intune Device Configuration Network Boundary Policy for Windows10"},{"ClassName":"MSFT_MicrosoftGraphIpRange1","Parameters":[{"CIMType":"String","Description":"Lower address.","Name":"LowerAddress","Option":"Key"},{"CIMType":"String","Description":"Upper address.","Name":"UpperAddress","Option":"Key"},{"CIMType":"String","Description":"The type of the entity.","Name":"odataType","Option":"Key","ValueMap":["#microsoft.graph.iPv4Range","#microsoft.graph.iPv6Range"],"Values":["#microsoft.graph.iPv4Range","#microsoft.graph.iPv6Range"]}],"Description":"Intune Device Configuration Network Boundary Policy for Windows10"},{"ClassName":"MSFT_IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10","Parameters":[{"CIMType":"MSFT_MicrosoftGraphwindowsNetworkIsolationPolicy","Description":"Windows Network Isolation Policy","Name":"WindowsNetworkIsolationPolicy","Option":"Write"},{"CIMType":"String","Description":"Admin provided description of the Device Configuration.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Admin provided name of the device configuration.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Device Configuration Network Boundary Policy for Windows10"},{"ClassName":"MSFT_MicrosoftGraphCustomSubjectAlternativeName","Parameters":[{"CIMType":"String","Description":"Custom SAN Name","Name":"Name","Option":"Key"},{"CIMType":"String","Description":"Custom SAN Type. Possible values are: none, emailAddress, userPrincipalName, customAzureADAttribute, domainNameService, universalResourceIdentifier.","Name":"SanType","Option":"Key","ValueMap":["none","emailAddress","userPrincipalName","customAzureADAttribute","domainNameService","universalResourceIdentifier"],"Values":["none","emailAddress","userPrincipalName","customAzureADAttribute","domainNameService","universalResourceIdentifier"]}],"Description":"Intune Device Configuration Pkcs Certificate Policy for Windows10"},{"ClassName":"MSFT_MicrosoftGraphExtendedKeyUsage","Parameters":[{"CIMType":"String","Description":"Extended Key Usage Name","Name":"Name","Option":"Key"},{"CIMType":"String","Description":"Extended Key Usage Object Identifier","Name":"ObjectIdentifier","Option":"Key"}],"Description":"Intune Device Configuration Pkcs Certificate Policy for Windows10"},{"ClassName":"MSFT_IntuneDeviceConfigurationPkcsCertificatePolicyWindows10","Parameters":[{"CIMType":"String","Description":"Target store certificate. Possible values are: user, machine.","Name":"CertificateStore","Option":"Write","ValueMap":["user","machine"],"Values":["user","machine"]},{"CIMType":"String","Description":"PKCS Certificate Template Name","Name":"CertificateTemplateName","Option":"Write"},{"CIMType":"String","Description":"PKCS Certification Authority","Name":"CertificationAuthority","Option":"Write"},{"CIMType":"String","Description":"PKCS Certification Authority Name","Name":"CertificationAuthorityName","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphcustomSubjectAlternativeName[]","Description":"Custom Subject Alternative Name Settings. This collection can contain a maximum of 500 elements.","Name":"CustomSubjectAlternativeNames","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphextendedKeyUsage[]","Description":"Extended Key Usage (EKU) settings. This collection can contain a maximum of 500 elements.","Name":"ExtendedKeyUsages","Option":"Write"},{"CIMType":"String","Description":"Custom String that defines the AAD Attribute.","Name":"SubjectAlternativeNameFormatString","Option":"Write"},{"CIMType":"String","Description":"Custom format to use with SubjectNameFormat = Custom. Example: {{CN=EmailAddress,E=EmailAddress}},OU=Enterprise Users,O=Contoso Corporation,L=Redmond,ST=WA,C=US","Name":"SubjectNameFormatString","Option":"Write"},{"CIMType":"String","Description":"Scale for the Certificate Validity Period. Possible values are: days, months, years.","Name":"CertificateValidityPeriodScale","Option":"Write","ValueMap":["days","months","years"],"Values":["days","months","years"]},{"CIMType":"UInt32","Description":"Value for the Certificate Validity Period","Name":"CertificateValidityPeriodValue","Option":"Write"},{"CIMType":"String","Description":"Key Storage Provider (KSP). Possible values are: useTpmKspOtherwiseUseSoftwareKsp, useTpmKspOtherwiseFail, usePassportForWorkKspOtherwiseFail, useSoftwareKsp.","Name":"KeyStorageProvider","Option":"Write","ValueMap":["useTpmKspOtherwiseUseSoftwareKsp","useTpmKspOtherwiseFail","usePassportForWorkKspOtherwiseFail","useSoftwareKsp"],"Values":["useTpmKspOtherwiseUseSoftwareKsp","useTpmKspOtherwiseFail","usePassportForWorkKspOtherwiseFail","useSoftwareKsp"]},{"CIMType":"UInt32","Description":"Certificate renewal threshold percentage. Valid values 1 to 99","Name":"RenewalThresholdPercentage","Option":"Write"},{"CIMType":"String","Description":"Certificate Subject Alternative Name Type. Possible values are: none, emailAddress, userPrincipalName, customAzureADAttribute, domainNameService, universalResourceIdentifier.","Name":"SubjectAlternativeNameType","Option":"Write","ValueMap":["none","emailAddress","userPrincipalName","customAzureADAttribute","domainNameService","universalResourceIdentifier"],"Values":["none","emailAddress","userPrincipalName","customAzureADAttribute","domainNameService","universalResourceIdentifier"]},{"CIMType":"String","Description":"Certificate Subject Name Format. Possible values are: commonName, commonNameIncludingEmail, commonNameAsEmail, custom, commonNameAsIMEI, commonNameAsSerialNumber, commonNameAsAadDeviceId, commonNameAsIntuneDeviceId, commonNameAsDurableDeviceId.","Name":"SubjectNameFormat","Option":"Write","ValueMap":["commonName","commonNameIncludingEmail","commonNameAsEmail","custom","commonNameAsIMEI","commonNameAsSerialNumber","commonNameAsAadDeviceId","commonNameAsIntuneDeviceId","commonNameAsDurableDeviceId"],"Values":["commonName","commonNameIncludingEmail","commonNameAsEmail","custom","commonNameAsIMEI","commonNameAsSerialNumber","commonNameAsAadDeviceId","commonNameAsIntuneDeviceId","commonNameAsDurableDeviceId"]},{"CIMType":"String","Description":"Admin provided description of the Device Configuration.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Admin provided name of the device configuration.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Device Configuration Pkcs Certificate Policy for Windows10"},{"ClassName":"MSFT_IntuneDeviceConfigurationPlatformScriptLinux","Parameters":[{"CIMType":"String","Description":"Policy description","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Policy name","Name":"DisplayName","Option":"Key"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"Execution context (root: Root, user: User)","Name":"CustomConfigExecutionContext","Option":"Write","ValueMap":["root","user"],"Values":["root","user"]},{"CIMType":"SInt32","Description":"Execution frequency (15: Every 15 minutes, 30: Every 30 minutes, 60: Every 1 hour, 120: Every 2 hours, 180: Every 3 hours, 360: Every 6 hours, 720: Every 12 hours, 1440: Every 1 day, 10080: Every 1 week)","Name":"CustomConfigExecutionFrequency","Option":"Write","ValueMap":[15,30,60,120,180,360,720,1440,10080],"Values":[15,30,60,120,180,360,720,1440,10080]},{"CIMType":"SInt32","Description":"Execution retries (0: No retries, 1: 1 time, 2: 2 times, 3: 3 times)","Name":"CustomConfigExecutionRetries","Option":"Write","ValueMap":[0,1,2,3],"Values":[0,1,2,3]},{"CIMType":"String","Description":"Execution Script","Name":"CustomConfig_Script","Option":"Write"},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Device Configuration Platform Script for Linux"},{"ClassName":"MSFT_IntuneDeviceConfigurationPlatformScriptMacOS","Parameters":[{"CIMType":"Boolean","Description":"Does not notify the user a script is being executed","Name":"BlockExecutionNotifications","Option":"Write"},{"CIMType":"String","Description":"Optional description for the device management script.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Name of the device management script.","Name":"DisplayName","Option":"Required"},{"CIMType":"String","Description":"The script file name.","Name":"FileName","Option":"Write"},{"CIMType":"String","Description":"The interval for script to run. If not defined the script will run once","Name":"ExecutionFrequency","Option":"Write"},{"CIMType":"UInt32","Description":"Number of times for the script to be retried if it fails","Name":"RetryCount","Option":"Write"},{"CIMType":"String[]","Description":"List of Scope Tag IDs for this PowerShellScript instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"String","Description":"Indicates the type of execution context. Possible values are: system, user.","Name":"RunAsAccount","Option":"Write","ValueMap":["system","user"],"Values":["system","user"]},{"CIMType":"String","Description":"The script content in Base64.","Name":"ScriptContent","Option":"Write"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Key"},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Device Configuration Platform Script MacOS"},{"ClassName":"MSFT_IntuneDeviceConfigurationPlatformScriptWindows","Parameters":[{"CIMType":"String","Description":"Optional description for the device management script.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Name of the device management script.","Name":"DisplayName","Option":"Required"},{"CIMType":"Boolean","Description":"Indicate whether the script signature needs be checked.","Name":"EnforceSignatureCheck","Option":"Write"},{"CIMType":"String","Description":"The script file name.","Name":"FileName","Option":"Write"},{"CIMType":"String[]","Description":"List of Scope Tag IDs for this PowerShellScript instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"Boolean","Description":"A value indicating whether the PowerShell script should run as 32-bit","Name":"RunAs32Bit","Option":"Write"},{"CIMType":"String","Description":"Indicates the type of execution context. Possible values are: system, user.","Name":"RunAsAccount","Option":"Write","ValueMap":["system","user"],"Values":["system","user"]},{"CIMType":"String","Description":"The script content in Base64.","Name":"ScriptContent","Option":"Write"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Key"},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Device Configuration Platform Script Windows"},{"ClassName":"MSFT_MicrosoftGraphapplistitem","Parameters":[{"CIMType":"String","Description":"odatatype of the item.","Name":"odataType","Option":"Write","ValueMap":["#microsoft.graph.appleAppListItem"],"Values":["#microsoft.graph.appleAppListItem"]},{"CIMType":"String","Description":"Kiosk mode managed app id","Name":"appId","Option":"Key"},{"CIMType":"String","Description":"Define the app store URL.","Name":"appStoreUrl","Option":"Write"},{"CIMType":"String","Description":"Define the name of the app.","Name":"name","Option":"Write"},{"CIMType":"String","Description":"Define the publisher of the app.","Name":"publisher","Option":"Write"}],"Description":"This resource configures an Intune Device Configuration Policy Android Device Owner."},{"ClassName":"MSFT_MicrosoftGraphandroiddeviceowneruserfacingmessage","Parameters":[{"CIMType":"String","Description":"The default message displayed if the user's locale doesn't match with any of the localized messages.","Name":"defaultMessage","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphkeyvaluepair[]","Description":"The list of <locale, message> pairs. This collection can contain a maximum of 500 elements.","Name":"localizedMessages","Option":"Write"}],"Description":"This resource configures an Intune Device Configuration Policy Android Device Owner."},{"ClassName":"MSFT_MicrosoftGraphkeyvaluepair","Parameters":[{"CIMType":"String","Description":"Name of the message localizedMessages.","Name":"Name","Option":"Key"},{"CIMType":"String","Description":"Value of the message localizedMessages.","Name":"Value","Option":"Write"}],"Description":"This resource configures an Intune Device Configuration Policy Android Device Owner."},{"ClassName":"MSFT_MicrosoftGraphandroiddeviceownerglobalproxy","Parameters":[{"CIMType":"String","Description":"The type of the global proxy.","Name":"odataType","Option":"Write","ValueMap":["#microsoft.graph.androidDeviceOwnerGlobalProxyAutoConfig","#microsoft.graph.androidDeviceOwnerGlobalProxyDirect"],"Values":["#microsoft.graph.androidDeviceOwnerGlobalProxyAutoConfig","#microsoft.graph.androidDeviceOwnerGlobalProxyDirect"]},{"CIMType":"String","Description":"The proxy auto-config URL.","Name":"proxyAutoConfigURL","Option":"Write"},{"CIMType":"String[]","Description":"The excluded hosts.","Name":"excludedHosts","Option":"Write"},{"CIMType":"String","Description":"The host name.","Name":"host","Option":"Write"},{"CIMType":"UInt32","Description":"The port.","Name":"port","Option":"Write"}],"Description":"This resource configures an Intune Device Configuration Policy Android Device Owner."},{"ClassName":"MSFT_MicrosoftGraphandroiddeviceownerkioskmodeapppositionitem","Parameters":[{"CIMType":"MSFT_MicrosoftGraphandroiddeviceownerkioskmodehomescreenitem","Description":"Item to be arranged.","Name":"item","Option":"Write"},{"CIMType":"UInt32","Description":"Position of the item on the grid. Valid values 0 to 9999999.","Name":"position","Option":"Write"}],"Description":"This resource configures an Intune Device Configuration Policy Android Device Owner."},{"ClassName":"MSFT_MicrosoftGraphandroiddeviceownerkioskmodehomescreenitem","Parameters":[{"CIMType":"String","Description":"Type of the item.","Name":"odataType","Option":"Write","ValueMap":["#microsoft.graph.androidDeviceOwnerKioskModeApp","#microsoft.graph.androidDeviceOwnerKioskModeWeblink","#microsoft.graph.androidDeviceOwnerKioskModeManagedFolder"],"Values":["#microsoft.graph.androidDeviceOwnerKioskModeApp","#microsoft.graph.androidDeviceOwnerKioskModeWeblink","#microsoft.graph.androidDeviceOwnerKioskModeManagedFolder"]},{"CIMType":"String","Description":"The folder identifier.","Name":"folderIdentifier","Option":"Write"},{"CIMType":"String","Description":"The folder name.","Name":"folderName","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphandroiddeviceownerkioskmodefolderitem[]","Description":"Item to be arranged.","Name":"items","Option":"Write"},{"CIMType":"String","Description":"The class name of the item.","Name":"className","Option":"Write"},{"CIMType":"String","Description":"The package of the item.","Name":"package","Option":"Write"},{"CIMType":"String","Description":"The label of the item.","Name":"label","Option":"Write"},{"CIMType":"String","Description":"The link of the item.","Name":"link","Option":"Write"}],"Description":"This resource configures an Intune Device Configuration Policy Android Device Owner."},{"ClassName":"MSFT_MicrosoftGraphandroiddeviceownerkioskmodemanagedfolder","Parameters":[{"CIMType":"String","Description":"The folder identifier.","Name":"folderIdentifier","Option":"Write"},{"CIMType":"String","Description":"The folder name.","Name":"folderName","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphandroiddeviceownerkioskmodefolderitem[]","Description":"Item to be arranged.","Name":"items","Option":"Write"}],"Description":"This resource configures an Intune Device Configuration Policy Android Device Owner."},{"ClassName":"MSFT_MicrosoftGraphandroiddeviceownerkioskmodefolderitem","Parameters":[{"CIMType":"String","Description":"The type of the item.","Name":"odataType","Option":"Write","ValueMap":["#microsoft.graph.androidDeviceOwnerKioskModeApp","#microsoft.graph.androidDeviceOwnerKioskModeWeblink"],"Values":["#microsoft.graph.androidDeviceOwnerKioskModeApp","#microsoft.graph.androidDeviceOwnerKioskModeWeblink"]},{"CIMType":"String","Description":"The class name of the item.","Name":"className","Option":"Write"},{"CIMType":"String","Description":"The package of the item.","Name":"package","Option":"Write"},{"CIMType":"String","Description":"The label of the item.","Name":"label","Option":"Write"},{"CIMType":"String","Description":"The link of the item.","Name":"link","Option":"Write"}],"Description":"This resource configures an Intune Device Configuration Policy Android Device Owner."},{"ClassName":"MSFT_MicrosoftGraphandroiddeviceownersystemupdatefreezeperiod","Parameters":[{"CIMType":"UInt32","Description":"The day of the end date of the freeze period. Valid values 1 to 31.","Name":"endDay","Option":"Write"},{"CIMType":"UInt32","Description":"The month of the end date of the freeze period. Valid values 1 to 12.","Name":"endMonth","Option":"Write"},{"CIMType":"UInt32","Description":"The day of the start date of the freeze period. Valid values 1 to 31.","Name":"startDay","Option":"Write"},{"CIMType":"UInt32","Description":"The month of the start date of the freeze period. Valid values 1 to 12.","Name":"startMonth","Option":"Write"}],"Description":"This resource configures an Intune Device Configuration Policy Android Device Owner."},{"ClassName":"MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceOwner","Parameters":[{"CIMType":"String","Description":"The Id of the policy.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"The display name of the policy.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"The description of the policy.","Name":"Description","Option":"Write"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"Boolean","Description":"Block modification of accounts. Only supported on Dedicated devices.","Name":"AccountsBlockModification","Option":"Write"},{"CIMType":"Boolean","Description":"When allowed, users can enable the 'unknown sources' setting to install apps from sources other than the Google Play Store.","Name":"AppsAllowInstallFromUnknownSources","Option":"Write"},{"CIMType":"String","Description":"Devices check for app updates daily. The default behavior is to let device users decide. They'll be able to set their preferences in the managed Google Play app.","Name":"AppsAutoUpdatePolicy","Option":"Write","ValueMap":["notConfigured","userChoice","never","wiFiOnly","always"],"Values":["notConfigured","userChoice","never","wiFiOnly","always"]},{"CIMType":"String","Description":"Define the default permission policy for requests for runtime permissions.","Name":"AppsDefaultPermissionPolicy","Option":"Write","ValueMap":["deviceDefault","prompt","autoGrant","autoDeny"],"Values":["deviceDefault","prompt","autoGrant","autoDeny"]},{"CIMType":"Boolean","Description":"Enable a suggestion to apps that they skip their user tutorials and any introductory hints when they first start up, if applicable.","Name":"AppsRecommendSkippingFirstUseHints","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphapplistitem[]","Description":"A list of managed apps that will have their data cleared during a global sign-out in AAD shared device mode. This collection can contain a maximum of 500 elements.","Name":"AzureAdSharedDeviceDataClearApps","Option":"Write"},{"CIMType":"Boolean","Description":"Block configuring Bluetooth.","Name":"BluetoothBlockConfiguration","Option":"Write"},{"CIMType":"Boolean","Description":"Block access to work contacts from another device such as a car system when an Android device is paired via Bluetooth.","Name":"BluetoothBlockContactSharing","Option":"Write"},{"CIMType":"Boolean","Description":"Block all cameras on the device","Name":"CameraBlocked","Option":"Write"},{"CIMType":"Boolean","Description":"Block tethering and access to portable hotspots.","Name":"CellularBlockWiFiTethering","Option":"Write"},{"CIMType":"Boolean","Description":"Blocks users from making any changes to credentials associated with certificates associated with certificates assigned to them.","Name":"CertificateCredentialConfigurationDisabled","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not text copied from one profile (personal or work) can be pasted in the other.","Name":"CrossProfilePoliciesAllowCopyPaste","Option":"Write"},{"CIMType":"String","Description":"Indicates whether data from one profile (personal or work) can be shared with apps in the other profile.","Name":"CrossProfilePoliciesAllowDataSharing","Option":"Write","ValueMap":["notConfigured","crossProfileDataSharingBlocked","dataSharingFromWorkToPersonalBlocked","crossProfileDataSharingAllowed","unkownFutureValue"],"Values":["notConfigured","crossProfileDataSharingBlocked","dataSharingFromWorkToPersonalBlocked","crossProfileDataSharingAllowed","unkownFutureValue"]},{"CIMType":"Boolean","Description":"Indicates whether or not contacts stored in work profile are shown in personal profile contact searches/incoming calls.","Name":"CrossProfilePoliciesShowWorkContactsInPersonalProfile","Option":"Write"},{"CIMType":"Boolean","Description":"Block data roaming.","Name":"DataRoamingBlocked","Option":"Write"},{"CIMType":"Boolean","Description":"Block user from manually setting the date and time.","Name":"DateTimeConfigurationBlocked","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphandroiddeviceowneruserfacingmessage","Description":"Represents the customized detailed help text provided to users when they attempt to modify managed settings on their device.","Name":"DetailedHelpText","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphandroiddeviceowneruserfacingmessage","Description":"Represents the customized lock screen message provided to users when they attempt to modify managed settings on their device.","Name":"DeviceOwnerLockScreenMessage","Option":"Write"},{"CIMType":"String","Description":"Represents the enrollment profile type.","Name":"EnrollmentProfile","Option":"Write","ValueMap":["notConfigured","dedicatedDevice","fullyManaged"],"Values":["notConfigured","dedicatedDevice","fullyManaged"]},{"CIMType":"Boolean","Description":"Block factory resetting from settings.","Name":"FactoryResetBlocked","Option":"Write"},{"CIMType":"String[]","Description":"Email addresses of device admins for factory reset protection. When a device is factory reset, it will require that one of these admins log in with their Google account to unlock the device. If none are specified, factory reset protection is not enabled.","Name":"FactoryResetDeviceAdministratorEmails","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphandroiddeviceownerglobalproxy","Description":"Proxy is set up directly with host, port and excluded hosts.","Name":"GlobalProxy","Option":"Write"},{"CIMType":"Boolean","Description":"Blocking prevents users from adding their personal Google account to their device.","Name":"GoogleAccountsBlocked","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether a user can access the device's Settings app while in Kiosk Mode.","Name":"KioskCustomizationDeviceSettingsBlocked","Option":"Write"},{"CIMType":"Boolean","Description":"Whether the power menu is shown when a user long presses the Power button of a device in Kiosk Mode.","Name":"KioskCustomizationPowerButtonActionsBlocked","Option":"Write"},{"CIMType":"String","Description":"Indicates whether system info and notifications are disabled in Kiosk Mode","Name":"KioskCustomizationStatusBar","Option":"Write","ValueMap":["notConfigured","notificationsAndSystemInfoEnabled","systemInfoOnly"],"Values":["notConfigured","notificationsAndSystemInfoEnabled","systemInfoOnly"]},{"CIMType":"Boolean","Description":"Indicates whether system error dialogs for crashed or unresponsive apps are shown in Kiosk Mode.","Name":"KioskCustomizationSystemErrorWarnings","Option":"Write"},{"CIMType":"String","Description":"Indicates which navigation features are enabled in Kiosk Mode.","Name":"KioskCustomizationSystemNavigation","Option":"Write","ValueMap":["notConfigured","navigationEnabled","homeButtonOnly"],"Values":["notConfigured","navigationEnabled","homeButtonOnly"]},{"CIMType":"Boolean","Description":"Whether or not to enable app ordering in Kiosk Mode.","Name":"KioskModeAppOrderEnabled","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphandroiddeviceownerkioskmodeapppositionitem[]","Description":"The ordering of items on Kiosk Mode Managed Home Screen. This collection can contain a maximum of 500 elements.","Name":"KioskModeAppPositions","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphapplistitem[]","Description":"A list of managed apps that will be shown when the device is in Kiosk Mode. This collection can contain a maximum of 500 elements.","Name":"KioskModeApps","Option":"Write"},{"CIMType":"Boolean","Description":"Whether or not to alphabetize applications within a folder in Kiosk Mode.","Name":"KioskModeAppsInFolderOrderedByName","Option":"Write"},{"CIMType":"Boolean","Description":"Enable end-users to configure and pair devices over Bluetooth.","Name":"KioskModeBluetoothConfigurationEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"Whether or not to allow a user to easy access to the debug menu in Kiosk Mode","Name":"KioskModeDebugMenuEasyAccessEnabled","Option":"Write"},{"CIMType":"String","Description":"The 4-6 digit PIN will be the code an IT administrator enters on a multi-app dedicated device to pause kiosk mode.","Name":"KioskModeExitCode","Option":"Write"},{"CIMType":"Boolean","Description":"Whether or not to allow a user to use the flashlight in Kiosk Mode.","Name":"KioskModeFlashlightConfigurationEnabled","Option":"Write"},{"CIMType":"String","Description":"Folder icon configuration for managed home screen in Kiosk Mode.","Name":"KioskModeFolderIcon","Option":"Write","ValueMap":["notConfigured","darkSquare","darkCircle","lightSquare","lightCircle"],"Values":["notConfigured","darkSquare","darkCircle","lightSquare","lightCircle"]},{"CIMType":"UInt32","Description":"Number of rows for Managed Home Screen grid with app ordering enabled in Kiosk Mode. Valid values 1 to 9999999.","Name":"KioskModeGridHeight","Option":"Write"},{"CIMType":"UInt32","Description":"Number of columns for Managed Home Screen grid with app ordering enabled in Kiosk Mode. Valid values 1 to 9999999.","Name":"KioskModeGridWidth","Option":"Write"},{"CIMType":"String","Description":"Icon size configuration for managed home screen in Kiosk Mode.","Name":"KioskModeIconSize","Option":"Write","ValueMap":["notConfigured","smallest","small","regular","large","largest"],"Values":["notConfigured","smallest","small","regular","large","largest"]},{"CIMType":"Boolean","Description":"Whether or not to lock home screen to the end user in Kiosk Mode.","Name":"KioskModeLockHomeScreen","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphandroiddeviceownerkioskmodemanagedfolder[]","Description":"A list of managed folders for a device in Kiosk Mode. This collection can contain a maximum of 500 elements.","Name":"KioskModeManagedFolders","Option":"Write"},{"CIMType":"Boolean","Description":"Whether or not to automatically sign-out of MHS and Shared device mode applications after inactive for Managed Home Screen.","Name":"KioskModeManagedHomeScreenAutoSignout","Option":"Write"},{"CIMType":"UInt32","Description":"Number of seconds to give user notice before automatically signing them out for Managed Home Screen. Valid values 0 to 9999999.","Name":"KioskModeManagedHomeScreenInactiveSignOutDelayInSeconds","Option":"Write"},{"CIMType":"UInt32","Description":"Number of seconds device is inactive before automatically signing user out for Managed Home Screen. Valid values 0 to 9999999.","Name":"KioskModeManagedHomeScreenInactiveSignOutNoticeInSeconds","Option":"Write"},{"CIMType":"String","Description":"Complexity of PIN for sign-in session for Managed Home Screen.","Name":"KioskModeManagedHomeScreenPinComplexity","Option":"Write","ValueMap":["notConfigured","simple","complex"],"Values":["notConfigured","simple","complex"]},{"CIMType":"Boolean","Description":"Whether or not require user to set a PIN for sign-in session for Managed Home Screen.","Name":"KioskModeManagedHomeScreenPinRequired","Option":"Write"},{"CIMType":"Boolean","Description":"Whether or not required user to enter session PIN if screensaver has appeared for Managed Home Screen.","Name":"KioskModeManagedHomeScreenPinRequiredToResume","Option":"Write"},{"CIMType":"String","Description":"Custom URL background for sign-in screen for Managed Home Screen.","Name":"KioskModeManagedHomeScreenSignInBackground","Option":"Write"},{"CIMType":"String","Description":"Custom URL branding logo for sign-in screen and session pin page for Managed Home Screen.","Name":"KioskModeManagedHomeScreenSignInBrandingLogo","Option":"Write"},{"CIMType":"Boolean","Description":"Whether or not show sign-in screen for Managed Home Screen.","Name":"KioskModeManagedHomeScreenSignInEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"Whether or not to use single app kiosk mode or multi-app kiosk mode.","Name":"KioskModeManagedSettingsEntryDisabled","Option":"Write"},{"CIMType":"Boolean","Description":"Whether or not to allow a user to change the media volume in Kiosk Mode.","Name":"KioskModeMediaVolumeConfigurationEnabled","Option":"Write"},{"CIMType":"String","Description":"Screen orientation configuration for managed home screen in Kiosk Mode.","Name":"KioskModeScreenOrientation","Option":"Write","ValueMap":["notConfigured","portrait","landscape","autoRotate"],"Values":["notConfigured","portrait","landscape","autoRotate"]},{"CIMType":"Boolean","Description":"Start screen saver when the device screen times out or locks.","Name":"KioskModeScreenSaverConfigurationEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"Whether or not the device screen should show the screen saver if audio/video is playing in Kiosk Mode.","Name":"KioskModeScreenSaverDetectMediaDisabled","Option":"Write"},{"CIMType":"UInt32","Description":"The number of seconds that the device will display the screen saver for in Kiosk Mode. Valid values 0 to 9999999","Name":"KioskModeScreenSaverDisplayTimeInSeconds","Option":"Write"},{"CIMType":"String","Description":"URL for an image that will be the device's screen saver in Kiosk Mode.","Name":"KioskModeScreenSaverImageUrl","Option":"Write"},{"CIMType":"UInt32","Description":"The number of seconds the device needs to be inactive for before the screen saver is shown in Kiosk Mode. Valid values 1 to 9999999","Name":"KioskModeScreenSaverStartDelayInSeconds","Option":"Write"},{"CIMType":"Boolean","Description":"Whether or not to display application notification badges in Kiosk Mode.","Name":"KioskModeShowAppNotificationBadge","Option":"Write"},{"CIMType":"Boolean","Description":"Whether or not to allow a user to access basic device information.","Name":"KioskModeShowDeviceInfo","Option":"Write"},{"CIMType":"String","Description":"Whether or not to use single app kiosk mode or multi-app kiosk mode.","Name":"KioskModeUseManagedHomeScreenApp","Option":"Write","ValueMap":["notConfigured","singleAppMode","multiAppMode"],"Values":["notConfigured","singleAppMode","multiAppMode"]},{"CIMType":"Boolean","Description":"Enable IT administrators to temporarily leave multi-app kiosk mode to make changes on the device.","Name":"KioskModeVirtualHomeButtonEnabled","Option":"Write"},{"CIMType":"String","Description":"Enable a soft-key button that returns users to the Managed Home Screen. Choose between a persistent, floating button or a button activated by a swipe-up gesture.","Name":"KioskModeVirtualHomeButtonType","Option":"Write","ValueMap":["notConfigured","swipeUp","floating"],"Values":["notConfigured","swipeUp","floating"]},{"CIMType":"String","Description":"Customize the appearance of the screen background for assigned groups.","Name":"KioskModeWallpaperUrl","Option":"Write"},{"CIMType":"String[]","Description":"The restricted set of WIFI SSIDs available for the user to configure in Kiosk Mode. This collection can contain a maximum of 500 elements.","Name":"KioskModeWifiAllowedSsids","Option":"Write"},{"CIMType":"Boolean","Description":"Enable end-users to connect to different Wi-Fi networks.","Name":"KioskModeWiFiConfigurationEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"Block unmuting the microphone and adjusting the microphone volume.","Name":"MicrophoneForceMute","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to you want configure Microsoft Launcher.","Name":"MicrosoftLauncherConfigurationEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not the user can modify the wallpaper to personalize their device.","Name":"MicrosoftLauncherCustomWallpaperAllowUserModification","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to configure the wallpaper on the targeted devices.","Name":"MicrosoftLauncherCustomWallpaperEnabled","Option":"Write"},{"CIMType":"String","Description":"Indicates the URL for the image file to use as the wallpaper on the targeted devices.","Name":"MicrosoftLauncherCustomWallpaperImageUrl","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not the user can modify the device dock configuration on the device.","Name":"MicrosoftLauncherDockPresenceAllowUserModification","Option":"Write"},{"CIMType":"String","Description":"Indicates whether or not you want to configure the device dock. ","Name":"MicrosoftLauncherDockPresenceConfiguration","Option":"Write","ValueMap":["notConfigured","show","hide","disabled"],"Values":["notConfigured","show","hide","disabled"]},{"CIMType":"Boolean","Description":"Indicates whether or not the user can modify the launcher feed on the device.","Name":"MicrosoftLauncherFeedAllowUserModification","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not the user can modify the launcher feed on the device.","Name":"MicrosoftLauncherFeedEnabled","Option":"Write"},{"CIMType":"String","Description":"Indicates whether or not you want to configure the device dock.","Name":"MicrosoftLauncherSearchBarPlacementConfiguration","Option":"Write","ValueMap":["notConfigured","top","bottom","hide"],"Values":["notConfigured","top","bottom","hide"]},{"CIMType":"Boolean","Description":"Whether the network escape hatch is enabled. If a network connection can't be made at boot time, the escape hatch prompts the user to temporarily connect to a network in order to refresh the device policy. After applying policy, the temporary network will be forgotten and the device will continue booting. This prevents being unable to connect to a network if there is no suitable network in the last policy and the device boots into an app in lock task mode, or the user is otherwise unable to reach device settings.","Name":"NetworkEscapeHatchAllowed","Option":"Write"},{"CIMType":"Boolean","Description":"Block usage of NFC to beam data from apps.","Name":"NfcBlockOutgoingBeam","Option":"Write"},{"CIMType":"Boolean","Description":"Disable lock screen","Name":"PasswordBlockKeyguard","Option":"Write"},{"CIMType":"String[]","Description":"These features are accessible to users when the device is locked. Users will not be able to see or access disabled features.","Name":"PasswordBlockKeyguardFeatures","Option":"Write","ValueMap":["notConfigured","camera","notifications","unredactedNotifications","trustAgents","fingerprint","remoteInput","allFeatures","face","iris","biometrics"],"Values":["notConfigured","camera","notifications","unredactedNotifications","trustAgents","fingerprint","remoteInput","allFeatures","face","iris","biometrics"]},{"CIMType":"UInt32","Description":"Number of days until device password must be changed. (1-365)","Name":"PasswordExpirationDays","Option":"Write"},{"CIMType":"UInt32","Description":"Indicates the minimum length of the password required on the device. Valid values 4 to 16","Name":"PasswordMinimumLength","Option":"Write"},{"CIMType":"UInt32","Description":"Indicates the minimum number of letter characters required for device password. Valid values 1 to 16","Name":"PasswordMinimumLetterCharacters","Option":"Write"},{"CIMType":"UInt32","Description":"Indicates the minimum number of lower case characters required for device password. Valid values 1 to 16","Name":"PasswordMinimumLowerCaseCharacters","Option":"Write"},{"CIMType":"UInt32","Description":"Indicates the minimum number of non-letter characters required for device password. Valid values 1 to 16","Name":"PasswordMinimumNonLetterCharacters","Option":"Write"},{"CIMType":"UInt32","Description":"Indicates the minimum number of numeric characters required for device password. Valid values 1 to 16","Name":"PasswordMinimumNumericCharacters","Option":"Write"},{"CIMType":"UInt32","Description":"Indicates the minimum number of symbol characters required for device password. Valid values 1 to 16","Name":"PasswordMinimumSymbolCharacters","Option":"Write"},{"CIMType":"UInt32","Description":"Indicates the minimum number of upper case letter characters required for device password. Valid values 1 to 16","Name":"PasswordMinimumUpperCaseCharacters","Option":"Write"},{"CIMType":"UInt32","Description":"Maximum time after which the device will lock. Can disable screen lock as well so that it never times out.","Name":"PasswordMinutesOfInactivityBeforeScreenTimeout","Option":"Write"},{"CIMType":"UInt32","Description":"Enter the number of unique passwords required before a user can reuse an old one. (1-24)","Name":"PasswordPreviousPasswordCountToBlock","Option":"Write"},{"CIMType":"String","Description":"Set the password's complexity requirements. Additional password requirements will become available based on your selection.","Name":"PasswordRequiredType","Option":"Write","ValueMap":["deviceDefault","required","numeric","numericComplex","alphabetic","alphanumeric","alphanumericWithSymbols","lowSecurityBiometric","customPassword"],"Values":["deviceDefault","required","numeric","numericComplex","alphabetic","alphanumeric","alphanumericWithSymbols","lowSecurityBiometric","customPassword"]},{"CIMType":"String","Description":"Indicates the timeout period after which a device must be unlocked using a form of strong authentication.","Name":"PasswordRequireUnlock","Option":"Write","ValueMap":["deviceDefault","daily","unkownFutureValue"],"Values":["deviceDefault","daily","unkownFutureValue"]},{"CIMType":"UInt32","Description":"Number of consecutive times an incorrect password can be entered before device is wiped of all data. (4-11)","Name":"PasswordSignInFailureCountBeforeFactoryReset","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether the user can install apps from unknown sources on the personal profile.","Name":"PersonalProfileAppsAllowInstallFromUnknownSources","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether to disable the use of the camera on the personal profile.","Name":"PersonalProfileCameraBlocked","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphapplistitem[]","Description":"Policy applied to applications in the personal profile. This collection can contain a maximum of 500 elements.","Name":"PersonalProfilePersonalApplications","Option":"Write"},{"CIMType":"String","Description":"Used together with PersonalProfilePersonalApplications to control how apps in the personal profile are allowed or blocked","Name":"PersonalProfilePlayStoreMode","Option":"Write","ValueMap":["notConfigured","blockedApps","allowedApps"],"Values":["notConfigured","blockedApps","allowedApps"]},{"CIMType":"Boolean","Description":"Indicates whether to disable the capability to take screenshots on the personal profile.","Name":"PersonalProfileScreenCaptureBlocked","Option":"Write"},{"CIMType":"String","Description":"Users get access to all apps, except the ones you've required uninstall in Client Apps. If you choose 'Not configured' for this setting, users can only access the apps you've listed as available or required in Client Apps.","Name":"PlayStoreMode","Option":"Write","ValueMap":["notConfigured","allowList","blockList"],"Values":["notConfigured","allowList","blockList"]},{"CIMType":"Boolean","Description":"Block screen capture","Name":"ScreenCaptureBlocked","Option":"Write"},{"CIMType":"Boolean","Description":"Represents the security common criteria mode enabled provided to users when they attempt to modify managed settings on their device.","Name":"SecurityCommonCriteriaModeEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not the user is allowed to access developer settings like developer options and safe boot on the device.","Name":"SecurityDeveloperSettingsEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"Enable Google Play Protect to scan apps before and after they're installed. If it detects a threat, it might warn the user to remove the app from the device. Required by default.","Name":"SecurityRequireVerifyApps","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphandroiddeviceowneruserfacingmessage","Description":"Represents the customized short help text provided to users when they attempt to modify managed settings on their device.","Name":"ShortHelpText","Option":"Write"},{"CIMType":"Boolean","Description":"Block access to the status bar, including notifications and quick settings.","Name":"StatusBarBlocked","Option":"Write"},{"CIMType":"String[]","Description":"The battery plugged in modes for which the device stays on. When using this setting, it is recommended to clear the Time to lock screen setting so that the device doesn't lock itself while it stays on.","Name":"StayOnModes","Option":"Write","ValueMap":["notConfigured","ac","usb","wireless"],"Values":["notConfigured","ac","usb","wireless"]},{"CIMType":"Boolean","Description":"Allow USB storage.","Name":"StorageAllowUsb","Option":"Write"},{"CIMType":"Boolean","Description":"Block mounting of external media.","Name":"StorageBlockExternalMedia","Option":"Write"},{"CIMType":"Boolean","Description":"Block transfer of files over USB.","Name":"StorageBlockUsbFileTransfer","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphandroiddeviceownersystemupdatefreezeperiod[]","Description":"Indicates the annually repeating time periods during which system updates are postponed. This collection can contain a maximum of 500 elements.","Name":"SystemUpdateFreezePeriods","Option":"Write"},{"CIMType":"String","Description":"When over-the-air updates are available for this device, they will be installed based on this policy.?","Name":"SystemUpdateInstallType","Option":"Write","ValueMap":["deviceDefault","postpone","windowed","automatic"],"Values":["deviceDefault","postpone","windowed","automatic"]},{"CIMType":"UInt32","Description":"End of the maintenance window in the device's time zone.?","Name":"SystemUpdateWindowEndMinutesAfterMidnight","Option":"Write"},{"CIMType":"UInt32","Description":"Beginning of the maintenance window in the device's time zone.?","Name":"SystemUpdateWindowStartMinutesAfterMidnight","Option":"Write"},{"CIMType":"Boolean","Description":"Disable window notifications such as toasts, incoming calls, outgoing calls, system alerts, and system errors.?","Name":"SystemWindowsBlocked","Option":"Write"},{"CIMType":"Boolean","Description":"Blocks users from adding and signing in to personal accounts while on the device.","Name":"UsersBlockAdd","Option":"Write"},{"CIMType":"Boolean","Description":"Block removal of users.","Name":"UsersBlockRemove","Option":"Write"},{"CIMType":"Boolean","Description":"Block changes to volume.","Name":"VolumeBlockAdjustment","Option":"Write"},{"CIMType":"Boolean","Description":"Enabling this forces all network traffic through the VPN tunnel. If a connection to the VPN can't be established, no network traffic will be allowed.","Name":"VpnAlwaysOnLockdownMode","Option":"Write"},{"CIMType":"String","Description":"Android app package name for app that will handle an always-on VPN connection.","Name":"VpnAlwaysOnPackageIdentifier","Option":"Write"},{"CIMType":"Boolean","Description":"Block user creation or editing of any Wi-Fi configurations.","Name":"WifiBlockEditConfigurations","Option":"Write"},{"CIMType":"Boolean","Description":"Block changes to Wi-Fi configurations created by the device owner. Users can create their own Wi-Fi configurations.","Name":"WifiBlockEditPolicyDefinedConfigurations","Option":"Write"},{"CIMType":"UInt32","Description":"Indicates the number of days that a work profile password can be set before it expires and a new password will be required. Valid values 1 to 365","Name":"WorkProfilePasswordExpirationDays","Option":"Write"},{"CIMType":"UInt32","Description":"Indicates the minimum length of the work profile password. Valid values 4 to 16","Name":"WorkProfilePasswordMinimumLength","Option":"Write"},{"CIMType":"UInt32","Description":"Indicates the minimum number of numeric characters required for the work profile password. Valid values 1 to 16","Name":"WorkProfilePasswordMinimumLetterCharacters","Option":"Write"},{"CIMType":"UInt32","Description":"Indicates the minimum number of non-letter characters required for the work profile password. Valid values 1 to 16","Name":"WorkProfilePasswordMinimumLowerCaseCharacters","Option":"Write"},{"CIMType":"UInt32","Description":"Indicates the minimum number of letter characters required for the work profile password. Valid values 1 to 16","Name":"WorkProfilePasswordMinimumNonLetterCharacters","Option":"Write"},{"CIMType":"UInt32","Description":"Indicates the minimum number of lower-case characters required for the work profile password. Valid values 1 to 16","Name":"WorkProfilePasswordMinimumNumericCharacters","Option":"Write"},{"CIMType":"UInt32","Description":"Indicates the minimum number of upper-case letter characters required for the work profile password. Valid values 1 to 16","Name":"WorkProfilePasswordMinimumSymbolCharacters","Option":"Write"},{"CIMType":"UInt32","Description":"Indicates the minimum number of symbol characters required for the work profile password. Valid values 1 to 16","Name":"WorkProfilePasswordMinimumUpperCaseCharacters","Option":"Write"},{"CIMType":"UInt32","Description":"Indicates the length of the work profile password history, where the user will not be able to enter a new password that is the same as any password in the history. Valid values 0 to 24","Name":"WorkProfilePasswordPreviousPasswordCountToBlock","Option":"Write"},{"CIMType":"String","Description":"Indicates the minimum password quality required on the work profile password.","Name":"WorkProfilePasswordRequiredType","Option":"Write","ValueMap":["deviceDefault","required","numeric","numericComplex","alphabetic","alphanumeric","alphanumericWithSymbols","lowSecurityBiometric","customPassword"],"Values":["deviceDefault","required","numeric","numericComplex","alphabetic","alphanumeric","alphanumericWithSymbols","lowSecurityBiometric","customPassword"]},{"CIMType":"String","Description":"Indicates the timeout period after which a work profile must be unlocked using a form of strong authentication.","Name":"WorkProfilePasswordRequireUnlock","Option":"Write","ValueMap":["deviceDefault","daily","unkownFutureValue"],"Values":["deviceDefault","daily","unkownFutureValue"]},{"CIMType":"UInt32","Description":"Indicates the number of times a user can enter an incorrect work profile password before the device is wiped. Valid values 4 to 11","Name":"WorkProfilePasswordSignInFailureCountBeforeFactoryReset","Option":"Write"},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Intune Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures an Intune Device Configuration Policy Android Device Owner."},{"ClassName":"MSFT_IntuneDeviceConfigurationPolicyAndroidOpenSourceProject","Parameters":[{"CIMType":"String","Description":"Id of the Intune policy.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"Display name of the Intune policy.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"Description of the Intune policy.","Name":"Description","Option":"Write"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"Boolean","Description":"Prevent applications from unknown sources.","Name":"AppsBlockInstallFromUnknownSources","Option":"Write"},{"CIMType":"Boolean","Description":"Prevent bluetooth configuration.","Name":"BluetoothBlockConfiguration","Option":"Write"},{"CIMType":"Boolean","Description":"Prevents using Bluetooth on devices.","Name":"BluetoothBlocked","Option":"Write"},{"CIMType":"Boolean","Description":"Prevents access to the device camera.","Name":"CameraBlocked","Option":"Write"},{"CIMType":"Boolean","Description":"Prevent factory reset.","Name":"FactoryResetBlocked","Option":"Write"},{"CIMType":"UInt32","Description":"Minimum number of characters required for the password.","Name":"PasswordMinimumLength","Option":"Write"},{"CIMType":"UInt32","Description":"Maximum minutes of inactivity until screen locks.","Name":"PasswordMinutesOfInactivityBeforeScreenTimeout","Option":"Write"},{"CIMType":"String","Description":"Set password complexity.","Name":"PasswordRequiredType","Option":"Write","ValueMap":["deviceDefault","required","numeric","numericComplex","alphabetic","alphanumeric","alphanumericWithSymbols","lowSecurityBiometric","customPassword"],"Values":["deviceDefault","required","numeric","numericComplex","alphabetic","alphanumeric","alphanumericWithSymbols","lowSecurityBiometric","customPassword"]},{"CIMType":"UInt32","Description":"Number of sign-in failures before wiping device.","Name":"PasswordSignInFailureCountBeforeFactoryReset","Option":"Write"},{"CIMType":"Boolean","Description":"Prevent screen capture.","Name":"ScreenCaptureBlocked","Option":"Write"},{"CIMType":"Boolean","Description":"Enable debugging features.","Name":"SecurityAllowDebuggingFeatures","Option":"Write"},{"CIMType":"Boolean","Description":"Prevent external media.","Name":"StorageBlockExternalMedia","Option":"Write"},{"CIMType":"Boolean","Description":"Prevent USB file transfer.","Name":"StorageBlockUsbFileTransfer","Option":"Write"},{"CIMType":"Boolean","Description":"Prevent Wifi configuration edit.","Name":"WifiBlockEditConfigurations","Option":"Write"},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Intune Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures an Intune device configuration profile for an Android Open Source Project Device."},{"ClassName":"MSFT_IntuneDeviceConfigurationPolicyAndroidWorkProfile","Parameters":[{"CIMType":"String","Description":"Display name of the device general configuration policy for Android WorkProfile.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"Description of the device general configuration policy for Android WorkProfile","Name":"Description","Option":"Write"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Assignments of the Intune Policy.","Name":"Assignments","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to block face unlock.","Name":"PasswordBlockFaceUnlock","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to block fingerprint unlock","Name":"PasswordBlockFingerprintUnlock","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to block iris unlock.","Name":"PasswordBlockIrisUnlock","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to block Smart Lock and other trust agents.","Name":"passwordBlockTrustAgents","Option":"Write"},{"CIMType":"Uint32","Description":"Number of days before the password expires","Name":"PasswordExpirationDays","Option":"Write"},{"CIMType":"Uint32","Description":"Minimum length of passwords","Name":"PasswordMinimumLength","Option":"Write"},{"CIMType":"Uint32","Description":"Minutes of inactivity before the screen times out","Name":"PasswordMinutesOfInactivityBeforeScreenTimeout","Option":"Write"},{"CIMType":"Uint32","Description":"Number of previous passwords to block","Name":"PasswordPreviousPasswordBlockCount","Option":"Write"},{"CIMType":"Uint32","Description":"Number of sign in failures allowed before factory reset","Name":"PasswordSignInFailureCountBeforeFactoryReset","Option":"Write"},{"CIMType":"String","Description":"Type of password that is required","Name":"PasswordRequiredType","Option":"Write","ValueMap":["deviceDefault","lowSecurityBiometric","required","atLeastNumeric","numericComplex","atLeastAlphabetic","atLeastAlphanumeric","alphanumericWithSymbols"],"Values":["deviceDefault","lowSecurityBiometric","required","atLeastNumeric","numericComplex","atLeastAlphabetic","atLeastAlphanumeric","alphanumericWithSymbols"]},{"CIMType":"String","Description":"Indicates the required device password complexity on Android. One of: NONE, LOW, MEDIUM, HIGH.","Name":"RequiredPasswordComplexity","Option":"Write","ValueMap":["none","low","medium","high"],"Values":["none","low","medium","high"]},{"CIMType":"Boolean","Description":"Indicates whether to allow installation of apps from unknown sources.","Name":"WorkProfileAllowAppInstallsFromUnknownSources","Option":"Write"},{"CIMType":"String","Description":"Type of data sharing that is allowed","Name":"WorkProfileDataSharingType","Option":"Write","ValueMap":["deviceDefault","preventAny","allowPersonalToWork","noRestrictions"],"Values":["deviceDefault","preventAny","allowPersonalToWork","noRestrictions"]},{"CIMType":"Boolean","Description":"Indicates whether or not to block notifications while device locked","Name":"WorkProfileBlockNotificationsWhileDeviceLocked","Option":"Write"},{"CIMType":"Boolean","Description":"Block users from adding/removing accounts in work profile","Name":"WorkProfileBlockAddingAccounts","Option":"Write"},{"CIMType":"Boolean","Description":"Allow bluetooth devices to access enterprise contacts","Name":"WorkProfileBluetoothEnableContactSharing","Option":"Write"},{"CIMType":"Boolean","Description":"Block screen capture in work profile","Name":"WorkProfileBlockScreenCapture","Option":"Write"},{"CIMType":"Boolean","Description":"Block display work profile caller ID in personal profile","Name":"WorkProfileBlockCrossProfileCallerId","Option":"Write"},{"CIMType":"Boolean","Description":"Block work profile camera","Name":"WorkProfileBlockCamera","Option":"Write"},{"CIMType":"Boolean","Description":"Block work profile contacts availability in personal profile","Name":"WorkProfileBlockCrossProfileContactsSearch","Option":"Write"},{"CIMType":"Boolean","Description":"Boolean that indicates if the setting disallow cross profile copy paste is enabled","Name":"WorkProfileBlockCrossProfileCopyPaste","Option":"Write"},{"CIMType":"String","Description":"Type of password that is required","Name":"WorkProfileDefaultAppPermissionPolicy","Option":"Write","ValueMap":["deviceDefault","prompt","autoGrant","autoDeny"],"Values":["deviceDefault","prompt","autoGrant","autoDeny"]},{"CIMType":"Boolean","Description":"Indicates whether or not to block face unlock in work profile.","Name":"WorkProfilePasswordBlockFaceUnlock","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to block fingerprint unlock in work profile","Name":"WorkProfilePasswordBlockFingerprintUnlock","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to block iris unlock in work profile.","Name":"WorkProfilePasswordBlockIrisUnlock","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to block Smart Lock and other trust agents for work profile","Name":"WorkProfilePasswordBlockTrustAgents","Option":"Write"},{"CIMType":"Uint32","Description":"Number of days before the work profile password expires","Name":"WorkProfilePasswordExpirationDays","Option":"Write"},{"CIMType":"Uint32","Description":"Minimum length of work profile password","Name":"WorkProfilePasswordMinimumLength","Option":"Write"},{"CIMType":"Uint32","Description":"Minimum count of numeric characters required in work profile password","Name":"WorkProfilePasswordMinNumericCharacters","Option":"Write"},{"CIMType":"Uint32","Description":"Minimum count of non-letter characters required in work profile password","Name":"WorkProfilePasswordMinNonLetterCharacters","Option":"Write"},{"CIMType":"Uint32","Description":"Minimum count of letter characters required in work profile password","Name":"WorkProfilePasswordMinLetterCharacters","Option":"Write"},{"CIMType":"Uint32","Description":"Minimum count of lower-case characters required in work profile password","Name":"WorkProfilePasswordMinLowerCaseCharacters","Option":"Write"},{"CIMType":"Uint32","Description":"Minimum count of upper-case characters required in work profile password","Name":"WorkProfilePasswordMinUpperCaseCharacters","Option":"Write"},{"CIMType":"Uint32","Description":"Minimum count of symbols required in work profile password","Name":"WorkProfilePasswordMinSymbolCharacters","Option":"Write"},{"CIMType":"Uint32","Description":"Minutes of inactivity before the screen times out","Name":"WorkProfilePasswordMinutesOfInactivityBeforeScreenTimeout","Option":"Write"},{"CIMType":"Uint32","Description":"Number of previous work profile passwords to block","Name":"WorkProfilePasswordPreviousPasswordBlockCount","Option":"Write"},{"CIMType":"Uint32","Description":"Number of sign in failures allowed before work profile is removed and all corporate data deleted","Name":"WorkProfilePasswordSignInFailureCountBeforeFactoryReset","Option":"Write"},{"CIMType":"String","Description":"Type of work profile password that is required","Name":"WorkProfilePasswordRequiredType","Option":"Write","ValueMap":["deviceDefault","lowSecurityBiometric","required","atLeastNumeric","numericComplex","atLeastAlphabetic","atLeastAlphanumeric","alphanumericWithSymbols"],"Values":["deviceDefault","lowSecurityBiometric","required","atLeastNumeric","numericComplex","atLeastAlphabetic","atLeastAlphanumeric","alphanumericWithSymbols"]},{"CIMType":"String","Description":"Indicates the required device password complexity on Android. One of: NONE, LOW, MEDIUM, HIGH in work profile.","Name":"WorkProfileRequiredPasswordComplexity","Option":"Write","ValueMap":["none","low","medium","high"],"Values":["none","low","medium","high"]},{"CIMType":"Boolean","Description":"Password is required or not for work profile","Name":"WorkProfileRequirePassword","Option":"Write"},{"CIMType":"Boolean","Description":"Require the Android Verify apps feature is turned on","Name":"SecurityRequireVerifyApps","Option":"Write"},{"CIMType":"String","Description":"Package identifier for always-on VPN.","Name":"VpnAlwaysOnPackageIdentifier","Option":"Write"},{"CIMType":"Boolean","Description":"Enable lockdown mode for always-on VPN.","Name":"VpnEnableAlwaysOnLockdownMode","Option":"Write"},{"CIMType":"Boolean","Description":"Allow widgets from work profile apps.","Name":"WorkProfileAllowWidgets","Option":"Write"},{"CIMType":"Boolean","Description":"Prevent app installations from unknown sources in the personal profile.","Name":"WorkProfileBlockPersonalAppInstallsFromUnknownSources","Option":"Write"},{"CIMType":"string","Description":"Present ensures the site collection exists, absent ensures it is removed","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Intune Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Name of the Azure Active Directory tenant used for authentication. Format contoso.onmicrosoft.com","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures an Intune device configuration profile for an Android WorkProfile Device."},{"ClassName":"MSFT_MicrosoftGraphmediacontentratingaustralia","Parameters":[{"CIMType":"String","Description":"Movies rating selected for Australia","Name":"movieRating","Option":"Write","ValueMap":["allAllowed","allBlocked","general","parentalGuidance","mature","agesAbove15","agesAbove18"],"Values":["allAllowed","allBlocked","general","parentalGuidance","mature","agesAbove15","agesAbove18"]},{"CIMType":"String","Description":"TV rating selected for Australia","Name":"tvRating","Option":"Write","ValueMap":["allAllowed","allBlocked","preschoolers","children","general","parentalGuidance","mature","agesAbove15","agesAbove15AdultViolence"],"Values":["allAllowed","allBlocked","preschoolers","children","general","parentalGuidance","mature","agesAbove15","agesAbove15AdultViolence"]}],"Description":"This resource configures an Intune Device Configuration Policy for iOS."},{"ClassName":"MSFT_MicrosoftGraphmediacontentratingcanada","Parameters":[{"CIMType":"String","Description":"Movies rating selected for Canada","Name":"movieRating","Option":"Write","ValueMap":["allAllowed","allBlocked","general","parentalGuidance","agesAbove14","agesAbove18","restricted"],"Values":["allAllowed","allBlocked","general","parentalGuidance","agesAbove14","agesAbove18","restricted"]},{"CIMType":"String","Description":"TV rating selected for Canada","Name":"tvRating","Option":"Write","ValueMap":["allAllowed","allBlocked","children","childrenAbove8","general","parentalGuidance","agesAbove14","agesAbove18"],"Values":["allAllowed","allBlocked","children","childrenAbove8","general","parentalGuidance","agesAbove14","agesAbove18"]}],"Description":"This resource configures an Intune Device Configuration Policy for iOS."},{"ClassName":"MSFT_MicrosoftGraphmediacontentratingfrance","Parameters":[{"CIMType":"String","Description":"Movies rating selected for France","Name":"movieRating","Option":"Write","ValueMap":["allAllowed","allBlocked","agesAbove10","agesAbove12","agesAbove16","agesAbove18"],"Values":["allAllowed","allBlocked","agesAbove10","agesAbove12","agesAbove16","agesAbove18"]},{"CIMType":"String","Description":"TV rating selected for France","Name":"tvRating","Option":"Write","ValueMap":["allAllowed","allBlocked","agesAbove10","agesAbove12","agesAbove16","agesAbove18"],"Values":["allAllowed","allBlocked","agesAbove10","agesAbove12","agesAbove16","agesAbove18"]}],"Description":"This resource configures an Intune Device Configuration Policy for iOS."},{"ClassName":"MSFT_MicrosoftGraphmediacontentratinggermany","Parameters":[{"CIMType":"String","Description":"Movies rating selected for Germany","Name":"movieRating","Option":"Write","ValueMap":["allAllowed","allBlocked","general","agesAbove6","agesAbove12","agesAbove16","adults"],"Values":["allAllowed","allBlocked","general","agesAbove6","agesAbove12","agesAbove16","adults"]},{"CIMType":"String","Description":"TV rating selected for Germany","Name":"tvRating","Option":"Write","ValueMap":["allAllowed","allBlocked","general","agesAbove6","agesAbove12","agesAbove16","adults"],"Values":["allAllowed","allBlocked","general","agesAbove6","agesAbove12","agesAbove16","adults"]}],"Description":"This resource configures an Intune Device Configuration Policy for iOS."},{"ClassName":"MSFT_MicrosoftGraphmediacontentratingireland","Parameters":[{"CIMType":"String","Description":"Movies rating selected for Ireland","Name":"movieRating","Option":"Write","ValueMap":["allAllowed","allBlocked","general","parentalGuidance","agesAbove12","agesAbove15","agesAbove16","adults"],"Values":["allAllowed","allBlocked","general","parentalGuidance","agesAbove12","agesAbove15","agesAbove16","adults"]},{"CIMType":"String","Description":"TV rating selected for Ireland","Name":"tvRating","Option":"Write","ValueMap":["allAllowed","allBlocked","general","children","youngAdults","parentalSupervision","mature"],"Values":["allAllowed","allBlocked","general","children","youngAdults","parentalSupervision","mature"]}],"Description":"This resource configures an Intune Device Configuration Policy for iOS."},{"ClassName":"MSFT_MicrosoftGraphmediacontentratingjapan","Parameters":[{"CIMType":"String","Description":"Movies rating selected for Japan","Name":"movieRating","Option":"Write","ValueMap":["allAllowed","allBlocked","general","parentalGuidance","agesAbove15","agesAbove18"],"Values":["allAllowed","allBlocked","general","parentalGuidance","agesAbove15","agesAbove18"]},{"CIMType":"String","Description":"TV rating selected for Japan","Name":"tvRating","Option":"Write","ValueMap":["allAllowed","allBlocked","explicitAllowed"],"Values":["allAllowed","allBlocked","explicitAllowed"]}],"Description":"This resource configures an Intune Device Configuration Policy for iOS."},{"ClassName":"MSFT_MicrosoftGraphmediacontentratingnewzealand","Parameters":[{"CIMType":"String","Description":"Movies rating selected for New Zealand","Name":"movieRating","Option":"Write","ValueMap":["allAllowed","allBlocked","general","parentalGuidance","mature","agesAbove13","agesAbove15","agesAbove16","agesAbove18","restricted","agesAbove16Restricted"],"Values":["allAllowed","allBlocked","general","parentalGuidance","mature","agesAbove13","agesAbove15","agesAbove16","agesAbove18","restricted","agesAbove16Restricted"]},{"CIMType":"String","Description":"TV rating selected for New Zealand","Name":"tvRating","Option":"Write","ValueMap":["allAllowed","allBlocked","general","parentalGuidance","adults"],"Values":["allAllowed","allBlocked","general","parentalGuidance","adults"]}],"Description":"This resource configures an Intune Device Configuration Policy for iOS."},{"ClassName":"MSFT_MicrosoftGraphmediacontentratingunitedkingdom","Parameters":[{"CIMType":"String","Description":"Movies rating selected for UK","Name":"movieRating","Option":"Write","ValueMap":["allAllowed","allBlocked","general","universalChildren","parentalGuidance","agesAbove12Video","agesAbove12Cinema","agesAbove15","adults"],"Values":["allAllowed","allBlocked","general","universalChildren","parentalGuidance","agesAbove12Video","agesAbove12Cinema","agesAbove15","adults"]},{"CIMType":"String","Description":"TV rating selected for UK","Name":"tvRating","Option":"Write","ValueMap":["allAllowed","allBlocked","caution"],"Values":["allAllowed","allBlocked","caution"]}],"Description":"This resource configures an Intune Device Configuration Policy for iOS."},{"ClassName":"MSFT_MicrosoftGraphmediacontentratingunitedstates","Parameters":[{"CIMType":"String","Description":"Movies rating selected for USA","Name":"movieRating","Option":"Write","ValueMap":["allAllowed","allBlocked","general","parentalGuidance","parentalGuidance13","restricted","adults"],"Values":["allAllowed","allBlocked","general","parentalGuidance","parentalGuidance13","restricted","adults"]},{"CIMType":"String","Description":"TV rating selected for USA","Name":"tvRating","Option":"Write","ValueMap":["allAllowed","allBlocked","childrenAll","childrenAbove7","general","parentalGuidance","childrenAbove14","adults"],"Values":["allAllowed","allBlocked","childrenAll","childrenAbove7","general","parentalGuidance","childrenAbove14","adults"]}],"Description":"This resource configures an Intune Device Configuration Policy for iOS."},{"ClassName":"MSFT_MicrosoftGraphiosnetworkusagerule","Parameters":[{"CIMType":"Boolean","Description":"If set to true, corresponding managed apps will not be allowed to use cellular data at any time.","Name":"cellularDataBlocked","Option":"Write"},{"CIMType":"Boolean","Description":"If set to true, corresponding managed apps will not be allowed to use cellular data when roaming.","Name":"cellularDataBlockWhenRoaming","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphapplistitem[]","Description":"Information about the managed apps that this rule is going to apply to.","Name":"managedApps","Option":"Write"}],"Description":"This resource configures an Intune Device Configuration Policy for iOS."},{"ClassName":"MSFT_IntuneDeviceConfigurationPolicyIOS","Parameters":[{"CIMType":"String","Description":"Id of the Intune policy.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"Display name of the Intune policy.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"Description of the Intune policy.","Name":"Description","Option":"Write"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to allow account modification when the device is in supervised mode.","Name":"AccountBlockModification","Option":"Write"},{"CIMType":"Boolean","Description":"Activation Lock makes it harder for a lost or stolen device to be reactivated.","Name":"ActivationLockAllowWhenSupervised","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to allow AirDrop when the device is in supervised mode.","Name":"AirDropBlocked","Option":"Write"},{"CIMType":"Boolean","Description":"Force AirDrop to be considered an unmanaged drop target.","Name":"AirDropForceUnmanagedDropTarget","Option":"Write"},{"CIMType":"Boolean","Description":"Force requiring a pairing password for outgoing AirPlay requests.","Name":"AirPlayForcePairingPasswordForOutgoingRequests","Option":"Write"},{"CIMType":"Boolean","Description":"Blocks keychain storage of username and password for outgoing AirPrint request.","Name":"AirPrintBlockCredentialsStorage","Option":"Write"},{"CIMType":"Boolean","Description":"Blocks AirPrint request.","Name":"AirPrintBlocked","Option":"Write"},{"CIMType":"Boolean","Description":"Blocking prevents malicious AirPrint Bluetooth beacons phishing for network traffic.","Name":"AirPrintBlockiBeaconDiscovery","Option":"Write"},{"CIMType":"Boolean","Description":"Forces trusted certificates for TLS printing communication","Name":"AirPrintForceTrustedTLS","Option":"Write"},{"CIMType":"Boolean","Description":"Block app clips.","Name":"AppClipsBlocked","Option":"Write"},{"CIMType":"Boolean","Description":"Block Apple News","Name":"AppleNewsBlocked","Option":"Write"},{"CIMType":"Boolean","Description":"Block Apple PersonalizedAdsBlocked","Name":"ApplePersonalizedAdsBlocked","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to allow Apple Watch pairing when the device is in supervised mode (iOS 9.0 and later).","Name":"AppleWatchBlockPairing","Option":"Write"},{"CIMType":"Boolean","Description":"Force paired Apple watch to use wrist detection.","Name":"AppleWatchForceWristDetection","Option":"Write"},{"CIMType":"Boolean","Description":"Block app removal.","Name":"AppRemovalBlocked","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphapplistitem[]","Description":"Apps you add to this list and assign to a device can lock the device to run only that app once launched, or lock the device while a certain action is running (for example, taking a test). Once the action is complete, or you remove the restriction, the device returns to its normal state.","Name":"AppsSingleAppModeList","Option":"Write"},{"CIMType":"Boolean","Description":"Blocks automatic downloading of apps purchased on other devices. Does not affect updates to existing apps.","Name":"AppStoreBlockAutomaticDownloads","Option":"Write"},{"CIMType":"Boolean","Description":"For supervised devices as of iOS 13.0.","Name":"AppStoreBlocked","Option":"Write"},{"CIMType":"Boolean","Description":"Block AppStore in-app purchases.","Name":"AppStoreBlockInAppPurchases","Option":"Write"},{"CIMType":"Boolean","Description":"Block App Store from Home Screen. Users may continue to use iTunes or Apple Configurator to install or update apps.","Name":"AppStoreBlockUIAppInstallation","Option":"Write"},{"CIMType":"Boolean","Description":"Users must enter Apple ID password for each in-app and iTunes purchase.","Name":"AppStoreRequirePassword","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphapplistitem[]","Description":"Enter the iTunes App Store URL of the app you want. For example, to specify the Microsoft Work Folders app for iOS, enter https://itunes.apple.com/us/app/work-folders/id950878067?mt=8. To find the URL of an app, use a search engine to locate the store page. For example, to find the Work Folders app, you could search Microsoft Work Folders ITunes.","Name":"AppsVisibilityList","Option":"Write"},{"CIMType":"String","Description":"Set whether the list is a list of apps to hide or a list of apps to make visible.","Name":"AppsVisibilityListType","Option":"Write","ValueMap":["none","appsInListCompliant","appsNotInListCompliant"],"Values":["none","appsInListCompliant","appsNotInListCompliant"]},{"CIMType":"Boolean","Description":"Require Touch ID or Face ID before passwords or credit card information can be auto filled in Safari and Apps. Available with iOS 12.0 and later.","Name":"AutoFillForceAuthentication","Option":"Write"},{"CIMType":"Boolean","Description":"Block auto unlock.","Name":"AutoUnlockBlocked","Option":"Write"},{"CIMType":"Boolean","Description":"Blocking disables the ability to remove system apps from the device.","Name":"BlockSystemAppRemoval","Option":"Write"},{"CIMType":"Boolean","Description":"Block modification of Bluetooth settings. To use this setting, the device must be in supervised mode (iOS 10.0+).","Name":"BluetoothBlockModification","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to block the user from accessing the camera of the device. Requires a supervised device for iOS 13 and later.","Name":"CameraBlocked","Option":"Write"},{"CIMType":"Boolean","Description":"Block data roaming over the cellular network. This won't show in the device's management profile, but a block will be enforced for data roaming every time the device checks in (typically every 8 hours).","Name":"CellularBlockDataRoaming","Option":"Write"},{"CIMType":"Boolean","Description":"Block global background fetch while roaming over the cellular network.","Name":"CellularBlockGlobalBackgroundFetchWhileRoaming","Option":"Write"},{"CIMType":"Boolean","Description":"Block changes to app cellular data usage settings.","Name":"CellularBlockPerAppDataModification","Option":"Write"},{"CIMType":"Boolean","Description":"This value is available only with certain carriers. This won't show in the device's management profile, but a block will be enforced for personal hotspot every time the device checks in (typically every 8 hours). Block modification of personal hotspot in addition to this setting to ensure personal hotspot will always be blocked.","Name":"CellularBlockPersonalHotspot","Option":"Write"},{"CIMType":"Boolean","Description":"For devices running iOS 12.2 and later. Users can't turn Personal Hotspot on or off. If you block this setting and block Personal Hotspot, Personal Hotspot will be turned off.","Name":"CellularBlockPersonalHotspotModification","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to allow users to change the settings of the cellular plan on a supervised device.","Name":"CellularBlockPlanModification","Option":"Write"},{"CIMType":"Boolean","Description":"Block voice roaming over the cellular network.","Name":"CellularBlockVoiceRoaming","Option":"Write"},{"CIMType":"Boolean","Description":"Block untrusted Transport Layer Security (TLS) certificates.","Name":"CertificatesBlockUntrustedTlsCertificates","Option":"Write"},{"CIMType":"Boolean","Description":"Block remote screen observation by Classroom app. To use this setting, the device must be in supervised mode (iOS 9.3+).","Name":"ClassroomAppBlockRemoteScreenObservation","Option":"Write"},{"CIMType":"Boolean","Description":"Student devices enrolled in a class via the Classroom app will automatically give permission to that course's teacher to silently observe the student's screen.","Name":"ClassroomAppForceUnpromptedScreenObservation","Option":"Write"},{"CIMType":"Boolean","Description":"Students can join a class without prompting the teacher.","Name":"ClassroomForceAutomaticallyJoinClasses","Option":"Write"},{"CIMType":"Boolean","Description":"Requires a student enrolled in an unmanaged course via Classroom to request permission from the teacher when attempting to leave the course. Only available in iOS 11.3+","Name":"ClassroomForceRequestPermissionToLeaveClasses","Option":"Write"},{"CIMType":"Boolean","Description":"Teachers can lock an app open or lock the device without first prompting the user.","Name":"ClassroomForceUnpromptedAppAndDeviceLock","Option":"Write"},{"CIMType":"String","Description":"Device compliance can be viewed in the Restricted Apps Compliance report.","Name":"CompliantAppListType","Option":"Write","ValueMap":["none","appsInListCompliant","appsNotInListCompliant"],"Values":["none","appsInListCompliant","appsNotInListCompliant"]},{"CIMType":"MSFT_MicrosoftGraphapplistitem[]","Description":"Enter the iTunes App Store URL of the app you want. For example, to specify the Microsoft Work Folders app for iOS, enter https://itunes.apple.com/us/app/work-folders/id950878067?mt=8. To find the URL of an app, use a search engine to locate the store page. For example, to find the Work Folders app, you could search Microsoft Work Folders ITunes.","Name":"CompliantAppsList","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to block the user from installing configuration profiles and certificates interactively when the device is in supervised mode.","Name":"ConfigurationProfileBlockChanges","Option":"Write"},{"CIMType":"Boolean","Description":"Users can sync and add their managed contacts (including business and corporate ones) to an unmanaged app, such as the device's built-in contacts app.","Name":"ContactsAllowManagedToUnmanagedWrite","Option":"Write"},{"CIMType":"Boolean","Description":"An unmanaged app, such as the device's built-in contacts app, can access contact info in a managed app, such as Outlook.","Name":"ContactsAllowUnmanagedToManagedRead","Option":"Write"},{"CIMType":"Boolean","Description":"QuickPath enables continuous input on the device keyboard. Available for iOS/iPadOS 13.0 and later.","Name":"ContinuousPathKeyboardBlocked","Option":"Write"},{"CIMType":"Boolean","Description":"Forces device to Set Date & Time Automatically. The device's time zone will only be updated when the device has cellular connections or wifi with location services enabled.","Name":"DateAndTimeForceSetAutomatically","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to block definition lookup when the device is in supervised mode (iOS 8.1.3 and later ).","Name":"DefinitionLookupBlocked","Option":"Write"},{"CIMType":"Boolean","Description":"On iOS 12.0 and later, this blocks users from setting their own Screen Time settings, which includes device restrictions. On iOS 11.4.1 and earlier, this blocks the user from enabling restrictions in the device settings. The blocking effect is the same on any supervised iOS device.","Name":"DeviceBlockEnableRestrictions","Option":"Write"},{"CIMType":"Boolean","Description":"Block the use of the erase all content and settings option on the device.","Name":"DeviceBlockEraseContentAndSettings","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to allow device name modification when the device is in supervised mode (iOS 9.0 and later).","Name":"DeviceBlockNameModification","Option":"Write"},{"CIMType":"Boolean","Description":"Block the device from sending diagnostic and usage telemetry data.","Name":"DiagnosticDataBlockSubmission","Option":"Write"},{"CIMType":"Boolean","Description":"Block the modification of the diagnostic submission and app analytics settings in the Diagnostics and Usage pane in Settings. To use this setting, the device must be in supervised mode (iOS 9.3.2+).","Name":"DiagnosticDataBlockSubmissionModification","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to block the user from viewing managed documents in unmanaged apps.","Name":"DocumentsBlockManagedDocumentsInUnmanagedApps","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to block the user from viewing unmanaged documents in managed apps.","Name":"DocumentsBlockUnmanagedDocumentsInManagedApps","Option":"Write"},{"CIMType":"String[]","Description":"Emails that the user sends or receives which don't match the domains you specify here will be marked as untrusted.","Name":"EmailInDomainSuffixes","Option":"Write"},{"CIMType":"Boolean","Description":"Removes the Trust Enterprise Developer button in Settings->General->Profiles & Device Management.","Name":"EnterpriseAppBlockTrust","Option":"Write"},{"CIMType":"Boolean","Description":"Block the changing of enterprise app trust settings.","Name":"EnterpriseAppBlockTrustModification","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to backup enterprise book.","Name":"EnterpriseBookBlockBackup","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to sync enterprise book metadata.","Name":"EnterpriseBookBlockMetadataSync","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to allow the addition or removal of cellular plans on the eSIM of a supervised device.","Name":"EsimBlockModification","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to block the user from using FaceTime. Requires a supervised device for iOS 13 and later.","Name":"FaceTimeBlocked","Option":"Write"},{"CIMType":"Boolean","Description":"Using the Server Message Block (SMB) protocol, devices can access files or other resources on a network server. Available for devices running iOS and iPadOS, versions 13.0 and later.","Name":"FilesNetworkDriveAccessBlocked","Option":"Write"},{"CIMType":"Boolean","Description":"Devices with access can connect to and open files on a USB drive. Available for devices running iOS and iPadOS, versions 13.0 and later.","Name":"FilesUsbDriveAccessBlocked","Option":"Write"},{"CIMType":"Boolean","Description":"A Find My app feature. Available for iOS/iPadOS 13.0 and later.","Name":"FindMyDeviceInFindMyAppBlocked","Option":"Write"},{"CIMType":"Boolean","Description":"Block changes to the Find My Friends app settings.","Name":"FindMyFriendsBlocked","Option":"Write"},{"CIMType":"Boolean","Description":"A Find My app feature. Used to locate family and friends from an Apple device or iCloud.com. Available for iOS/iPadOS 13.0 and later.","Name":"FindMyFriendsInFindMyAppBlocked","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to block the user from using Game Center when the device is in supervised mode.","Name":"GameCenterBlocked","Option":"Write"},{"CIMType":"Boolean","Description":"Block adding Game Center friends. For supervised devices as of iOS 13.0.","Name":"GamingBlockGameCenterFriends","Option":"Write"},{"CIMType":"Boolean","Description":"For supervised devices as of iOS 13.0.","Name":"GamingBlockMultiplayer","Option":"Write"},{"CIMType":"Boolean","Description":"Host pairing allows you to control which devices the device can pair with.","Name":"HostPairingBlocked","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to block the user from using the iBooks Store when the device is in supervised mode.","Name":"IBooksStoreBlocked","Option":"Write"},{"CIMType":"Boolean","Description":"User will not be able to download media from the iBook store that has been tagged as erotica.","Name":"IBooksStoreBlockErotica","Option":"Write"},{"CIMType":"Boolean","Description":"Handoff lets users start work on one iOS device, and continue it on another MacOS or iOS device.","Name":"ICloudBlockActivityContinuation","Option":"Write"},{"CIMType":"Boolean","Description":"Block backing up device to iCloud.","Name":"ICloudBlockBackup","Option":"Write"},{"CIMType":"Boolean","Description":"Blocks iCloud from syncing documents and data.","Name":"ICloudBlockDocumentSync","Option":"Write"},{"CIMType":"Boolean","Description":"Block managed apps from syncing to cloud.","Name":"ICloudBlockManagedAppsSync","Option":"Write"},{"CIMType":"Boolean","Description":"Any photos not fully downloaded from iCloud Photo Library to device will be removed from local storage.","Name":"ICloudBlockPhotoLibrary","Option":"Write"},{"CIMType":"Boolean","Description":"Block photo stream syncing to iCloud.","Name":"ICloudBlockPhotoStreamSync","Option":"Write"},{"CIMType":"Boolean","Description":"Block shared photo streaming. Blocking can cause data loss.","Name":"ICloudBlockSharedPhotoStream","Option":"Write"},{"CIMType":"Boolean","Description":"Block iCloud private relay.","Name":"ICloudPrivateRelayBlocked","Option":"Write"},{"CIMType":"Boolean","Description":"Require encryption on device backup.","Name":"ICloudRequireEncryptedBackup","Option":"Write"},{"CIMType":"Boolean","Description":"Block iTunes.","Name":"ITunesBlocked","Option":"Write"},{"CIMType":"Boolean","Description":"Block explicit iTunes music, podcast, and news content from iTunes. For supervised devices as of 13.0.","Name":"ITunesBlockExplicitContent","Option":"Write"},{"CIMType":"Boolean","Description":"Block Music service. If true, Music app reverts to classic mode and Music service is disabled.","Name":"ITunesBlockMusicService","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to block the user from using iTunes Radio when the device is in supervised mode (iOS 9.3 and later).","Name":"ITunesBlockRadio","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to block keyboard auto-correction when the device is in supervised mode (iOS 8.1.3 and later).","Name":"KeyboardBlockAutoCorrect","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to block the user from using dictation input when the device is in supervised mode.","Name":"KeyboardBlockDictation","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to block predictive keyboards when device is in supervised mode (iOS 8.1.3 and later).","Name":"KeyboardBlockPredictive","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to block keyboard shortcuts when the device is in supervised mode (iOS 9.0 and later).","Name":"KeyboardBlockShortcuts","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to block keyboard spell-checking when the device is in supervised mode (iOS 8.1.3 and later).","Name":"KeyboardBlockSpellCheck","Option":"Write"},{"CIMType":"Boolean","Description":"Disables syncing credentials stored in the Keychain to iCloud.","Name":"KeychainBlockCloudSync","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to allow assistive speak while in kiosk mode.","Name":"KioskModeAllowAssistiveSpeak","Option":"Write"},{"CIMType":"Boolean","Description":"Users can turn AssistiveTouch on or off.","Name":"KioskModeAllowAssistiveTouchSettings","Option":"Write"},{"CIMType":"Boolean","Description":"Kiosk mode allow auto lock","Name":"KioskModeAllowAutoLock","Option":"Write"},{"CIMType":"Boolean","Description":"Users can turn invert colors on or off.","Name":"KioskModeAllowColorInversionSettings","Option":"Write"},{"CIMType":"Boolean","Description":"Kiosk mode allow ringer switch","Name":"KioskModeAllowRingerSwitch","Option":"Write"},{"CIMType":"Boolean","Description":"Kiosk mode allow screen rotation","Name":"KioskModeAllowScreenRotation","Option":"Write"},{"CIMType":"Boolean","Description":"Kiosk mode allow sleep button","Name":"KioskModeAllowSleepButton","Option":"Write"},{"CIMType":"Boolean","Description":"Kiosk mode allow touchscreen","Name":"KioskModeAllowTouchscreen","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to allow the user to toggle voice control in kiosk mode.","Name":"KioskModeAllowVoiceControlModification","Option":"Write"},{"CIMType":"Boolean","Description":"Users can turn VoiceOver on or off.","Name":"KioskModeAllowVoiceOverSettings","Option":"Write"},{"CIMType":"Boolean","Description":"Kiosk mode allow volume buttons","Name":"KioskModeAllowVolumeButtons","Option":"Write"},{"CIMType":"Boolean","Description":"Users can turn zoom on or off.","Name":"KioskModeAllowZoomSettings","Option":"Write"},{"CIMType":"String","Description":"URL of app for kiosk mode, e.g. https://itunes.apple.com/us/app/work-folders/id950878067?mt=8","Name":"KioskModeAppStoreUrl","Option":"Write"},{"CIMType":"String","Description":"Indicates type of app in kiosk mode.","Name":"KioskModeAppType","Option":"Write","ValueMap":["notConfigured","appStoreApp","managedApp","builtInApp"],"Values":["notConfigured","appStoreApp","managedApp","builtInApp"]},{"CIMType":"Boolean","Description":"Indicates whether or not to block the auto-lock while in Kiosk Mode.","Name":"KioskModeBlockAutoLock","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to block the ringer switch while in Kiosk Mode.","Name":"KioskModeBlockRingerSwitch","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to block the screen rotation while in Kiosk Mode.","Name":"KioskModeBlockScreenRotation","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to block the sleep button while in Kiosk Mode.","Name":"KioskModeBlockSleepButton","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to block the touchscreen while in Kiosk Mode.","Name":"KioskModeBlockTouchscreen","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to block the volume buttons while in Kiosk Mode.","Name":"KioskModeBlockVolumeButtons","Option":"Write"},{"CIMType":"String","Description":"To see a list of bundle IDs for common built-in iOS apps, see the Intune documentation.","Name":"KioskModeBuiltInAppId","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to enable the voice control while in Kiosk Mode.","Name":"KioskModeEnableVoiceControl","Option":"Write"},{"CIMType":"String","Description":"Add managed Intune apps from the Software Node.","Name":"KioskModeManagedAppId","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to enforce assistive touch while in Kiosk Mode.","Name":"KioskModeRequireAssistiveTouch","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to enforce color inversion while in Kiosk Mode.","Name":"KioskModeRequireColorInversion","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to enforce mono audio while in Kiosk Mode.","Name":"KioskModeRequireMonoAudio","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to enforce voice control while in Kiosk Mode.","Name":"KioskModeRequireVoiceOver","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to enforce zoom while in Kiosk Mode.","Name":"KioskModeRequireZoom","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to block the user from using control center on the lock screen.","Name":"LockScreenBlockControlCenter","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to block the user from using the notification view on the lock screen.","Name":"LockScreenBlockNotificationView","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to block the user from using passbook when the device is locked.","Name":"LockScreenBlockPassbook","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to block the user from using the Today View on the lock screen.","Name":"LockScreenBlockTodayView","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to enforce managed pasteboard.","Name":"ManagedPasteboardRequired","Option":"Write"},{"CIMType":"String","Description":"Media content rating settings for apps.","Name":"MediaContentRatingApps","Option":"Write","ValueMap":["allAllowed","allBlocked","agesAbove4","agesAbove9","agesAbove12","agesAbove17"],"Values":["allAllowed","allBlocked","agesAbove4","agesAbove9","agesAbove12","agesAbove17"]},{"CIMType":"MSFT_MicrosoftGraphmediacontentratingaustralia","Description":"Media content rating settings for Australia","Name":"MediaContentRatingAustralia","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphmediacontentratingcanada","Description":"Media content rating settings for Canada","Name":"MediaContentRatingCanada","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphmediacontentratingfrance","Description":"Media content rating settings for France","Name":"MediaContentRatingFrance","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphmediacontentratinggermany","Description":"Media content rating settings for Germany","Name":"MediaContentRatingGermany","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphmediacontentratingireland","Description":"Media content rating settings for Ireland","Name":"MediaContentRatingIreland","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphmediacontentratingjapan","Description":"Media content rating settings for Japan","Name":"MediaContentRatingJapan","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphmediacontentratingnewzealand","Description":"Media content rating settings for New Zealand","Name":"MediaContentRatingNewZealand","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphmediacontentratingunitedkingdom","Description":"Media content rating settings for United Kingdom","Name":"MediaContentRatingUnitedKingdom","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphmediacontentratingunitedstates","Description":"Media content rating settings for United States","Name":"MediaContentRatingUnitedStates","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to block the user from using the Messages app on the supervised device.","Name":"MessagesBlocked","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphiosnetworkusagerule[]","Description":"If you don't add any managed apps, the configured settings will apply to all managed apps by default. If you add specific managed apps, the configured settings will apply to only those apps.","Name":"NetworkUsageRules","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to block the user from using nfc on the supervised device.","Name":"NfcBlocked","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to allow notifications settings modification (iOS 9.3 and later).","Name":"NotificationsBlockSettingsModification","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to enforce on device only dictation.","Name":"OnDeviceOnlyDictationForced","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to enforce on device only translation.","Name":"OnDeviceOnlyTranslationForced","Option":"Write"},{"CIMType":"Boolean","Description":"Block users from adding, changing, or removing fingerprints and faces. Face ID is available in iOS 11.0 and later.","Name":"PasscodeBlockFingerprintModification","Option":"Write"},{"CIMType":"Boolean","Description":"Face ID is available on iOS 11.0 and later.","Name":"PasscodeBlockFingerprintUnlock","Option":"Write"},{"CIMType":"Boolean","Description":"Block passcode from being added, changed or removed. Changes to passcode restrictions will be ignored on supervised devices after blocking passcode modification.","Name":"PasscodeBlockModification","Option":"Write"},{"CIMType":"Boolean","Description":"Block simple password sequences, such as 1234 or 1111.","Name":"PasscodeBlockSimple","Option":"Write"},{"CIMType":"UInt32","Description":"Number of days until device password must be changed. (1-65535)","Name":"PasscodeExpirationDays","Option":"Write"},{"CIMType":"UInt32","Description":"Minimum number (0-4) of non-alphanumeric characters, such as #, %, !, etc., required in the password. The default value is 0.","Name":"PasscodeMinimumCharacterSetCount","Option":"Write"},{"CIMType":"UInt32","Description":"Minimum number of digits or characters in password. (4-14)","Name":"PasscodeMinimumLength","Option":"Write"},{"CIMType":"UInt32","Description":"Set to 0 to require a password immediately. There is no maximum number of minutes, and this number overrides the number currently set on the device. (This compliance check is supported for devices with OS versions iOS 8.0 and above)","Name":"PasscodeMinutesOfInactivityBeforeLock","Option":"Write"},{"CIMType":"UInt32","Description":"Set to 0 to use the device's minimum possible value. This number (0-60) overrides the number currently set on the device. If set to Immediately, devices will use the minimum possible value per device.","Name":"PasscodeMinutesOfInactivityBeforeScreenTimeout","Option":"Write"},{"CIMType":"UInt32","Description":"Number of new passwords that must be used until an old one can be reused. (1-24)","Name":"PasscodePreviousPasscodeBlockCount","Option":"Write"},{"CIMType":"Boolean","Description":"In addition to requiring a password on all devices, this setting enforces a non-simple, 6-digit password requirement (regardless of other password settings you configure) on devices that are enrolled with Apple user enrollment.","Name":"PasscodeRequired","Option":"Write"},{"CIMType":"String","Description":"Type of passcode that is required.","Name":"PasscodeRequiredType","Option":"Write","ValueMap":["deviceDefault","alphanumeric","numeric"],"Values":["deviceDefault","alphanumeric","numeric"]},{"CIMType":"UInt32","Description":"Number of consecutive times an incorrect password can be entered before device is wiped of all data. (2-11)","Name":"PasscodeSignInFailureCountBeforeWipe","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to block AirDrop password sharing","Name":"PasswordBlockAirDropSharing","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to block password autofill.","Name":"PasswordBlockAutoFill","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to block password proximity requests.","Name":"PasswordBlockProximityRequests","Option":"Write"},{"CIMType":"Boolean","Description":"Allows your users to receive software updates without connecting their devices to a computer","Name":"PkiBlockOTAUpdates","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to block podcasts.","Name":"PodcastsBlocked","Option":"Write"},{"CIMType":"Boolean","Description":"Disables device advertising identifier","Name":"PrivacyForceLimitAdTracking","Option":"Write"},{"CIMType":"Boolean","Description":"Block user's from using their Apple devices to set up and configure other Apple devices.","Name":"ProximityBlockSetupToNewDevice","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to block Safari autofill.","Name":"SafariBlockAutofill","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to block Safari. For supervised devices as of iOS 13.0.","Name":"SafariBlocked","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to block javascript in Safari.","Name":"SafariBlockJavaScript","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to block popups on Safari.","Name":"SafariBlockPopups","Option":"Write"},{"CIMType":"String","Description":"Cookie settings for Safari.","Name":"SafariCookieSettings","Option":"Write","ValueMap":["browserDefault","blockAlways","allowCurrentWebSite","allowFromWebsitesVisited","allowAlways"],"Values":["browserDefault","blockAlways","allowCurrentWebSite","allowFromWebsitesVisited","allowAlways"]},{"CIMType":"String[]","Description":"Documents downloaded from the URLs you specify here will be considered managed (Safari only).","Name":"SafariManagedDomains","Option":"Write"},{"CIMType":"String[]","Description":"Users can save passwords in Safari only from URLs matching the patterns you specify here. To use this setting, the device must be in supervised mode and not configured for multiple users. (iOS 9.3+)","Name":"SafariPasswordAutoFillDomains","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to require fraud warning in Safari.","Name":"SafariRequireFraudWarning","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to block the user from taking Screenshots","Name":"ScreenCaptureBlocked","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to block temporary sessions on shared devices.","Name":"SharedDeviceBlockTemporarySessions","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to block Siri.","Name":"SiriBlocked","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to block Siri when locked.","Name":"SiriBlockedWhenLocked","Option":"Write"},{"CIMType":"Boolean","Description":"Block Siri from querying user-generated content from the internet.","Name":"SiriBlockUserGeneratedContent","Option":"Write"},{"CIMType":"Boolean","Description":"Prevents Siri from dictating, or speaking profane language.","Name":"SiriRequireProfanityFilter","Option":"Write"},{"CIMType":"UInt32","Description":"Delay the user's software update for this many days. The maximum is 90 days. (1-90)","Name":"SoftwareUpdatesEnforcedDelayInDays","Option":"Write"},{"CIMType":"Boolean","Description":"Delay user visibility of Software Updates. This does not impact any scheduled updates. It represents days before software updates are visible to end users after release.","Name":"SoftwareUpdatesForceDelayed","Option":"Write"},{"CIMType":"Boolean","Description":"Blocks Spotlight from returning any results from an Internet search.","Name":"SpotlightBlockInternetResults","Option":"Write"},{"CIMType":"Boolean","Description":"Allow users to boot devices into recovery mode with unpaired devices. Available for devices running iOS and iPadOS versions 14.5 and later.","Name":"UnpairedExternalBootToRecoveryAllowed","Option":"Write"},{"CIMType":"Boolean","Description":"Blocks USB Restricted mode. USB Restricted mode blocks USB accessories from exchanging data with a device that has been locked over an hour.","Name":"UsbRestrictedModeBlocked","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to block voice dialing.","Name":"VoiceDialingBlocked","Option":"Write"},{"CIMType":"Boolean","Description":"Blocks the creation of VPN configurations","Name":"VpnBlockCreation","Option":"Write"},{"CIMType":"Boolean","Description":"Block wallpaper from being changed.","Name":"WallpaperBlockModification","Option":"Write"},{"CIMType":"Boolean","Description":"Force the device to use only Wi-Fi networks set up through configuration profiles.","Name":"WiFiConnectOnlyToConfiguredNetworks","Option":"Write"},{"CIMType":"Boolean","Description":"Require devices to use Wi-Fi networks set up via configuration profiles. Available for devices running iOS and iPadOS versions 14.5 and later.","Name":"WiFiConnectToAllowedNetworksOnlyForced","Option":"Write"},{"CIMType":"Boolean","Description":"Wi-Fi can't be turned off in the Settings app or in the Control Center, even when the device is in airplane mode. Available for iOS/iPadOS 13.0 and later.","Name":"WifiPowerOnForced","Option":"Write"},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Intune Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures an Intune Device Configuration Policy for iOS."},{"ClassName":"MSFT_MicrosoftGraphapplistitemMacOS","Parameters":[{"CIMType":"String","Description":"Specify the odataType","Name":"odataType","Option":"Write","ValueMap":["#microsoft.graph.appleAppListItem"],"Values":["#microsoft.graph.appleAppListItem"]},{"CIMType":"String","Description":"The application or bundle identifier of the application","Name":"appId","Option":"Key"},{"CIMType":"String","Description":"The Store URL of the application","Name":"appStoreUrl","Option":"Write"},{"CIMType":"String","Description":"The application name","Name":"name","Option":"Write"},{"CIMType":"String","Description":"The publisher of the application","Name":"publisher","Option":"Write"}],"Description":"This resource configures an Intune device configuration profile for an MacOS Device."},{"ClassName":"MSFT_MicrosoftGraphmacosprivacyaccesscontrolitem","Parameters":[{"CIMType":"String","Description":"Allow the app or process to control the Mac via the Accessibility subsystem.","Name":"accessibility","Option":"Write","ValueMap":["notConfigured","enabled","disabled"],"Values":["notConfigured","enabled","disabled"]},{"CIMType":"String","Description":"Allow or block access to contact information managed by Contacts.","Name":"addressBook","Option":"Write","ValueMap":["notConfigured","enabled","disabled"],"Values":["notConfigured","enabled","disabled"]},{"CIMType":"MSFT_MicrosoftGraphmacosappleeventreceiver[]","Description":"Allow or deny the app or process to send a restricted Apple event to another app or process. You will need to know the identifier, identifier type, and code requirement of the receiving app or process.","Name":"appleEventsAllowedReceivers","Option":"Write"},{"CIMType":"Boolean","Description":"Block access to camera app.","Name":"blockCamera","Option":"Write"},{"CIMType":"Boolean","Description":"Block the app or process from listening to events from input devices such as mouse, keyboard, and trackpad.Requires macOS 10.15 or later.","Name":"blockListenEvent","Option":"Write"},{"CIMType":"Boolean","Description":"Block access to microphone.","Name":"blockMicrophone","Option":"Write"},{"CIMType":"Boolean","Description":"Block app from capturing contents of system display. Requires macOS 10.15 or later.","Name":"blockScreenCapture","Option":"Write"},{"CIMType":"String","Description":"Allow or block access to event information managed by Calendar.","Name":"calendar","Option":"Write","ValueMap":["notConfigured","enabled","disabled"],"Values":["notConfigured","enabled","disabled"]},{"CIMType":"String","Description":"Enter the code requirement, which can be obtained with the command 'codesign -display -r -' in the Terminal app. Include everything after '=>'.","Name":"codeRequirement","Option":"Write"},{"CIMType":"String","Description":"The display name of the app, process, or executable.","Name":"displayName","Option":"Write"},{"CIMType":"String","Description":"Allow the app or process to access files managed by another app's file provider extension. Requires macOS 10.15 or later.","Name":"fileProviderPresence","Option":"Write","ValueMap":["notConfigured","enabled","disabled"],"Values":["notConfigured","enabled","disabled"]},{"CIMType":"String","Description":"The bundle ID or path of the app, process, or executable.","Name":"identifier","Option":"Write"},{"CIMType":"String","Description":"A bundle ID is used to identify an app. A path is used to identify a process or executable.","Name":"identifierType","Option":"Write","ValueMap":["bundleID","path"],"Values":["bundleID","path"]},{"CIMType":"String","Description":"Allow or block access to music and the media library.","Name":"mediaLibrary","Option":"Write","ValueMap":["notConfigured","enabled","disabled"],"Values":["notConfigured","enabled","disabled"]},{"CIMType":"String","Description":"Allow or block access to images managed by Photos.","Name":"photos","Option":"Write","ValueMap":["notConfigured","enabled","disabled"],"Values":["notConfigured","enabled","disabled"]},{"CIMType":"String","Description":"Control access to CoreGraphics APIs, which are used to send CGEvents to the system event stream.","Name":"postEvent","Option":"Write","ValueMap":["notConfigured","enabled","disabled"],"Values":["notConfigured","enabled","disabled"]},{"CIMType":"String","Description":"Allow or block access to information managed by Reminders.","Name":"reminders","Option":"Write","ValueMap":["notConfigured","enabled","disabled"],"Values":["notConfigured","enabled","disabled"]},{"CIMType":"String","Description":"Allow or block access to system speech recognition facility.","Name":"speechRecognition","Option":"Write","ValueMap":["notConfigured","enabled","disabled"],"Values":["notConfigured","enabled","disabled"]},{"CIMType":"Boolean","Description":"Statically validates the code requirement. Use this setting if the process invalidates its dynamic code signature.","Name":"staticCodeValidation","Option":"Write"},{"CIMType":"String","Description":"Control access to all protected files on a device. Files might be in locations such as emails, messages, apps, and administrative settings. Apply this setting with caution.","Name":"systemPolicyAllFiles","Option":"Write","ValueMap":["notConfigured","enabled","disabled"],"Values":["notConfigured","enabled","disabled"]},{"CIMType":"String","Description":"Allow or block access to Desktop folder.","Name":"systemPolicyDesktopFolder","Option":"Write","ValueMap":["notConfigured","enabled","disabled"],"Values":["notConfigured","enabled","disabled"]},{"CIMType":"String","Description":"Allow or block access to Documents folder.","Name":"systemPolicyDocumentsFolder","Option":"Write","ValueMap":["notConfigured","enabled","disabled"],"Values":["notConfigured","enabled","disabled"]},{"CIMType":"String","Description":"Allow or block access to Downloads folder.","Name":"systemPolicyDownloadsFolder","Option":"Write","ValueMap":["notConfigured","enabled","disabled"],"Values":["notConfigured","enabled","disabled"]},{"CIMType":"String","Description":"Allow or block access to network volumes. Requires macOS 10.15 or later.","Name":"systemPolicyNetworkVolumes","Option":"Write","ValueMap":["notConfigured","enabled","disabled"],"Values":["notConfigured","enabled","disabled"]},{"CIMType":"String","Description":"Control access to removable volumes on the device, such as an external hard drive. Requires macOS 10.15 or later.","Name":"systemPolicyRemovableVolumes","Option":"Write","ValueMap":["notConfigured","enabled","disabled"],"Values":["notConfigured","enabled","disabled"]},{"CIMType":"String","Description":"Allow app or process to access files used in system administration.","Name":"systemPolicySystemAdminFiles","Option":"Write","ValueMap":["notConfigured","enabled","disabled"],"Values":["notConfigured","enabled","disabled"]}],"Description":"This resource configures an Intune device configuration profile for an MacOS Device."},{"ClassName":"MSFT_MicrosoftGraphmacosappleeventreceiver","Parameters":[{"CIMType":"Boolean","Description":"Allow or block this app from receiving Apple events.","Name":"allowed","Option":"Write"},{"CIMType":"String","Description":"Code requirement for the app or binary that receives the Apple Event.","Name":"codeRequirement","Option":"Write"},{"CIMType":"String","Description":"Bundle ID of the app or file path of the process or executable that receives the Apple Event.","Name":"identifier","Option":"Write"},{"CIMType":"String","Description":"Use bundle ID for an app or path for a process or executable that receives the Apple Event.","Name":"identifierType","Option":"Write","ValueMap":["bundleID","path"],"Values":["bundleID","path"]}],"Description":"This resource configures an Intune device configuration profile for an MacOS Device."},{"ClassName":"MSFT_IntuneDeviceConfigurationPolicyMacOS","Parameters":[{"CIMType":"String","Description":"Id of the Intune policy.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"Display name of the Intune policy.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"Description of the Intune policy.","Name":"Description","Option":"Write"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"Boolean","Description":"Configures users from adding friends to Game Center. Available for devices running macOS versions 10.13 and later.","Name":"AddingGameCenterFriendsBlocked","Option":"Write"},{"CIMType":"Boolean","Description":"Configures whether or not to allow AirDrop.","Name":"AirDropBlocked","Option":"Write"},{"CIMType":"Boolean","Description":"Blocks users from unlocking their Mac with Apple Watch.","Name":"AppleWatchBlockAutoUnlock","Option":"Write"},{"CIMType":"Boolean","Description":"Blocks users from taking photographs and videos.","Name":"CameraBlocked","Option":"Write"},{"CIMType":"Boolean","Description":"Blocks AirPlay, screen sharing to other devices, and a Classroom app feature used by teachers to view their students' screens. This setting isn't available if you've blocked screenshots.","Name":"ClassroomAppBlockRemoteScreenObservation","Option":"Write"},{"CIMType":"Boolean","Description":"Unprompted observation means that teachers can view screens without warning students first. This setting isn't available if you've blocked screenshots.","Name":"ClassroomAppForceUnpromptedScreenObservation","Option":"Write"},{"CIMType":"Boolean","Description":"Students can join a class without prompting the teacher.","Name":"ClassroomForceAutomaticallyJoinClasses","Option":"Write"},{"CIMType":"Boolean","Description":"Students enrolled in an unmanaged Classroom course must get teacher consent to leave the course.","Name":"ClassroomForceRequestPermissionToLeaveClasses","Option":"Write"},{"CIMType":"Boolean","Description":"Teachers can lock a student's device or app without the student's approval.","Name":"ClassroomForceUnpromptedAppAndDeviceLock","Option":"Write"},{"CIMType":"String","Description":"Device compliance can be viewed in the Restricted Apps Compliance report.","Name":"CompliantAppListType","Option":"Write","ValueMap":["none","appsInListCompliant","appsNotInListCompliant"],"Values":["none","appsInListCompliant","appsNotInListCompliant"]},{"CIMType":"MSFT_MicrosoftGraphapplistitemMacOS[]","Description":"List of apps in the compliance (either allow list or block list, controlled by CompliantAppListType).","Name":"CompliantAppsList","Option":"Write"},{"CIMType":"Boolean","Description":"Configures whether or not to allow content caching.","Name":"ContentCachingBlocked","Option":"Write"},{"CIMType":"Boolean","Description":"Block look up, a feature that looks up the definition of a highlighted word.","Name":"DefinitionLookupBlocked","Option":"Write"},{"CIMType":"String[]","Description":"Emails that the user sends or receives which don't match the domains you specify here will be marked as untrusted. ","Name":"EmailInDomainSuffixes","Option":"Write"},{"CIMType":"Boolean","Description":"Configures the reset option on supervised devices. Available for devices running macOS versions 12.0 and later.","Name":"EraseContentAndSettingsBlocked","Option":"Write"},{"CIMType":"Boolean","Description":"Configured if the Game Center icon is removed from the Home screen. Available for devices running macOS versions 10.13 and later.","Name":"GameCenterBlocked","Option":"Write"},{"CIMType":"Boolean","Description":"Handoff lets users start work on one MacOS device, and continue it on another MacOS or iOS device. Available for macOS 10.15 and later.","Name":"ICloudBlockActivityContinuation","Option":"Write"},{"CIMType":"Boolean","Description":"Blocks iCloud from syncing contacts.","Name":"ICloudBlockAddressBook","Option":"Write"},{"CIMType":"Boolean","Description":"Blocks iCloud from syncing bookmarks.","Name":"ICloudBlockBookmarks","Option":"Write"},{"CIMType":"Boolean","Description":"Blocks iCloud from syncing calendars.","Name":"ICloudBlockCalendar","Option":"Write"},{"CIMType":"Boolean","Description":"Blocks iCloud from syncing documents and data.","Name":"ICloudBlockDocumentSync","Option":"Write"},{"CIMType":"Boolean","Description":"Blocks iCloud from syncing mail.","Name":"ICloudBlockMail","Option":"Write"},{"CIMType":"Boolean","Description":"Blocks iCloud from syncing notes.","Name":"ICloudBlockNotes","Option":"Write"},{"CIMType":"Boolean","Description":"Any photos not fully downloaded from iCloud Photo Library to device will be removed from local storage.","Name":"ICloudBlockPhotoLibrary","Option":"Write"},{"CIMType":"Boolean","Description":"Blocks iCloud from syncing reminders.","Name":"ICloudBlockReminders","Option":"Write"},{"CIMType":"Boolean","Description":"Configures if the synchronization of cloud desktop and documents is blocked. Available for devices running macOS 10.12.4 and later.","Name":"ICloudDesktopAndDocumentsBlocked","Option":"Write"},{"CIMType":"Boolean","Description":"Configures if iCloud private relay is blocked or not. Available for devices running macOS 12 and later.","Name":"ICloudPrivateRelayBlocked","Option":"Write"},{"CIMType":"Boolean","Description":"Blocks files from being transferred using iTunes.","Name":"ITunesBlockFileSharing","Option":"Write"},{"CIMType":"Boolean","Description":"Configures  whether or not to block files from being transferred using iTunes.","Name":"ITunesBlockMusicService","Option":"Write"},{"CIMType":"Boolean","Description":"Block dictation, which is a feature that converts the user's voice to text.","Name":"KeyboardBlockDictation","Option":"Write"},{"CIMType":"Boolean","Description":"Disables syncing credentials stored in the Keychain to iCloud","Name":"KeychainBlockCloudSync","Option":"Write"},{"CIMType":"Boolean","Description":"Configures whether multiplayer gaming when using Game Center is blocked. Available for devices running macOS versions 10.13 and later.","Name":"MultiplayerGamingBlocked","Option":"Write"},{"CIMType":"Boolean","Description":"Configures whether or not to block sharing passwords with the AirDrop passwords feature.","Name":"PasswordBlockAirDropSharing","Option":"Write"},{"CIMType":"Boolean","Description":"Configures whether or not to block the AutoFill Passwords feature.","Name":"PasswordBlockAutoFill","Option":"Write"},{"CIMType":"Boolean","Description":"Requires user to set a non-biometric passcode or password to unlock the device.","Name":"PasswordBlockFingerprintUnlock","Option":"Write"},{"CIMType":"Boolean","Description":"Blocks user from changing the set passcode.","Name":"PasswordBlockModification","Option":"Write"},{"CIMType":"Boolean","Description":"Configures whether or not to block requesting passwords from nearby devices.","Name":"PasswordBlockProximityRequests","Option":"Write"},{"CIMType":"Boolean","Description":"Block simple password sequences, such as 1234 or 1111.","Name":"PasswordBlockSimple","Option":"Write"},{"CIMType":"UInt32","Description":"Number of days until device password must be changed. (1-65535)","Name":"PasswordExpirationDays","Option":"Write"},{"CIMType":"UInt32","Description":"Configures the number of allowed failed attempts to enter the passcode at the device's lock screen. Valid values 2 to 11","Name":"PasswordMaximumAttemptCount","Option":"Write"},{"CIMType":"UInt32","Description":"Minimum number (0-4) of non-alphanumeric characters, such as #, %, !, etc., required in the password. The default value is 0.","Name":"PasswordMinimumCharacterSetCount","Option":"Write"},{"CIMType":"UInt32","Description":"Minimum number of digits or characters in password (4-16).","Name":"PasswordMinimumLength","Option":"Write"},{"CIMType":"UInt32","Description":"Set to 0 to require a password immediately. There is no maximum number of minutes, and this number overrides the number currently set on the device.","Name":"PasswordMinutesOfInactivityBeforeLock","Option":"Write"},{"CIMType":"UInt32","Description":"Set to 0 to use the device's minimum possible value. This number (0-60 minutes) overrides the number currently set on the device.","Name":"PasswordMinutesOfInactivityBeforeScreenTimeout","Option":"Write"},{"CIMType":"UInt32","Description":"Configures the number of minutes before the login is reset after the maximum number of unsuccessful login attempts is reached.","Name":"PasswordMinutesUntilFailedLoginReset","Option":"Write"},{"CIMType":"UInt32","Description":"Number of new passwords that must be used until an old one can be reused. (1-24)","Name":"PasswordPreviousPasswordBlockCount","Option":"Write"},{"CIMType":"Boolean","Description":"Specify the type of password required.","Name":"PasswordRequired","Option":"Write"},{"CIMType":"String","Description":"Specify the type of password required.","Name":"PasswordRequiredType","Option":"Write","ValueMap":["deviceDefault","alphanumeric","numeric"],"Values":["deviceDefault","alphanumeric","numeric"]},{"CIMType":"MSFT_MicrosoftGraphmacosprivacyaccesscontrolitem[]","Description":"Configure an app's access to specific data, folders, and apps on a device. These settings apply to devices running macOS Mojave 10.14 and later.","Name":"PrivacyAccessControls","Option":"Write"},{"CIMType":"Boolean","Description":"Blocks Safari from remembering what users enter in web forms.","Name":"SafariBlockAutofill","Option":"Write"},{"CIMType":"Boolean","Description":"Configures whether or not to block the user from taking Screenshots.","Name":"ScreenCaptureBlocked","Option":"Write"},{"CIMType":"UInt32","Description":"Specify the number of days (1-90) to delay visibility of major OS software updates. Available for devices running macOS versions 11.3 and later. Valid values 0 to 90","Name":"SoftwareUpdateMajorOSDeferredInstallDelayInDays","Option":"Write"},{"CIMType":"UInt32","Description":"Specify the number of days (1-90) to delay visibility of minor OS software updates. Available for devices running macOS versions 11.3 and later. Valid values 0 to 90","Name":"SoftwareUpdateMinorOSDeferredInstallDelayInDays","Option":"Write"},{"CIMType":"UInt32","Description":"Specify the number of days (1-90) to delay visibility of non-OS software updates. Available for devices running macOS versions 11.3 and later. Valid values 0 to 90","Name":"SoftwareUpdateNonOSDeferredInstallDelayInDays","Option":"Write"},{"CIMType":"UInt32","Description":"Delay the user's software update for this many days. The maximum is 90 days. (1-90)","Name":"SoftwareUpdatesEnforcedDelayInDays","Option":"Write"},{"CIMType":"Boolean","Description":"Blocks Spotlight from returning any results from an Internet search","Name":"SpotlightBlockInternetResults","Option":"Write"},{"CIMType":"UInt32","Description":"Configures the maximum hours after which the user must enter their password to unlock the device instead of using Touch ID. Available for devices running macOS 12 and later. Valid values 0 to 2147483647","Name":"TouchIdTimeoutInHours","Option":"Write"},{"CIMType":"String[]","Description":"Configures whether to delay OS and/or app updates for macOS.","Name":"UpdateDelayPolicy","Option":"Write","ValueMap":["none","delayOSUpdateVisibility","delayAppUpdateVisibility","unknownFutureValue","delayMajorOsUpdateVisibility"],"Values":["none","delayOSUpdateVisibility","delayAppUpdateVisibility","unknownFutureValue","delayMajorOsUpdateVisibility"]},{"CIMType":"Boolean","Description":"Configures whether the wallpaper can be changed. Available for devices running macOS versions 10.13 and later.","Name":"WallpaperModificationBlocked","Option":"Write"},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Intune Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures an Intune device configuration profile for an MacOS Device."},{"ClassName":"MSFT_MicrosoftGraphDefenderDetectedMalwareActions1","Parameters":[{"CIMType":"String","Description":"Indicates a Defender action to take for high severity Malware threat detected. Possible values are: deviceDefault, clean, quarantine, remove, allow, userDefined, block.","Name":"HighSeverity","Option":"Write","ValueMap":["deviceDefault","clean","quarantine","remove","allow","userDefined","block"],"Values":["deviceDefault","clean","quarantine","remove","allow","userDefined","block"]},{"CIMType":"String","Description":"Indicates a Defender action to take for low severity Malware threat detected. Possible values are: deviceDefault, clean, quarantine, remove, allow, userDefined, block.","Name":"LowSeverity","Option":"Write","ValueMap":["deviceDefault","clean","quarantine","remove","allow","userDefined","block"],"Values":["deviceDefault","clean","quarantine","remove","allow","userDefined","block"]},{"CIMType":"String","Description":"Indicates a Defender action to take for moderate severity Malware threat detected. Possible values are: deviceDefault, clean, quarantine, remove, allow, userDefined, block.","Name":"ModerateSeverity","Option":"Write","ValueMap":["deviceDefault","clean","quarantine","remove","allow","userDefined","block"],"Values":["deviceDefault","clean","quarantine","remove","allow","userDefined","block"]},{"CIMType":"String","Description":"Indicates a Defender action to take for severe severity Malware threat detected. Possible values are: deviceDefault, clean, quarantine, remove, allow, userDefined, block.","Name":"SevereSeverity","Option":"Write","ValueMap":["deviceDefault","clean","quarantine","remove","allow","userDefined","block"],"Values":["deviceDefault","clean","quarantine","remove","allow","userDefined","block"]}],"Description":"Intune Device Configuration Policy for Windows10"},{"ClassName":"MSFT_MicrosoftGraphEdgeHomeButtonConfiguration","Parameters":[{"CIMType":"String","Description":"The specific URL to load.","Name":"HomeButtonCustomURL","Option":"Write"},{"CIMType":"String","Description":"The type of the entity.","Name":"odataType","Option":"Write","ValueMap":["#microsoft.graph.edgeHomeButtonHidden","#microsoft.graph.edgeHomeButtonLoadsStartPage","#microsoft.graph.edgeHomeButtonOpensCustomURL","#microsoft.graph.edgeHomeButtonOpensNewTab"],"Values":["#microsoft.graph.edgeHomeButtonHidden","#microsoft.graph.edgeHomeButtonLoadsStartPage","#microsoft.graph.edgeHomeButtonOpensCustomURL","#microsoft.graph.edgeHomeButtonOpensNewTab"]}],"Description":"Intune Device Configuration Policy for Windows10"},{"ClassName":"MSFT_MicrosoftGraphEdgeSearchEngineBase","Parameters":[{"CIMType":"String","Description":"Allows IT admins to set a predefined default search engine for MDM-Controlled devices. Possible values are: default, bing.","Name":"EdgeSearchEngineType","Option":"Write","ValueMap":["default","bing"],"Values":["default","bing"]},{"CIMType":"String","Description":"Points to a https link containing the OpenSearch xml file that contains, at minimum, the short name and the URL to the search Engine.","Name":"EdgeSearchEngineOpenSearchXmlUrl","Option":"Write"},{"CIMType":"String","Description":"The type of the entity.","Name":"odataType","Option":"Write","ValueMap":["#microsoft.graph.edgeSearchEngine","#microsoft.graph.edgeSearchEngineCustom"],"Values":["#microsoft.graph.edgeSearchEngine","#microsoft.graph.edgeSearchEngineCustom"]}],"Description":"Intune Device Configuration Policy for Windows10"},{"ClassName":"MSFT_MicrosoftGraphWindows10NetworkProxyServer","Parameters":[{"CIMType":"String","Description":"Address to the proxy server. Specify an address in the format ':'","Name":"Address","Option":"Write"},{"CIMType":"String[]","Description":"Addresses that should not use the proxy server. The system will not use the proxy server for addresses beginning with what is specified in this node.","Name":"Exceptions","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies whether the proxy server should be used for local (intranet) addresses.","Name":"UseForLocalAddresses","Option":"Write"}],"Description":"Intune Device Configuration Policy for Windows10"},{"ClassName":"MSFT_MicrosoftGraphWindows10AppsForceUpdateSchedule","Parameters":[{"CIMType":"String","Description":"Recurrence schedule. Possible values are: none, daily, weekly, monthly.","Name":"Recurrence","Option":"Write","ValueMap":["none","daily","weekly","monthly"],"Values":["none","daily","weekly","monthly"]},{"CIMType":"Boolean","Description":"If true, runs the task immediately if StartDateTime is in the past, else, runs at the next recurrence.","Name":"RunImmediatelyIfAfterStartDateTime","Option":"Write"},{"CIMType":"String","Description":"The start time for the force restart.","Name":"StartDateTime","Option":"Write"}],"Description":"Intune Device Configuration Policy for Windows10"},{"ClassName":"MSFT_IntuneDeviceConfigurationPolicyWindows10","Parameters":[{"CIMType":"Boolean","Description":"Indicates whether or not to Block the user from adding email accounts to the device that are not associated with a Microsoft account.","Name":"AccountsBlockAddingNonMicrosoftAccountEmail","Option":"Write"},{"CIMType":"String","Description":"Specifies if Windows apps can be activated by voice. Possible values are: notConfigured, enabled, disabled.","Name":"ActivateAppsWithVoice","Option":"Write","ValueMap":["notConfigured","enabled","disabled"],"Values":["notConfigured","enabled","disabled"]},{"CIMType":"Boolean","Description":"Indicates whether or not to block the user from selecting an AntiTheft mode preference (Windows 10 Mobile only).","Name":"AntiTheftModeBlocked","Option":"Write"},{"CIMType":"Boolean","Description":"This policy setting permits users to change installation options that typically are available only to system administrators.","Name":"AppManagementMSIAllowUserControlOverInstall","Option":"Write"},{"CIMType":"Boolean","Description":"This policy setting directs Windows Installer to use elevated permissions when it installs any program on the system.","Name":"AppManagementMSIAlwaysInstallWithElevatedPrivileges","Option":"Write"},{"CIMType":"String[]","Description":"List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are to be launched after logon.","Name":"AppManagementPackageFamilyNamesToLaunchAfterLogOn","Option":"Write"},{"CIMType":"String","Description":"Indicates whether apps from AppX packages signed with a trusted certificate can be side loaded. Possible values are: notConfigured, blocked, allowed.","Name":"AppsAllowTrustedAppsSideloading","Option":"Write","ValueMap":["notConfigured","blocked","allowed"],"Values":["notConfigured","blocked","allowed"]},{"CIMType":"Boolean","Description":"Indicates whether or not to disable the launch of all apps from Windows Store that came pre-installed or were downloaded.","Name":"AppsBlockWindowsStoreOriginatedApps","Option":"Write"},{"CIMType":"Boolean","Description":"Allows secondary authentication devices to work with Windows.","Name":"AuthenticationAllowSecondaryDevice","Option":"Write"},{"CIMType":"String","Description":"Specifies the preferred domain among available domains in the Azure AD tenant.","Name":"AuthenticationPreferredAzureADTenantDomainName","Option":"Write"},{"CIMType":"String","Description":"Indicates whether or not Web Credential Provider will be enabled. Possible values are: notConfigured, enabled, disabled.","Name":"AuthenticationWebSignIn","Option":"Write","ValueMap":["notConfigured","enabled","disabled"],"Values":["notConfigured","enabled","disabled"]},{"CIMType":"String[]","Description":"Specify a list of allowed Bluetooth services and profiles in hex formatted strings.","Name":"BluetoothAllowedServices","Option":"Write"},{"CIMType":"Boolean","Description":"Whether or not to Block the user from using bluetooth advertising.","Name":"BluetoothBlockAdvertising","Option":"Write"},{"CIMType":"Boolean","Description":"Whether or not to Block the user from using bluetooth discoverable mode.","Name":"BluetoothBlockDiscoverableMode","Option":"Write"},{"CIMType":"Boolean","Description":"Whether or not to Block the user from using bluetooth.","Name":"BluetoothBlocked","Option":"Write"},{"CIMType":"Boolean","Description":"Whether or not to block specific bundled Bluetooth peripherals to automatically pair with the host device.","Name":"BluetoothBlockPrePairing","Option":"Write"},{"CIMType":"Boolean","Description":"Whether or not to block the users from using Swift Pair and other proximity based scenarios.","Name":"BluetoothBlockPromptedProximalConnections","Option":"Write"},{"CIMType":"Boolean","Description":"Whether or not to Block the user from accessing the camera of the device.","Name":"CameraBlocked","Option":"Write"},{"CIMType":"Boolean","Description":"Whether or not to Block the user from using data over cellular while roaming.","Name":"CellularBlockDataWhenRoaming","Option":"Write"},{"CIMType":"Boolean","Description":"Whether or not to Block the user from using VPN over cellular.","Name":"CellularBlockVpn","Option":"Write"},{"CIMType":"Boolean","Description":"Whether or not to Block the user from using VPN when roaming over cellular.","Name":"CellularBlockVpnWhenRoaming","Option":"Write"},{"CIMType":"String","Description":"Whether or not to allow the cellular data channel on the device. If not configured, the cellular data channel is allowed and the user can turn it off. Possible values are: blocked, required, allowed, notConfigured.","Name":"CellularData","Option":"Write","ValueMap":["blocked","required","allowed","notConfigured"],"Values":["blocked","required","allowed","notConfigured"]},{"CIMType":"Boolean","Description":"Whether or not to Block the user from doing manual root certificate installation.","Name":"CertificatesBlockManualRootCertificateInstallation","Option":"Write"},{"CIMType":"String","Description":"Specifies the time zone to be applied to the device. This is the standard Windows name for the target time zone.","Name":"ConfigureTimeZone","Option":"Write"},{"CIMType":"Boolean","Description":"Whether or not to block Connected Devices Service which enables discovery and connection to other devices, remote messaging, remote app sessions and other cross-device experiences.","Name":"ConnectedDevicesServiceBlocked","Option":"Write"},{"CIMType":"Boolean","Description":"Whether or not to Block the user from using copy paste.","Name":"CopyPasteBlocked","Option":"Write"},{"CIMType":"Boolean","Description":"Whether or not to Block the user from using Cortana.","Name":"CortanaBlocked","Option":"Write"},{"CIMType":"Boolean","Description":"Specify whether to allow or disallow the Federal Information Processing Standard (FIPS) policy.","Name":"CryptographyAllowFipsAlgorithmPolicy","Option":"Write"},{"CIMType":"Boolean","Description":"This policy setting allows you to block direct memory access (DMA) for all hot pluggable PCI downstream ports until a user logs into Windows.","Name":"DataProtectionBlockDirectMemoryAccess","Option":"Write"},{"CIMType":"Boolean","Description":"Whether or not to block end user access to Defender.","Name":"DefenderBlockEndUserAccess","Option":"Write"},{"CIMType":"Boolean","Description":"Allows or disallows Windows Defender On Access Protection functionality.","Name":"DefenderBlockOnAccessProtection","Option":"Write"},{"CIMType":"String","Description":"Specifies the level of cloud-delivered protection. Possible values are: notConfigured, high, highPlus, zeroTolerance.","Name":"DefenderCloudBlockLevel","Option":"Write","ValueMap":["notConfigured","high","highPlus","zeroTolerance"],"Values":["notConfigured","high","highPlus","zeroTolerance"]},{"CIMType":"UInt32","Description":"Timeout extension for file scanning by the cloud. Valid values 0 to 50","Name":"DefenderCloudExtendedTimeout","Option":"Write"},{"CIMType":"UInt32","Description":"Timeout extension for file scanning by the cloud. Valid values 0 to 50","Name":"DefenderCloudExtendedTimeoutInSeconds","Option":"Write"},{"CIMType":"UInt32","Description":"Number of days before deleting quarantined malware. Valid values 0 to 90","Name":"DefenderDaysBeforeDeletingQuarantinedMalware","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphdefenderDetectedMalwareActions1","Description":"Gets or sets Defenders actions to take on detected Malware per threat level.","Name":"DefenderDetectedMalwareActions","Option":"Write"},{"CIMType":"Boolean","Description":"When blocked, catch-up scans for scheduled full scans will be turned off.","Name":"DefenderDisableCatchupFullScan","Option":"Write"},{"CIMType":"Boolean","Description":"When blocked, catch-up scans for scheduled quick scans will be turned off.","Name":"DefenderDisableCatchupQuickScan","Option":"Write"},{"CIMType":"String[]","Description":"File extensions to exclude from scans and real time protection.","Name":"DefenderFileExtensionsToExclude","Option":"Write"},{"CIMType":"String[]","Description":"Files and folder to exclude from scans and real time protection.","Name":"DefenderFilesAndFoldersToExclude","Option":"Write"},{"CIMType":"String","Description":"Value for monitoring file activity. Possible values are: userDefined, disable, monitorAllFiles, monitorIncomingFilesOnly, monitorOutgoingFilesOnly.","Name":"DefenderMonitorFileActivity","Option":"Write","ValueMap":["userDefined","disable","monitorAllFiles","monitorIncomingFilesOnly","monitorOutgoingFilesOnly"],"Values":["userDefined","disable","monitorAllFiles","monitorIncomingFilesOnly","monitorOutgoingFilesOnly"]},{"CIMType":"String","Description":"Gets or sets Defenders action to take on Potentially Unwanted Application (PUA), which includes software with behaviors of ad-injection, software bundling, persistent solicitation for payment or subscription, etc. Defender alerts user when PUA is being downloaded or attempts to install itself. Added in Windows 10 for desktop. Possible values are: deviceDefault, block, audit.","Name":"DefenderPotentiallyUnwantedAppAction","Option":"Write","ValueMap":["deviceDefault","block","audit"],"Values":["deviceDefault","block","audit"]},{"CIMType":"String","Description":"Gets or sets Defenders action to take on Potentially Unwanted Application (PUA), which includes software with behaviors of ad-injection, software bundling, persistent solicitation for payment or subscription, etc. Defender alerts user when PUA is being downloaded or attempts to install itself. Added in Windows 10 for desktop. Possible values are: userDefined, enable, auditMode, warn, notConfigured.","Name":"DefenderPotentiallyUnwantedAppActionSetting","Option":"Write","ValueMap":["userDefined","enable","auditMode","warn","notConfigured"],"Values":["userDefined","enable","auditMode","warn","notConfigured"]},{"CIMType":"String[]","Description":"Processes to exclude from scans and real time protection.","Name":"DefenderProcessesToExclude","Option":"Write"},{"CIMType":"String","Description":"The configuration for how to prompt user for sample submission. Possible values are: userDefined, alwaysPrompt, promptBeforeSendingPersonalData, neverSendData, sendAllDataWithoutPrompting.","Name":"DefenderPromptForSampleSubmission","Option":"Write","ValueMap":["userDefined","alwaysPrompt","promptBeforeSendingPersonalData","neverSendData","sendAllDataWithoutPrompting"],"Values":["userDefined","alwaysPrompt","promptBeforeSendingPersonalData","neverSendData","sendAllDataWithoutPrompting"]},{"CIMType":"Boolean","Description":"Indicates whether or not to require behavior monitoring.","Name":"DefenderRequireBehaviorMonitoring","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to require cloud protection.","Name":"DefenderRequireCloudProtection","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to require network inspection system.","Name":"DefenderRequireNetworkInspectionSystem","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to require real time monitoring.","Name":"DefenderRequireRealTimeMonitoring","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to scan archive files.","Name":"DefenderScanArchiveFiles","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to scan downloads.","Name":"DefenderScanDownloads","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to scan incoming mail messages.","Name":"DefenderScanIncomingMail","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to scan mapped network drives during full scan.","Name":"DefenderScanMappedNetworkDrivesDuringFullScan","Option":"Write"},{"CIMType":"UInt32","Description":"Max CPU usage percentage during scan. Valid values 0 to 100","Name":"DefenderScanMaxCpu","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to scan files opened from a network folder.","Name":"DefenderScanNetworkFiles","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to scan removable drives during full scan.","Name":"DefenderScanRemovableDrivesDuringFullScan","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to scan scripts loaded in Internet Explorer browser.","Name":"DefenderScanScriptsLoadedInInternetExplorer","Option":"Write"},{"CIMType":"String","Description":"The defender system scan type. Possible values are: userDefined, disabled, quick, full.","Name":"DefenderScanType","Option":"Write","ValueMap":["userDefined","disabled","quick","full"],"Values":["userDefined","disabled","quick","full"]},{"CIMType":"String","Description":"The time to perform a daily quick scan.","Name":"DefenderScheduledQuickScanTime","Option":"Write"},{"CIMType":"String","Description":"The defender time for the system scan.","Name":"DefenderScheduledScanTime","Option":"Write"},{"CIMType":"Boolean","Description":"When enabled, low CPU priority will be used during scheduled scans.","Name":"DefenderScheduleScanEnableLowCpuPriority","Option":"Write"},{"CIMType":"UInt32","Description":"The signature update interval in hours. Specify 0 not to check. Valid values 0 to 24","Name":"DefenderSignatureUpdateIntervalInHours","Option":"Write"},{"CIMType":"String","Description":"Checks for the user consent level in Windows Defender to send data. Possible values are: sendSafeSamplesAutomatically, alwaysPrompt, neverSend, sendAllSamplesAutomatically.","Name":"DefenderSubmitSamplesConsentType","Option":"Write","ValueMap":["sendSafeSamplesAutomatically","alwaysPrompt","neverSend","sendAllSamplesAutomatically"],"Values":["sendSafeSamplesAutomatically","alwaysPrompt","neverSend","sendAllSamplesAutomatically"]},{"CIMType":"String","Description":"Defender day of the week for the system scan. Possible values are: userDefined, everyday, sunday, monday, tuesday, wednesday, thursday, friday, saturday, noScheduledScan.","Name":"DefenderSystemScanSchedule","Option":"Write","ValueMap":["userDefined","everyday","sunday","monday","tuesday","wednesday","thursday","friday","saturday","noScheduledScan"],"Values":["userDefined","everyday","sunday","monday","tuesday","wednesday","thursday","friday","saturday","noScheduledScan"]},{"CIMType":"String","Description":"Indicates whether or not to allow developer unlock. Possible values are: notConfigured, blocked, allowed.","Name":"DeveloperUnlockSetting","Option":"Write","ValueMap":["notConfigured","blocked","allowed"],"Values":["notConfigured","blocked","allowed"]},{"CIMType":"Boolean","Description":"Indicates whether or not to Block the user from resetting their phone.","Name":"DeviceManagementBlockFactoryResetOnMobile","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to Block the user from doing manual un-enrollment from device management.","Name":"DeviceManagementBlockManualUnenroll","Option":"Write"},{"CIMType":"String","Description":"Gets or sets a value allowing the device to send diagnostic and usage telemetry data, such as Watson. Possible values are: userDefined, none, basic, enhanced, full.","Name":"DiagnosticsDataSubmissionMode","Option":"Write","ValueMap":["userDefined","none","basic","enhanced","full"],"Values":["userDefined","none","basic","enhanced","full"]},{"CIMType":"String[]","Description":"List of legacy applications that have GDI DPI Scaling turned off.","Name":"DisplayAppListWithGdiDPIScalingTurnedOff","Option":"Write"},{"CIMType":"String[]","Description":"List of legacy applications that have GDI DPI Scaling turned on.","Name":"DisplayAppListWithGdiDPIScalingTurnedOn","Option":"Write"},{"CIMType":"Boolean","Description":"Allow users to change Start pages on Edge. Use the EdgeHomepageUrls to specify the Start pages that the user would see by default when they open Edge.","Name":"EdgeAllowStartPagesModification","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to prevent access to about flags on Edge browser.","Name":"EdgeBlockAccessToAboutFlags","Option":"Write"},{"CIMType":"Boolean","Description":"Block the address bar dropdown functionality in Microsoft Edge. Disable this settings to minimize network connections from Microsoft Edge to Microsoft services.","Name":"EdgeBlockAddressBarDropdown","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to block auto fill.","Name":"EdgeBlockAutofill","Option":"Write"},{"CIMType":"Boolean","Description":"Block Microsoft compatibility list in Microsoft Edge. This list from Microsoft helps Edge properly display sites with known compatibility issues.","Name":"EdgeBlockCompatibilityList","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to block developer tools in the Edge browser.","Name":"EdgeBlockDeveloperTools","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to Block the user from using the Edge browser.","Name":"EdgeBlocked","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to Block the user from making changes to Favorites.","Name":"EdgeBlockEditFavorites","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to block extensions in the Edge browser.","Name":"EdgeBlockExtensions","Option":"Write"},{"CIMType":"Boolean","Description":"Allow or prevent Edge from entering the full screen mode.","Name":"EdgeBlockFullScreenMode","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to block InPrivate browsing on corporate networks, in the Edge browser.","Name":"EdgeBlockInPrivateBrowsing","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to Block the user from using JavaScript.","Name":"EdgeBlockJavaScript","Option":"Write"},{"CIMType":"Boolean","Description":"Block the collection of information by Microsoft for live tile creation when users pin a site to Start from Microsoft Edge.","Name":"EdgeBlockLiveTileDataCollection","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to Block password manager.","Name":"EdgeBlockPasswordManager","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to block popups.","Name":"EdgeBlockPopups","Option":"Write"},{"CIMType":"Boolean","Description":"Decide whether Microsoft Edge is prelaunched at Windows startup.","Name":"EdgeBlockPrelaunch","Option":"Write"},{"CIMType":"Boolean","Description":"Configure Edge to allow or block printing.","Name":"EdgeBlockPrinting","Option":"Write"},{"CIMType":"Boolean","Description":"Configure Edge to allow browsing history to be saved or to never save browsing history.","Name":"EdgeBlockSavingHistory","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to block the user from adding new search engine or changing the default search engine.","Name":"EdgeBlockSearchEngineCustomization","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to block the user from using the search suggestions in the address bar.","Name":"EdgeBlockSearchSuggestions","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to Block the user from sending the do not track header.","Name":"EdgeBlockSendingDoNotTrackHeader","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to switch the intranet traffic from Edge to Internet Explorer. Note: the name of this property is misleading the property is obsolete, use EdgeSendIntranetTrafficToInternetExplorer instead.","Name":"EdgeBlockSendingIntranetTrafficToInternetExplorer","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether the user can sideload extensions.","Name":"EdgeBlockSideloadingExtensions","Option":"Write"},{"CIMType":"Boolean","Description":"Configure whether Edge preloads the new tab page at Windows startup.","Name":"EdgeBlockTabPreloading","Option":"Write"},{"CIMType":"Boolean","Description":"Configure to load a blank page in Edge instead of the default New tab page and prevent users from changing it.","Name":"EdgeBlockWebContentOnNewTabPage","Option":"Write"},{"CIMType":"Boolean","Description":"Clear browsing data on exiting Microsoft Edge.","Name":"EdgeClearBrowsingDataOnExit","Option":"Write"},{"CIMType":"String","Description":"Indicates which cookies to block in the Edge browser. Possible values are: userDefined, allow, blockThirdParty, blockAll.","Name":"EdgeCookiePolicy","Option":"Write","ValueMap":["userDefined","allow","blockThirdParty","blockAll"],"Values":["userDefined","allow","blockThirdParty","blockAll"]},{"CIMType":"Boolean","Description":"Block the Microsoft web page that opens on the first use of Microsoft Edge. This policy allows enterprises, like those enrolled in zero emissions configurations, to block this page.","Name":"EdgeDisableFirstRunPage","Option":"Write"},{"CIMType":"String","Description":"Indicates the enterprise mode site list location. Could be a local file, local network or http location.","Name":"EdgeEnterpriseModeSiteListLocation","Option":"Write"},{"CIMType":"String","Description":"Get or set a value that specifies whether to set the favorites bar to always be visible or hidden on any page. Possible values are: notConfigured, hide, show.","Name":"EdgeFavoritesBarVisibility","Option":"Write","ValueMap":["notConfigured","hide","show"],"Values":["notConfigured","hide","show"]},{"CIMType":"String","Description":"The location of the favorites list to provision. Could be a local file, local network or http location.","Name":"EdgeFavoritesListLocation","Option":"Write"},{"CIMType":"String","Description":"The first run URL for when Edge browser is opened for the first time.","Name":"EdgeFirstRunUrl","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphedgeHomeButtonConfiguration","Description":"Causes the Home button to either hide, load the default Start page, load a New tab page, or a custom URL","Name":"EdgeHomeButtonConfiguration","Option":"Write"},{"CIMType":"Boolean","Description":"Enable the Home button configuration.","Name":"EdgeHomeButtonConfigurationEnabled","Option":"Write"},{"CIMType":"String[]","Description":"The list of URLs for homepages shodwn on MDM-enrolled devices on Edge browser.","Name":"EdgeHomepageUrls","Option":"Write"},{"CIMType":"String","Description":"Controls how the Microsoft Edge settings are restricted based on the configure kiosk mode. Possible values are: notConfigured, digitalSignage, normalMode, publicBrowsingSingleApp, publicBrowsingMultiApp.","Name":"EdgeKioskModeRestriction","Option":"Write","ValueMap":["notConfigured","digitalSignage","normalMode","publicBrowsingSingleApp","publicBrowsingMultiApp"],"Values":["notConfigured","digitalSignage","normalMode","publicBrowsingSingleApp","publicBrowsingMultiApp"]},{"CIMType":"UInt32","Description":"Specifies the time in minutes from the last user activity before Microsoft Edge kiosk resets.  Valid values are 0-1440. The default is 5. 0 indicates no reset. Valid values 0 to 1440","Name":"EdgeKioskResetAfterIdleTimeInMinutes","Option":"Write"},{"CIMType":"String","Description":"Specify the page opened when new tabs are created.","Name":"EdgeNewTabPageURL","Option":"Write"},{"CIMType":"String","Description":"Specify what kind of pages are open at start. Possible values are: notConfigured, startPage, newTabPage, previousPages, specificPages.","Name":"EdgeOpensWith","Option":"Write","ValueMap":["notConfigured","startPage","newTabPage","previousPages","specificPages"],"Values":["notConfigured","startPage","newTabPage","previousPages","specificPages"]},{"CIMType":"Boolean","Description":"Allow or prevent users from overriding certificate errors.","Name":"EdgePreventCertificateErrorOverride","Option":"Write"},{"CIMType":"String[]","Description":"Specify the list of package family names of browser extensions that are required and cannot be turned off by the user.","Name":"EdgeRequiredExtensionPackageFamilyNames","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to Require the user to use the smart screen filter.","Name":"EdgeRequireSmartScreen","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphedgeSearchEngineBase","Description":"Allows IT admins to set a default search engine for MDM-Controlled devices. Users can override this and change their default search engine provided the AllowSearchEngineCustomization policy is not set.","Name":"EdgeSearchEngine","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to switch the intranet traffic from Edge to Internet Explorer.","Name":"EdgeSendIntranetTrafficToInternetExplorer","Option":"Write"},{"CIMType":"String","Description":"Controls the message displayed by Edge before switching to Internet Explorer. Possible values are: notConfigured, disabled, enabled, keepGoing.","Name":"EdgeShowMessageWhenOpeningInternetExplorerSites","Option":"Write","ValueMap":["notConfigured","disabled","enabled","keepGoing"],"Values":["notConfigured","disabled","enabled","keepGoing"]},{"CIMType":"Boolean","Description":"Enable favorites sync between Internet Explorer and Microsoft Edge. Additions, deletions, modifications and order changes to favorites are shared between browsers.","Name":"EdgeSyncFavoritesWithInternetExplorer","Option":"Write"},{"CIMType":"String","Description":"Specifies what type of telemetry data (none, intranet, internet, both) is sent to Microsoft 365 Analytics. Possible values are: notConfigured, intranet, internet, intranetAndInternet.","Name":"EdgeTelemetryForMicrosoft365Analytics","Option":"Write","ValueMap":["notConfigured","intranet","internet","intranetAndInternet"],"Values":["notConfigured","intranet","internet","intranetAndInternet"]},{"CIMType":"Boolean","Description":"Allow users with administrative rights to delete all user data and settings using CTRL + Win + R at the device lock screen so that the device can be automatically re-configured and re-enrolled into management.","Name":"EnableAutomaticRedeployment","Option":"Write"},{"CIMType":"UInt32","Description":"This setting allows you to specify battery charge level at which Energy Saver is turned on. While on battery, Energy Saver is automatically turned on at (and below) the specified battery charge level. Valid input range (0-100). Valid values 0 to 100","Name":"EnergySaverOnBatteryThresholdPercentage","Option":"Write"},{"CIMType":"UInt32","Description":"This setting allows you to specify battery charge level at which Energy Saver is turned on. While plugged in, Energy Saver is automatically turned on at (and below) the specified battery charge level. Valid input range (0-100). Valid values 0 to 100","Name":"EnergySaverPluggedInThresholdPercentage","Option":"Write"},{"CIMType":"String","Description":"Endpoint for discovering cloud printers.","Name":"EnterpriseCloudPrintDiscoveryEndPoint","Option":"Write"},{"CIMType":"UInt32","Description":"Maximum number of printers that should be queried from a discovery endpoint. This is a mobile only setting. Valid values 1 to 65535","Name":"EnterpriseCloudPrintDiscoveryMaxLimit","Option":"Write"},{"CIMType":"String","Description":"OAuth resource URI for printer discovery service as configured in Azure portal.","Name":"EnterpriseCloudPrintMopriaDiscoveryResourceIdentifier","Option":"Write"},{"CIMType":"String","Description":"Authentication endpoint for acquiring OAuth tokens.","Name":"EnterpriseCloudPrintOAuthAuthority","Option":"Write"},{"CIMType":"String","Description":"GUID of a client application authorized to retrieve OAuth tokens from the OAuth Authority.","Name":"EnterpriseCloudPrintOAuthClientIdentifier","Option":"Write"},{"CIMType":"String","Description":"OAuth resource URI for print service as configured in the Azure portal.","Name":"EnterpriseCloudPrintResourceIdentifier","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to enable device discovery UX.","Name":"ExperienceBlockDeviceDiscovery","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to allow the error dialog from displaying if no SIM card is detected.","Name":"ExperienceBlockErrorDialogWhenNoSIM","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to enable task switching on the device.","Name":"ExperienceBlockTaskSwitcher","Option":"Write"},{"CIMType":"String","Description":"Allow or prevent the syncing of Microsoft Edge Browser settings. Option for IT admins to prevent syncing across devices, but allow user override. Possible values are: notConfigured, blockedWithUserOverride, blocked.","Name":"ExperienceDoNotSyncBrowserSettings","Option":"Write","ValueMap":["notConfigured","blockedWithUserOverride","blocked"],"Values":["notConfigured","blockedWithUserOverride","blocked"]},{"CIMType":"String","Description":"Controls if the user can configure search to Find My Files mode, which searches files in secondary hard drives and also outside of the user profile. Find My Files does not allow users to search files or locations to which they do not have access. Possible values are: notConfigured, enabled, disabled.","Name":"FindMyFiles","Option":"Write","ValueMap":["notConfigured","enabled","disabled"],"Values":["notConfigured","enabled","disabled"]},{"CIMType":"Boolean","Description":"Indicates whether or not to block DVR and broadcasting.","Name":"GameDvrBlocked","Option":"Write"},{"CIMType":"String","Description":"Controls the user access to the ink workspace, from the desktop and from above the lock screen. Possible values are: notConfigured, enabled, disabled.","Name":"InkWorkspaceAccess","Option":"Write","ValueMap":["notConfigured","enabled","disabled"],"Values":["notConfigured","enabled","disabled"]},{"CIMType":"String","Description":"Controls the user access to the ink workspace, from the desktop and from above the lock screen. Possible values are: notConfigured, blocked, allowed.","Name":"InkWorkspaceAccessState","Option":"Write","ValueMap":["notConfigured","blocked","allowed"],"Values":["notConfigured","blocked","allowed"]},{"CIMType":"Boolean","Description":"Specify whether to show recommended app suggestions in the ink workspace.","Name":"InkWorkspaceBlockSuggestedApps","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to Block the user from using internet sharing.","Name":"InternetSharingBlocked","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to Block the user from location services.","Name":"LocationServicesBlocked","Option":"Write"},{"CIMType":"String","Description":"This policy setting specifies whether Windows apps can be activated by voice while the system is locked. Possible values are: notConfigured, enabled, disabled.","Name":"LockScreenActivateAppsWithVoice","Option":"Write","ValueMap":["notConfigured","enabled","disabled"],"Values":["notConfigured","enabled","disabled"]},{"CIMType":"Boolean","Description":"Specify whether to show a user-configurable setting to control the screen timeout while on the lock screen of Windows 10 Mobile devices. If this policy is set to Allow, the value set by lockScreenTimeoutInSeconds is ignored.","Name":"LockScreenAllowTimeoutConfiguration","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to block action center notifications over lock screen.","Name":"LockScreenBlockActionCenterNotifications","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not the user can interact with Cortana using speech while the system is locked.","Name":"LockScreenBlockCortana","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether to allow toast notifications above the device lock screen.","Name":"LockScreenBlockToastNotifications","Option":"Write"},{"CIMType":"UInt32","Description":"Set the duration (in seconds) from the screen locking to the screen turning off for Windows 10 Mobile devices. Supported values are 11-1800. Valid values 11 to 1800","Name":"LockScreenTimeoutInSeconds","Option":"Write"},{"CIMType":"Boolean","Description":"Disables the ability to quickly switch between users that are logged on simultaneously without logging off.","Name":"LogonBlockFastUserSwitching","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to block the MMS send/receive functionality on the device.","Name":"MessagingBlockMMS","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to block the RCS send/receive functionality on the device.","Name":"MessagingBlockRichCommunicationServices","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to block text message back up and restore and Messaging Everywhere.","Name":"MessagingBlockSync","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to Block a Microsoft account.","Name":"MicrosoftAccountBlocked","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to Block Microsoft account settings sync.","Name":"MicrosoftAccountBlockSettingsSync","Option":"Write"},{"CIMType":"String","Description":"Controls the Microsoft Account Sign-In Assistant (wlidsvc) NT service. Possible values are: notConfigured, disabled.","Name":"MicrosoftAccountSignInAssistantSettings","Option":"Write","ValueMap":["notConfigured","disabled"],"Values":["notConfigured","disabled"]},{"CIMType":"Boolean","Description":"If set, proxy settings will be applied to all processes and accounts in the device. Otherwise, it will be applied to the user account that's enrolled into MDM.","Name":"NetworkProxyApplySettingsDeviceWide","Option":"Write"},{"CIMType":"String","Description":"Address to the proxy auto-config (PAC) script you want to use.","Name":"NetworkProxyAutomaticConfigurationUrl","Option":"Write"},{"CIMType":"Boolean","Description":"Disable automatic detection of settings. If enabled, the system will try to find the path to a proxy auto-config (PAC) script.","Name":"NetworkProxyDisableAutoDetect","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphwindows10NetworkProxyServer","Description":"Specifies manual proxy server settings.","Name":"NetworkProxyServer","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to Block the user from using near field communication.","Name":"NfcBlocked","Option":"Write"},{"CIMType":"Boolean","Description":"Gets or sets a value allowing IT admins to prevent apps and features from working with files on OneDrive.","Name":"OneDriveDisableFileSync","Option":"Write"},{"CIMType":"Boolean","Description":"Specify whether PINs or passwords such as '1111' or '1234' are allowed. For Windows 10 desktops, it also controls the use of picture passwords.","Name":"PasswordBlockSimple","Option":"Write"},{"CIMType":"UInt32","Description":"The password expiration in days. Valid values 0 to 730","Name":"PasswordExpirationDays","Option":"Write"},{"CIMType":"UInt32","Description":"This security setting determines the period of time (in days) that a password must be used before the user can change it. Valid values 0 to 998","Name":"PasswordMinimumAgeInDays","Option":"Write"},{"CIMType":"UInt32","Description":"The number of character sets required in the password.","Name":"PasswordMinimumCharacterSetCount","Option":"Write"},{"CIMType":"UInt32","Description":"The minimum password length. Valid values 4 to 16","Name":"PasswordMinimumLength","Option":"Write"},{"CIMType":"UInt32","Description":"The minutes of inactivity before the screen times out.","Name":"PasswordMinutesOfInactivityBeforeScreenTimeout","Option":"Write"},{"CIMType":"UInt32","Description":"The number of previous passwords to prevent reuse of. Valid values 0 to 50","Name":"PasswordPreviousPasswordBlockCount","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to require the user to have a password.","Name":"PasswordRequired","Option":"Write"},{"CIMType":"String","Description":"The required password type. Possible values are: deviceDefault, alphanumeric, numeric.","Name":"PasswordRequiredType","Option":"Write","ValueMap":["deviceDefault","alphanumeric","numeric"],"Values":["deviceDefault","alphanumeric","numeric"]},{"CIMType":"Boolean","Description":"Indicates whether or not to require a password upon resuming from an idle state.","Name":"PasswordRequireWhenResumeFromIdleState","Option":"Write"},{"CIMType":"UInt32","Description":"The number of sign in failures before factory reset. Valid values 0 to 999","Name":"PasswordSignInFailureCountBeforeFactoryReset","Option":"Write"},{"CIMType":"String","Description":"A http or https Url to a jpg, jpeg or png image that needs to be downloaded and used as the Desktop Image or a file Url to a local image on the file system that needs to used as the Desktop Image.","Name":"PersonalizationDesktopImageUrl","Option":"Write"},{"CIMType":"String","Description":"A http or https Url to a jpg, jpeg or png image that needs to be downloaded and used as the Lock Screen Image or a file Url to a local image on the file system that needs to be used as the Lock Screen Image.","Name":"PersonalizationLockScreenImageUrl","Option":"Write"},{"CIMType":"String","Description":"This setting specifies the action that Windows takes when a user presses the Power button while on battery. Possible values are: notConfigured, noAction, sleep, hibernate, shutdown.","Name":"PowerButtonActionOnBattery","Option":"Write","ValueMap":["notConfigured","noAction","sleep","hibernate","shutdown"],"Values":["notConfigured","noAction","sleep","hibernate","shutdown"]},{"CIMType":"String","Description":"This setting specifies the action that Windows takes when a user presses the Power button while plugged in. Possible values are: notConfigured, noAction, sleep, hibernate, shutdown.","Name":"PowerButtonActionPluggedIn","Option":"Write","ValueMap":["notConfigured","noAction","sleep","hibernate","shutdown"],"Values":["notConfigured","noAction","sleep","hibernate","shutdown"]},{"CIMType":"String","Description":"This setting allows you to turn off hybrid sleep while on battery. If you set this setting to disable, a hiberfile is not generated when the system transitions to sleep (Stand By). If you set this setting to enable or do not configure this policy setting, users control this setting. Possible values are: notConfigured, enabled, disabled.","Name":"PowerHybridSleepOnBattery","Option":"Write","ValueMap":["notConfigured","enabled","disabled"],"Values":["notConfigured","enabled","disabled"]},{"CIMType":"String","Description":"This setting allows you to turn off hybrid sleep while plugged in. If you set this setting to disable, a hiberfile is not generated when the system transitions to sleep (Stand By). If you set this setting to enable or do not configure this policy setting, users control this setting. Possible values are: notConfigured, enabled, disabled.","Name":"PowerHybridSleepPluggedIn","Option":"Write","ValueMap":["notConfigured","enabled","disabled"],"Values":["notConfigured","enabled","disabled"]},{"CIMType":"String","Description":"This setting specifies the action that Windows takes when a user closes the lid on a mobile PC while on battery. Possible values are: notConfigured, noAction, sleep, hibernate, shutdown.","Name":"PowerLidCloseActionOnBattery","Option":"Write","ValueMap":["notConfigured","noAction","sleep","hibernate","shutdown"],"Values":["notConfigured","noAction","sleep","hibernate","shutdown"]},{"CIMType":"String","Description":"This setting specifies the action that Windows takes when a user closes the lid on a mobile PC while plugged in. Possible values are: notConfigured, noAction, sleep, hibernate, shutdown.","Name":"PowerLidCloseActionPluggedIn","Option":"Write","ValueMap":["notConfigured","noAction","sleep","hibernate","shutdown"],"Values":["notConfigured","noAction","sleep","hibernate","shutdown"]},{"CIMType":"String","Description":"This setting specifies the action that Windows takes when a user presses the Sleep button while on battery. Possible values are: notConfigured, noAction, sleep, hibernate, shutdown.","Name":"PowerSleepButtonActionOnBattery","Option":"Write","ValueMap":["notConfigured","noAction","sleep","hibernate","shutdown"],"Values":["notConfigured","noAction","sleep","hibernate","shutdown"]},{"CIMType":"String","Description":"This setting specifies the action that Windows takes when a user presses the Sleep button while plugged in. Possible values are: notConfigured, noAction, sleep, hibernate, shutdown.","Name":"PowerSleepButtonActionPluggedIn","Option":"Write","ValueMap":["notConfigured","noAction","sleep","hibernate","shutdown"],"Values":["notConfigured","noAction","sleep","hibernate","shutdown"]},{"CIMType":"Boolean","Description":"Prevent user installation of additional printers from printers settings.","Name":"PrinterBlockAddition","Option":"Write"},{"CIMType":"String","Description":"Name (network host name) of an installed printer.","Name":"PrinterDefaultName","Option":"Write"},{"CIMType":"String[]","Description":"Automatically provision printers based on their names (network host names).","Name":"PrinterNames","Option":"Write"},{"CIMType":"String","Description":"Enables or disables the use of advertising ID. Added in Windows 10, version 1607. Possible values are: notConfigured, blocked, allowed.","Name":"PrivacyAdvertisingId","Option":"Write","ValueMap":["notConfigured","blocked","allowed"],"Values":["notConfigured","blocked","allowed"]},{"CIMType":"Boolean","Description":"Indicates whether or not to allow the automatic acceptance of the pairing and privacy user consent dialog when launching apps.","Name":"PrivacyAutoAcceptPairingAndConsentPrompts","Option":"Write"},{"CIMType":"Boolean","Description":"Blocks the usage of cloud based speech services for Cortana, Dictation, or Store applications.","Name":"PrivacyBlockActivityFeed","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to block the usage of cloud based speech services for Cortana, Dictation, or Store applications.","Name":"PrivacyBlockInputPersonalization","Option":"Write"},{"CIMType":"Boolean","Description":"Blocks the shared experiences/discovery of recently used resources in task switcher etc.","Name":"PrivacyBlockPublishUserActivities","Option":"Write"},{"CIMType":"Boolean","Description":"This policy prevents the privacy experience from launching during user logon for new and upgraded users.","Name":"PrivacyDisableLaunchExperience","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to Block the user from reset protection mode.","Name":"ResetProtectionModeBlocked","Option":"Write"},{"CIMType":"String","Description":"Specifies what filter level of safe search is required. Possible values are: userDefined, strict, moderate.","Name":"SafeSearchFilter","Option":"Write","ValueMap":["userDefined","strict","moderate"],"Values":["userDefined","strict","moderate"]},{"CIMType":"Boolean","Description":"Indicates whether or not to Block the user from taking Screenshots.","Name":"ScreenCaptureBlocked","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies if search can use diacritics.","Name":"SearchBlockDiacritics","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to block the web search.","Name":"SearchBlockWebResults","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies whether to use automatic language detection when indexing content and properties.","Name":"SearchDisableAutoLanguageDetection","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to disable the search indexer backoff feature.","Name":"SearchDisableIndexerBackoff","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to block indexing of WIP-protected items to prevent them from appearing in search results for Cortana or Explorer.","Name":"SearchDisableIndexingEncryptedItems","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to allow users to add locations on removable drives to libraries and to be indexed.","Name":"SearchDisableIndexingRemovableDrive","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies if search can use location information.","Name":"SearchDisableLocation","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies if search can use location information.","Name":"SearchDisableUseLocation","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies minimum amount of hard drive space on the same drive as the index location before indexing stops.","Name":"SearchEnableAutomaticIndexSizeManangement","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to block remote queries of this computers index.","Name":"SearchEnableRemoteQueries","Option":"Write"},{"CIMType":"Boolean","Description":"Specify whether to allow automatic device encryption during OOBE when the device is Azure AD joined (desktop only).","Name":"SecurityBlockAzureADJoinedDevicesAutoEncryption","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to block access to Accounts in Settings app.","Name":"SettingsBlockAccountsPage","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to block the user from installing provisioning packages.","Name":"SettingsBlockAddProvisioningPackage","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to block access to Apps in Settings app.","Name":"SettingsBlockAppsPage","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to block the user from changing the language settings.","Name":"SettingsBlockChangeLanguage","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to block the user from changing power and sleep settings.","Name":"SettingsBlockChangePowerSleep","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to block the user from changing the region settings.","Name":"SettingsBlockChangeRegion","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to block the user from changing date and time settings.","Name":"SettingsBlockChangeSystemTime","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to block access to Devices in Settings app.","Name":"SettingsBlockDevicesPage","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to block access to Ease of Access in Settings app.","Name":"SettingsBlockEaseOfAccessPage","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to block the user from editing the device name.","Name":"SettingsBlockEditDeviceName","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to block access to Gaming in Settings app.","Name":"SettingsBlockGamingPage","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to block access to Network & Internet in Settings app.","Name":"SettingsBlockNetworkInternetPage","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to block access to Personalization in Settings app.","Name":"SettingsBlockPersonalizationPage","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to block access to Privacy in Settings app.","Name":"SettingsBlockPrivacyPage","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to block the runtime configuration agent from removing provisioning packages.","Name":"SettingsBlockRemoveProvisioningPackage","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to block access to Settings app.","Name":"SettingsBlockSettingsApp","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to block access to System in Settings app.","Name":"SettingsBlockSystemPage","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to block access to Time & Language in Settings app.","Name":"SettingsBlockTimeLanguagePage","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to block access to Update & Security in Settings app.","Name":"SettingsBlockUpdateSecurityPage","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to block multiple users of the same app to share data.","Name":"SharedUserAppDataAllowed","Option":"Write"},{"CIMType":"String","Description":"Added in Windows 10, version 1703. Allows IT Admins to control whether users are allowed to install apps from places other than the Store. Possible values are: notConfigured, anywhere, storeOnly, recommendations, preferStore.","Name":"SmartScreenAppInstallControl","Option":"Write","ValueMap":["notConfigured","anywhere","storeOnly","recommendations","preferStore"],"Values":["notConfigured","anywhere","storeOnly","recommendations","preferStore"]},{"CIMType":"Boolean","Description":"Indicates whether or not users can override SmartScreen Filter warnings about potentially malicious websites.","Name":"SmartScreenBlockPromptOverride","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not users can override the SmartScreen Filter warnings about downloading unverified files","Name":"SmartScreenBlockPromptOverrideForFiles","Option":"Write"},{"CIMType":"Boolean","Description":"This property will be deprecated in July 2019 and will be replaced by property SmartScreenAppInstallControl. Allows IT Admins to control whether users are allowed to install apps from places other than the Store.","Name":"SmartScreenEnableAppInstallControl","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to block the user from unpinning apps from taskbar.","Name":"StartBlockUnpinningAppsFromTaskbar","Option":"Write"},{"CIMType":"String","Description":"Setting the value of this collapses the app list, removes the app list entirely, or disables the corresponding toggle in the Settings app. Possible values are: userDefined, collapse, remove, disableSettingsApp.","Name":"StartMenuAppListVisibility","Option":"Write","ValueMap":["userDefined","collapse","remove","disableSettingsApp"],"Values":["userDefined","collapse","remove","disableSettingsApp"]},{"CIMType":"Boolean","Description":"Enabling this policy hides the change account setting from appearing in the user tile in the start menu.","Name":"StartMenuHideChangeAccountSettings","Option":"Write"},{"CIMType":"Boolean","Description":"Enabling this policy hides the most used apps from appearing on the start menu and disables the corresponding toggle in the Settings app.","Name":"StartMenuHideFrequentlyUsedApps","Option":"Write"},{"CIMType":"Boolean","Description":"Enabling this policy hides hibernate from appearing in the power button in the start menu.","Name":"StartMenuHideHibernate","Option":"Write"},{"CIMType":"Boolean","Description":"Enabling this policy hides lock from appearing in the user tile in the start menu.","Name":"StartMenuHideLock","Option":"Write"},{"CIMType":"Boolean","Description":"Enabling this policy hides the power button from appearing in the start menu.","Name":"StartMenuHidePowerButton","Option":"Write"},{"CIMType":"Boolean","Description":"Enabling this policy hides recent jump lists from appearing on the start menu/taskbar and disables the corresponding toggle in the Settings app.","Name":"StartMenuHideRecentJumpLists","Option":"Write"},{"CIMType":"Boolean","Description":"Enabling this policy hides recently added apps from appearing on the start menu and disables the corresponding toggle in the Settings app.","Name":"StartMenuHideRecentlyAddedApps","Option":"Write"},{"CIMType":"Boolean","Description":"Enabling this policy hides 'Restart/Update and Restart' from appearing in the power button in the start menu.","Name":"StartMenuHideRestartOptions","Option":"Write"},{"CIMType":"Boolean","Description":"Enabling this policy hides shut down/update and shut down from appearing in the power button in the start menu.","Name":"StartMenuHideShutDown","Option":"Write"},{"CIMType":"Boolean","Description":"Enabling this policy hides sign out from appearing in the user tile in the start menu.","Name":"StartMenuHideSignOut","Option":"Write"},{"CIMType":"Boolean","Description":"Enabling this policy hides sleep from appearing in the power button in the start menu.","Name":"StartMenuHideSleep","Option":"Write"},{"CIMType":"Boolean","Description":"Enabling this policy hides switch account from appearing in the user tile in the start menu.","Name":"StartMenuHideSwitchAccount","Option":"Write"},{"CIMType":"Boolean","Description":"Enabling this policy hides the user tile from appearing in the start menu.","Name":"StartMenuHideUserTile","Option":"Write"},{"CIMType":"String","Description":"This policy setting allows you to import Edge assets to be used with startMenuLayoutXml policy. Start layout can contain secondary tile from Edge app which looks for Edge local asset file. Edge local asset would not exist and cause Edge secondary tile to appear empty in this case. This policy only gets applied when startMenuLayoutXml policy is modified. The value should be a UTF-8 Base64 encoded byte array.","Name":"StartMenuLayoutEdgeAssetsXml","Option":"Write"},{"CIMType":"String","Description":"Allows admins to override the default Start menu layout and prevents the user from changing it. The layout is modified by specifying an XML file based on a layout modification schema. XML needs to be in a UTF8 encoded byte array format.","Name":"StartMenuLayoutXml","Option":"Write"},{"CIMType":"String","Description":"Allows admins to decide how the Start menu is displayed. Possible values are: userDefined, fullScreen, nonFullScreen.","Name":"StartMenuMode","Option":"Write","ValueMap":["userDefined","fullScreen","nonFullScreen"],"Values":["userDefined","fullScreen","nonFullScreen"]},{"CIMType":"String","Description":"Enforces the visibility (Show/Hide) of the Documents folder shortcut on the Start menu. Possible values are: notConfigured, hide, show.","Name":"StartMenuPinnedFolderDocuments","Option":"Write","ValueMap":["notConfigured","hide","show"],"Values":["notConfigured","hide","show"]},{"CIMType":"String","Description":"Enforces the visibility (Show/Hide) of the Downloads folder shortcut on the Start menu. Possible values are: notConfigured, hide, show.","Name":"StartMenuPinnedFolderDownloads","Option":"Write","ValueMap":["notConfigured","hide","show"],"Values":["notConfigured","hide","show"]},{"CIMType":"String","Description":"Enforces the visibility (Show/Hide) of the FileExplorer shortcut on the Start menu. Possible values are: notConfigured, hide, show.","Name":"StartMenuPinnedFolderFileExplorer","Option":"Write","ValueMap":["notConfigured","hide","show"],"Values":["notConfigured","hide","show"]},{"CIMType":"String","Description":"Enforces the visibility (Show/Hide) of the HomeGroup folder shortcut on the Start menu. Possible values are: notConfigured, hide, show.","Name":"StartMenuPinnedFolderHomeGroup","Option":"Write","ValueMap":["notConfigured","hide","show"],"Values":["notConfigured","hide","show"]},{"CIMType":"String","Description":"Enforces the visibility (Show/Hide) of the Music folder shortcut on the Start menu. Possible values are: notConfigured, hide, show.","Name":"StartMenuPinnedFolderMusic","Option":"Write","ValueMap":["notConfigured","hide","show"],"Values":["notConfigured","hide","show"]},{"CIMType":"String","Description":"Enforces the visibility (Show/Hide) of the Network folder shortcut on the Start menu. Possible values are: notConfigured, hide, show.","Name":"StartMenuPinnedFolderNetwork","Option":"Write","ValueMap":["notConfigured","hide","show"],"Values":["notConfigured","hide","show"]},{"CIMType":"String","Description":"Enforces the visibility (Show/Hide) of the PersonalFolder shortcut on the Start menu. Possible values are: notConfigured, hide, show.","Name":"StartMenuPinnedFolderPersonalFolder","Option":"Write","ValueMap":["notConfigured","hide","show"],"Values":["notConfigured","hide","show"]},{"CIMType":"String","Description":"Enforces the visibility (Show/Hide) of the Pictures folder shortcut on the Start menu. Possible values are: notConfigured, hide, show.","Name":"StartMenuPinnedFolderPictures","Option":"Write","ValueMap":["notConfigured","hide","show"],"Values":["notConfigured","hide","show"]},{"CIMType":"String","Description":"Enforces the visibility (Show/Hide) of the Settings folder shortcut on the Start menu. Possible values are: notConfigured, hide, show.","Name":"StartMenuPinnedFolderSettings","Option":"Write","ValueMap":["notConfigured","hide","show"],"Values":["notConfigured","hide","show"]},{"CIMType":"String","Description":"Enforces the visibility (Show/Hide) of the Videos folder shortcut on the Start menu. Possible values are: notConfigured, hide, show.","Name":"StartMenuPinnedFolderVideos","Option":"Write","ValueMap":["notConfigured","hide","show"],"Values":["notConfigured","hide","show"]},{"CIMType":"Boolean","Description":"Indicates whether or not to Block the user from using removable storage.","Name":"StorageBlockRemovableStorage","Option":"Write"},{"CIMType":"Boolean","Description":"Indicating whether or not to require encryption on a mobile device.","Name":"StorageRequireMobileDeviceEncryption","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether application data is restricted to the system drive.","Name":"StorageRestrictAppDataToSystemVolume","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether the installation of applications is restricted to the system drive.","Name":"StorageRestrictAppInstallToSystemVolume","Option":"Write"},{"CIMType":"String","Description":"Gets or sets the fully qualified domain name (FQDN) or IP address of a proxy server to forward Connected User Experiences and Telemetry requests.","Name":"SystemTelemetryProxyServer","Option":"Write"},{"CIMType":"Boolean","Description":"Specify whether non-administrators can use Task Manager to end tasks.","Name":"TaskManagerBlockEndTask","Option":"Write"},{"CIMType":"Boolean","Description":"Whether the device is required to connect to the network.","Name":"TenantLockdownRequireNetworkDuringOutOfBoxExperience","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to uninstall a fixed list of built-in Windows apps.","Name":"UninstallBuiltInApps","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to Block the user from USB connection.","Name":"UsbBlocked","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to Block the user from voice recording.","Name":"VoiceRecordingBlocked","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not user's localhost IP address is displayed while making phone calls using the WebRTC","Name":"WebRtcBlockLocalhostIpAddress","Option":"Write"},{"CIMType":"Boolean","Description":"Indicating whether or not to block automatically connecting to Wi-Fi hotspots. Has no impact if Wi-Fi is blocked.","Name":"WiFiBlockAutomaticConnectHotspots","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to Block the user from using Wi-Fi.","Name":"WiFiBlocked","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to Block the user from using Wi-Fi manual configuration.","Name":"WiFiBlockManualConfiguration","Option":"Write"},{"CIMType":"UInt32","Description":"Specify how often devices scan for Wi-Fi networks. Supported values are 1-500, where 100 = default, and 500 = low frequency. Valid values 1 to 500","Name":"WiFiScanInterval","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphwindows10AppsForceUpdateSchedule","Description":"Windows 10 force update schedule for Apps.","Name":"Windows10AppsForceUpdateSchedule","Option":"Write"},{"CIMType":"Boolean","Description":"Allows IT admins to block experiences that are typically for consumers only, such as Start suggestions, Membership notifications, Post-OOBE app install and redirect tiles.","Name":"WindowsSpotlightBlockConsumerSpecificFeatures","Option":"Write"},{"CIMType":"Boolean","Description":"Allows IT admins to turn off all Windows Spotlight features","Name":"WindowsSpotlightBlocked","Option":"Write"},{"CIMType":"Boolean","Description":"Block suggestions from Microsoft that show after each OS clean install, upgrade or in an on-going basis to introduce users to what is new or changed","Name":"WindowsSpotlightBlockOnActionCenter","Option":"Write"},{"CIMType":"Boolean","Description":"Block personalized content in Windows spotlight based on users device usage.","Name":"WindowsSpotlightBlockTailoredExperiences","Option":"Write"},{"CIMType":"Boolean","Description":"Block third party content delivered via Windows Spotlight","Name":"WindowsSpotlightBlockThirdPartyNotifications","Option":"Write"},{"CIMType":"Boolean","Description":"Block Windows Spotlight Windows welcome experience","Name":"WindowsSpotlightBlockWelcomeExperience","Option":"Write"},{"CIMType":"Boolean","Description":"Allows IT admins to turn off the popup of Windows Tips.","Name":"WindowsSpotlightBlockWindowsTips","Option":"Write"},{"CIMType":"String","Description":"Specifies the type of Spotlight. Possible values are: notConfigured, disabled, enabled.","Name":"WindowsSpotlightConfigureOnLockScreen","Option":"Write","ValueMap":["notConfigured","disabled","enabled"],"Values":["notConfigured","disabled","enabled"]},{"CIMType":"Boolean","Description":"Indicates whether or not to block automatic update of apps from Windows Store.","Name":"WindowsStoreBlockAutoUpdate","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to Block the user from using the Windows store.","Name":"WindowsStoreBlocked","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to enable Private Store Only.","Name":"WindowsStoreEnablePrivateStoreOnly","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to allow other devices from discovering this PC for projection.","Name":"WirelessDisplayBlockProjectionToThisDevice","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to allow user input from wireless display receiver.","Name":"WirelessDisplayBlockUserInputFromReceiver","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to require a PIN for new devices to initiate pairing.","Name":"WirelessDisplayRequirePinForPairing","Option":"Write"},{"CIMType":"String","Description":"Admin provided description of the Device Configuration.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Admin provided name of the device configuration.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Device Configuration Policy for Windows10"},{"ClassName":"MSFT_IntuneDeviceConfigurationSCEPCertificatePolicyWindows10","Parameters":[{"CIMType":"String","Description":"Target store certificate. Possible values are: user, machine.","Name":"CertificateStore","Option":"Write","ValueMap":["user","machine"],"Values":["user","machine"]},{"CIMType":"String","Description":"SCEP Hash Algorithm. Possible values are: sha1, sha2.","Name":"HashAlgorithm","Option":"Write","ValueMap":["sha1","sha2","sha1","sha2"],"Values":["sha1","sha2","sha1","sha2"]},{"CIMType":"String","Description":"SCEP Key Size. Possible values are: size1024, size2048, size4096.","Name":"KeySize","Option":"Write","ValueMap":["size1024","size2048","size4096"],"Values":["size1024","size2048","size4096"]},{"CIMType":"String[]","Description":"SCEP Key Usage. Possible values are: keyEncipherment, digitalSignature.","Name":"KeyUsage","Option":"Write","ValueMap":["keyEncipherment","digitalSignature"],"Values":["keyEncipherment","digitalSignature"]},{"CIMType":"String[]","Description":"SCEP Server Url(s).","Name":"ScepServerUrls","Option":"Write"},{"CIMType":"String","Description":"Custom String that defines the AAD Attribute.","Name":"SubjectAlternativeNameFormatString","Option":"Write"},{"CIMType":"String","Description":"Custom format to use with SubjectNameFormat = Custom. Example: CN={{UserName}},E={{EmailAddress}},OU=Enterprise Users,O=Contoso Corporation,L=Redmond,ST=WA,C=US","Name":"SubjectNameFormatString","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphcustomSubjectAlternativeName[]","Description":"Custom Subject Alternative Name Settings. This collection can contain a maximum of 500 elements.","Name":"CustomSubjectAlternativeNames","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphextendedKeyUsage[]","Description":"Extended Key Usage (EKU) settings. This collection can contain a maximum of 500 elements.","Name":"ExtendedKeyUsages","Option":"Write"},{"CIMType":"String","Description":"Scale for the Certificate Validity Period. Possible values are: days, months, years.","Name":"CertificateValidityPeriodScale","Option":"Write","ValueMap":["days","months","years"],"Values":["days","months","years"]},{"CIMType":"UInt32","Description":"Value for the Certificate Validity Period","Name":"CertificateValidityPeriodValue","Option":"Write"},{"CIMType":"String","Description":"Key Storage Provider (KSP). Possible values are: useTpmKspOtherwiseUseSoftwareKsp, useTpmKspOtherwiseFail, usePassportForWorkKspOtherwiseFail, useSoftwareKsp.","Name":"KeyStorageProvider","Option":"Write","ValueMap":["useTpmKspOtherwiseUseSoftwareKsp","useTpmKspOtherwiseFail","usePassportForWorkKspOtherwiseFail","useSoftwareKsp"],"Values":["useTpmKspOtherwiseUseSoftwareKsp","useTpmKspOtherwiseFail","usePassportForWorkKspOtherwiseFail","useSoftwareKsp"]},{"CIMType":"UInt32","Description":"Certificate renewal threshold percentage. Valid values 1 to 99","Name":"RenewalThresholdPercentage","Option":"Write"},{"CIMType":"String","Description":"Certificate Subject Alternative Name Type. Possible values are: none, emailAddress, userPrincipalName, customAzureADAttribute, domainNameService, universalResourceIdentifier.","Name":"SubjectAlternativeNameType","Option":"Write","ValueMap":["none","emailAddress","userPrincipalName","customAzureADAttribute","domainNameService","universalResourceIdentifier"],"Values":["none","emailAddress","userPrincipalName","customAzureADAttribute","domainNameService","universalResourceIdentifier"]},{"CIMType":"String","Description":"Certificate Subject Name Format. Possible values are: commonName, commonNameIncludingEmail, commonNameAsEmail, custom, commonNameAsIMEI, commonNameAsSerialNumber, commonNameAsAadDeviceId, commonNameAsIntuneDeviceId, commonNameAsDurableDeviceId.","Name":"SubjectNameFormat","Option":"Write","ValueMap":["commonName","commonNameIncludingEmail","commonNameAsEmail","custom","commonNameAsIMEI","commonNameAsSerialNumber","commonNameAsAadDeviceId","commonNameAsIntuneDeviceId","commonNameAsDurableDeviceId"],"Values":["commonName","commonNameIncludingEmail","commonNameAsEmail","custom","commonNameAsIMEI","commonNameAsSerialNumber","commonNameAsAadDeviceId","commonNameAsIntuneDeviceId","commonNameAsDurableDeviceId"]},{"CIMType":"String","Description":"Trusted Root Certificate DisplayName","Name":"RootCertificateDisplayName","Option":"Write"},{"CIMType":"String","Description":"Trusted Root Certificate Id","Name":"RootCertificateId","Option":"Write"},{"CIMType":"String","Description":"Admin provided description of the Device Configuration.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Admin provided name of the device configuration.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Device Configuration Scep Certificate Policy for Windows10"},{"ClassName":"MSFT_IntuneDeviceConfigurationSecureAssessmentPolicyWindows10","Parameters":[{"CIMType":"Boolean","Description":"Indicates whether or not to allow the app from printing during the test.","Name":"AllowPrinting","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to allow screen capture capability during a test.","Name":"AllowScreenCapture","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to allow text suggestions during the test.","Name":"AllowTextSuggestion","Option":"Write"},{"CIMType":"String","Description":"Specifies the application user model ID of the assessment app launched when a user signs in to a secure assessment with a local guest account. Important notice: this property must be set with localGuestAccountName in order to make the local guest account sign-in experience work properly for secure assessments.","Name":"AssessmentAppUserModelId","Option":"Write"},{"CIMType":"String","Description":"The account used to configure the Windows device for taking the test. The user can be a domain account (domain/user), an AAD account (usernametenant.com) or a local account (username).","Name":"ConfigurationAccount","Option":"Write"},{"CIMType":"String","Description":"The account type used to by ConfigurationAccount. Possible values are: azureADAccount, domainAccount, localAccount, localGuestAccount.","Name":"ConfigurationAccountType","Option":"Write","ValueMap":["azureADAccount","domainAccount","localAccount","localGuestAccount"],"Values":["azureADAccount","domainAccount","localAccount","localGuestAccount"]},{"CIMType":"String","Description":"Url link to an assessment that's automatically loaded when the secure assessment browser is launched. It has to be a valid Url (https://msdn.microsoft.com/).","Name":"LaunchUri","Option":"Write"},{"CIMType":"String","Description":"Specifies the display text for the local guest account shown on the sign-in screen. Typically is the name of an assessment. When the user clicks the local guest account on the sign-in screen, an assessment app is launched with a specified assessment URL. Secure assessments can only be configured with local guest account sign-in on devices running Windows 10, version 1903 or later. Important notice: this property must be set with assessmentAppUserModelID in order to make the local guest account sign-in experience work properly for secure assessments.","Name":"LocalGuestAccountName","Option":"Write"},{"CIMType":"String","Description":"Admin provided description of the Device Configuration.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Admin provided name of the device configuration.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Device Configuration Secure Assessment Policy for Windows10"},{"ClassName":"MSFT_MicrosoftGraphSharedPCAccountManagerPolicy","Parameters":[{"CIMType":"String","Description":"Configures when accounts are deleted. Possible values are: immediate, diskSpaceThreshold, diskSpaceThresholdOrInactiveThreshold.","Name":"AccountDeletionPolicy","Option":"Write","ValueMap":["immediate","diskSpaceThreshold","diskSpaceThresholdOrInactiveThreshold"],"Values":["immediate","diskSpaceThreshold","diskSpaceThresholdOrInactiveThreshold"]},{"CIMType":"UInt32","Description":"Sets the percentage of available disk space a PC should have before it stops deleting cached shared PC accounts. Only applies when AccountDeletionPolicy is DiskSpaceThreshold or DiskSpaceThresholdOrInactiveThreshold. Valid values 0 to 100","Name":"CacheAccountsAboveDiskFreePercentage","Option":"Write"},{"CIMType":"UInt32","Description":"Specifies when the accounts will start being deleted when they have not been logged on during the specified period, given as number of days. Only applies when AccountDeletionPolicy is DiskSpaceThreshold or DiskSpaceThresholdOrInactiveThreshold.","Name":"InactiveThresholdDays","Option":"Write"},{"CIMType":"UInt32","Description":"Sets the percentage of disk space remaining on a PC before cached accounts will be deleted to free disk space. Accounts that have been inactive the longest will be deleted first. Only applies when AccountDeletionPolicy is DiskSpaceThresholdOrInactiveThreshold. Valid values 0 to 100","Name":"RemoveAccountsBelowDiskFreePercentage","Option":"Write"}],"Description":"Intune Device Configuration Shared Multi Device Policy for Windows10"},{"ClassName":"MSFT_IntuneDeviceConfigurationSharedMultiDevicePolicyWindows10","Parameters":[{"CIMType":"MSFT_MicrosoftGraphsharedPCAccountManagerPolicy","Description":"Specifies how accounts are managed on a shared PC. Only applies when disableAccountManager is false.","Name":"AccountManagerPolicy","Option":"Write"},{"CIMType":"String[]","Description":"Indicates which type of accounts are allowed to use on a shared PC. Possible values are: notConfigured, guest, domain.","Name":"AllowedAccounts","Option":"Write","ValueMap":["notConfigured","guest","domain"],"Values":["notConfigured","guest","domain"]},{"CIMType":"Boolean","Description":"Specifies whether local storage is allowed on a shared PC.","Name":"AllowLocalStorage","Option":"Write"},{"CIMType":"Boolean","Description":"Disables the account manager for shared PC mode.","Name":"DisableAccountManager","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies whether the default shared PC education environment policies should be disabled. For Windows 10 RS2 and later, this policy will be applied without setting Enabled to true.","Name":"DisableEduPolicies","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies whether the default shared PC power policies should be disabled.","Name":"DisablePowerPolicies","Option":"Write"},{"CIMType":"Boolean","Description":"Disables the requirement to sign in whenever the device wakes up from sleep mode.","Name":"DisableSignInOnResume","Option":"Write"},{"CIMType":"Boolean","Description":"Enables shared PC mode and applies the shared pc policies.","Name":"Enabled","Option":"Write"},{"CIMType":"String","Description":"Specifies whether to auto connect new non-admin Azure AD accounts to pre-configured candidate local accounts. Possible values are: notConfigured, enabled, disabled.","Name":"FastFirstSignIn","Option":"Write","ValueMap":["notConfigured","enabled","disabled"],"Values":["notConfigured","enabled","disabled"]},{"CIMType":"UInt32","Description":"Specifies the time in seconds that a device must sit idle before the PC goes to sleep. Setting this value to 0 prevents the sleep timeout from occurring.","Name":"IdleTimeBeforeSleepInSeconds","Option":"Write"},{"CIMType":"String","Description":"Specifies the display text for the account shown on the sign-in screen which launches the app specified by SetKioskAppUserModelId. Only applies when KioskAppUserModelId is set.","Name":"KioskAppDisplayName","Option":"Write"},{"CIMType":"String","Description":"Specifies the application user model ID of the app to use with assigned access.","Name":"KioskAppUserModelId","Option":"Write"},{"CIMType":"String","Description":"Specifies whether local storage is allowed on a shared PC. Possible values are: notConfigured, enabled, disabled.","Name":"LocalStorage","Option":"Write","ValueMap":["notConfigured","enabled","disabled"],"Values":["notConfigured","enabled","disabled"]},{"CIMType":"String","Description":"Specifies the daily start time of maintenance hour.","Name":"MaintenanceStartTime","Option":"Write"},{"CIMType":"String","Description":"Disables the account manager for shared PC mode. Possible values are: notConfigured, enabled, disabled.","Name":"SetAccountManager","Option":"Write","ValueMap":["notConfigured","enabled","disabled"],"Values":["notConfigured","enabled","disabled"]},{"CIMType":"String","Description":"Specifies whether the default shared PC education environment policies should be enabled/disabled/not configured. For Windows 10 RS2 and later, this policy will be applied without setting Enabled to true. Possible values are: notConfigured, enabled, disabled.","Name":"SetEduPolicies","Option":"Write","ValueMap":["notConfigured","enabled","disabled"],"Values":["notConfigured","enabled","disabled"]},{"CIMType":"String","Description":"Specifies whether the default shared PC power policies should be enabled/disabled. Possible values are: notConfigured, enabled, disabled.","Name":"SetPowerPolicies","Option":"Write","ValueMap":["notConfigured","enabled","disabled"],"Values":["notConfigured","enabled","disabled"]},{"CIMType":"String","Description":"Specifies the requirement to sign in whenever the device wakes up from sleep mode. Possible values are: notConfigured, enabled, disabled.","Name":"SignInOnResume","Option":"Write","ValueMap":["notConfigured","enabled","disabled"],"Values":["notConfigured","enabled","disabled"]},{"CIMType":"String","Description":"Admin provided description of the Device Configuration.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Admin provided name of the device configuration.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Device Configuration Shared Multi Device Policy for Windows10"},{"ClassName":"MSFT_IntuneDeviceConfigurationTrustedCertificatePolicyWindows10","Parameters":[{"CIMType":"String","Description":"File name to display in UI.","Name":"CertFileName","Option":"Write"},{"CIMType":"String","Description":"Destination store location for the Trusted Root Certificate. Possible values are: computerCertStoreRoot, computerCertStoreIntermediate, userCertStoreIntermediate.","Name":"DestinationStore","Option":"Write","ValueMap":["computerCertStoreRoot","computerCertStoreIntermediate","userCertStoreIntermediate"],"Values":["computerCertStoreRoot","computerCertStoreIntermediate","userCertStoreIntermediate"]},{"CIMType":"String","Description":"Trusted Root Certificate","Name":"TrustedRootCertificate","Option":"Write"},{"CIMType":"String","Description":"Admin provided description of the Device Configuration.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Admin provided name of the device configuration.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Device Configuration Trusted Certificate Policy for Windows10"},{"ClassName":"MSFT_MicrosoftGraphWindows10AssociatedApps","Parameters":[{"CIMType":"String","Description":"Application type. Possible values are: desktop, universal.","Name":"AppType","Option":"Write","ValueMap":["desktop","universal"],"Values":["desktop","universal"]},{"CIMType":"String","Description":"Identifier.","Name":"Identifier","Option":"Key"}],"Description":"Intune Device Configuration Vpn Policy for Windows10"},{"ClassName":"MSFT_MicrosoftGraphCryptographySuite","Parameters":[{"CIMType":"String","Description":"Authentication Transform Constants. Possible values are: md5_96, sha1_96, sha_256_128, aes128Gcm, aes192Gcm, aes256Gcm.","Name":"AuthenticationTransformConstants","Option":"Write","ValueMap":["md5_96","sha1_96","sha_256_128","aes128Gcm","aes192Gcm","aes256Gcm"],"Values":["md5_96","sha1_96","sha_256_128","aes128Gcm","aes192Gcm","aes256Gcm"]},{"CIMType":"String","Description":"Cipher Transform Constants. Possible values are: aes256, des, tripleDes, aes128, aes128Gcm, aes256Gcm, aes192, aes192Gcm, chaCha20Poly1305.","Name":"CipherTransformConstants","Option":"Write","ValueMap":["aes256","des","tripleDes","aes128","aes128Gcm","aes256Gcm","aes192","aes192Gcm","chaCha20Poly1305"],"Values":["aes256","des","tripleDes","aes128","aes128Gcm","aes256Gcm","aes192","aes192Gcm","chaCha20Poly1305"]},{"CIMType":"String","Description":"Diffie Hellman Group. Possible values are: group1, group2, group14, ecp256, ecp384, group24.","Name":"DhGroup","Option":"Write","ValueMap":["group1","group2","group14","ecp256","ecp384","group24"],"Values":["group1","group2","group14","ecp256","ecp384","group24"]},{"CIMType":"String","Description":"Encryption Method. Possible values are: aes256, des, tripleDes, aes128, aes128Gcm, aes256Gcm, aes192, aes192Gcm, chaCha20Poly1305.","Name":"EncryptionMethod","Option":"Write","ValueMap":["aes256","des","tripleDes","aes128","aes128Gcm","aes256Gcm","aes192","aes192Gcm","chaCha20Poly1305"],"Values":["aes256","des","tripleDes","aes128","aes128Gcm","aes256Gcm","aes192","aes192Gcm","chaCha20Poly1305"]},{"CIMType":"String","Description":"Integrity Check Method. Possible values are: sha2_256, sha1_96, sha1_160, sha2_384, sha2_512, md5.","Name":"IntegrityCheckMethod","Option":"Write","ValueMap":["sha2_256","sha1_96","sha1_160","sha2_384","sha2_512","md5"],"Values":["sha2_256","sha1_96","sha1_160","sha2_384","sha2_512","md5"]},{"CIMType":"String","Description":"Perfect Forward Secrecy Group. Possible values are: pfs1, pfs2, pfs2048, ecp256, ecp384, pfsMM, pfs24.","Name":"PfsGroup","Option":"Write","ValueMap":["pfs1","pfs2","pfs2048","ecp256","ecp384","pfsMM","pfs24"],"Values":["pfs1","pfs2","pfs2048","ecp256","ecp384","pfsMM","pfs24"]}],"Description":"Intune Device Configuration Vpn Policy for Windows10"},{"ClassName":"MSFT_MicrosoftGraphVpnDnsRule","Parameters":[{"CIMType":"Boolean","Description":"Automatically connect to the VPN when the device connects to this domain: Default False.","Name":"AutoTrigger","Option":"Write"},{"CIMType":"String","Description":"Name.","Name":"Name","Option":"Key"},{"CIMType":"Boolean","Description":"Keep this rule active even when the VPN is not connected: Default False","Name":"Persistent","Option":"Write"},{"CIMType":"String","Description":"Proxy Server Uri.","Name":"ProxyServerUri","Option":"Write"},{"CIMType":"String[]","Description":"Servers.","Name":"Servers","Option":"Write"}],"Description":"Intune Device Configuration Vpn Policy for Windows10"},{"ClassName":"MSFT_MicrosoftGraphWindows10VpnProxyServer","Parameters":[{"CIMType":"Boolean","Description":"Bypass proxy server for local address.","Name":"BypassProxyServerForLocalAddress","Option":"Write"},{"CIMType":"String","Description":"Address.","Name":"Address","Option":"Write"},{"CIMType":"String","Description":"Proxy's automatic configuration script url.","Name":"AutomaticConfigurationScriptUrl","Option":"Write"},{"CIMType":"UInt32","Description":"Port. Valid values 0 to 65535","Name":"Port","Option":"Write"},{"CIMType":"Boolean","Description":"Automatically detect proxy settings.","Name":"AutomaticallyDetectProxySettings","Option":"Write"},{"CIMType":"String","Description":"The type of the entity.","Name":"odataType","Option":"Write","ValueMap":["#microsoft.graph.windows10VpnProxyServer","#microsoft.graph.windows81VpnProxyServer"],"Values":["#microsoft.graph.windows10VpnProxyServer","#microsoft.graph.windows81VpnProxyServer"]}],"Description":"Intune Device Configuration Vpn Policy for Windows10"},{"ClassName":"MSFT_MicrosoftGraphVpnRoute","Parameters":[{"CIMType":"String","Description":"Destination prefix (IPv4/v6 address).","Name":"DestinationPrefix","Option":"Key"},{"CIMType":"UInt32","Description":"Prefix size. (1-32). Valid values 1 to 32","Name":"PrefixSize","Option":"Write"}],"Description":"Intune Device Configuration Vpn Policy for Windows10"},{"ClassName":"MSFT_MicrosoftGraphVpnTrafficRule","Parameters":[{"CIMType":"String","Description":"App identifier, if this traffic rule is triggered by an app.","Name":"AppId","Option":"Write"},{"CIMType":"String","Description":"App type, if this traffic rule is triggered by an app. Possible values are: none, desktop, universal.","Name":"AppType","Option":"Write","ValueMap":["none","desktop","universal"],"Values":["none","desktop","universal"]},{"CIMType":"String","Description":"Claims associated with this traffic rule.","Name":"Claims","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphIPv4Range[]","Description":"Local address range. This collection can contain a maximum of 500 elements.","Name":"LocalAddressRanges","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphNumberRange[]","Description":"Local port range can be set only when protocol is either TCP or UDP (6 or 17). This collection can contain a maximum of 500 elements.","Name":"LocalPortRanges","Option":"Write"},{"CIMType":"String","Description":"Name.","Name":"Name","Option":"Write"},{"CIMType":"UInt32","Description":"Protocols (0-255). Valid values 0 to 255","Name":"Protocols","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphIPv4Range[]","Description":"Remote address range. This collection can contain a maximum of 500 elements.","Name":"RemoteAddressRanges","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphNumberRange[]","Description":"Remote port range can be set only when protocol is either TCP or UDP (6 or 17). This collection can contain a maximum of 500 elements.","Name":"RemotePortRanges","Option":"Write"},{"CIMType":"String","Description":"When app triggered, indicates whether to enable split tunneling along this route. Possible values are: none, splitTunnel, forceTunnel.","Name":"RoutingPolicyType","Option":"Write","ValueMap":["none","splitTunnel","forceTunnel"],"Values":["none","splitTunnel","forceTunnel"]},{"CIMType":"String","Description":"Specify whether the rule applies to inbound traffic or outbound traffic. Possible values are: outbound, inbound, unknownFutureValue.","Name":"VpnTrafficDirection","Option":"Write","ValueMap":["outbound","inbound","unknownFutureValue"],"Values":["outbound","inbound","unknownFutureValue"]}],"Description":"Intune Device Configuration Vpn Policy for Windows10"},{"ClassName":"MSFT_MicrosoftGraphIPv4Range","Parameters":[{"CIMType":"String","Description":"Lower address.","Name":"LowerAddress","Option":"Write"},{"CIMType":"String","Description":"Upper address.","Name":"UpperAddress","Option":"Write"},{"CIMType":"String","Description":"IPv4 address in CIDR notation. Not nullable.","Name":"CidrAddress","Option":"Write"},{"CIMType":"String","Description":"The type of the entity.","Name":"odataType","Option":"Write","ValueMap":["#microsoft.graph.iPv4CidrRange","#microsoft.graph.iPv6CidrRange","#microsoft.graph.iPv4Range","#microsoft.graph.iPv6Range"],"Values":["#microsoft.graph.iPv4CidrRange","#microsoft.graph.iPv6CidrRange","#microsoft.graph.iPv4Range","#microsoft.graph.iPv6Range"]}],"Description":"Intune Device Configuration Vpn Policy for Windows10"},{"ClassName":"MSFT_MicrosoftGraphNumberRange","Parameters":[{"CIMType":"UInt32","Description":"Lower number.","Name":"LowerNumber","Option":"Write"},{"CIMType":"UInt32","Description":"Upper number.","Name":"UpperNumber","Option":"Write"}],"Description":"Intune Device Configuration Vpn Policy for Windows10"},{"ClassName":"MSFT_MicrosoftGraphVpnServer","Parameters":[{"CIMType":"String","Description":"Address (IP address, FQDN or URL)","Name":"Address","Option":"Write"},{"CIMType":"String","Description":"Description.","Name":"Description","Option":"Write"},{"CIMType":"Boolean","Description":"Default server.","Name":"IsDefaultServer","Option":"Write"}],"Description":"Intune Device Configuration Vpn Policy for Windows10"},{"ClassName":"MSFT_IntuneDeviceConfigurationVpnPolicyWindows10","Parameters":[{"CIMType":"MSFT_MicrosoftGraphwindows10AssociatedApps[]","Description":"Associated Apps. This collection can contain a maximum of 10000 elements.","Name":"AssociatedApps","Option":"Write"},{"CIMType":"String","Description":"Authentication method. Possible values are: certificate, usernameAndPassword, customEapXml, derivedCredential.","Name":"AuthenticationMethod","Option":"Write","ValueMap":["certificate","usernameAndPassword","customEapXml","derivedCredential"],"Values":["certificate","usernameAndPassword","customEapXml","derivedCredential"]},{"CIMType":"String","Description":"Connection type. Possible values are: pulseSecure, f5EdgeClient, dellSonicWallMobileConnect, checkPointCapsuleVpn, automatic, ikEv2, l2tp, pptp, citrix, paloAltoGlobalProtect, ciscoAnyConnect, unknownFutureValue, microsoftTunnel.","Name":"ConnectionType","Option":"Write","ValueMap":["pulseSecure","f5EdgeClient","dellSonicWallMobileConnect","checkPointCapsuleVpn","automatic","ikEv2","l2tp","pptp","citrix","paloAltoGlobalProtect","ciscoAnyConnect","unknownFutureValue","microsoftTunnel"],"Values":["pulseSecure","f5EdgeClient","dellSonicWallMobileConnect","checkPointCapsuleVpn","automatic","ikEv2","l2tp","pptp","citrix","paloAltoGlobalProtect","ciscoAnyConnect","unknownFutureValue","microsoftTunnel"]},{"CIMType":"MSFT_MicrosoftGraphcryptographySuite","Description":"Cryptography Suite security settings for IKEv2 VPN in Windows10 and above","Name":"CryptographySuite","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphvpnDnsRule[]","Description":"DNS rules. This collection can contain a maximum of 1000 elements.","Name":"DnsRules","Option":"Write"},{"CIMType":"String[]","Description":"Specify DNS suffixes to add to the DNS search list to properly route short names.","Name":"DnsSuffixes","Option":"Write"},{"CIMType":"String","Description":"Extensible Authentication Protocol (EAP) XML. (UTF8 encoded byte array)","Name":"EapXml","Option":"Write"},{"CIMType":"Boolean","Description":"Enable Always On mode.","Name":"EnableAlwaysOn","Option":"Write"},{"CIMType":"Boolean","Description":"Enable conditional access.","Name":"EnableConditionalAccess","Option":"Write"},{"CIMType":"Boolean","Description":"Enable device tunnel.","Name":"EnableDeviceTunnel","Option":"Write"},{"CIMType":"Boolean","Description":"Enable IP address registration with internal DNS.","Name":"EnableDnsRegistration","Option":"Write"},{"CIMType":"Boolean","Description":"Enable single sign-on (SSO) with alternate certificate.","Name":"EnableSingleSignOnWithAlternateCertificate","Option":"Write"},{"CIMType":"Boolean","Description":"Enable split tunneling.","Name":"EnableSplitTunneling","Option":"Write"},{"CIMType":"String","Description":"ID of the Microsoft Tunnel site associated with the VPN profile.","Name":"MicrosoftTunnelSiteId","Option":"Write"},{"CIMType":"Boolean","Description":"Only associated Apps can use connection (per-app VPN).","Name":"OnlyAssociatedAppsCanUseConnection","Option":"Write"},{"CIMType":"String","Description":"Profile target type. Possible values are: user, device, autoPilotDevice.","Name":"ProfileTarget","Option":"Write","ValueMap":["user","device","autoPilotDevice"],"Values":["user","device","autoPilotDevice"]},{"CIMType":"MSFT_MicrosoftGraphwindows10VpnProxyServer","Description":"Proxy Server.","Name":"ProxyServer","Option":"Write"},{"CIMType":"Boolean","Description":"Remember user credentials.","Name":"RememberUserCredentials","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphvpnRoute[]","Description":"Routes (optional for third-party providers). This collection can contain a maximum of 1000 elements.","Name":"Routes","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphextendedKeyUsage","Description":"Single sign-on Extended Key Usage (EKU).","Name":"SingleSignOnEku","Option":"Write"},{"CIMType":"String","Description":"Single sign-on issuer hash.","Name":"SingleSignOnIssuerHash","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphvpnTrafficRule[]","Description":"Traffic rules. This collection can contain a maximum of 1000 elements.","Name":"TrafficRules","Option":"Write"},{"CIMType":"String[]","Description":"Trusted Network Domains","Name":"TrustedNetworkDomains","Option":"Write"},{"CIMType":"String","Description":"Windows Information Protection (WIP) domain to associate with this connection.","Name":"WindowsInformationProtectionDomain","Option":"Write"},{"CIMType":"String","Description":"Connection name displayed to the user.","Name":"ConnectionName","Option":"Write"},{"CIMType":"String","Description":"Custom XML commands that configures the VPN connection. (UTF8 encoded byte array)","Name":"CustomXml","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphvpnServer[]","Description":"List of VPN Servers on the network. Make sure end users can access these network locations. This collection can contain a maximum of 500 elements.","Name":"ServerCollection","Option":"Write"},{"CIMType":"String","Description":"Admin provided description of the Device Configuration.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Admin provided name of the device configuration.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Device Configuration Vpn Policy for Windows10"},{"ClassName":"MSFT_IntuneDeviceConfigurationWindowsTeamPolicyWindows10","Parameters":[{"CIMType":"Boolean","Description":"Indicates whether or not to Block Azure Operational Insights.","Name":"AzureOperationalInsightsBlockTelemetry","Option":"Write"},{"CIMType":"String","Description":"The Azure Operational Insights workspace id.","Name":"AzureOperationalInsightsWorkspaceId","Option":"Write"},{"CIMType":"String","Description":"The Azure Operational Insights Workspace key.","Name":"AzureOperationalInsightsWorkspaceKey","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies whether to automatically launch the Connect app whenever a projection is initiated.","Name":"ConnectAppBlockAutoLaunch","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to Block setting a maintenance window for device updates.","Name":"MaintenanceWindowBlocked","Option":"Write"},{"CIMType":"UInt32","Description":"Maintenance window duration for device updates. Valid values 0 to 5","Name":"MaintenanceWindowDurationInHours","Option":"Write"},{"CIMType":"String","Description":"Maintenance window start time for device updates.","Name":"MaintenanceWindowStartTime","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to Block wireless projection.","Name":"MiracastBlocked","Option":"Write"},{"CIMType":"String","Description":"The channel. Possible values are: userDefined, one, two, three, four, five, six, seven, eight, nine, ten, eleven, thirtySix, forty, fortyFour, fortyEight, oneHundredFortyNine, oneHundredFiftyThree, oneHundredFiftySeven, oneHundredSixtyOne, oneHundredSixtyFive.","Name":"MiracastChannel","Option":"Write","ValueMap":["userDefined","one","two","three","four","five","six","seven","eight","nine","ten","eleven","thirtySix","forty","fortyFour","fortyEight","oneHundredFortyNine","oneHundredFiftyThree","oneHundredFiftySeven","oneHundredSixtyOne","oneHundredSixtyFive"],"Values":["userDefined","one","two","three","four","five","six","seven","eight","nine","ten","eleven","thirtySix","forty","fortyFour","fortyEight","oneHundredFortyNine","oneHundredFiftyThree","oneHundredFiftySeven","oneHundredSixtyOne","oneHundredSixtyFive"]},{"CIMType":"Boolean","Description":"Indicates whether or not to require a pin for wireless projection.","Name":"MiracastRequirePin","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies whether to disable the 'My meetings and files' feature in the Start menu, which shows the signed-in user's meetings and files from Office 365.","Name":"SettingsBlockMyMeetingsAndFiles","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies whether to allow the ability to resume a session when the session times out.","Name":"SettingsBlockSessionResume","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies whether to disable auto-populating of the sign-in dialog with invitees from scheduled meetings.","Name":"SettingsBlockSigninSuggestions","Option":"Write"},{"CIMType":"UInt32","Description":"Specifies the default volume value for a new session. Permitted values are 0-100. The default is 45. Valid values 0 to 100","Name":"SettingsDefaultVolume","Option":"Write"},{"CIMType":"UInt32","Description":"Specifies the number of minutes until the Hub screen turns off.","Name":"SettingsScreenTimeoutInMinutes","Option":"Write"},{"CIMType":"UInt32","Description":"Specifies the number of minutes until the session times out.","Name":"SettingsSessionTimeoutInMinutes","Option":"Write"},{"CIMType":"UInt32","Description":"Specifies the number of minutes until the Hub enters sleep mode.","Name":"SettingsSleepTimeoutInMinutes","Option":"Write"},{"CIMType":"String","Description":"The welcome screen background image URL. The URL must use the HTTPS protocol and return a PNG image.","Name":"WelcomeScreenBackgroundImageUrl","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to Block the welcome screen from waking up automatically when someone enters the room.","Name":"WelcomeScreenBlockAutomaticWakeUp","Option":"Write"},{"CIMType":"String","Description":"The welcome screen meeting information shown. Possible values are: userDefined, showOrganizerAndTimeOnly, showOrganizerAndTimeAndSubject.","Name":"WelcomeScreenMeetingInformation","Option":"Write","ValueMap":["userDefined","showOrganizerAndTimeOnly","showOrganizerAndTimeAndSubject"],"Values":["userDefined","showOrganizerAndTimeOnly","showOrganizerAndTimeAndSubject"]},{"CIMType":"String","Description":"Admin provided description of the Device Configuration.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Admin provided name of the device configuration.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Device Configuration Windows Team Policy for Windows10"},{"ClassName":"MSFT_IntuneDeviceConfigurationWiredNetworkPolicyWindows10","Parameters":[{"CIMType":"UInt32","Description":"Specify the duration for which automatic authentication attempts will be blocked from occurring after a failed authentication attempt.","Name":"AuthenticationBlockPeriodInMinutes","Option":"Write"},{"CIMType":"String","Description":"Specify the authentication method. Possible values are: certificate, usernameAndPassword, derivedCredential. Possible values are: certificate, usernameAndPassword, derivedCredential, unknownFutureValue.","Name":"AuthenticationMethod","Option":"Write","ValueMap":["certificate","usernameAndPassword","derivedCredential","unknownFutureValue"],"Values":["certificate","usernameAndPassword","derivedCredential","unknownFutureValue"]},{"CIMType":"UInt32","Description":"Specify the number of seconds for the client to wait after an authentication attempt before failing. Valid range 1-3600.","Name":"AuthenticationPeriodInSeconds","Option":"Write"},{"CIMType":"UInt32","Description":"Specify the number of seconds between a failed authentication and the next authentication attempt. Valid range 1-3600.","Name":"AuthenticationRetryDelayPeriodInSeconds","Option":"Write"},{"CIMType":"String","Description":"Specify whether to authenticate the user, the device, either, or to use guest authentication (none). If you're using certificate authentication, make sure the certificate type matches the authentication type. Possible values are: none, user, machine, machineOrUser, guest. Possible values are: none, user, machine, machineOrUser, guest, unknownFutureValue.","Name":"AuthenticationType","Option":"Write","ValueMap":["none","user","machine","machineOrUser","guest","unknownFutureValue"],"Values":["none","user","machine","machineOrUser","guest","unknownFutureValue"]},{"CIMType":"Boolean","Description":"When TRUE, caches user credentials on the device so that users don't need to keep entering them each time they connect. When FALSE, do not cache credentials. Default value is FALSE.","Name":"CacheCredentials","Option":"Write"},{"CIMType":"Boolean","Description":"When TRUE, prevents the user from being prompted to authorize new servers for trusted certification authorities when EAP type is selected as PEAP. When FALSE, does not prevent the user from being prompted. Default value is FALSE.","Name":"DisableUserPromptForServerValidation","Option":"Write"},{"CIMType":"UInt32","Description":"Specify the number of seconds to wait before sending an EAPOL (Extensible Authentication Protocol over LAN) Start message. Valid range 1-3600.","Name":"EapolStartPeriodInSeconds","Option":"Write"},{"CIMType":"String","Description":"Extensible Authentication Protocol (EAP). Indicates the type of EAP protocol set on the Wi-Fi endpoint (router). Possible values are: eapTls, leap, eapSim, eapTtls, peap, eapFast, teap. Possible values are: eapTls, leap, eapSim, eapTtls, peap, eapFast, teap.","Name":"EapType","Option":"Write","ValueMap":["eapTls","leap","eapSim","eapTtls","peap","eapFast","teap"],"Values":["eapTls","leap","eapSim","eapTtls","peap","eapFast","teap"]},{"CIMType":"Boolean","Description":"When TRUE, the automatic configuration service for wired networks requires the use of 802.1X for port authentication. When FALSE, 802.1X is not required. Default value is FALSE.","Name":"Enforce8021X","Option":"Write"},{"CIMType":"Boolean","Description":"When TRUE, forces FIPS compliance. When FALSE, does not enable FIPS compliance. Default value is FALSE.","Name":"ForceFIPSCompliance","Option":"Write"},{"CIMType":"String","Description":"Specify inner authentication protocol for EAP TTLS. Possible values are: unencryptedPassword, challengeHandshakeAuthenticationProtocol, microsoftChap, microsoftChapVersionTwo. Possible values are: unencryptedPassword, challengeHandshakeAuthenticationProtocol, microsoftChap, microsoftChapVersionTwo.","Name":"InnerAuthenticationProtocolForEAPTTLS","Option":"Write","ValueMap":["unencryptedPassword","challengeHandshakeAuthenticationProtocol","microsoftChap","microsoftChapVersionTwo"],"Values":["unencryptedPassword","challengeHandshakeAuthenticationProtocol","microsoftChap","microsoftChapVersionTwo"]},{"CIMType":"UInt32","Description":"Specify the maximum authentication failures allowed for a set of credentials. Valid range 1-100.","Name":"MaximumAuthenticationFailures","Option":"Write"},{"CIMType":"UInt32","Description":"Specify the maximum number of EAPOL (Extensible Authentication Protocol over LAN) Start messages to be sent before returning failure. Valid range 1-100.","Name":"MaximumEAPOLStartMessages","Option":"Write"},{"CIMType":"String","Description":"Specify the string to replace usernames for privacy when using EAP TTLS or PEAP.","Name":"OuterIdentityPrivacyTemporaryValue","Option":"Write"},{"CIMType":"Boolean","Description":"When TRUE, enables verification of server's identity by validating the certificate when EAP type is selected as PEAP. When FALSE, the certificate is not validated. Default value is TRUE.","Name":"PerformServerValidation","Option":"Write"},{"CIMType":"Boolean","Description":"When TRUE, enables cryptographic binding when EAP type is selected as PEAP. When FALSE, does not enable cryptogrpahic binding. Default value is TRUE.","Name":"RequireCryptographicBinding","Option":"Write"},{"CIMType":"String","Description":"Specify the secondary authentication method. Possible values are: certificate, usernameAndPassword, derivedCredential. Possible values are: certificate, usernameAndPassword, derivedCredential, unknownFutureValue.","Name":"SecondaryAuthenticationMethod","Option":"Write","ValueMap":["certificate","usernameAndPassword","derivedCredential","unknownFutureValue"],"Values":["certificate","usernameAndPassword","derivedCredential","unknownFutureValue"]},{"CIMType":"String[]","Description":"Specify trusted server certificate names.","Name":"TrustedServerCertificateNames","Option":"Write"},{"CIMType":"String[]","Description":"Specify root certificates for server validation. This collection can contain a maximum of 500 elements.","Name":"RootCertificatesForServerValidationIds","Option":"Write"},{"CIMType":"String[]","Description":"Specify root certificate display names for server validation. This collection can contain a maximum of 500 elements.","Name":"RootCertificatesForServerValidationDisplayNames","Option":"Write"},{"CIMType":"String","Description":"Specify identity certificate for client authentication.","Name":"IdentityCertificateForClientAuthenticationId","Option":"Write"},{"CIMType":"String","Description":"Specify identity certificate display name for client authentication.","Name":"IdentityCertificateForClientAuthenticationDisplayName","Option":"Write"},{"CIMType":"String","Description":"Specify root certificate for client validation","Name":"SecondaryIdentityCertificateForClientAuthenticationId","Option":"Write"},{"CIMType":"String","Description":"Specify root certificate display name for client validation","Name":"SecondaryIdentityCertificateForClientAuthenticationDisplayName","Option":"Write"},{"CIMType":"String","Description":"Specify root certificate for client validation.","Name":"RootCertificateForClientValidationId","Option":"Write"},{"CIMType":"String","Description":"Specify root certificate display name for client validation.","Name":"RootCertificateForClientValidationDisplayName","Option":"Write"},{"CIMType":"String","Description":"Specify secondary root certificate for client validation.","Name":"SecondaryRootCertificateForClientValidationId","Option":"Write"},{"CIMType":"String","Description":"Specify secondary root certificate display name for client validation.","Name":"SecondaryRootCertificateForClientValidationDisplayName","Option":"Write"},{"CIMType":"String","Description":"Admin provided description of the Device Configuration.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Admin provided name of the device configuration.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Device Configuration Wired Network Policy for Windows10"},{"ClassName":"MSFT_ReusableStorageDeviceControlPolicySetting","Parameters":[{"CIMType":"String","Description":"The Bus ID of the logical bus where the device is connected to. Examples are USB, SCSI.","Name":"BusId","Option":"Write"},{"CIMType":"String","Description":"The Device ID of the device.","Name":"DeviceId","Option":"Write"},{"CIMType":"String","Description":"The Friendly Name of the device. Example is 'Generic Flash Disk USB Device'.","Name":"FriendlyNameId","Option":"Write"},{"CIMType":"String","Description":"The Hardware ID of the device. Example is 'USBSTOR\\\\DiskGeneric_Flash_Disk___8.07'.","Name":"HardwareId","Option":"Write"},{"CIMType":"String","Description":"The Instance Path ID of the device. Uniquely identifies the device in the system. Example is 'USBSTOR\\\\DISK&VEN_GENERIC&PROD_FLASH_DISK&REV_8.07\\\\8735B611&0'.","Name":"InstancePathId","Option":"Write"},{"CIMType":"String","Description":"The identifier of the reusable policy setting.","Name":"Name","Option":"Required"},{"CIMType":"String","Description":"The Product ID of the device. Example is '55E0'.","Name":"PID","Option":"Write"},{"CIMType":"String","Description":"The Primary ID of the device. Possible values are: RemovableMediaDevices, CdRomDevices, WpdDevices, and PrinterDevices","Name":"PrimaryId","Option":"Write","ValueMap":["CdRomDevices","PrinterDevices","RemovableMediaDevices","WpdDevices"],"Values":["CdRomDevices","PrinterDevices","RemovableMediaDevices","WpdDevices"]},{"CIMType":"String","Description":"The Serial Number ID of the device. Example is '03003324080520232521', which corresponds to 'USBSTOR\\\\DISK&VEN__USB&PROD__SANDISK_3.2GEN1&REV_1.00\\\\03003324080520232521&0'.","Name":"SerialNumberId","Option":"Write"},{"CIMType":"String","Description":"The Vendor ID of the device. Example is '0751'.","Name":"VID","Option":"Write"},{"CIMType":"String","Description":"The combination of Vendor and Product ID. Example is '0000_1111.","Name":"VID_PID","Option":"Write"}],"Description":"Intune Device Control Policy Setting"},{"ClassName":"MSFT_ReusablePrinterDeviceControlPolicySetting","Parameters":[{"CIMType":"String","Description":"The Friendly Name of the device. Example is 'Generic Printer'.","Name":"FriendlyNameId","Option":"Write"},{"CIMType":"String","Description":"The identifier of the reusable policy setting.","Name":"Name","Option":"Key"},{"CIMType":"SInt32","Description":"The Primary ID of the device. Possible values are: 0: Printer Devices","Name":"PrimaryId","Option":"Write","ValueMap":[0],"Values":[0]},{"CIMType":"SInt32","Description":"The Printer Connection Id. Possible values are: 0: USB, 1: Corporate, 2: Network, 3: Universal, 4: File, 5: Custom, 6: Local.","Name":"PrinterConnectionId","Option":"Write","ValueMap":[0,1,2,3,4,5,6],"Values":[0,1,2,3,4,5,6]},{"CIMType":"String","Description":"The combination of Vendor and Product ID. Example is '0000_1111.","Name":"VID_PID","Option":"Write"}],"Description":"Intune Device Control Policy Setting"},{"ClassName":"MSFT_IntuneDeviceControlPolicySetting","Parameters":[{"CIMType":"String","Description":"The match type of the policy settings. Possible values: Any, All","Name":"MatchType","Option":"Write","ValueMap":["Any","All"],"Values":["Any","All"]},{"CIMType":"MSFT_ReusablePrinterDeviceControlPolicySetting[]","Description":"The Printer Device Control policy settings.","Name":"PrinterPolicySettings","Option":"Write"},{"CIMType":"MSFT_ReusableStorageDeviceControlPolicySetting[]","Description":"The Storage Device Control policy settings.","Name":"StoragePolicySettings","Option":"Write"},{"CIMType":"String","Description":"Description of the setting.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Display Name of the setting.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Device Control Policy Setting"},{"ClassName":"MSFT_MicrosoftGraphIntuneSettingsCatalogPolicyRule","Parameters":[{"CIMType":"MSFT_MicrosoftGraphIntuneSettingsCatalogPolicyRuleEntry[]","Description":"Entry","Name":"Entry","Option":"Write"},{"CIMType":"String","Description":"Name","Name":"Name","Option":"Key"},{"CIMType":"String[]","Description":"Excluded ID","Name":"ExcludedIdList_GroupId","Option":"Write"},{"CIMType":"String[]","Description":"Included ID","Name":"IncludedIdList_GroupId","Option":"Write"}],"Description":"Intune Device Control Policy for Windows10"},{"ClassName":"MSFT_MicrosoftGraphIntuneSettingsCatalogPolicyRuleEntry","Parameters":[{"CIMType":"String","Description":"Type (allow: Allow, deny: Deny, auditallowed: AuditAllowed, auditdenied: AuditDenied)","Name":"Type","Option":"Write","ValueMap":["allow","deny","auditallowed","auditdenied"],"Values":["allow","deny","auditallowed","auditdenied"]},{"CIMType":"String","Description":"Options (0: None, 1: ShowNotification, 2: SendEvent, 3: SendNotificationAndEvent, 4: Disable)","Name":"Options","Option":"Write","ValueMap":["0","1","2","3","4"],"Values":["0","1","2","3","4"]},{"CIMType":"String","Description":"Sid","Name":"Sid","Option":"Write"},{"CIMType":"SInt32[]","Description":"Access mask (1: WDD_READ_ACCESS, 2: WDD_WRITE_ACCESS, 4: WDD_EXECUTE_ACCESS, 8: WDD_FS_READ_ACCESS, 16: WDD_FS_WRITE_ACCESS, 32: WDD_FS_EXECUTE_ACCESS, 64: WDD_PRINT_ACCESS)","Name":"AccessMask","Option":"Write","ValueMap":[1,2,4,8,16,32,64],"Values":[1,2,4,8,16,32,64]},{"CIMType":"String","Description":"Computer Sid","Name":"ComputerSid","Option":"Write"}],"Description":"Intune Device Control Policy for Windows10"},{"ClassName":"MSFT_IntuneDeviceControlPolicyWindows10","Parameters":[{"CIMType":"String","Description":"Policy description","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Policy name","Name":"DisplayName","Option":"Key"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphIntuneSettingsCatalogPolicyRule[]","Description":"The list of policy rules to apply.","Name":"PolicyRule","Option":"Write"},{"CIMType":"String","Description":"Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria (0: Disabled, 1: Enabled)","Name":"DeviceInstall_Allow_Deny_Layered","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Allow installation of devices that match any of these device IDs (0: Disabled, 1: Enabled)","Name":"DeviceInstall_IDs_Allow","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String[]","Description":"Allowed device IDs","Name":"DeviceInstall_IDs_Allow_List","Option":"Write"},{"CIMType":"String","Description":"Allow installation of devices that match any of these device instance IDs (0: Disabled, 1: Enabled)","Name":"DeviceInstall_Instance_IDs_Allow","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String[]","Description":"Allowed Instance IDs","Name":"DeviceInstall_Instance_IDs_Allow_List","Option":"Write"},{"CIMType":"String","Description":"Allow installation of devices using drivers that match these device setup classes (0: Disabled, 1: Enabled)","Name":"DeviceInstall_Classes_Allow","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String[]","Description":"Allowed classes","Name":"DeviceInstall_Classes_Allow_List","Option":"Write"},{"CIMType":"String","Description":"Prevent installation of devices not described by other policy settings (0: Disabled, 1: Enabled)","Name":"DeviceInstall_Unspecified_Deny","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Prevent installation of devices that match any of these device IDs (0: Disabled, 1: Enabled)","Name":"DeviceInstall_IDs_Deny","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String[]","Description":"Prevented device IDs","Name":"DeviceInstall_IDs_Deny_List","Option":"Write"},{"CIMType":"String","Description":"Also apply to matching devices that are already installed. (0: False, 1: True)","Name":"DeviceInstall_IDs_Deny_Retroactive","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Prevent installation of devices that match any of these device instance IDs (0: Disabled, 1: Enabled)","Name":"DeviceInstall_Instance_IDs_Deny","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Also apply to matching devices that are already installed. (Device) (0: False, 1: True)","Name":"DeviceInstall_Instance_IDs_Deny_Retroactive","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String[]","Description":"Prevented Instance IDs","Name":"DeviceInstall_Instance_IDs_Deny_List","Option":"Write"},{"CIMType":"String","Description":"Prevent installation of devices using drivers that match these device setup classes (0: Disabled, 1: Enabled)","Name":"DeviceInstall_Classes_Deny","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String[]","Description":"Prevented Classes","Name":"DeviceInstall_Classes_Deny_List","Option":"Write"},{"CIMType":"String","Description":"Also apply to matching devices that are already installed. (0: False, 1: True)","Name":"DeviceInstall_Classes_Deny_Retroactive","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Prevent installation of removable devices (0: Disabled, 1: Enabled)","Name":"DeviceInstall_Removable_Deny","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"WPD Devices: Deny read access (0: Disabled, 1: Enabled)","Name":"WPDDevices_DenyRead_Access_2","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"WPD Devices: Deny read access (User) (0: Disabled, 1: Enabled)","Name":"WPDDevices_DenyRead_Access_1","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"WPD Devices: Deny write access (0: Disabled, 1: Enabled)","Name":"WPDDevices_DenyWrite_Access_2","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"WPD Devices: Deny write access (User) (0: Disabled, 1: Enabled)","Name":"WPDDevices_DenyWrite_Access_1","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Allow Full Scan Removable Drive Scanning (0: Not allowed. Turns off scanning on removable drives., 1: Allowed. Scans removable drives.)","Name":"AllowFullScanRemovableDriveScanning","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Default Enforcement (1: Default Allow Enforcement, 2: Default Deny Enforcement)","Name":"DefaultEnforcement","Option":"Write","ValueMap":["1","2"],"Values":["1","2"]},{"CIMType":"String","Description":"Device Control Enabled (0: Device Control is disabled, 1: Device Control is enabled)","Name":"DeviceControlEnabled","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Allow Direct Memory Access (0: Not allowed., 1: Allowed.)","Name":"AllowDirectMemoryAccess","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Device Enumeration Policy (0: Block all (Most restrictive), 1: Only after log in/screen unlock, 2: Allow all (Least restrictive))","Name":"DeviceEnumerationPolicy","Option":"Write","ValueMap":["0","1","2"],"Values":["0","1","2"]},{"CIMType":"String","Description":"Removable Disk Deny Write Access (0: Disabled., 1: Enabled.)","Name":"RemovableDiskDenyWriteAccess","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Allow USB Connection (0: Not allowed., 1: Allowed.)","Name":"AllowUSBConnection","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Allow Bluetooth (0: Disallow Bluetooth. If this is set to 0, the radio in the Bluetooth control panel will be grayed out and the user will not be able to turn Bluetooth on., 1: Reserved. If this is set to 1, the radio in the Bluetooth control panel will be functional and the user will be able to turn Bluetooth on., 2: Allow Bluetooth. If this is set to 2, the radio in the Bluetooth control panel will be functional and the user will be able to turn Bluetooth on.)","Name":"AllowBluetooth","Option":"Write","ValueMap":["0","1","2"],"Values":["0","1","2"]},{"CIMType":"String","Description":"Allow Advertising (0: Not allowed. When set to 0, the device will not send out advertisements. To verify, use any Bluetooth LE app and enable it to do advertising. Then, verify that the advertisement is not received by the peripheral., 1: Allowed. When set to 1, the device will send out advertisements. To verify, use any Bluetooth LE app and enable it to do advertising. Then, verify that the advertisement is received by the peripheral.)","Name":"AllowAdvertising","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Allow Discoverable Mode (0: Not allowed. When set to 0, other devices will not be able to detect the device. To verify, open the Bluetooth control panel on the device. Then, go to another Bluetooth-enabled device, open the Bluetooth control panel, and verify that you cannot see the name of the device., 1: Allowed. When set to 1, other devices will be able to detect the device. To verify, open the Bluetooth control panel on the device. Then, go to another Bluetooth-enabled device, open the Bluetooth control panel and verify that you can discover it.)","Name":"AllowDiscoverableMode","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Allow Prepairing (0: Not allowed., 1: Allowed.)","Name":"AllowPrepairing","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Allow Prompted Proximal Connections (0: Disallow. Block users on these managed devices from using Swift Pair and other proximity based scenarios, 1: Allow. Allow users on these managed devices to use Swift Pair and other proximity based scenarios)","Name":"AllowPromptedProximalConnections","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String[]","Description":"Services Allowed List","Name":"ServicesAllowedList","Option":"Write"},{"CIMType":"String","Description":"Allow Storage Card (0: SD card use is not allowed and USB drives are disabled. This setting does not prevent programmatic access to the storage card., 1: Allow a storage card.)","Name":"AllowStorageCard","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Device Control Policy for Windows10"},{"ClassName":"MSFT_IntuneDeviceEnrollmentLimitRestriction","Parameters":[{"CIMType":"String","Description":"Id of the device enrollment limit restriction.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"Display name of the device enrollment limit restriction.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"Description of the device enrollment limit restriction.","Name":"Description","Option":"Write"},{"CIMType":"UInt32","Description":"Specifies the maximum number of devices a user can enroll","Name":"Limit","Option":"Write"},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Assignments of the policy.","Name":"Assignments","Option":"Write"},{"CIMType":"UInt32","Description":"Priority is used when a user exists in multiple groups that are assigned enrollment configuration. Users are subject only to the configuration with the lowest priority value.","Name":"Priority","Option":"Write"},{"CIMType":"String[]","Description":"RoleScopeTagIds of the device enrollment limit restriction policy.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"string","Description":"Present ensures the restriction exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Intune Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures the Intune device enrollment limit restrictions."},{"ClassName":"MSFT_DeviceEnrollmentPlatformRestriction","Parameters":[{"CIMType":"Boolean","Description":"Block the platform from enrolling.","Name":"PlatformBlocked","Option":"Write"},{"CIMType":"Boolean","Description":"Block personally owned devices from enrolling.","Name":"PersonalDeviceEnrollmentBlocked","Option":"Write"},{"CIMType":"String","Description":"Min OS version supported.","Name":"OsMinimumVersion","Option":"Write"},{"CIMType":"String","Description":"Max OS version supported.","Name":"OsMaximumVersion","Option":"Write"},{"CIMType":"String[]","Description":"Collection of blocked Manufacturers.","Name":"BlockedManufacturers","Option":"Write"},{"CIMType":"String[]","Description":"Collection of blocked Skus.","Name":"BlockedSkus","Option":"Write"}],"Description":"This resource configures the Intune device platform enrollment restrictions.\n\n### Restrictions\n\nAfter deploying the configuration, updating the policies is no longer possible. This is a restriction by the Microsoft Graph API. Any further updates to the policies have to be done using the Intune Portal.\n\n**Be aware**: To deploy a Android platform restriction policy, two individual configurations must exist:\n\n* The first one contains the key for `AndroidRestriction`\n* The second one contains the key for `AndroidForWorkRestriction`"},{"ClassName":"MSFT_IntuneDeviceEnrollmentPlatformRestriction","Parameters":[{"CIMType":"String","Description":"Identity of the device enrollment platform restriction.","Name":"Identity","Option":"Key"},{"CIMType":"String","Description":"Display name of the device enrollment platform restriction.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"Description of the device enrollment platform restriction.","Name":"Description","Option":"Write"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"MSFT_DeviceEnrollmentPlatformRestriction","Description":"Android for work restrictions based on platform, platform operating system version, and device ownership.","Name":"AndroidForWorkRestriction","Option":"Write"},{"CIMType":"MSFT_DeviceEnrollmentPlatformRestriction","Description":"Android restrictions based on platform, platform operating system version, and device ownership.","Name":"AndroidRestriction","Option":"Write"},{"CIMType":"MSFT_DeviceEnrollmentPlatformRestriction","Description":"Ios restrictions based on platform, platform operating system version, and device ownership.","Name":"IosRestriction","Option":"Write"},{"CIMType":"MSFT_DeviceEnrollmentPlatformRestriction","Description":"Mac restrictions based on platform, platform operating system version, and device ownership.","Name":"MacOSRestriction","Option":"Write"},{"CIMType":"MSFT_DeviceEnrollmentPlatformRestriction","Description":"Mac restrictions based on platform, platform operating system version, and device ownership.","Name":"MacRestriction","Option":"Write"},{"CIMType":"MSFT_DeviceEnrollmentPlatformRestriction","Description":"Windows Home Sku restrictions based on platform, platform operating system version, and device ownership.","Name":"WindowsHomeSkuRestriction","Option":"Write"},{"CIMType":"MSFT_DeviceEnrollmentPlatformRestriction","Description":"Windows mobile restrictions based on platform, platform operating system version, and device ownership.","Name":"WindowsMobileRestriction","Option":"Write"},{"CIMType":"MSFT_DeviceEnrollmentPlatformRestriction","Description":"Windows restrictions based on platform, platform operating system version, and device ownership.","Name":"WindowsRestriction","Option":"Write"},{"CIMType":"String","Description":"Support for Enrollment Configuration Type","Name":"DeviceEnrollmentConfigurationType","Option":"Write","ValueMap":["platformRestrictions","singlePlatformRestriction"],"Values":["platformRestrictions","singlePlatformRestriction"]},{"CIMType":"UInt32","Description":"Priority is used when a user exists in multiple groups that are assigned enrollment configuration. Users are subject only to the configuration with the lowest priority value.","Name":"Priority","Option":"Write"},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Assignments of the policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Intune Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Name of the Azure Active Directory tenant used for authentication. Format contoso.onmicrosoft.com","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures the Intune device platform enrollment restrictions.\n\n### Restrictions\n\nAfter deploying the configuration, updating the policies is no longer possible. This is a restriction by the Microsoft Graph API. Any further updates to the policies have to be done using the Intune Portal.\n\n**Be aware**: To deploy a Android platform restriction policy, two individual configurations must exist:\n\n* The first one contains the key for `AndroidRestriction`\n* The second one contains the key for `AndroidForWorkRestriction`"},{"ClassName":"MSFT_IntuneDeviceEnrollmentScopeConfigurationMam","Parameters":[{"CIMType":"String","Description":"Only valid value is 'Yes'.","Name":"IsSingleInstance","Option":"Key","ValueMap":["Yes"],"Values":["Yes"]},{"CIMType":"String","Description":"Indicates the user scope of the mobility management policy. The possible values are: none, all, selected.","Name":"AppliesTo","Option":"Write","ValueMap":["none","all","selected"],"Values":["none","all","selected"]},{"CIMType":"String","Description":"Compliance URL of the mobility management application.","Name":"ComplianceUrl","Option":"Write"},{"CIMType":"String","Description":"Discovery URL of the mobility management application.","Name":"DiscoveryUrl","Option":"Write"},{"CIMType":"String","Description":"Terms of Use URL of the mobility management application.","Name":"TermsOfUseUrl","Option":"Write"},{"CIMType":"String[]","Description":"The group display names that are included if the scope is set to 'Selected'.","Name":"IncludedGroups","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Device Enrollment Scope Configuration Mam"},{"ClassName":"MSFT_IntuneDeviceEnrollmentScopeConfigurationMdm","Parameters":[{"CIMType":"String","Description":"Only valid value is 'Yes'.","Name":"IsSingleInstance","Option":"Key","ValueMap":["Yes"],"Values":["Yes"]},{"CIMType":"Boolean","Description":"Controls the option if users in an automatic enrollment configuration on Microsoft Entra registered devices are prompted to MDM enroll their device in the Entra account registration flow.","Name":"IsMdmEnrollmentDuringRegistrationDisabled","Option":"Write"},{"CIMType":"String","Description":"Indicates the user scope of the mobility management policy. The possible values are: none, all, selected.","Name":"AppliesTo","Option":"Write","ValueMap":["none","all","selected"],"Values":["none","all","selected"]},{"CIMType":"String","Description":"Compliance URL of the mobility management application.","Name":"ComplianceUrl","Option":"Write"},{"CIMType":"String","Description":"Discovery URL of the mobility management application.","Name":"DiscoveryUrl","Option":"Write"},{"CIMType":"String","Description":"Terms of Use URL of the mobility management application.","Name":"TermsOfUseUrl","Option":"Write"},{"CIMType":"String[]","Description":"The group display names that are included if the scope is set to 'Selected'.","Name":"IncludedGroups","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Device Enrollment Scope Configuration Mdm"},{"ClassName":"MSFT_IntuneDeviceEnrollmentStatusPageWindows10","Parameters":[{"CIMType":"String","Description":"The display name of the device enrollment configuration","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"The description of the device enrollment configuration","Name":"Description","Option":"Write"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"Boolean","Description":"Allow or block device reset on installation failure","Name":"AllowDeviceResetOnInstallFailure","Option":"Write"},{"CIMType":"Boolean","Description":"Allow the user to continue using the device on installation failure","Name":"AllowDeviceUseOnInstallFailure","Option":"Write"},{"CIMType":"Boolean","Description":"Allow or block log collection on installation failure","Name":"AllowLogCollectionOnInstallFailure","Option":"Write"},{"CIMType":"Boolean","Description":"Install all required apps as non blocking apps during white glove","Name":"AllowNonBlockingAppInstallation","Option":"Write"},{"CIMType":"Boolean","Description":"Allow the user to retry the setup on installation failure","Name":"BlockDeviceSetupRetryByUser","Option":"Write"},{"CIMType":"String","Description":"Set custom error message to show upon installation failure","Name":"CustomErrorMessage","Option":"Write"},{"CIMType":"Boolean","Description":"Only show installation progress for first user post enrollment","Name":"DisableUserStatusTrackingAfterFirstUser","Option":"Write"},{"CIMType":"UInt32","Description":"Set installation progress timeout in minutes","Name":"InstallProgressTimeoutInMinutes","Option":"Write"},{"CIMType":"Boolean","Description":"Allows quality updates installation during OOBE","Name":"InstallQualityUpdates","Option":"Write"},{"CIMType":"String[]","Description":"Ids of selected applications to track the installation status. When this parameter is used, SelectedMobileAppNames is ignored","Name":"SelectedMobileAppIds","Option":"Write"},{"CIMType":"String[]","Description":"Names of selected applications to track the installation status. This parameter is ignored when SelectedMobileAppIds is also specified","Name":"SelectedMobileAppNames","Option":"Write"},{"CIMType":"Boolean","Description":"Show or hide installation progress to user","Name":"ShowInstallationProgress","Option":"Write"},{"CIMType":"Boolean","Description":"Only show installation progress for Autopilot enrollment scenarios","Name":"TrackInstallProgressForAutopilotOnly","Option":"Write"},{"CIMType":"UInt32","Description":"Priority is used when a user exists in multiple groups that are assigned enrollment configuration. Users are subject only to the configuration with the lowest priority value.","Name":"Priority","Option":"Write"},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Device Enrollment Status Page Configuration for Windows10\n\n**Please note:** If multiple resources are defined and they are not sorted by their priority increasing (meaning that the first resource e.g. has priority 2 and the next one has 1),\nit is possible that the priority cannot be set correctly because not enough policies exist in the tenant.\n\nTo prevent this issue from happening, either define the resources with their priority increasing or use the `DependsOn` property to define a relation to the one that needs to be processed first."},{"ClassName":"MSFT_airPrintDestination","Parameters":[{"CIMType":"String","Description":"The IP Address of the AirPrint destination.","Name":"ipAddress","Option":"Key"},{"CIMType":"String","Description":"The Resource Path associated with the printer. This corresponds to the rp parameter of the _ipps.tcp Bonjour record. For example: printers/Canon_MG5300_series, printers/Xerox_Phaser_7600, ipp/print, Epson_IPP_Printer.","Name":"resourcePath","Option":"Key"},{"CIMType":"uint32","Description":"The listening port of the AirPrint destination. If this key is not specified, AirPrint will use the default port. Available in iOS 11.0 and later.","Name":"port","Option":"Key"},{"CIMType":"Boolean","Description":"If true, AirPrint connections are secured by Transport Layer Security (TLS). Default is false. Available in iOS 11.0 and later.","Name":"forceTls","Option":"Write"}],"Description":"This resource configures an Intune Device Features Configuration Policy for iOS Device."},{"ClassName":"MSFT_iosWebContentFilterBase","Parameters":[{"CIMType":"String","Description":"url.","Name":"url","Option":"Key"},{"CIMType":"String","Description":"bookmarkFolder.","Name":"bookmarkFolder","Option":"Key"},{"CIMType":"String","Description":"displayName.","Name":"displayName","Option":"Key"}],"Description":"This resource configures an Intune Device Features Configuration Policy for iOS Device."},{"ClassName":"MSFT_iosWebContentFilterSpecificWebsitesAccess","Parameters":[{"CIMType":"String","Description":"The type of data.","Name":"dataType","Option":"Write"},{"CIMType":"MSFT_iosWebContentFilterBase[]","Description":"specificWebsitesOnly, embedded instance of iosWebContentFilterBase.","Name":"specificWebsitesOnly","Option":"Write"},{"CIMType":"MSFT_iosWebContentFilterBase[]","Description":"websiteList, embedded instance of iosWebContentFilterBase.","Name":"websiteList","Option":"Write"},{"CIMType":"String[]","Description":"allowedUrls.","Name":"allowedUrls","Option":"Write"},{"CIMType":"String[]","Description":"blockedUrls.","Name":"blockedUrls","Option":"Write"}],"Description":"This resource configures an Intune Device Features Configuration Policy for iOS Device."},{"ClassName":"MSFT_iosHomeScreenFolderPage","Parameters":[{"CIMType":"MSFT_iosHomeScreenApp[]","Description":"A list of apps, folders, and web clips to appear on a page. This collection can contain a maximum of 500 elements.","Name":"apps","Option":"Write"}],"Description":"This resource configures an Intune Device Features Configuration Policy for iOS Device."},{"ClassName":"MSFT_iosHomeScreenApp","Parameters":[{"CIMType":"String","Description":"Name of the app. Inherited from iosHomeScreenItem.","Name":"displayName","Option":"Write"},{"CIMType":"String","Description":"BundleID of the app if isWebClip is false or the URL of a web clip if isWebClip is true.","Name":"bundleID","Option":"Key"},{"CIMType":"Boolean","Description":"Is it a website URL or an app","Name":"isWebClip","Option":"Write"},{"CIMType":"MSFT_iosHomeScreenFolderPage[]","Description":"Pages of the folder.","Name":"pages","Option":"Write"}],"Description":"This resource configures an Intune Device Features Configuration Policy for iOS Device."},{"ClassName":"MSFT_iosHomeScreenItem","Parameters":[{"CIMType":"MSFT_iosHomeScreenApp[]","Description":"A list of apps, folders, and web clips to appear on a page. This collection can contain a maximum of 500 elements.","Name":"icons","Option":"Write"}],"Description":"This resource configures an Intune Device Features Configuration Policy for iOS Device."},{"ClassName":"MSFT_iosNotificationSettings","Parameters":[{"CIMType":"String","Description":"Bundle id of the app to which to apply these notification settings.","Name":"bundleID","Option":"Key"},{"CIMType":"String","Description":"Application name to be associated with the BundleID.","Name":"appName","Option":"Write"},{"CIMType":"String","Description":"Publisher to be associated with the BundleID.","Name":"publisher","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether notifications are allowed for this app.","Name":"enabled","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether notifications can be shown in the notification center.","Name":"showInNotificationCenter","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether notifications can be shown on the lock screen.","Name":"showOnLockScreen","Option":"Write"},{"CIMType":"String","Description":"Indicates the type of alert for notifications for this app. Possible values are: deviceDefault, banner, modal, none.","Name":"alertType","Option":"Write","ValueMap":["deviceDefault","banner","modal","none"],"Values":["deviceDefault","banner","modal","none"]},{"CIMType":"Boolean","Description":"Indicates whether badges are allowed for this app.","Name":"badgesEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether sounds are allowed for this app.","Name":"soundsEnabled","Option":"Write"},{"CIMType":"String","Description":"Overrides the notification preview policy set by the user on an iOS device. Possible values are: notConfigured, alwaysShow, hideWhenLocked, neverShow.","Name":"previewVisibility","Option":"Write","ValueMap":["notConfigured","alwaysShow","hideWhenLocked","neverShow"],"Values":["notConfigured","alwaysShow","hideWhenLocked","neverShow"]}],"Description":"This resource configures an Intune Device Features Configuration Policy for iOS Device."},{"ClassName":"MSFT_iosSingleSignOnSettings","Parameters":[{"CIMType":"MSFT_appListItem[]","Description":"List of app identifiers that are allowed to use this login. If this field is omitted, the login applies to all applications on the device. This collection can contain a maximum of 500 elements.","Name":"allowedAppsList","Option":"Write"},{"CIMType":"String[]","Description":"List of HTTP URLs that must be matched in order to use this login. With iOS 9.0 or later, wildcard characters may be used.","Name":"allowedUrls","Option":"Write"},{"CIMType":"String","Description":"The display name of login settings shown on the receiving device.","Name":"displayName","Option":"Write"},{"CIMType":"String","Description":"A Kerberos principal name. If not provided, the user is prompted for one during profile installation.","Name":"kerberosPrincipalName","Option":"Write"},{"CIMType":"String","Description":"A Kerberos realm name. Case sensitive.","Name":"kerberosRealm","Option":"Write"}],"Description":"This resource configures an Intune Device Features Configuration Policy for iOS Device."},{"ClassName":"MSFT_mimeContent","Parameters":[{"CIMType":"String","Description":"Indicates the content mime type.","Name":"type","Option":"Write"},{"CIMType":"String[]","Description":"The byte array that contains the actual content.","Name":"value","Option":"Write"}],"Description":"This resource configures an Intune Device Features Configuration Policy for iOS Device."},{"ClassName":"MSFT_keyTypedValuePair","Parameters":[{"CIMType":"String","Description":"The type of data.","Name":"dataType","Option":"Write"},{"CIMType":"String","Description":"Key for the custom data entry.","Name":"key","Option":"Write"},{"CIMType":"String","Description":"Value for the custom data entry.","Name":"value","Option":"Write"}],"Description":"This resource configures an Intune Device Features Configuration Policy for iOS Device."},{"ClassName":"MSFT_iosSingleSignOnExtension","Parameters":[{"CIMType":"String","Description":"The type of data.","Name":"dataType","Option":"Write"},{"CIMType":"String","Description":"The case-sensitive realm name for this profile.","Name":"Realm","Option":"Write"},{"CIMType":"String[]","Description":"A list of hosts or domain names for which the app extension performs SSO.","Name":"Domains","Option":"Write"},{"CIMType":"Boolean","Description":"Enables or disables Keychain usage.","Name":"BlockAutomaticLogin","Option":"Write"},{"CIMType":"String","Description":"The Generic Security Services name of the Kerberos cache to use for this profile.","Name":"CacheName","Option":"Write"},{"CIMType":"String[]","Description":"A list of app Bundle IDs allowed to access the Kerberos Ticket Granting Ticket.","Name":"CredentialBundleIdAccessControlList","Option":"Write"},{"CIMType":"String[]","Description":"A list of realms for custom domain-realm mapping. Realms are case sensitive.","Name":"DomainRealms","Option":"Write"},{"CIMType":"Boolean","Description":"When true, this profile's realm will be selected as the default. Necessary if multiple Kerberos-type profiles are configured.","Name":"IsDefaultRealm","Option":"Write"},{"CIMType":"Boolean","Description":"Enables or disables password changes.","Name":"PasswordBlockModification","Option":"Write"},{"CIMType":"Uint32","Description":"Overrides the default password expiration in days. For most domains, this value is calculated automatically.","Name":"PasswordExpirationDays","Option":"Write"},{"CIMType":"Uint32","Description":"The number of days until the user is notified that their password will expire (default is 15).","Name":"PasswordExpirationNotificationDays","Option":"Write"},{"CIMType":"String","Description":"The principal user name to use for this profile. The realm name does not need to be included.","Name":"UserPrincipalName","Option":"Write"},{"CIMType":"Boolean","Description":"Enables or disables whether passwords must meet Active Directory's complexity requirements.","Name":"PasswordRequireActiveDirectoryComplexity","Option":"Write"},{"CIMType":"Uint32","Description":"The number of previous passwords to block.","Name":"PasswordPreviousPasswordBlockCount","Option":"Write"},{"CIMType":"Uint32","Description":"The minimum length of a password.","Name":"PasswordMinimumLength","Option":"Write"},{"CIMType":"Uint32","Description":"The minimum number of days until a user can change their password again.","Name":"PasswordMinimumAgeDays","Option":"Write"},{"CIMType":"String","Description":"A description of the password complexity requirements.","Name":"PasswordRequirementsDescription","Option":"Write"},{"CIMType":"Boolean","Description":"Whether to require authentication via Touch ID, Face ID, or a passcode to access the keychain entry.","Name":"RequireUserPresence","Option":"Write"},{"CIMType":"String","Description":"The Active Directory site.","Name":"ActiveDirectorySiteCode","Option":"Write"},{"CIMType":"Boolean","Description":"Enables or disables password syncing. This won't affect users logged in with a mobile account on macOS.","Name":"PasswordEnableLocalSync","Option":"Write"},{"CIMType":"Boolean","Description":"Enables or disables whether the Kerberos extension can automatically determine its site name.","Name":"BlockActiveDirectorySiteAutoDiscovery","Option":"Write"},{"CIMType":"String","Description":"The URL that the user will be sent to when they initiate a password change.","Name":"PasswordChangeUrl","Option":"Write"},{"CIMType":"String","Description":"Text displayed to the user at the Kerberos sign-in window. Available for devices running iOS and iPadOS versions 14 and later.","Name":"SignInHelpText","Option":"Write"},{"CIMType":"Boolean","Description":"When set to True, the Kerberos extension allows managed apps, and any apps entered with the app bundle ID to access the credential. When set to False, the Kerberos extension allows all apps to access the credential. Available for devices running iOS and iPadOS versions 14 and later.","Name":"ManagedAppsInBundleIdACLIncluded","Option":"Write"},{"CIMType":"boolean","Description":"Enables or disables shared device mode.","Name":"EnableSharedDeviceMode","Option":"Write"},{"CIMType":"string[]","Description":"An optional list of additional bundle IDs allowed to use the AAD extension for single sign-on.","Name":"BundleIdAccessControlList","Option":"Write"},{"CIMType":"MSFT_keyTypedValuePair[]","Description":"Gets or sets a list of typed key-value pairs used to configure Credential-type profiles. This collection can contain a maximum of 500 elements.","Name":"Configurations","Option":"Write"},{"CIMType":"string","Description":"Gets or sets the bundle ID of the app extension that performs SSO for the specified URLs.","Name":"ExtensionIdentifier","Option":"Write"},{"CIMType":"string","Description":"Gets or sets the team ID of the app extension that performs SSO for the specified URLs.","Name":"TeamIdentifier","Option":"Write"},{"CIMType":"String[]","Description":"One or more URL prefixes of identity providers on whose behalf the app extension performs single sign-on. URLs must begin with http:// or https://. All URL prefixes must be unique for all profiles.","Name":"urlPrefixes","Option":"Write"}],"Description":"This resource configures an Intune Device Features Configuration Policy for iOS Device."},{"ClassName":"MSFT_deviceManagementApplicabilityRuleOsEdition","Parameters":[{"CIMType":"String","Description":"Name for object","Name":"Name","Option":"Write"},{"CIMType":"String[]","Description":"Applicability rule OS edition type","Name":"OsEditionTypes","Option":"Write"},{"CIMType":"String","Description":"Applicability Rule type","Name":"RuleType","Option":"Write","ValueMap":["include","exclude"],"Values":["include","exclude"]}],"Description":"This resource configures an Intune Device Features Configuration Policy for iOS Device."},{"ClassName":"MSFT_deviceManagementApplicabilityRuleOsVersion","Parameters":[{"CIMType":"String","Description":"Name for object","Name":"Name","Option":"Write"},{"CIMType":"String","Description":"Min OS version for Applicability Rule","Name":"MinOSVersion","Option":"Write"},{"CIMType":"String","Description":"Max OS version for Applicability Rule","Name":"MaxOSVersion","Option":"Write"},{"CIMType":"String","Description":"Applicability Rule type","Name":"RuleType","Option":"Write","ValueMap":["include","exclude"],"Values":["include","exclude"]}],"Description":"This resource configures an Intune Device Features Configuration Policy for iOS Device."},{"ClassName":"MSFT_deviceManagementApplicabilityRuleDeviceMode","Parameters":[{"CIMType":"String","Description":"Name for object","Name":"Name","Option":"Key"},{"CIMType":"String","Description":"Applicability rule for device mode","Name":"DeviceMode","Option":"Write","ValueMap":["standardConfiguration","sModeConfiguration"],"Values":["standardConfiguration","sModeConfiguration"]},{"CIMType":"String","Description":"Applicability Rule type","Name":"RuleType","Option":"Write","ValueMap":["include","exclude"],"Values":["include","exclude"]}],"Description":"This resource configures an Intune Device Features Configuration Policy for iOS Device."},{"ClassName":"MSFT_IntuneDeviceFeaturesConfigurationPolicyIOS","Parameters":[{"CIMType":"String","Description":"Id of the Intune policy.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"Display name of the Intune policy.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"Description of the Intune policy.","Name":"Description","Option":"Write"},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Intune Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance. Inherited from deviceConfiguration.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"MSFT_deviceManagementApplicabilityRuleOsEdition[]","Description":"The OS edition applicability for this Policy. Inherited from deviceConfiguration.","Name":"DeviceManagementApplicabilityRuleOsEdition","Option":"Write"},{"CIMType":"MSFT_deviceManagementApplicabilityRuleOsVersion[]","Description":"The OS version applicability rule for this Policy. Inherited from deviceConfiguration.","Name":"DeviceManagementApplicabilityRuleOsVersion","Option":"Write"},{"CIMType":"MSFT_deviceManagementApplicabilityRuleDeviceMode[]","Description":"The device mode applicability rule for this Policy. Inherited from deviceConfiguration.","Name":"DeviceManagementApplicabilityRuleDeviceMode","Option":"Write"},{"CIMType":"MSFT_airPrintDestination[]","Description":"An array of AirPrint printers that should always be shown.","Name":"AirPrintDestinations","Option":"Write"},{"CIMType":"String","Description":"Asset tag information for the device, displayed on the login window and lock screen.","Name":"AssetTagTemplate","Option":"Write"},{"CIMType":"MSFT_iosWebContentFilterSpecificWebsitesAccess[]","Description":"Gets or sets iOS Web Content Filter settings, supervised mode only.","Name":"ContentFilterSettings","Option":"Write"},{"CIMType":"String","Description":"A footnote displayed on the login window and lock screen. Available in iOS 9.3.1 and later.","Name":"LockScreenFootnote","Option":"Write"},{"CIMType":"MSFT_iosHomeScreenApp[]","Description":"A list of app and folders to appear on the Home Screen Dock. This collection can contain a maximum of 500 elements.","Name":"HomeScreenDockIcons","Option":"Write"},{"CIMType":"MSFT_iosHomeScreenItem[]","Description":"A list of pages on the Home Screen. This collection can contain a maximum of 500 elements.","Name":"HomeScreenPages","Option":"Write"},{"CIMType":"Uint32","Description":"Gets or sets the number of columns to render when configuring iOS home screen layout settings. If this value is configured, homeScreenGridHeight must be configured as well.","Name":"HomeScreenGridWidth","Option":"Write"},{"CIMType":"Uint32","Description":"Gets or sets the number of rows to render when configuring iOS home screen layout settings. If this value is configured, homeScreenGridWidth must be configured as well.","Name":"HomeScreenGridHeight","Option":"Write"},{"CIMType":"MSFT_iosNotificationSettings[]","Description":"Notification settings for each bundle id. Applicable to devices in supervised mode only (iOS 9.3 and later).","Name":"NotificationSettings","Option":"Write"},{"CIMType":"MSFT_iosSingleSignOnSettings[]","Description":"The Kerberos login settings that enable apps on receiving devices to authenticate smoothly.","Name":"SingleSignOnSettings","Option":"Write"},{"CIMType":"String","Description":"A wallpaper display location specifier. Possible values are: notConfigured, lockScreen, homeScreen, lockAndHomeScreens.","Name":"WallpaperDisplayLocation","Option":"Write","ValueMap":["notConfigured","lockScreen","homeScreen","lockAndHomeScreens"],"Values":["notConfigured","lockScreen","homeScreen","lockAndHomeScreens"]},{"CIMType":"MSFT_mimeContent[]","Description":"A wallpaper image must be in either PNG or JPEG format. It requires a supervised device with iOS 8 or later version.","Name":"WallpaperImage","Option":"Write"},{"CIMType":"MSFT_iosSingleSignOnExtension[]","Description":"Gets or sets a single sign-on extension profile.","Name":"IosSingleSignOnExtension","Option":"Write"}],"Description":"This resource configures an Intune Device Features Configuration Policy for iOS Device."},{"ClassName":"MSFT_IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile","Parameters":[{"CIMType":"String","Description":"Display name for the enrollment profile.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"Unique GUID for the enrollment profile. Read-Only.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"Intune AccountId GUID the enrollment profile belongs to.","Name":"AccountId","Option":"Write"},{"CIMType":"String","Description":"Description for the enrollment profile.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Date time the most recently created token will expire.","Name":"TokenExpirationDateTime","Option":"Write"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"Boolean","Description":"Boolean that indicates that the Wi-Fi network should be configured during device provisioning. When set to TRUE, device provisioning will use Wi-Fi related properties to automatically connect to Wi-Fi networks. When set to FALSE or undefined, other Wi-Fi related properties will be ignored. Default value is TRUE. Returned by default.","Name":"ConfigureWifi","Option":"Write"},{"CIMType":"String","Description":"String that contains the wi-fi login ssid","Name":"WifiSsid","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"String that contains the wi-fi login password. The parameter is a PSCredential object.","Name":"WifiPassword","Option":"Write"},{"CIMType":"Boolean","Description":"Boolean that indicates if hidden wifi networks are enabled","Name":"WifiHidden","Option":"Write"},{"CIMType":"Boolean","Description":"Boolean indicating if this profile is an Android AOSP for Teams device profile.","Name":"IsTeamsDeviceProfile","Option":"Write"},{"CIMType":"string","Description":"Present ensures the instance exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Enrollment Profile used to enroll Android Enterprise devices using Google's Cloud Management."},{"ClassName":"MSFT_IntuneDeviceManagementComplianceSettings","Parameters":[{"CIMType":"String","Description":"Only valid value is 'Yes'.","Name":"IsSingleInstance","Option":"Key","ValueMap":["Yes"],"Values":["Yes"]},{"CIMType":"Boolean","Description":"Device should be noncompliant when there is no compliance policy targeted when this is true.","Name":"SecureByDefault","Option":"Write"},{"CIMType":"UInt32","Description":"The number of days a device is allowed to go without checking in to remain compliant. Must be between 1 and 120.","Name":"DeviceComplianceCheckinThresholdDays","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Credentials of the Intune Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures the settings of the device management compliance\nat the tenant level."},{"ClassName":"MSFT_IntuneDeviceManagementEnrollmentAndroidGooglePlay","Parameters":[{"CIMType":"String","Description":"Primary key identifier of the Android Managed Store Account Enterprise Setting.","Name":"Id","Option":"Key"},{"CIMType":"String","Description":"Binding status of the Android Managed Store Account Enterprise Setting (e.g., 'bound', 'notBound').","Name":"BindStatus","Option":"Write"},{"CIMType":"String","Description":"The user principal name of the owner of the Android Managed Store Account.","Name":"OwnerUserPrincipalName","Option":"Write"},{"CIMType":"String","Description":"The organization name of the owner of the Android Managed Store Account.","Name":"OwnerOrganizationName","Option":"Write"},{"CIMType":"String","Description":"Specifies the enrollment target for the account enterprise setting (e.g., 'defaultEnrollmentRestrictions', 'targetedAsEnrollmentRestrictions').","Name":"EnrollmentTarget","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies whether device owner management is enabled.","Name":"DeviceOwnerManagementEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies whether fully managed enrollment is enabled for Android devices.","Name":"AndroidDeviceOwnerFullyManagedEnrollmentEnabled","Option":"Write"},{"CIMType":"String","Description":"Present ensures the instance exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Absent","Present"],"Values":["Absent","Present"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin.","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Credential for the application secret used in authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether a Managed Identity is used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access tokens used for authentication in scenarios requiring multiple tokens.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures Android Enterprise enrollment settings for device management within Microsoft Intune.\nNote: Currently the bind API to enroll is waiting for the product team to make changes so the API can be called outside of an Intune portal. Until those changes are made, we can only unbind (disconnect/unenroll). For that reason we have commented out certain parameters that cannot be set. This will be uncommented once those changes are made."},{"ClassName":"MSFT_IntuneDeviceRemediationRunSchedule","Parameters":[{"CIMType":"String","Description":"The type of the schedule.","Name":"dataType","Option":"Write","ValueMap":["#microsoft.graph.deviceHealthScriptRunOnceSchedule","#microsoft.graph.deviceHealthScriptHourlySchedule","#microsoft.graph.deviceHealthScriptDailySchedule"],"Values":["#microsoft.graph.deviceHealthScriptRunOnceSchedule","#microsoft.graph.deviceHealthScriptHourlySchedule","#microsoft.graph.deviceHealthScriptDailySchedule"]},{"CIMType":"String","Description":"The date when to run the schedule. Only applicable when the odataType is a run once schedule. Format: 2024-01-01","Name":"Date","Option":"Write"},{"CIMType":"UInt32","Description":"The interval of the schedule. Must be 1 in case of a run once schedule.","Name":"Interval","Option":"Write"},{"CIMType":"String","Description":"The time when to run the schedule. Only applicable when the dataType is not an hourly schedule. Format: 01:00:00","Name":"Time","Option":"Write"},{"CIMType":"Boolean","Description":"If to use UTC as the time source. Only applicable when the dataType is not an hourly schedule.","Name":"UseUtc","Option":"Write"}],"Description":"Intune Device Remediation\n\n**Important:** Global scripts only allow the update of the following properties:\n\n* Assignments\n* RoleScopeTagIds\n* RunAs32Bit\n* RunAsAccount"},{"ClassName":"MSFT_IntuneDeviceRemediationPolicyAssignments","Parameters":[{"CIMType":"Boolean","Description":"If the remediation script should be run.","Name":"RunRemediationScript","Option":"Write"},{"CIMType":"MSFT_IntuneDeviceRemediationRunSchedule","Description":"The run schedule of the remediation.","Name":"RunSchedule","Option":"Write"},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments","Description":"Represents the assignment of the schedule.","Name":"Assignment","Option":"Write"}],"Description":"Intune Device Remediation\n\n**Important:** Global scripts only allow the update of the following properties:\n\n* Assignments\n* RoleScopeTagIds\n* RunAs32Bit\n* RunAsAccount"},{"ClassName":"MSFT_MicrosoftGraphDeviceHealthScriptParameter","Parameters":[{"CIMType":"Boolean","Description":"Whether Apply DefaultValue When Not Assigned","Name":"ApplyDefaultValueWhenNotAssigned","Option":"Write"},{"CIMType":"String","Description":"The description of the param","Name":"Description","Option":"Write"},{"CIMType":"Boolean","Description":"Whether the param is required","Name":"IsRequired","Option":"Write"},{"CIMType":"String","Description":"The name of the param","Name":"Name","Option":"Write"},{"CIMType":"Boolean","Description":"The default value of boolean param","Name":"DefaultValue","Option":"Write"},{"CIMType":"String","Description":"The type of the entity.","Name":"odataType","Option":"Write","ValueMap":["#microsoft.graph.deviceHealthScriptBooleanParameter","#microsoft.graph.deviceHealthScriptIntegerParameter","#microsoft.graph.deviceHealthScriptStringParameter"],"Values":["#microsoft.graph.deviceHealthScriptBooleanParameter","#microsoft.graph.deviceHealthScriptIntegerParameter","#microsoft.graph.deviceHealthScriptStringParameter"]}],"Description":"Intune Device Remediation\n\n**Important:** Global scripts only allow the update of the following properties:\n\n* Assignments\n* RoleScopeTagIds\n* RunAs32Bit\n* RunAsAccount"},{"ClassName":"MSFT_IntuneDeviceRemediation","Parameters":[{"CIMType":"String","Description":"Description of the device health script","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"The entire content of the detection powershell script","Name":"DetectionScriptContent","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphdeviceHealthScriptParameter[]","Description":"List of ComplexType DetectionScriptParameters objects.","Name":"DetectionScriptParameters","Option":"Write"},{"CIMType":"String","Description":"DeviceHealthScriptType for the script policy. Possible values are: deviceHealthScript, managedInstallerScript.","Name":"DeviceHealthScriptType","Option":"Write","ValueMap":["deviceHealthScript","managedInstallerScript"],"Values":["deviceHealthScript","managedInstallerScript"]},{"CIMType":"String","Description":"Name of the device health script","Name":"DisplayName","Option":"Key"},{"CIMType":"Boolean","Description":"Indicates whether the script signature needs be checked","Name":"EnforceSignatureCheck","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether the script is a global script provided by Microsoft","Name":"IsGlobalScript","Option":"Write"},{"CIMType":"String","Description":"Name of the device health script publisher","Name":"Publisher","Option":"Write"},{"CIMType":"String","Description":"The entire content of the remediation powershell script","Name":"RemediationScriptContent","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphdeviceHealthScriptParameter[]","Description":"List of ComplexType RemediationScriptParameters objects.","Name":"RemediationScriptParameters","Option":"Write"},{"CIMType":"String[]","Description":"List of Scope Tag IDs for the device health script","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"Boolean","Description":"Indicate whether PowerShell script(s) should run as 32-bit","Name":"RunAs32Bit","Option":"Write"},{"CIMType":"String","Description":"Indicates the type of execution context. Possible values are: system, user.","Name":"RunAsAccount","Option":"Write","ValueMap":["system","user"],"Values":["system","user"]},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"MSFT_IntuneDeviceRemediationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Device Remediation\n\n**Important:** Global scripts only allow the update of the following properties:\n\n* Assignments\n* RoleScopeTagIds\n* RunAs32Bit\n* RunAsAccount"},{"ClassName":"MSFT_IntuneDiskEncryptionFileVaultPolicyMacOS","Parameters":[{"CIMType":"String","Description":"Policy description","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Policy name","Name":"DisplayName","Option":"Key"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"Defer (true: Enabled)","Name":"Defer","Option":"Write","ValueMap":["true"],"Values":["true"]},{"CIMType":"String","Description":"Defer Dont Ask At User Logout (false: Disabled, true: Enabled)","Name":"DeferDontAskAtUserLogout","Option":"Write","ValueMap":["false","true"],"Values":["false","true"]},{"CIMType":"SInt32","Description":"Defer Force At User Login Max Bypass Attempts","Name":"DeferForceAtUserLoginMaxBypassAttempts","Option":"Write"},{"CIMType":"String","Description":"Enable (0: On, 1: Off)","Name":"Enable","Option":"Write","ValueMap":["On","Off"],"Values":["On","Off"]},{"CIMType":"SInt32","Description":"Recovery Key Rotation In Months (0: 0, 1: 1, 2: 2, 3: 3, 4: 4, 5: 5, 6: 6, 7: 7, 8: 8, 9: 9, 10: 10, 11: 11, 12: 12)","Name":"RecoveryKeyRotationInMonths","Option":"Write","ValueMap":[0,1,2,3,4,5,6,7,8,9,10,11,12],"Values":[0,1,2,3,4,5,6,7,8,9,10,11,12]},{"CIMType":"String","Description":"Use Recovery Key (true: Enabled)","Name":"UseRecoveryKey","Option":"Write","ValueMap":["true"],"Values":["true"]},{"CIMType":"String","Description":"Location where the key should be escrowed to.","Name":"Location","Option":"Write"},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Disk Encryption File Vault Policy for macOS"},{"ClassName":"MSFT_IntuneDiskEncryptionMacOS","Parameters":[{"CIMType":"String","Description":"The user given description","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Display name of the disk encryption file vault policy for MacOS","Name":"DisplayName","Option":"Key"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"Boolean","Description":"If not already enabled, FileVault will be enabled at the next logout.","Name":"Enabled","Option":"Write"},{"CIMType":"UInt32","Description":"Specify how frequently in months (1-12) the device's personal recovery key will rotate. Range: 1-12","Name":"PersonalRecoveryKeyRotationInMonths","Option":"Write"},{"CIMType":"Boolean","Description":"Disable the prompt for the user to enable FileVault when they sign out.","Name":"DisablePromptAtSignOut","Option":"Write"},{"CIMType":"String[]","Description":"Determine which type(s) of recovery key should be generated for this device. Only supported value is 'personalRecoveryKey'. Required, if Enabled is True.","Name":"SelectedRecoveryKeyTypes","Option":"Write"},{"CIMType":"Boolean","Description":"Defer the prompt until the user signs out. Only True is supported.","Name":"AllowDeferralUntilSignOut","Option":"Write"},{"CIMType":"sInt32","Description":"Number of times allowed to bypass (1-10). Special cases: -1 = Not Configured, 11 = No limit, always prompt. ","Name":"NumberOfTimesUserCanIgnore","Option":"Write"},{"CIMType":"Boolean","Description":"Hide recovery key.","Name":"HidePersonalRecoveryKey","Option":"Write"},{"CIMType":"String","Description":"Escrow location description of personal recovery key. Required, if Enabled is True.","Name":"PersonalRecoveryKeyHelpMessage","Option":"Write"},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Disk Encryption for macOS\n\nPlease note: Once the FileVault requirement is enabled, it cannot be disabled. To disable the requirement, the policy has to be deleted."},{"ClassName":"MSFT_IntuneDiskEncryptionPDEPolicyWindows10","Parameters":[{"CIMType":"String","Description":"Policy description","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Policy name","Name":"DisplayName","Option":"Key"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"SInt32","Description":"Enable Personal Data Encryption (User) (0: Disable Personal Data Encryption., 1: Enable Personal Data Encryption.)","Name":"EnablePersonalDataEncryption","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Protect Desktop (User) (Windows Insiders only) - Depends on EnablePersonalDataEncryption (0: Disable PDE on the folder. If the folder is currently protected by PDE, this will result in unprotecting the folder., 1: Enable PDE on the folder.)","Name":"ProtectDesktop","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Protect Pictures (User) (Windows Insiders only) - Depends on EnablePersonalDataEncryption (0: Disable PDE on the folder. If the folder is currently protected by PDE, this will result in unprotecting the folder., 1: Enable PDE on the folder.)","Name":"ProtectPictures","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Protect Documents (User) (Windows Insiders only) - Depends on EnablePersonalDataEncryption (0: Disable PDE on the folder. If the folder is currently protected by PDE, this will result in unprotecting the folder., 1: Enable PDE on the folder.)","Name":"ProtectDocuments","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Disk Encryption Personal Data Encryption Policy for Windows10"},{"ClassName":"MSFT_IntuneDiskEncryptionWindows10","Parameters":[{"CIMType":"String","Description":"Policy description","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Policy name","Name":"DisplayName","Option":"Key"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"Require Device Encryption (0: Disabled, 1: Enabled)","Name":"RequireDeviceEncryption","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Choose drive encryption method and cipher strength (Windows 10 [Version 1511] and later) (0: Disabled, 1: Enabled)","Name":"EncryptionMethodWithXts_Name","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Select the encryption method for operating system drives: (3: AES-CBC 128-bit, 4: AES-CBC 256-bit, 6: XTS-AES 128-bit (default), 7: XTS-AES 256-bit)","Name":"EncryptionMethodWithXtsOsDropDown_Name","Option":"Write","ValueMap":["3","4","6","7"],"Values":["3","4","6","7"]},{"CIMType":"String","Description":"Select the encryption method for fixed data drives: (3: AES-CBC 128-bit, 4: AES-CBC 256-bit, 6: XTS-AES 128-bit (default), 7: XTS-AES 256-bit)","Name":"EncryptionMethodWithXtsFdvDropDown_Name","Option":"Write","ValueMap":["3","4","6","7"],"Values":["3","4","6","7"]},{"CIMType":"String","Description":"Select the encryption method for removable data drives: (3: AES-CBC 128-bit  (default), 4: AES-CBC 256-bit, 6: XTS-AES 128-bit, 7: XTS-AES 256-bit)","Name":"EncryptionMethodWithXtsRdvDropDown_Name","Option":"Write","ValueMap":["3","4","6","7"],"Values":["3","4","6","7"]},{"CIMType":"String","Description":"Provide the unique identifiers for your organization (0: Disabled, 1: Enabled)","Name":"IdentificationField_Name","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"BitLocker identification field: (Device)","Name":"IdentificationField","Option":"Write"},{"CIMType":"String","Description":"Allowed BitLocker identification field: (Device)","Name":"SecIdentificationField","Option":"Write"},{"CIMType":"String","Description":"Allow Warning For Other Disk Encryption (0: Disabled, 1: Enabled)","Name":"AllowWarningForOtherDiskEncryption","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Allow Standard User Encryption (0: This is the default, when the policy is not set. If current logged on user is a standard user, 'RequireDeviceEncryption' policy will not try to enable encryption on any drive., 1: 'RequireDeviceEncryption' policy will try to enable encryption on all fixed drives even if a current logged in user is standard user.)","Name":"AllowStandardUserEncryption","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Configure Recovery Password Rotation (0: Refresh off (default), 1: Refresh on for Azure AD-joined devices, 2: Refresh on for both Azure AD-joined and hybrid-joined devices)","Name":"ConfigureRecoveryPasswordRotation","Option":"Write","ValueMap":["0","1","2"],"Values":["0","1","2"]},{"CIMType":"String","Description":"Enforce drive encryption type on operating system drives (0: Disabled, 1: Enabled)","Name":"OSEncryptionType_Name","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Select the encryption type: (Device) (0: Allow user to choose (default), 1: Full encryption, 2: Used Space Only encryption)","Name":"OSEncryptionTypeDropDown_Name","Option":"Write","ValueMap":["0","1","2"],"Values":["0","1","2"]},{"CIMType":"String","Description":"Require additional authentication at startup (0: Disabled, 1: Enabled)","Name":"ConfigureAdvancedStartup_Name","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Configure TPM startup key: (2: Allow startup key with TPM, 1: Require startup key with TPM, 0: Do not allow startup key with TPM)","Name":"ConfigureTPMStartupKeyUsageDropDown_Name","Option":"Write","ValueMap":["2","1","0"],"Values":["2","1","0"]},{"CIMType":"String","Description":"Configure TPM startup key and PIN: (2: Allow startup key and PIN with TPM, 1: Require startup key and PIN with TPM, 0: Do not allow startup key and PIN with TPM)","Name":"ConfigureTPMPINKeyUsageDropDown_Name","Option":"Write","ValueMap":["2","1","0"],"Values":["2","1","0"]},{"CIMType":"String","Description":"Configure TPM startup: (2: Allow TPM, 1: Require TPM, 0: Do not allow TPM)","Name":"ConfigureTPMUsageDropDown_Name","Option":"Write","ValueMap":["2","1","0"],"Values":["2","1","0"]},{"CIMType":"String","Description":"Allow BitLocker without a compatible TPM (requires a password or a startup key on a USB flash drive) (0: False, 1: True)","Name":"ConfigureNonTPMStartupKeyUsage_Name","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Configure TPM startup PIN: (2: Allow startup PIN with TPM, 1: Require startup PIN with TPM, 0: Do not allow startup PIN with TPM)","Name":"ConfigurePINUsageDropDown_Name","Option":"Write","ValueMap":["2","1","0"],"Values":["2","1","0"]},{"CIMType":"String","Description":"Configure minimum PIN length for startup (0: Disabled, 1: Enabled)","Name":"MinimumPINLength_Name","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"SInt32","Description":"Minimum characters:","Name":"MinPINLength","Option":"Write"},{"CIMType":"String","Description":"Allow enhanced PINs for startup (0: Disabled, 1: Enabled)","Name":"EnhancedPIN_Name","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Disallow standard users from changing the PIN or password (0: Disabled, 1: Enabled)","Name":"DisallowStandardUsersCanChangePIN_Name","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Allow devices compliant with InstantGo or HSTI to opt out of pre-boot PIN. (0: Disabled, 1: Enabled)","Name":"EnablePreBootPinExceptionOnDECapableDevice_Name","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Enable use of BitLocker authentication requiring preboot keyboard input on slates (0: Disabled, 1: Enabled)","Name":"EnablePrebootInputProtectorsOnSlates_Name","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Choose how BitLocker-protected operating system drives can be recovered (0: Disabled, 1: Enabled)","Name":"OSRecoveryUsage_Name","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Do not enable BitLocker until recovery information is stored to AD DS for operating system drives (0: False, 1: True)","Name":"OSRequireActiveDirectoryBackup_Name","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Save BitLocker recovery information to AD DS for operating system drives (0: False, 1: True)","Name":"OSActiveDirectoryBackup_Name","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Configure user storage of BitLocker recovery information: (2: Allow 48-digit recovery password, 1: Require 48-digit recovery password, 0: Do not allow 48-digit recovery password)","Name":"OSRecoveryPasswordUsageDropDown_Name","Option":"Write","ValueMap":["2","1","0"],"Values":["2","1","0"]},{"CIMType":"String","Description":"Omit recovery options from the BitLocker setup wizard (0: False, 1: True)","Name":"OSHideRecoveryPage_Name","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Allow data recovery agent (0: False, 1: True)","Name":"OSAllowDRA_Name","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Configure OS recovery key usage: (2: Allow 256-bit recovery key, 1: Require 256-bit recovery key, 0: Do not allow 256-bit recovery key)","Name":"OSRecoveryKeyUsageDropDown_Name","Option":"Write","ValueMap":["2","1","0"],"Values":["2","1","0"]},{"CIMType":"String","Description":"Configure storage of BitLocker recovery information to AD DS: (1: Store recovery passwords and key packages, 2: Store recovery passwords only)","Name":"OSActiveDirectoryBackupDropDown_Name","Option":"Write","ValueMap":["1","2"],"Values":["1","2"]},{"CIMType":"String","Description":"Configure pre-boot recovery message and URL (0: Disabled, 1: Enabled)","Name":"PrebootRecoveryInfo_Name","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Select an option for the pre-boot recovery message: (0: , 1: Use default recovery message and URL, 2: Use custom recovery message, 3: Use custom recovery URL)","Name":"PrebootRecoveryInfoDropDown_Name","Option":"Write","ValueMap":["0","1","2","3"],"Values":["0","1","2","3"]},{"CIMType":"String","Description":"Custom recovery URL option:","Name":"RecoveryUrl_Input","Option":"Write"},{"CIMType":"String","Description":"Custom recovery message option:","Name":"RecoveryMessage_Input","Option":"Write"},{"CIMType":"String","Description":"Enforce drive encryption type on fixed data drives (0: Disabled, 1: Enabled)","Name":"FDVEncryptionType_Name","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Select the encryption type: (Device) (0: Allow user to choose (default), 1: Full encryption, 2: Used Space Only encryption)","Name":"FDVEncryptionTypeDropDown_Name","Option":"Write","ValueMap":["0","1","2"],"Values":["0","1","2"]},{"CIMType":"String","Description":"Choose how BitLocker-protected fixed drives can be recovered (0: Disabled, 1: Enabled)","Name":"FDVRecoveryUsage_Name","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Save BitLocker recovery information to AD DS for fixed data drives (0: False, 1: True)","Name":"FDVActiveDirectoryBackup_Name","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Omit recovery options from the BitLocker setup wizard (0: False, 1: True)","Name":"FDVHideRecoveryPage_Name","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Configure user storage of BitLocker recovery information: (2: Allow 48-digit recovery password, 1: Require 48-digit recovery password, 0: Do not allow 48-digit recovery password)","Name":"FDVRecoveryPasswordUsageDropDown_Name","Option":"Write","ValueMap":["2","1","0"],"Values":["2","1","0"]},{"CIMType":"String","Description":"Do not enable BitLocker until recovery information is stored to AD DS for fixed data drives (0: False, 1: True)","Name":"FDVRequireActiveDirectoryBackup_Name","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Allow data recovery agent (0: False, 1: True)","Name":"FDVAllowDRA_Name","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Configure storage of BitLocker recovery information to AD DS: (1: Backup recovery passwords and key packages, 2: Backup recovery passwords only)","Name":"FDVActiveDirectoryBackupDropDown_Name","Option":"Write","ValueMap":["1","2"],"Values":["1","2"]},{"CIMType":"String","Description":"Select the fixed drive recovery key usage: (2: Allow 256-bit recovery key, 1: Require 256-bit recovery key, 0: Do not allow 256-bit recovery key)","Name":"FDVRecoveryKeyUsageDropDown_Name","Option":"Write","ValueMap":["2","1","0"],"Values":["2","1","0"]},{"CIMType":"String","Description":"Deny write access to fixed drives not protected by BitLocker (0: Disabled, 1: Enabled)","Name":"FDVDenyWriteAccess_Name","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Control use of BitLocker on removable drives (0: Disabled, 1: Enabled)","Name":"RDVConfigureBDE","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Allow users to apply BitLocker protection on removable data drives (Device) (0: False, 1: True)","Name":"RDVAllowBDE_Name","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Enforce drive encryption type on removable data drives (0: Disabled, 1: Enabled)","Name":"RDVEncryptionType_Name","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Select the encryption type: (Device) (0: Allow user to choose (default), 1: Full encryption, 2: Used Space Only encryption)","Name":"RDVEncryptionTypeDropDown_Name","Option":"Write","ValueMap":["0","1","2"],"Values":["0","1","2"]},{"CIMType":"String","Description":"Allow users to suspend and decrypt BitLocker protection on removable data drives (Device) (0: False, 1: True)","Name":"RDVDisableBDE_Name","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Deny write access to removable drives not protected by BitLocker (0: Disabled, 1: Enabled)","Name":"RDVDenyWriteAccess_Name","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Do not allow write access to devices configured in another organization (0: False, 1: True)","Name":"RDVCrossOrg","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Disk Encryption for Windows10"},{"ClassName":"MSFT_IntuneEndpointDetectionAndResponsePolicyLinux","Parameters":[{"CIMType":"String","Description":"Policy name","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"Policy description","Name":"Description","Option":"Write"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"Value of tag","Name":"tags_item_value","Option":"Write"},{"CIMType":"String","Description":"Type of tag (GROUP)","Name":"tags_item_key","Option":"Write","ValueMap":["GROUP"],"Values":["GROUP"]},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Endpoint Detection And Response Policy Linux"},{"ClassName":"MSFT_IntuneEndpointDetectionAndResponsePolicyMacOS","Parameters":[{"CIMType":"String","Description":"Policy name","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"Policy description","Name":"Description","Option":"Write"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"Value of tag","Name":"tags_item_value","Option":"Write"},{"CIMType":"String","Description":"Type of tag. (GROUP)","Name":"tags_item_key","Option":"Write","ValueMap":["GROUP"],"Values":["GROUP"]},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Endpoint Detection And Response Policy MacOS"},{"ClassName":"MSFT_IntuneEndpointDetectionAndResponsePolicyWindows10","Parameters":[{"CIMType":"String","Description":"Identity of the endpoint detection and response policy for Windows 10.","Name":"Identity","Option":"Write"},{"CIMType":"String","Description":"Display name of the endpoint detection and response policy for Windows 10.","Name":"DisplayName","Option":"Key"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"String","Description":"Description of the endpoint detection and response policy for Windows 10.","Name":"Description","Option":"Write"},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Assignments of the endpoint detection and response policy for Windows 10.","Name":"Assignments","Option":"Write"},{"CIMType":"SInt32","Description":"Return or set Windows Defender Advanced Threat Protection Sample Sharing configuration parameter: 0 - none, 1 - All","Name":"SampleSharing","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"String","Description":"Microsoft Defender for Endpoint endpoint detection and response capabilities provide advanced attack detections that are near real-time and actionable. Security analysts can prioritize alerts effectively, gain visibility into the full scope of a breach, and take response actions to remediate threats.","Name":"ConfigurationType","Option":"Write","ValueMap":["AutoFromConnector","Onboard","Offboard"],"Values":["AutoFromConnector","Onboard","Offboard"]},{"CIMType":"String","Description":"Set Windows Defender Advanced Threat Protection Onboarding blob and initiate onboarding to Windows Defender Advanced Threat Protection","Name":"ConfigurationBlob","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Intune Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Name of the Azure Active Directory tenant used for authentication. Format contoso.onmicrosoft.com","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures an Intune Endpoint Detection and Response Policy for Windows 10."},{"ClassName":"MSFT_IntuneEpmCertificatePolicySetting","Parameters":[{"CIMType":"String","Description":"Description of the setting.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Display Name of the setting.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"The base64 encoded certificate file content.","Name":"CertificateFile","Option":"Required"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Endpoint Privilege Management Certificate Policy Setting"},{"ClassName":"MSFT_MicrosoftGraphIntuneSettingsCatalogElevationRuleName","Parameters":[{"CIMType":"String","Description":"Child process behavior (allowrunelevated: AllowRunElevated, allowrunelevatedrulerequired: AllowRunElevatedRuleRequired, deny: Deny)","Name":"ChildProcessBehavior","Option":"Write","ValueMap":["allowrunelevated","allowrunelevatedrulerequired","deny"],"Values":["allowrunelevated","allowrunelevatedrulerequired","deny"]},{"CIMType":"String","Description":"File name","Name":"FileName","Option":"Required"},{"CIMType":"String","Description":"Rule name","Name":"Name","Option":"Key"},{"CIMType":"String","Description":"File path","Name":"FilePath","Option":"Write"},{"CIMType":"String","Description":"Product name","Name":"ProductName","Option":"Write"},{"CIMType":"String","Description":"Applies to (allusers: Allusers)","Name":"AppliesTo","Option":"Write","ValueMap":["allusers"],"Values":["allusers"]},{"CIMType":"String","Description":"Description","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Minimum version","Name":"FileVersion","Option":"Write"},{"CIMType":"String","Description":"Internal name","Name":"InternalName","Option":"Write"},{"CIMType":"String","Description":"File hash. Required, if no certificate is used.","Name":"FileHash","Option":"Write"},{"CIMType":"String","Description":"File description","Name":"FileDescription","Option":"Write"},{"CIMType":"SInt32","Description":"Signature source (0: ReusableCertificate, 1: NewCertificate)","Name":"SignatureSource","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"String","Description":"Certificate type (publisher: Publisher, issuingauthority: IssuingAuthority)","Name":"CertificateType","Option":"Write","ValueMap":["publisher","issuingauthority"],"Values":["publisher","issuingauthority"]},{"CIMType":"String","Description":"Certificate","Name":"CertificatePayloadWithReusableSetting","Option":"Write"},{"CIMType":"String","Description":"File upload","Name":"CertificateFileUpload","Option":"Write"},{"CIMType":"String","Description":"Elevation type (self: Userconfirmed, automatic: Automatic, deny: Deny, supportarbitrated: Supportapproved, userconfirmeduser: UserConfirmedUser)","Name":"Elevationtype","Option":"Required","ValueMap":["self","automatic","deny","supportarbitrated","userconfirmeduser"],"Values":["self","automatic","deny","supportarbitrated","userconfirmeduser"]},{"CIMType":"SInt32[]","Description":"User Confirmed User Validation (2: Windows Authentication)","Name":"UserConfirmedUserElevationTypeValidation","Option":"Write","ValueMap":[2],"Values":[2]},{"CIMType":"SInt32[]","Description":"Validation (1: Business Justification, 2: Windows Authentication)","Name":"ElevationTypeValidation","Option":"Write","ValueMap":[1,2],"Values":[1,2]},{"CIMType":"String","Description":"Restrict Arguments (allow: Allow)","Name":"RestrictArguments","Option":"Write","ValueMap":["allow"],"Values":["allow"]},{"CIMType":"String[]","Description":"Argument List","Name":"ArgumentList","Option":"Write"}],"Description":"Intune Epm Elevation Rules Policy for Windows10"},{"ClassName":"MSFT_IntuneEpmElevationRulesPolicyWindows10","Parameters":[{"CIMType":"String","Description":"Policy description","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Policy name","Name":"DisplayName","Option":"Key"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphIntuneSettingsCatalogElevationRuleName[]","Description":"Elevation Rule Name","Name":"ElevationRuleName","Option":"Write"},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Epm Elevation Rules Policy for Windows10"},{"ClassName":"MSFT_IntuneEpmElevationSettingsPolicyWindows10","Parameters":[{"CIMType":"String","Description":"Policy description","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Policy name","Name":"DisplayName","Option":"Key"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"SInt32","Description":"Endpoint Privilege Management (1: Enabled, 0: Disabled)","Name":"EndpointPrivilegeManagement","Option":"Write","ValueMap":[1,0],"Values":[1,0]},{"CIMType":"SInt32","Description":"Default elevation response - Depends on EndpointPrivilegeManagement (0: DenyAllRequests, 1: RequireUserConfirmation, 2: RequireSupportApproval)","Name":"DefaultElevationResponse","Option":"Write","ValueMap":[0,1,2],"Values":[0,1,2]},{"CIMType":"SInt32[]","Description":"Validation (0: Business Justification, 1: Windows Authentication)","Name":"DefaultBehaviorValidation","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"(Preview) Automatically detect elevations - Depends on EndpointPrivilegeManagement (0: No, 1: Yes)","Name":"AllowElevationDetection","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Send elevation data for reporting - Depends on EndpointPrivilegeManagement (1: Yes, 0: No)","Name":"SendDataToMicrosoft","Option":"Write","ValueMap":[1,0],"Values":[1,0]},{"CIMType":"SInt32","Description":"Reporting scope (1: DiagnosticDataAndManagedElevationsOnly, 2: DiagnosticDataAndAllEndpointElevations, 0: DiagnosticDataOnly)","Name":"ReportingScope","Option":"Write","ValueMap":[1,2,0],"Values":[1,2,0]},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Endpoint Privilege Management Elevation Settings Policy for Windows10"},{"ClassName":"MSFT_IntuneExploitProtectionPolicyWindows10SettingCatalog","Parameters":[{"CIMType":"String","Description":"Identity of the endpoint protection policy.","Name":"Identity","Option":"Write"},{"CIMType":"String","Description":"Display name of the endpoint protection policy.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"Description of the endpoint protection.","Name":"Description","Option":"Write"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"String","Description":"Enables the IT admin to push out a configuration representing the desired system and application mitigation options to all the devices in the organization. The configuration is represented by an XML.","Name":"ExploitProtectionSettings","Option":"Write"},{"CIMType":"SInt32","Description":"Prevent users from making changes to the exploit protection settings area in the Windows Defender Security Center.values 0:disable, 1:enable","Name":"DisallowExploitProtectionOverride","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Assignments of the endpoint protection.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Intune Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Name of the Azure Active Directory tenant used for authentication. Format contoso.onmicrosoft.com","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures an Intune Endpoint Protection Exploit Protection policy for a Windows 10 Device.\nEnables the IT admin to push out a configuration representing the desired system and application mitigation options to all the devices in the organization. The configuration is represented by an XML.\nFor more information Exploit Protection, see\n\n* Enable Exploit Protection on Devices and Import: <https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/enable-exploit-protection/>\n* Export, and deploy Exploit Protection configurations: <https://docs.microsoft.com/en-us/windows/threat-protection/windows-defender-exploit-guard/import-export-exploit-protection-emet-xml/>"},{"ClassName":"MSFT_ReusableFirewallPolicySetting","Parameters":[{"CIMType":"String[]","Description":"The addresses to resolve. Required, if AutoResolve is set to 'False'.","Name":"Addresses","Option":"Write"},{"CIMType":"Boolean","Description":"If the Firewall service should automatically resolve the IP addresses.","Name":"AutoResolve","Option":"Required"},{"CIMType":"String","Description":"The identifier of the reusable firewall policy setting.","Name":"Keyword","Option":"Key"}],"Description":"Intune Firewall Policy Setting"},{"ClassName":"MSFT_IntuneFirewallPolicySetting","Parameters":[{"CIMType":"MSFT_ReusableFirewallPolicySetting[]","Description":"The Firewall policy settings.","Name":"PolicySettings","Option":"Write"},{"CIMType":"String","Description":"Description of the setting.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Display Name of the setting.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Firewall Policy Setting"},{"ClassName":"MSFT_IntuneFirewallPolicyWindows10","Parameters":[{"CIMType":"String","Description":"Policy description","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Policy name","Name":"DisplayName","Option":"Key"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"Certificate revocation list verification (0: Disables CRL checking, 1: Specifies that CRL checking is attempted and that certificate validation fails only if the certificate is revoked. Other failures that are encountered during CRL checking (such as the revocation URL being unreachable) do not cause certificate validation to fail., 2: Means that checking is required and that certificate validation fails if any error is encountered during CRL processing)","Name":"CRLcheck","Option":"Write","ValueMap":["0","1","2"],"Values":["0","1","2"]},{"CIMType":"String","Description":"Disable Stateful Ftp (false: Stateful FTP enabled, true: Stateful FTP disabled)","Name":"DisableStatefulFtp","Option":"Write","ValueMap":["false","true"],"Values":["false","true"]},{"CIMType":"SInt32[]","Description":"Enable Packet Queue (0: Indicates that all queuing is to be disabled, 1: Specifies that inbound encrypted packets are to be queued, 2: Specifies that packets are to be queued after decryption is performed for forwarding)","Name":"EnablePacketQueue","Option":"Write","ValueMap":[0,1,2],"Values":[0,1,2]},{"CIMType":"SInt32[]","Description":"IPsec Exceptions (0: FW_GLOBAL_CONFIG_IPSEC_EXEMPT_NONE:  No IPsec exemptions., 1: FW_GLOBAL_CONFIG_IPSEC_EXEMPT_NEIGHBOR_DISC:  Exempt neighbor discover IPv6 ICMP type-codes from IPsec., 2: FW_GLOBAL_CONFIG_IPSEC_EXEMPT_ICMP:  Exempt ICMP from IPsec., 4: FW_GLOBAL_CONFIG_IPSEC_EXEMPT_ROUTER_DISC:  Exempt router discover IPv6 ICMP type-codes from IPsec., 8: FW_GLOBAL_CONFIG_IPSEC_EXEMPT_DHCP:  Exempt both IPv4 and IPv6 DHCP traffic from IPsec.)","Name":"IPsecExempt","Option":"Write","ValueMap":[0,1,2,4,8],"Values":[0,1,2,4,8]},{"CIMType":"String","Description":"Opportunistically Match Auth Set Per KM (false: FALSE, true: TRUE)","Name":"OpportunisticallyMatchAuthSetPerKM","Option":"Write","ValueMap":["false","true"],"Values":["false","true"]},{"CIMType":"String","Description":"Preshared Key Encoding (0: FW_GLOBAL_CONFIG_PRESHARED_KEY_ENCODING_NONE:  Preshared key is not encoded. Instead, it is kept in its wide-character format. This symbolic constant has a value of 0., 1: FW_GLOBAL_CONFIG_PRESHARED_KEY_ENCODING_UTF_8:  Encode the preshared key using UTF-8. This symbolic constant has a value of 1.)","Name":"PresharedKeyEncoding","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"SInt32","Description":"Security association idle time","Name":"SaIdleTime","Option":"Write"},{"CIMType":"String","Description":"Enable Domain Network Firewall (false: Disable Firewall, true: Enable Firewall)","Name":"DomainProfile_EnableFirewall","Option":"Write","ValueMap":["false","true"],"Values":["false","true"]},{"CIMType":"String","Description":"Disable Unicast Responses To Multicast Broadcast (false: Unicast Responses Not Blocked, true: Unicast Responses Blocked)","Name":"DomainProfile_DisableUnicastResponsesToMulticastBroadcast","Option":"Write","ValueMap":["false","true"],"Values":["false","true"]},{"CIMType":"String","Description":"Enable Log Ignored Rules (false: Disable Logging Of Ignored Rules, true: Enable Logging Of Ignored Rules)","Name":"DomainProfile_EnableLogIgnoredRules","Option":"Write","ValueMap":["false","true"],"Values":["false","true"]},{"CIMType":"String","Description":"Global Ports Allow User Pref Merge (false: GlobalPortsAllowUserPrefMerge Off, true: GlobalPortsAllowUserPrefMerge On)","Name":"DomainProfile_GlobalPortsAllowUserPrefMerge","Option":"Write","ValueMap":["false","true"],"Values":["false","true"]},{"CIMType":"String","Description":"Default Inbound Action for Domain Profile (0: Allow Inbound By Default, 1: Block Inbound By Default)","Name":"DomainProfile_DefaultInboundAction","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Disable Stealth Mode Ipsec Secured Packet Exemption (false: FALSE, true: TRUE)","Name":"DomainProfile_DisableStealthModeIpsecSecuredPacketExemption","Option":"Write","ValueMap":["false","true"],"Values":["false","true"]},{"CIMType":"String","Description":"Allow Local Policy Merge (false: AllowLocalPolicyMerge Off, true: AllowLocalPolicyMerge On)","Name":"DomainProfile_AllowLocalPolicyMerge","Option":"Write","ValueMap":["false","true"],"Values":["false","true"]},{"CIMType":"String","Description":"Enable Log Success Connections (false: Disable Logging Of Successful Connections, true: Enable Logging Of Successful Connections)","Name":"DomainProfile_EnableLogSuccessConnections","Option":"Write","ValueMap":["false","true"],"Values":["false","true"]},{"CIMType":"String","Description":"Allow Local Ipsec Policy Merge (false: AllowLocalIpsecPolicyMerge Off, true: AllowLocalIpsecPolicyMerge On)","Name":"DomainProfile_AllowLocalIpsecPolicyMerge","Option":"Write","ValueMap":["false","true"],"Values":["false","true"]},{"CIMType":"String","Description":"Log File Path","Name":"DomainProfile_LogFilePath","Option":"Write"},{"CIMType":"String","Description":"Disable Stealth Mode (false: Use Stealth Mode, true: Disable Stealth Mode)","Name":"DomainProfile_DisableStealthMode","Option":"Write","ValueMap":["false","true"],"Values":["false","true"]},{"CIMType":"String","Description":"Auth Apps Allow User Pref Merge (false: AuthAppsAllowUserPrefMerge Off, true: AuthAppsAllowUserPrefMerge On)","Name":"DomainProfile_AuthAppsAllowUserPrefMerge","Option":"Write","ValueMap":["false","true"],"Values":["false","true"]},{"CIMType":"String","Description":"Enable Log Dropped Packets (false: Disable Logging Of Dropped Packets, true: Enable Logging Of Dropped Packets)","Name":"DomainProfile_EnableLogDroppedPackets","Option":"Write","ValueMap":["false","true"],"Values":["false","true"]},{"CIMType":"String","Description":"Shielded (false: Shielding Off, true: Shielding On)","Name":"DomainProfile_Shielded","Option":"Write","ValueMap":["false","true"],"Values":["false","true"]},{"CIMType":"String","Description":"Default Outbound Action (0: Allow Outbound By Default, 1: Block Outbound By Default)","Name":"DomainProfile_DefaultOutboundAction","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Disable Inbound Notifications (false: Firewall May Display Notification, true: Firewall Must Not Display Notification)","Name":"DomainProfile_DisableInboundNotifications","Option":"Write","ValueMap":["false","true"],"Values":["false","true"]},{"CIMType":"SInt32","Description":"Log Max File Size","Name":"DomainProfile_LogMaxFileSize","Option":"Write"},{"CIMType":"String","Description":"Enable Private Network Firewall (false: Disable Firewall, true: Enable Firewall)","Name":"PrivateProfile_EnableFirewall","Option":"Write","ValueMap":["false","true"],"Values":["false","true"]},{"CIMType":"String","Description":"Allow Local Ipsec Policy Merge (false: AllowLocalIpsecPolicyMerge Off, true: AllowLocalIpsecPolicyMerge On)","Name":"PrivateProfile_AllowLocalIpsecPolicyMerge","Option":"Write","ValueMap":["false","true"],"Values":["false","true"]},{"CIMType":"String","Description":"Disable Stealth Mode Ipsec Secured Packet Exemption (false: FALSE, true: TRUE)","Name":"PrivateProfile_DisableStealthModeIpsecSecuredPacketExemption","Option":"Write","ValueMap":["false","true"],"Values":["false","true"]},{"CIMType":"String","Description":"Disable Inbound Notifications (false: Firewall May Display Notification, true: Firewall Must Not Display Notification)","Name":"PrivateProfile_DisableInboundNotifications","Option":"Write","ValueMap":["false","true"],"Values":["false","true"]},{"CIMType":"String","Description":"Shielded (false: Shielding Off, true: Shielding On)","Name":"PrivateProfile_Shielded","Option":"Write","ValueMap":["false","true"],"Values":["false","true"]},{"CIMType":"String","Description":"Allow Local Policy Merge (false: AllowLocalPolicyMerge Off, true: AllowLocalPolicyMerge On)","Name":"PrivateProfile_AllowLocalPolicyMerge","Option":"Write","ValueMap":["false","true"],"Values":["false","true"]},{"CIMType":"String","Description":"Default Outbound Action (0: Allow Outbound By Default, 1: Block Outbound By Default)","Name":"PrivateProfile_DefaultOutboundAction","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Auth Apps Allow User Pref Merge (false: AuthAppsAllowUserPrefMerge Off, true: AuthAppsAllowUserPrefMerge On)","Name":"PrivateProfile_AuthAppsAllowUserPrefMerge","Option":"Write","ValueMap":["false","true"],"Values":["false","true"]},{"CIMType":"String","Description":"Enable Log Ignored Rules (false: Disable Logging Of Ignored Rules, true: Enable Logging Of Ignored Rules)","Name":"PrivateProfile_EnableLogIgnoredRules","Option":"Write","ValueMap":["false","true"],"Values":["false","true"]},{"CIMType":"SInt32","Description":"Log Max File Size","Name":"PrivateProfile_LogMaxFileSize","Option":"Write"},{"CIMType":"String","Description":"Default Inbound Action for Private Profile (0: Allow Inbound By Default, 1: Block Inbound By Default)","Name":"PrivateProfile_DefaultInboundAction","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Disable Unicast Responses To Multicast Broadcast (false: Unicast Responses Not Blocked, true: Unicast Responses Blocked)","Name":"PrivateProfile_DisableUnicastResponsesToMulticastBroadcast","Option":"Write","ValueMap":["false","true"],"Values":["false","true"]},{"CIMType":"String","Description":"Log File Path","Name":"PrivateProfile_LogFilePath","Option":"Write"},{"CIMType":"String","Description":"Disable Stealth Mode (false: Use Stealth Mode, true: Disable Stealth Mode)","Name":"PrivateProfile_DisableStealthMode","Option":"Write","ValueMap":["false","true"],"Values":["false","true"]},{"CIMType":"String","Description":"Enable Log Success Connections (false: Disable Logging Of Successful Connections, true: Enable Logging Of Successful Connections)","Name":"PrivateProfile_EnableLogSuccessConnections","Option":"Write","ValueMap":["false","true"],"Values":["false","true"]},{"CIMType":"String","Description":"Global Ports Allow User Pref Merge (false: GlobalPortsAllowUserPrefMerge Off, true: GlobalPortsAllowUserPrefMerge On)","Name":"PrivateProfile_GlobalPortsAllowUserPrefMerge","Option":"Write","ValueMap":["false","true"],"Values":["false","true"]},{"CIMType":"String","Description":"Enable Log Dropped Packets (false: Disable Logging Of Dropped Packets, true: Enable Logging Of Dropped Packets)","Name":"PrivateProfile_EnableLogDroppedPackets","Option":"Write","ValueMap":["false","true"],"Values":["false","true"]},{"CIMType":"String","Description":"Enable Public Network Firewall (false: Disable Firewall, true: Enable Firewall)","Name":"PublicProfile_EnableFirewall","Option":"Write","ValueMap":["false","true"],"Values":["false","true"]},{"CIMType":"String","Description":"Default Outbound Action (0: Allow Outbound By Default, 1: Block Outbound By Default)","Name":"PublicProfile_DefaultOutboundAction","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Disable Inbound Notifications (false: Firewall May Display Notification, true: Firewall Must Not Display Notification)","Name":"PublicProfile_DisableInboundNotifications","Option":"Write","ValueMap":["false","true"],"Values":["false","true"]},{"CIMType":"String","Description":"Disable Stealth Mode Ipsec Secured Packet Exemption (false: FALSE, true: TRUE)","Name":"PublicProfile_DisableStealthModeIpsecSecuredPacketExemption","Option":"Write","ValueMap":["false","true"],"Values":["false","true"]},{"CIMType":"String","Description":"Shielded (false: Shielding Off, true: Shielding On)","Name":"PublicProfile_Shielded","Option":"Write","ValueMap":["false","true"],"Values":["false","true"]},{"CIMType":"String","Description":"Allow Local Policy Merge (false: AllowLocalPolicyMerge Off, true: AllowLocalPolicyMerge On)","Name":"PublicProfile_AllowLocalPolicyMerge","Option":"Write","ValueMap":["false","true"],"Values":["false","true"]},{"CIMType":"String","Description":"Auth Apps Allow User Pref Merge (false: AuthAppsAllowUserPrefMerge Off, true: AuthAppsAllowUserPrefMerge On)","Name":"PublicProfile_AuthAppsAllowUserPrefMerge","Option":"Write","ValueMap":["false","true"],"Values":["false","true"]},{"CIMType":"String","Description":"Log File Path","Name":"PublicProfile_LogFilePath","Option":"Write"},{"CIMType":"String","Description":"Default Inbound Action for Public Profile (0: Allow Inbound By Default, 1: Block Inbound By Default)","Name":"PublicProfile_DefaultInboundAction","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Disable Unicast Responses To Multicast Broadcast (false: Unicast Responses Not Blocked, true: Unicast Responses Blocked)","Name":"PublicProfile_DisableUnicastResponsesToMulticastBroadcast","Option":"Write","ValueMap":["false","true"],"Values":["false","true"]},{"CIMType":"String","Description":"Global Ports Allow User Pref Merge (false: GlobalPortsAllowUserPrefMerge Off, true: GlobalPortsAllowUserPrefMerge On)","Name":"PublicProfile_GlobalPortsAllowUserPrefMerge","Option":"Write","ValueMap":["false","true"],"Values":["false","true"]},{"CIMType":"String","Description":"Enable Log Success Connections (false: Disable Logging Of Successful Connections, true: Enable Logging Of Successful Connections)","Name":"PublicProfile_EnableLogSuccessConnections","Option":"Write","ValueMap":["false","true"],"Values":["false","true"]},{"CIMType":"String","Description":"Allow Local Ipsec Policy Merge (false: AllowLocalIpsecPolicyMerge Off, true: AllowLocalIpsecPolicyMerge On)","Name":"PublicProfile_AllowLocalIpsecPolicyMerge","Option":"Write","ValueMap":["false","true"],"Values":["false","true"]},{"CIMType":"String","Description":"Enable Log Dropped Packets (false: Disable Logging Of Dropped Packets, true: Enable Logging Of Dropped Packets)","Name":"PublicProfile_EnableLogDroppedPackets","Option":"Write","ValueMap":["false","true"],"Values":["false","true"]},{"CIMType":"String","Description":"Enable Log Ignored Rules (false: Disable Logging Of Ignored Rules, true: Enable Logging Of Ignored Rules)","Name":"PublicProfile_EnableLogIgnoredRules","Option":"Write","ValueMap":["false","true"],"Values":["false","true"]},{"CIMType":"SInt32","Description":"Log Max File Size","Name":"PublicProfile_LogMaxFileSize","Option":"Write"},{"CIMType":"String","Description":"Disable Stealth Mode (false: Use Stealth Mode, true: Disable Stealth Mode)","Name":"PublicProfile_DisableStealthMode","Option":"Write","ValueMap":["false","true"],"Values":["false","true"]},{"CIMType":"String","Description":"Object Access Audit Filtering Platform Connection (0: Off/None, 1: Success, 2: Failure, 3: Success+Failure)","Name":"ObjectAccess_AuditFilteringPlatformConnection","Option":"Write","ValueMap":["0","1","2","3"],"Values":["0","1","2","3"]},{"CIMType":"String","Description":"Object Access Audit Filtering Platform Packet Drop (0: Off/None, 1: Success, 2: Failure, 3: Success+Failure)","Name":"ObjectAccess_AuditFilteringPlatformPacketDrop","Option":"Write","ValueMap":["0","1","2","3"],"Values":["0","1","2","3"]},{"CIMType":"String[]","Description":"Allowed Tls Authentication Endpoints","Name":"AllowedTlsAuthenticationEndpoints","Option":"Write"},{"CIMType":"String","Description":"Configured Tls Authentication Network Name","Name":"ConfiguredTlsAuthenticationNetworkName","Option":"Write"},{"CIMType":"String","Description":"Hyper-V: Target (wsl: WSL)","Name":"Target","Option":"Write","ValueMap":["wsl"],"Values":["wsl"]},{"CIMType":"String","Description":"Hyper-V: Enable Domain Network Firewall (false: Disable Firewall, true: Enable Firewall)","Name":"HyperVVMSettings_DomainProfile_EnableFirewall","Option":"Write","ValueMap":["false","true"],"Values":["false","true"]},{"CIMType":"String","Description":"Hyper-V: Allow Local Policy Merge (false: AllowLocalPolicyMerge Off, true: AllowLocalPolicyMerge On)","Name":"HyperVVMSettings_DomainProfile_AllowLocalPolicyMerge","Option":"Write","ValueMap":["false","true"],"Values":["false","true"]},{"CIMType":"String","Description":"Hyper-V: Default Inbound Action (0: Allow Inbound By Default, 1: Block Inbound By Default)","Name":"HyperVVMSettings_DomainProfile_DefaultInboundAction","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Hyper-V: Default Outbound Action (0: Allow Outbound By Default, 1: Block Outbound By Default)","Name":"HyperVVMSettings_DomainProfile_DefaultOutboundAction","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Hyper-V: Enable Loopback (false: Disable loopback, true: Enable loopback)","Name":"EnableLoopback","Option":"Write","ValueMap":["false","true"],"Values":["false","true"]},{"CIMType":"String","Description":"Hyper-V: Enable Public Network Firewall (false: Disable Hyper-V Firewall, true: Enable Hyper-V Firewall)","Name":"HyperVVMSettings_PublicProfile_EnableFirewall","Option":"Write","ValueMap":["false","true"],"Values":["false","true"]},{"CIMType":"String","Description":"Hyper-V: Default Inbound Action (0: Allow Inbound By Default, 1: Block Inbound By Default)","Name":"HyperVVMSettings_PublicProfile_DefaultInboundAction","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Hyper-V: Default Outbound Action (0: Allow Outbound By Default, 1: Block Outbound By Default)","Name":"HyperVVMSettings_PublicProfile_DefaultOutboundAction","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Hyper-V: Allow Local Policy Merge (false: AllowLocalPolicyMerge Off, true: AllowLocalPolicyMerge On)","Name":"HyperVVMSettings_PublicProfile_AllowLocalPolicyMerge","Option":"Write","ValueMap":["false","true"],"Values":["false","true"]},{"CIMType":"String","Description":"Hyper-V: Enable Private Network Firewall (false: Disable Firewall, true: Enable Firewall)","Name":"HyperVVMSettings_PrivateProfile_EnableFirewall","Option":"Write","ValueMap":["false","true"],"Values":["false","true"]},{"CIMType":"String","Description":"Hyper-V: Default Outbound Action (0: Allow Outbound By Default, 1: Block Outbound By Default)","Name":"HyperVVMSettings_PrivateProfile_DefaultOutboundAction","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Hyper-V: Default Inbound Action (0: Allow Inbound By Default, 1: Block Inbound By Default)","Name":"HyperVVMSettings_PrivateProfile_DefaultInboundAction","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Hyper-V: Allow Local Policy Merge (false: AllowLocalPolicyMerge Off, true: AllowLocalPolicyMerge On)","Name":"HyperVVMSettings_PrivateProfile_AllowLocalPolicyMerge","Option":"Write","ValueMap":["false","true"],"Values":["false","true"]},{"CIMType":"String","Description":"Hyper-V: Allow Host Policy Merge (false: AllowHostPolicyMerge Off, true: AllowHostPolicyMerge On)","Name":"AllowHostPolicyMerge","Option":"Write","ValueMap":["false","true"],"Values":["false","true"]},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Firewall Policy for Windows10"},{"ClassName":"MSFT_MicrosoftGraphIntuneSettingsCatalogFirewallRuleName_IntuneFirewallRulesHyperVPolicyWindows10","Parameters":[{"CIMType":"String","Description":"Enabled - Depends on FirewallRuleName (0: Disabled, 1: Enabled)","Name":"Enabled","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Name - Depends on FirewallRuleName","Name":"Name","Option":"Key"},{"CIMType":"String","Description":"Direction - Depends on FirewallRuleName (in: The rule applies to inbound traffic., out: The rule applies to outbound traffic.)","Name":"Direction","Option":"Write","ValueMap":["IN","OUT"],"Values":["IN","OUT"]},{"CIMType":"SInt32","Description":"Priority - Depends on FirewallRuleName","Name":"Priority","Option":"Write"},{"CIMType":"SInt32[]","Description":"Profiles - Depends on FirewallRuleName (1: FW_PROFILE_TYPE_DOMAIN:  This value represents the profile for networks that are connected to domains., 2: FW_PROFILE_TYPE_STANDARD:  This value represents the standard profile for networks. These networks are classified as private by the administrators in the server host. The classification happens the first time the host connects to the network. Usually these networks are behind Network Address Translation (NAT) devices, routers, and other edge devices, and they are in a private location, such as a home or an office. AND FW_PROFILE_TYPE_PRIVATE:  This value represents the profile for private networks, which is represented by the same value as that used for FW_PROFILE_TYPE_STANDARD., 4: FW_PROFILE_TYPE_PUBLIC:  This value represents the profile for public networks. These networks are classified as public by the administrators in the server host. The classification happens the first time the host connects to the network. Usually these networks are those at airports, coffee shops, and other public places where the peers in the network or the network administrator are not trusted., 2147483647: FW_PROFILE_TYPE_ALL:  This value represents all these network sets and any future network sets.)","Name":"Profiles","Option":"Write","ValueMap":[1,2,4,2147483647],"Values":[1,2,4,2147483647]},{"CIMType":"String","Description":"Target - Depends on FirewallRuleName (wsl: WSL)","Name":"VMCreatorId","Option":"Write","ValueMap":["wsl"],"Values":["wsl"]},{"CIMType":"String","Description":"Action - Depends on FirewallRuleName (0: Block, 1: Allow)","Name":"Action","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String[]","Description":"Local Address Ranges - Depends on FirewallRuleName","Name":"LocalAddressRanges","Option":"Write"},{"CIMType":"String[]","Description":"Remote Address Ranges - Depends on FirewallRuleName","Name":"RemoteAddressRanges","Option":"Write"},{"CIMType":"String[]","Description":"Remote Port Ranges - Depends on FirewallRuleName","Name":"RemotePortRanges","Option":"Write"},{"CIMType":"SInt32","Description":"Protocol - Depends on FirewallRuleName","Name":"Protocol","Option":"Write"},{"CIMType":"String[]","Description":"Local Port Ranges - Depends on FirewallRuleName","Name":"LocalPortRanges","Option":"Write"}],"Description":"Intune Firewall Rules Hyper-V Policy for Windows10"},{"ClassName":"MSFT_IntuneFirewallRulesHyperVPolicyWindows10","Parameters":[{"CIMType":"String","Description":"Policy description","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Policy name","Name":"DisplayName","Option":"Key"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphIntuneSettingsCatalogFirewallRuleName_IntuneFirewallRulesHyperVPolicyWindows10[]","Description":"Firewall Rules","Name":"FirewallRuleName","Option":"Write"},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Firewall Rules Hyper-V Policy for Windows10"},{"ClassName":"MSFT_MicrosoftGraphIntuneSettingsCatalogFirewallRuleName","Parameters":[{"CIMType":"String","Description":"Enabled - Depends on FirewallRuleName (0: Disabled, 1: Enabled)","Name":"Enabled","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Name - Depends on FirewallRuleName","Name":"Name","Option":"Key"},{"CIMType":"String[]","Description":"Interface Types - Depends on FirewallRuleName (RemoteAccess, Wireless, Lan, MobileBroadband, MBB, All)","Name":"InterfaceTypes","Option":"Write","ValueMap":["RemoteAccess","Wireless","Lan","MobileBroadband","MBB","All"],"Values":["RemoteAccess","Wireless","Lan","MobileBroadband","MBB","All"]},{"CIMType":"String","Description":"File Path - Depends on FirewallRuleName","Name":"FilePath","Option":"Write"},{"CIMType":"String[]","Description":"Remote Port Ranges - Depends on FirewallRuleName","Name":"RemotePortRanges","Option":"Write"},{"CIMType":"String","Description":"Edge Traversal - Depends on FirewallRuleName (0: Disabled, 1: Enabled)","Name":"EdgeTraversal","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String[]","Description":"Local User Authorized List - Depends on FirewallRuleName","Name":"LocalUserAuthorizedList","Option":"Write"},{"CIMType":"SInt32[]","Description":"Network Types - Depends on FirewallRuleName (1: FW_PROFILE_TYPE_DOMAIN:  This value represents the profile for networks that are connected to domains., 2: FW_PROFILE_TYPE_STANDARD:  This value represents the standard profile for networks. These networks are classified as private by the administrators in the server host. The classification happens the first time the host connects to the network. Usually these networks are behind Network Address Translation (NAT) devices, routers, and other edge devices, and they are in a private location, such as a home or an office. AND FW_PROFILE_TYPE_PRIVATE:  This value represents the profile for private networks, which is represented by the same value as that used for FW_PROFILE_TYPE_STANDARD., 4: FW_PROFILE_TYPE_PUBLIC:  This value represents the profile for public networks. These networks are classified as public by the administrators in the server host. The classification happens the first time the host connects to the network. Usually these networks are those at airports, coffee shops, and other public places where the peers in the network or the network administrator are not trusted., 2147483647: FW_PROFILE_TYPE_ALL:  This value represents all these network sets and any future network sets., -2147483648: FW_PROFILE_TYPE_CURRENT:  This value represents the current profiles to which the firewall and advanced security components determine the host is connected at the moment of the call. This value can be specified only in method calls, and it cannot be combined with other flags.)","Name":"Profiles","Option":"Write","ValueMap":[1,2,4,2147483647,-2147483648],"Values":[1,2,4,2147483647,-2147483648]},{"CIMType":"String[]","Description":"Local Port Ranges - Depends on FirewallRuleName","Name":"LocalPortRanges","Option":"Write"},{"CIMType":"String","Description":"Description - Depends on FirewallRuleName","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Policy App Id - Depends on FirewallRuleName","Name":"PolicyAppId","Option":"Write"},{"CIMType":"String","Description":"Package Family Name - Depends on FirewallRuleName","Name":"PackageFamilyName","Option":"Write"},{"CIMType":"String[]","Description":"Local Address Ranges - Depends on FirewallRuleName","Name":"LocalAddressRanges","Option":"Write"},{"CIMType":"String","Description":"Direction - Depends on FirewallRuleName (IN: The rule applies to inbound traffic., OUT: The rule applies to outbound traffic.)","Name":"Direction","Option":"Write","ValueMap":["IN","OUT"],"Values":["in","out"]},{"CIMType":"String","Description":"Service Name - Depends on FirewallRuleName","Name":"ServiceName","Option":"Write"},{"CIMType":"String[]","Description":"Remote Address Ranges - Depends on FirewallRuleName","Name":"RemoteAddressRanges","Option":"Write"},{"CIMType":"String","Description":"Action - Depends on FirewallRuleName (0: Block, 1: Allow)","Name":"Type","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String[]","Description":"Reusable groups - Depends on FirewallRuleName","Name":"RemoteAddressDynamicKeywords","Option":"Write"},{"CIMType":"SInt32","Description":"Protocol - Depends on FirewallRuleName","Name":"Protocol","Option":"Write"},{"CIMType":"String[]","Description":"ICMP Types And Codes - Depends on FirewallRuleName","Name":"IcmpTypesAndCodes","Option":"Write"}],"Description":"Intune Firewall Rules Policy for Windows10"},{"ClassName":"MSFT_IntuneFirewallRulesPolicyWindows10","Parameters":[{"CIMType":"String","Description":"Policy description","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Policy name","Name":"DisplayName","Option":"Key"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphIntuneSettingsCatalogFirewallRuleName[]","Description":"Firewall Rules","Name":"FirewallRuleName","Option":"Write"},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Firewall Rules Policy for Windows10"},{"ClassName":"MSFT_MicrosoftGraphIntuneSettingsCatalogFirewallRuleName_IntuneFirewallRulesPolicyWindows10ConfigMgr","Parameters":[{"CIMType":"String","Description":"Enabled - Depends on FirewallRuleName (0: Disabled, 1: Enabled)","Name":"Enabled","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Name - Depends on FirewallRuleName","Name":"Name","Option":"Key"},{"CIMType":"String[]","Description":"Interface Types - Depends on FirewallRuleName (RemoteAccess, Wireless, Lan, MobileBroadband, MBB, All)","Name":"InterfaceTypes","Option":"Write","ValueMap":["RemoteAccess","Wireless","Lan","MobileBroadband","MBB","All"],"Values":["RemoteAccess","Wireless","Lan","MobileBroadband","MBB","All"]},{"CIMType":"String","Description":"File Path - Depends on FirewallRuleName","Name":"FilePath","Option":"Write"},{"CIMType":"String[]","Description":"Remote Port Ranges - Depends on FirewallRuleName","Name":"RemotePortRanges","Option":"Write"},{"CIMType":"String","Description":"Edge Traversal - Depends on FirewallRuleName (0: Disabled, 1: Enabled)","Name":"EdgeTraversal","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String[]","Description":"Local User Authorized List - Depends on FirewallRuleName","Name":"LocalUserAuthorizedList","Option":"Write"},{"CIMType":"SInt32[]","Description":"Network Types - Depends on FirewallRuleName (1: FW_PROFILE_TYPE_DOMAIN:  This value represents the profile for networks that are connected to domains., 2: FW_PROFILE_TYPE_STANDARD:  This value represents the standard profile for networks. These networks are classified as private by the administrators in the server host. The classification happens the first time the host connects to the network. Usually these networks are behind Network Address Translation (NAT) devices, routers, and other edge devices, and they are in a private location, such as a home or an office. AND FW_PROFILE_TYPE_PRIVATE:  This value represents the profile for private networks, which is represented by the same value as that used for FW_PROFILE_TYPE_STANDARD., 4: FW_PROFILE_TYPE_PUBLIC:  This value represents the profile for public networks. These networks are classified as public by the administrators in the server host. The classification happens the first time the host connects to the network. Usually these networks are those at airports, coffee shops, and other public places where the peers in the network or the network administrator are not trusted., 2147483647: FW_PROFILE_TYPE_ALL:  This value represents all these network sets and any future network sets., -2147483648: FW_PROFILE_TYPE_CURRENT:  This value represents the current profiles to which the firewall and advanced security components determine the host is connected at the moment of the call. This value can be specified only in method calls, and it cannot be combined with other flags.)","Name":"Profiles","Option":"Write","ValueMap":[1,2,4,2147483647,-2147483648],"Values":[1,2,4,2147483647,-2147483648]},{"CIMType":"String[]","Description":"Local Port Ranges - Depends on FirewallRuleName","Name":"LocalPortRanges","Option":"Write"},{"CIMType":"String","Description":"Description - Depends on FirewallRuleName","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Package Family Name - Depends on FirewallRuleName","Name":"PackageFamilyName","Option":"Write"},{"CIMType":"String[]","Description":"Local Address Ranges - Depends on FirewallRuleName","Name":"LocalAddressRanges","Option":"Write"},{"CIMType":"String","Description":"Direction - Depends on FirewallRuleName (IN: The rule applies to inbound traffic., OUT: The rule applies to outbound traffic.)","Name":"Direction","Option":"Write","ValueMap":["IN","OUT"],"Values":["IN","OUT"]},{"CIMType":"String","Description":"Service Name - Depends on FirewallRuleName","Name":"ServiceName","Option":"Write"},{"CIMType":"String[]","Description":"Remote Address Ranges - Depends on FirewallRuleName","Name":"RemoteAddressRanges","Option":"Write"},{"CIMType":"String","Description":"Action - Depends on FirewallRuleName (0: Block, 1: Allow)","Name":"Type","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"SInt32","Description":"Protocol - Depends on FirewallRuleName","Name":"Protocol","Option":"Write"}],"Description":"Intune Firewall Rules Policy for Windows10 ConfigMgr"},{"ClassName":"MSFT_IntuneFirewallRulesPolicyWindows10ConfigMgr","Parameters":[{"CIMType":"String","Description":"Policy description","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Policy name","Name":"DisplayName","Option":"Key"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphIntuneSettingsCatalogFirewallRuleName_IntuneFirewallRulesPolicyWindows10ConfigMgr[]","Description":"Firewall Rules","Name":"FirewallRuleName","Option":"Write"},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Firewall Rules Policy for Windows10 ConfigMgr"},{"ClassName":"MSFT_IntuneManagedInstallerPolicyWindows10","Parameters":[{"CIMType":"String","Description":"Description of the Managed Installer Policy.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Name of the Managed Installer Policy","Name":"DisplayName","Option":"Key"},{"CIMType":"Boolean","Description":"Indicates if Intune is considered a Managed Installer.","Name":"IsIntuneManagedInstaller","Option":"Write"},{"CIMType":"String[]","Description":"List of Scope Tag IDs for the device health script","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Managed Installer Policy for Windows 10"},{"ClassName":"MSFT_DeviceManagementMobileAppAssignment","Parameters":[{"CIMType":"String","Description":"The type of the target assignment.","Name":"dataType","Option":"Write","ValueMap":["#microsoft.graph.groupAssignmentTarget","#microsoft.graph.allLicensedUsersAssignmentTarget","#microsoft.graph.allDevicesAssignmentTarget","#microsoft.graph.exclusionGroupAssignmentTarget","#microsoft.graph.mobileAppAssignment"],"Values":["#microsoft.graph.groupAssignmentTarget","#microsoft.graph.allLicensedUsersAssignmentTarget","#microsoft.graph.allDevicesAssignmentTarget","#microsoft.graph.exclusionGroupAssignmentTarget","#microsoft.graph.mobileAppAssignment"]},{"CIMType":"String","Description":"The Id of the filter for the target assignment.","Name":"deviceAndAppManagementAssignmentFilterId","Option":"Write"},{"CIMType":"String","Description":"The display name of the filter for the target assignment.","Name":"deviceAndAppManagementAssignmentFilterDisplayName","Option":"Write"},{"CIMType":"String","Description":"The type of filter of the target assignment i.e. Exclude or Include. Possible values are: none, include, exclude.","Name":"deviceAndAppManagementAssignmentFilterType","Option":"Write","ValueMap":["none","include","exclude"],"Values":["none","include","exclude"]},{"CIMType":"String","Description":"The group Id that is the target of the assignment.","Name":"groupId","Option":"Write"},{"CIMType":"String","Description":"The group Display Name that is the target of the assignment.","Name":"groupDisplayName","Option":"Write"},{"CIMType":"String","Description":"Possible values for the install intent chosen by the admin.","Name":"intent","Option":"Write","ValueMap":["available","required","uninstall","availableWithoutEnrollment"],"Values":["available","required","uninstall","availableWithoutEnrollment"]}],"Description":"Intune Mobile Apps Built In Store App for Android and iOS"},{"ClassName":"MSFT_DeviceManagementMobileAppAssignmentSettings","Parameters":[{"CIMType":"String","Description":"The odata type of the assignment type.","Name":"odataType","Option":"Required","ValueMap":["#microsoft.graph.androidManagedStoreAppAssignmentSettings","#microsoft.graph.iosStoreAppAssignmentSettings","#microsoft.graph.iosLobAppAssignmentSettings","#microsoft.graph.macOsLobAppAssignmentSettings","#microsoft.graph.win32LobAppAssignmentSettings","#microsoft.graph.winGetAppAssignmentSettings","#microsoft.graph.windowsUniversalAppXAppAssignmentSettings"],"Values":["#microsoft.graph.androidManagedStoreAppAssignmentSettings","#microsoft.graph.iosLobAppAssignmentSettings","#microsoft.graph.iosStoreAppAssignmentSettings","#microsoft.graph.macOsLobAppAssignmentSettings","#microsoft.graph.win32LobAppAssignmentSettings","#microsoft.graph.winGetAppAssignmentSettings","#microsoft.graph.windowsUniversalAppXAppAssignmentSettings"]}],"Description":"Intune Mobile Apps Built In Store App for Android and iOS"},{"ClassName":"MSFT_DeviceManagementBuiltInStoreAppAssignmentSettings","Parameters":[{"CIMType":"String","Description":"Display name or Id of the VPN configuration profile associated with this policy.","Name":"vpnConfigurationId","Option":"Write"},{"CIMType":"Boolean","Description":"When TRUE, indicates that the app should be uninstalled when the device is removed from Intune. When FALSE, indicates that the app will not be uninstalled when the device is removed from Intune. By default, property is set to null which internally is treated as TRUE.","Name":"uninstallOnDeviceRemoval","Option":"Write"},{"CIMType":"Boolean","Description":"When TRUE, indicates that the app can be uninstalled by the user. When FALSE, indicates that the app cannot be uninstalled by the user. By default, this property is set to null which internally is treated as TRUE.","Name":"isRemovable","Option":"Write"},{"CIMType":"Boolean","Description":"When TRUE, indicates that the app should not be backed up to iCloud. When FALSE, indicates that the app may be backed up to iCloud. By default, this property is set to null which internally is treated as FALSE.","Name":"preventManagedAppBackup","Option":"Write"}],"Description":"Intune Mobile Apps Built In Store App for Android and iOS"},{"ClassName":"MSFT_DeviceManagementBuiltInStoreAppAssignment","Parameters":[{"CIMType":"MSFT_DeviceManagementBuiltInStoreAppAssignmentSettings","Description":"The settings of the assignment.","Name":"assignmentSettings","Option":"Write"}],"Description":"Intune Mobile Apps Built In Store App for Android and iOS"},{"ClassName":"MSFT_MicrosoftGraphIosDeviceType","Parameters":[{"CIMType":"Boolean","Description":"Whether the app should run on iPads.","Name":"IPad","Option":"Write"},{"CIMType":"Boolean","Description":"Whether the app should run on iPhones and iPods.","Name":"IPhoneAndIPod","Option":"Write"}],"Description":"Intune Mobile Apps Built In Store App for Android and iOS"},{"ClassName":"MSFT_MicrosoftGraphMinimumOperatingSystem","Parameters":[{"CIMType":"Boolean","Description":"Indicates the minimum version support required for the managed device. When 'True', OS Version 4.0 or later is required to install the app. If 'False', Version 8.0 is not the minimum version. Applicable only for the 'Android' TargetPlatform.","Name":"V4_0","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates the minimum version support required for the managed device. When 'True', OS Version 4.0.3 or later is required to install the app. If 'False', Version 8.0 is not the minimum version. Applicable only for the 'Android' TargetPlatform.","Name":"V4_0_3","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates the minimum version support required for the managed device. When 'True', OS Version 4.1 or later is required to install the app. If 'False', Version 8.0 is not the minimum version. Applicable only for the 'Android' TargetPlatform.","Name":"V4_1","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates the minimum version support required for the managed device. When 'True', OS Version 4.2 or later is required to install the app. If 'False', Version 8.0 is not the minimum version. Applicable only for the 'Android' TargetPlatform.","Name":"V4_2","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates the minimum version support required for the managed device. When 'True', OS Version 4.3 or later is required to install the app. If 'False', Version 8.0 is not the minimum version. Applicable only for the 'Android' TargetPlatform.","Name":"V4_3","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates the minimum version support required for the managed device. When 'True', OS Version 4.4 or later is required to install the app. If 'False', Version 8.0 is not the minimum version. Applicable only for the 'Android' TargetPlatform.","Name":"V4_4","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates the minimum version support required for the managed device. When 'True', OS Version 5.0 or later is required to install the app. If 'False', Version 8.0 is not the minimum version. Applicable only for the 'Android' TargetPlatform.","Name":"V5_0","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates the minimum version support required for the managed device. When 'True', OS Version 5.1 or later is required to install the app. If 'False', Version 8.0 is not the minimum version. Applicable only for the 'Android' TargetPlatform.","Name":"V5_1","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates the minimum version support required for the managed device. When 'True', OS Version 6.0 or later is required to install the app. If 'False', Version 8.0 is not the minimum version. Applicable only for the 'Android' TargetPlatform.","Name":"V6_0","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates the minimum version support required for the managed device. When 'True', OS Version 7.0 or later is required to install the app. If 'False', Version 8.0 is not the minimum version. Applicable only for the 'Android' TargetPlatform.","Name":"V7_0","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates the minimum version support required for the managed device. When 'True', OS Version 7.1 or later is required to install the app. If 'False', Version 8.0 is not the minimum version. Applicable only for the 'Android' TargetPlatform.","Name":"V7_1","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates the minimum version support required for the managed device. When 'True', OS Version 8.0 or later is required to install the app. If 'False', Version 8.0 is not the minimum version.","Name":"V8_0","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates the minimum version support required for the managed device. When 'True', OS Version 8.1 or later is required to install the app. If 'False', Version 8.0 is not the minimum version. Applicable only for the 'Android' TargetPlatform.","Name":"V8_1","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates the minimum version support required for the managed device. When 'True', OS Version 9.0 or later is required to install the app. If 'False', Version 9.0 is not the minimum version.","Name":"V9_0","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates the minimum version support required for the managed device. When 'True', OS Version 10.0 or later is required to install the app. If 'False', Version 10.0 is not the minimum version.","Name":"V10_0","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates the minimum version support required for the managed device. When 'True', OS Version 11.0 or later is required to install the app. If 'False', Version 11.0 is not the minimum version.","Name":"V11_0","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates the minimum version support required for the managed device. When 'True', OS Version 12.0 or later is required to install the app. If 'False', Version 12.0 is not the minimum version.","Name":"V12_0","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates the minimum version support required for the managed device. When 'True', OS Version 13.0 or later is required to install the app. If 'False', Version 13.0 is not the minimum version.","Name":"V13_0","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates the minimum version support required for the managed device. When 'True', OS Version 14.0 or later is required to install the app. If 'False', Version 14.0 is not the minimum version.","Name":"V14_0","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates the minimum version support required for the managed device. When 'True', OS Version 15.0 or later is required to install the app. If 'False', Version 15.0 is not the minimum version.","Name":"V15_0","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates the minimum version support required for the managed device. When 'True', OS Version 16.0 or later is required to install the app. If 'False', Version 16.0 is not the minimum version. Applicable only for the 'iOS' TargetPlatform.","Name":"V16_0","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates the minimum version support required for the managed device. When 'True', OS Version 17.0 or later is required to install the app. If 'False', Version 17.0 is not the minimum version. Applicable only for the 'iOS' TargetPlatform.","Name":"V17_0","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates the minimum version support required for the managed device. When 'True', OS Version 18.0 or later is required to install the app. If 'False', Version 18.0 is not the minimum version. Applicable only for the 'iOS' TargetPlatform.","Name":"V18_0","Option":"Write"}],"Description":"Intune Mobile Apps Built In Store App for Android and iOS"},{"ClassName":"MSFT_DeviceManagementMimeContent","Parameters":[{"CIMType":"String","Description":"Indicates the type of content mime.","Name":"Type","Option":"Write"},{"CIMType":"String","Description":"The Base64 encoded string content.","Name":"Value","Option":"Write"}],"Description":"Intune Mobile Apps Built In Store App for Android and iOS"},{"ClassName":"MSFT_DeviceManagementMobileAppCategory","Parameters":[{"CIMType":"String","Description":"The name of the app category.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"}],"Description":"Intune Mobile Apps Built In Store App for Android and iOS"},{"ClassName":"MSFT_IntuneMobileAppsBuiltInStoreApp","Parameters":[{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"The admin provided or imported title of the app.","Name":"DisplayName","Option":"Key"},{"CIMType":"MSFT_MicrosoftGraphiosDeviceType","Description":"The architecture for which this app can run on. Only applicable for the 'iOS' TargetPlatform.","Name":"ApplicableDeviceType","Option":"Write"},{"CIMType":"String","Description":"The App Store URL. Cannot be changed after creation.","Name":"AppStoreUrl","Option":"Write"},{"CIMType":"String","Description":"The Identity Name. Only applicable for the 'iOS' TargetPlatform.","Name":"BundleId","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphMinimumOperatingSystem","Description":"The value for the minimum applicable operating system.","Name":"MinimumSupportedOperatingSystem","Option":"Write"},{"CIMType":"String","Description":"The description of the app.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"The developer of the app.","Name":"Developer","Option":"Write"},{"CIMType":"String","Description":"The more information Url.","Name":"InformationUrl","Option":"Write"},{"CIMType":"Boolean","Description":"The value indicating whether the app is marked as featured by the admin.","Name":"IsFeatured","Option":"Write"},{"CIMType":"MSFT_DeviceManagementMimeContent","Description":"The large icon, to be displayed in the app details and used for upload of the icon.","Name":"LargeIcon","Option":"Write"},{"CIMType":"String","Description":"Notes for the app.","Name":"Notes","Option":"Write"},{"CIMType":"String","Description":"The owner of the app.","Name":"Owner","Option":"Write"},{"CIMType":"String","Description":"The app's package ID. Only applicable for the 'Android' TargetPlatform","Name":"PackageId","Option":"Write"},{"CIMType":"String","Description":"The privacy statement Url.","Name":"PrivacyInformationUrl","Option":"Write"},{"CIMType":"String","Description":"The publisher of the app.","Name":"Publisher","Option":"Write"},{"CIMType":"MSFT_DeviceManagementMobileAppCategory[]","Description":"The list of categories for this app.","Name":"Categories","Option":"Write"},{"CIMType":"String[]","Description":"List of scope tag ids for this mobile app.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"String","Description":"The target platform of the mobile app.","Name":"TargetPlatform","Option":"Required","ValueMap":["Android","IOS"],"Values":["Android","IOS"]},{"CIMType":"MSFT_DeviceManagementBuiltInStoreAppAssignment[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Mobile Apps Built In Store App for Android and iOS"},{"ClassName":"MSFT_MicrosoftGraphMacOSIncludedApp","Parameters":[{"CIMType":"String","Description":"The bundleId of the app. This maps to the CFBundleIdentifier in the app's bundle configuration.","Name":"BundleId","Option":"Write"},{"CIMType":"String","Description":"The version of the app. This maps to the CFBundleShortVersion in the app's bundle configuration.","Name":"BundleVersion","Option":"Write"}],"Description":"Intune Mobile Apps Bundle types Dmg and Pkg for macOS.\n\n**ATTENTION**: After creating an app, the content must be manually uploaded via the Intune portal."},{"ClassName":"MSFT_MicrosoftGraphMacOSMinimumOperatingSystem","Parameters":[{"CIMType":"Boolean","Description":"Indicates the minimum version support required for the managed device. When 'True', OS Version 10.7 or later is required to install the app. If 'False', Version 10.7 is not the minimum version.","Name":"V10_7","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates the minimum version support required for the managed device. When 'True', OS Version 10.8 or later is required to install the app. If 'False', Version 10.8 is not the minimum version.","Name":"V10_8","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates the minimum version support required for the managed device. When 'True', OS Version 10.9 or later is required to install the app. If 'False', Version 10.9 is not the minimum version.","Name":"V10_9","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates the minimum version support required for the managed device. When 'True', OS Version 10.10 or later is required to install the app. If 'False', Version 10.10 is not the minimum version.","Name":"V10_10","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates the minimum version support required for the managed device. When 'True', OS Version 10.11 or later is required to install the app. If 'False', Version 10.11 is not the minimum version.","Name":"V10_11","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates the minimum version support required for the managed device. When 'True', OS Version 10.12 or later is required to install the app. If 'False', Version 10.12 is not the minimum version.","Name":"V10_12","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates the minimum version support required for the managed device. When 'True', OS Version 10.13 or later is required to install the app. If 'False', Version 10.13 is not the minimum version.","Name":"V10_13","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates the minimum version support required for the managed device. When 'True', OS Version 10.14 or later is required to install the app. If 'False', Version 10.14 is not the minimum version.","Name":"V10_14","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates the minimum version support required for the managed device. When 'True', OS Version 10.15 or later is required to install the app. If 'False', Version 10.15 is not the minimum version.","Name":"V10_15","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates the minimum version support required for the managed device. When 'True', OS Version 11.0 or later is required to install the app. If 'False', Version 11.0 is not the minimum version.","Name":"V11_0","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates the minimum version support required for the managed device. When 'True', OS Version 12.0 or later is required to install the app. If 'False', Version 12.0 is not the minimum version.","Name":"V12_0","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates the minimum version support required for the managed device. When 'True', OS Version 13.0 or later is required to install the app. If 'False', Version 13.0 is not the minimum version.","Name":"V13_0","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates the minimum version support required for the managed device. When 'True', OS Version 14.0 or later is required to install the app. If 'False', Version 14.0 is not the minimum version.","Name":"V14_0","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates the minimum version support required for the managed device. When 'True', OS Version 15.0 or later is required to install the app. If 'False', Version 15.0 is not the minimum version.","Name":"V15_0","Option":"Write"}],"Description":"Intune Mobile Apps Bundle types Dmg and Pkg for macOS.\n\n**ATTENTION**: After creating an app, the content must be manually uploaded via the Intune portal."},{"ClassName":"MSFT_IntuneMobileAppsBundleMacOS","Parameters":[{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"The admin provided or imported title of the app.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"The bundle type. To change the app type, you have to first delete and then recreate it. Possible values are: Dmg, Pkg","Name":"PackageFileType","Option":"Write","ValueMap":["Dmg","Pkg"],"Values":["Dmg","Pkg"]},{"CIMType":"String","Description":"The description of the app.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"The developer of the app.","Name":"Developer","Option":"Write"},{"CIMType":"String","Description":"The file name of the app.","Name":"FileName","Option":"Write"},{"CIMType":"String","Description":"The more information Url.","Name":"InformationUrl","Option":"Write"},{"CIMType":"Boolean","Description":"The value indicating whether the app is marked as featured by the admin.","Name":"IsFeatured","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphMimeContent","Description":"The large icon, to be displayed in the app details and used for upload of the icon.","Name":"LargeIcon","Option":"Write"},{"CIMType":"String","Description":"Notes for the app.","Name":"Notes","Option":"Write"},{"CIMType":"String","Description":"The owner of the app.","Name":"Owner","Option":"Write"},{"CIMType":"String","Description":"The privacy statement Url.","Name":"PrivacyInformationUrl","Option":"Write"},{"CIMType":"String","Description":"The publisher of the app.","Name":"Publisher","Option":"Write"},{"CIMType":"MSFT_DeviceManagementMobileAppCategory[]","Description":"The list of categories for this app.","Name":"Categories","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphMacOSIncludedApp[]","Description":"The list of apps expected to be installed by the bundle.","Name":"IncludedApps","Option":"Write"},{"CIMType":"Boolean","Description":"When TRUE, indicates that the app's version will NOT be used to detect if the app is installed on a device. When FALSE, indicates that the app's version will be used to detect if the app is installed on a device. Set this to true for apps that use a self update feature.","Name":"IgnoreVersionDetection","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphMacOSMinimumOperatingSystem","Description":"Indicates the minimum operating system applicable for the application.","Name":"MinimumSupportedOperatingSystem","Option":"Write"},{"CIMType":"String","Description":"Contains the pre-install script for the app. This will execute on the macOS device before the app is installed.","Name":"PreInstallScript","Option":"Write"},{"CIMType":"String","Description":"Contains the post-install script for the app. This will execute on the macOS device after the app is installed.","Name":"PostInstallScript","Option":"Write"},{"CIMType":"String[]","Description":"List of scope tag ids for this mobile app.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"MSFT_DeviceManagementMobileAppAssignment[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Mobile Apps Bundle types Dmg and Pkg for macOS.\n\n**ATTENTION**: After creating an app, the content must be manually uploaded via the Intune portal."},{"ClassName":"MSFT_IntuneMobileAppsDefenderForEndpointMacOS","Parameters":[{"CIMType":"String","Description":"The admin provided or imported title of the app.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"The description of the app.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"The developer of the app.","Name":"Developer","Option":"Write"},{"CIMType":"String","Description":"The more information Url.","Name":"InformationUrl","Option":"Write"},{"CIMType":"Boolean","Description":"The value indicating whether the app is marked as featured by the admin.","Name":"IsFeatured","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphmimeContent","Description":"The large icon, to be displayed in the app details and used for upload of the icon.","Name":"LargeIcon","Option":"Write"},{"CIMType":"String","Description":"Notes for the app.","Name":"Notes","Option":"Write"},{"CIMType":"String","Description":"The owner of the app.","Name":"Owner","Option":"Write"},{"CIMType":"String","Description":"The privacy statement Url.","Name":"PrivacyInformationUrl","Option":"Write"},{"CIMType":"String","Description":"The publisher of the app.","Name":"Publisher","Option":"Write"},{"CIMType":"MSFT_DeviceManagementMobileAppCategory[]","Description":"The list of categories for this app.","Name":"Categories","Option":"Write"},{"CIMType":"String[]","Description":"List of scope tag ids for this mobile app.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"MSFT_DeviceManagementMobileAppAssignment[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Mobile Apps Defender For Endpoint for macOS"},{"ClassName":"MSFT_MicrosoftGraphAndroidMinimumOperatingSystem","Parameters":[{"CIMType":"Boolean","Description":"When TRUE, only Version 10.0 or later is supported. Default value is FALSE. Exactly one of the minimum operating system boolean values will be TRUE.","Name":"V10_0","Option":"Write"},{"CIMType":"Boolean","Description":"When TRUE, only Version 11.0 or later is supported. Default value is FALSE. Exactly one of the minimum operating system boolean values will be TRUE.","Name":"V11_0","Option":"Write"},{"CIMType":"Boolean","Description":"When TRUE, only Version 12.0 or later is supported. Default value is FALSE. Exactly one of the minimum operating system boolean values will be TRUE.","Name":"V12_0","Option":"Write"},{"CIMType":"Boolean","Description":"When TRUE, only Version 13.0 or later is supported. Default value is FALSE. Exactly one of the minimum operating system boolean values will be TRUE.","Name":"V13_0","Option":"Write"},{"CIMType":"Boolean","Description":"When TRUE, only Version 14.0 or later is supported. Default value is FALSE. Exactly one of the minimum operating system boolean values will be TRUE.","Name":"V14_0","Option":"Write"},{"CIMType":"Boolean","Description":"When TRUE, only Version 15.0 or later is supported. Default value is FALSE. Exactly one of the minimum operating system boolean values will be TRUE.","Name":"V15_0","Option":"Write"},{"CIMType":"Boolean","Description":"When TRUE, only Version 4.0 or later is supported. Default value is FALSE. Exactly one of the minimum operating system boolean values will be TRUE.","Name":"V4_0","Option":"Write"},{"CIMType":"Boolean","Description":"When TRUE, only Version 4.0.3 or later is supported. Default value is FALSE. Exactly one of the minimum operating system boolean values will be TRUE.","Name":"V4_0_3","Option":"Write"},{"CIMType":"Boolean","Description":"When TRUE, only Version 4.1 or later is supported. Default value is FALSE. Exactly one of the minimum operating system boolean values will be TRUE.","Name":"V4_1","Option":"Write"},{"CIMType":"Boolean","Description":"When TRUE, only Version 4.2 or later is supported. Default value is FALSE. Exactly one of the minimum operating system boolean values will be TRUE.","Name":"V4_2","Option":"Write"},{"CIMType":"Boolean","Description":"When TRUE, only Version 4.3 or later is supported. Default value is FALSE. Exactly one of the minimum operating system boolean values will be TRUE.","Name":"V4_3","Option":"Write"},{"CIMType":"Boolean","Description":"When TRUE, only Version 4.4 or later is supported. Default value is FALSE. Exactly one of the minimum operating system boolean values will be TRUE.","Name":"V4_4","Option":"Write"},{"CIMType":"Boolean","Description":"When TRUE, only Version 5.0 or later is supported. Default value is FALSE. Exactly one of the minimum operating system boolean values will be TRUE.","Name":"V5_0","Option":"Write"},{"CIMType":"Boolean","Description":"When TRUE, only Version 5.1 or later is supported. Default value is FALSE. Exactly one of the minimum operating system boolean values will be TRUE.","Name":"V5_1","Option":"Write"},{"CIMType":"Boolean","Description":"When TRUE, only Version 6.0 or later is supported. Default value is FALSE. Exactly one of the minimum operating system boolean values will be TRUE.","Name":"V6_0","Option":"Write"},{"CIMType":"Boolean","Description":"When TRUE, only Version 7.0 or later is supported. Default value is FALSE. Exactly one of the minimum operating system boolean values will be TRUE.","Name":"V7_0","Option":"Write"},{"CIMType":"Boolean","Description":"When TRUE, only Version 7.1 or later is supported. Default value is FALSE. Exactly one of the minimum operating system boolean values will be TRUE.","Name":"V7_1","Option":"Write"},{"CIMType":"Boolean","Description":"When TRUE, only Version 8.0 or later is supported. Default value is FALSE. Exactly one of the minimum operating system boolean values will be TRUE.","Name":"V8_0","Option":"Write"},{"CIMType":"Boolean","Description":"When TRUE, only Version 8.1 or later is supported. Default value is FALSE. Exactly one of the minimum operating system boolean values will be TRUE.","Name":"V8_1","Option":"Write"},{"CIMType":"Boolean","Description":"When TRUE, only Version 9.0 or later is supported. Default value is FALSE. Exactly one of the minimum operating system boolean values will be TRUE.","Name":"V9_0","Option":"Write"}],"Description":"Intune Mobile Apps Lob App for Android"},{"ClassName":"MSFT_IntuneMobileAppsLobAppAndroid","Parameters":[{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"The admin provided or imported title of the app.","Name":"DisplayName","Option":"Key"},{"CIMType":"MSFT_MicrosoftGraphAndroidMinimumOperatingSystem","Description":"The value for the minimum applicable operating system.","Name":"MinimumSupportedOperatingSystem","Option":"Write"},{"CIMType":"String","Description":"The package identifier.","Name":"PackageId","Option":"Write"},{"CIMType":"String","Description":"The platforms to which the application can be targeted. If not specified, will defauilt to Android Device Administrator. Cannot be changed after creation. Possible values are: androidDeviceAdministrator, androidOpenSourceProject, unknownFutureValue.","Name":"TargetedPlatforms","Option":"Write","ValueMap":["androidDeviceAdministrator","androidOpenSourceProject"],"Values":["androidDeviceAdministrator","androidOpenSourceProject"]},{"CIMType":"String","Description":"The name of the main Lob application file.","Name":"FileName","Option":"Write"},{"CIMType":"MSFT_DeviceManagementMobileAppCategory[]","Description":"The list of categories for this app.","Name":"Categories","Option":"Write"},{"CIMType":"String","Description":"The description of the app.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"The developer of the app.","Name":"Developer","Option":"Write"},{"CIMType":"String","Description":"The more information Url.","Name":"InformationUrl","Option":"Write"},{"CIMType":"Boolean","Description":"The value indicating whether the app is marked as featured by the admin.","Name":"IsFeatured","Option":"Write"},{"CIMType":"MSFT_DeviceManagementMimeContent","Description":"The large icon, to be displayed in the app details and used for upload of the icon.","Name":"LargeIcon","Option":"Write"},{"CIMType":"String","Description":"Notes for the app.","Name":"Notes","Option":"Write"},{"CIMType":"String","Description":"The owner of the app.","Name":"Owner","Option":"Write"},{"CIMType":"String","Description":"The privacy statement Url.","Name":"PrivacyInformationUrl","Option":"Write"},{"CIMType":"String","Description":"The publisher of the app.","Name":"Publisher","Option":"Write"},{"CIMType":"String[]","Description":"List of scope tag ids for this mobile app.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"MSFT_DeviceManagementMobileAppAssignment[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Mobile Apps Lob App for Android"},{"ClassName":"MSFT_DeviceManagementLobAppiOSAssignmentSettings","Parameters":[{"CIMType":"String","Description":"Display name or Id of the VPN configuration profile associated with this policy.","Name":"vpnConfigurationId","Option":"Write"},{"CIMType":"Boolean","Description":"When TRUE, indicates that the app should be uninstalled when the device is removed from Intune. When FALSE, indicates that the app will not be uninstalled when the device is removed from Intune. By default, property is set to null which internally is treated as TRUE.","Name":"uninstallOnDeviceRemoval","Option":"Write"},{"CIMType":"Boolean","Description":"When TRUE, indicates that the app can be uninstalled by the user. When FALSE, indicates that the app cannot be uninstalled by the user. By default, this property is set to null which internally is treated as TRUE.","Name":"isRemovable","Option":"Write"},{"CIMType":"Boolean","Description":"When TRUE, indicates that the app should not be backed up to iCloud. When FALSE, indicates that the app may be backed up to iCloud. By default, this property is set to null which internally is treated as FALSE.","Name":"preventManagedAppBackup","Option":"Write"}],"Description":"Intune Mobile Apps Lob App for iOS"},{"ClassName":"MSFT_DeviceManagementLobAppiOSAssignment","Parameters":[{"CIMType":"MSFT_DeviceManagementLobAppiOSAssignmentSettings","Description":"The settings of the assignment.","Name":"assignmentSettings","Option":"Write"}],"Description":"Intune Mobile Apps Lob App for iOS"},{"ClassName":"MSFT_MicrosoftGraphIosMinimumOperatingSystem","Parameters":[{"CIMType":"Boolean","Description":"Indicates the minimum iOS version support required for the managed device. When 'True', iOS with OS Version 10.0 or later is required to install the app. If 'False', iOS Version 10.0 is not the minimum version. Default value is False. Exactly one of the minimum operating system boolean values will be TRUE.","Name":"V10_0","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates the minimum iOS version support required for the managed device. When 'True', iOS with OS Version 11.0 or later is required to install the app. If 'False', iOS Version 11.0 is not the minimum version. Default value is False. Exactly one of the minimum operating system boolean values will be TRUE.","Name":"V11_0","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates the minimum iOS version support required for the managed device. When 'True', iOS with OS Version 12.0 or later is required to install the app. If 'False', iOS Version 12.0 is not the minimum version. Default value is False. Exactly one of the minimum operating system boolean values will be TRUE.","Name":"V12_0","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates the minimum iOS version support required for the managed device. When 'True', iOS with OS Version 13.0 or later is required to install the app. If 'False', iOS Version 13.0 is not the minimum version. Default value is False. Exactly one of the minimum operating system boolean values will be TRUE.","Name":"V13_0","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates the minimum iOS version support required for the managed device. When 'True', iOS with OS Version 14.0 or later is required to install the app. If 'False', iOS Version 14.0 is not the minimum version. Default value is False. Exactly one of the minimum operating system boolean values will be TRUE.","Name":"V14_0","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates the minimum iOS version support required for the managed device. When 'True', iOS with OS Version 15.0 or later is required to install the app. If 'False', iOS Version 15.0 is not the minimum version. Default value is False. Exactly one of the minimum operating system boolean values will be TRUE.","Name":"V15_0","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates the minimum iOS version support required for the managed device. When 'True', iOS with OS Version 16.0 or later is required to install the app. If 'False', iOS Version 16.0 is not the minimum version. Default value is False. Exactly one of the minimum operating system boolean values will be TRUE.","Name":"V16_0","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates the minimum iOS version support required for the managed device. When 'True', iOS with OS Version 17.0 or later is required to install the app. If 'False', iOS Version 17.0 is not the minimum version. Default value is False. Exactly one of the minimum operating system boolean values will be TRUE.","Name":"V17_0","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates the minimum iOS version support required for the managed device. When 'True', iOS with OS Version 18.0 or later is required to install the app. If 'False', iOS Version 18.0 is not the minimum version. Default value is False. Exactly one of the minimum operating system boolean values will be TRUE.","Name":"V18_0","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates the minimum iOS version support required for the managed device. When 'True', iOS with OS Version 8.0 or later is required to install the app. If 'False', iOS Version 8.0  is not the minimum version. Default value is False. Exactly one of the minimum operating system boolean values will be TRUE.","Name":"V8_0","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates the minimum iOS version support required for the managed device. When 'True', iOS with OS Version 9.0 or later is required to install the app. If 'False', iOS Version 9.0 is not the minimum version. Default value is False. Exactly one of the minimum operating system boolean values will be TRUE.","Name":"V9_0","Option":"Write"}],"Description":"Intune Mobile Apps Lob App for iOS"},{"ClassName":"MSFT_IntuneMobileAppsLobAppiOS","Parameters":[{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"The admin provided or imported title of the app.","Name":"DisplayName","Option":"Key"},{"CIMType":"MSFT_MicrosoftGraphIosDeviceType","Description":"The iOS architecture for which this app can run on.","Name":"ApplicableDeviceType","Option":"Write"},{"CIMType":"String","Description":"The build number of iOS Line of Business (LoB) app.","Name":"BuildNumber","Option":"Write"},{"CIMType":"String","Description":"The Identity Name.","Name":"BundleId","Option":"Write"},{"CIMType":"MSFT_DeviceManagementMobileAppCategory[]","Description":"The list of categories for this app.","Name":"Categories","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphIosMinimumOperatingSystem","Description":"The value for the minimum applicable operating system.","Name":"MinimumSupportedOperatingSystem","Option":"Write"},{"CIMType":"String","Description":"The version number of iOS Line of Business (LoB) app.","Name":"VersionNumber","Option":"Write"},{"CIMType":"String","Description":"The name of the main Lob application file.","Name":"FileName","Option":"Write"},{"CIMType":"String","Description":"The description of the app.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"The developer of the app.","Name":"Developer","Option":"Write"},{"CIMType":"String","Description":"The more information Url.","Name":"InformationUrl","Option":"Write"},{"CIMType":"Boolean","Description":"The value indicating whether the app is marked as featured by the admin.","Name":"IsFeatured","Option":"Write"},{"CIMType":"MSFT_DeviceManagementMimeContent","Description":"The large icon, to be displayed in the app details and used for upload of the icon.","Name":"LargeIcon","Option":"Write"},{"CIMType":"String","Description":"Notes for the app.","Name":"Notes","Option":"Write"},{"CIMType":"String","Description":"The owner of the app.","Name":"Owner","Option":"Write"},{"CIMType":"String","Description":"The privacy statement Url.","Name":"PrivacyInformationUrl","Option":"Write"},{"CIMType":"String","Description":"The publisher of the app.","Name":"Publisher","Option":"Write"},{"CIMType":"String[]","Description":"List of scope tag ids for this mobile app.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"MSFT_DeviceManagementLobAppiOSAssignment[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Mobile Apps Lob App for iOS"},{"ClassName":"MSFT_IntuneMobileAppsLobAppMsiWindows10","Parameters":[{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"The admin provided or imported title of the app.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"The name of the main Lob application file. Required for creating the app.","Name":"FileName","Option":"Write"},{"CIMType":"String","Description":"The description of the app.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"The developer of the app.","Name":"Developer","Option":"Write"},{"CIMType":"String","Description":"The more information Url.","Name":"InformationUrl","Option":"Write"},{"CIMType":"Boolean","Description":"The value indicating whether the app is marked as featured by the admin.","Name":"IsFeatured","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphMimeContent","Description":"The large icon, to be displayed in the app details and used for upload of the icon.","Name":"LargeIcon","Option":"Write"},{"CIMType":"String","Description":"Notes for the app.","Name":"Notes","Option":"Write"},{"CIMType":"String","Description":"The owner of the app.","Name":"Owner","Option":"Write"},{"CIMType":"String","Description":"The privacy statement Url.","Name":"PrivacyInformationUrl","Option":"Write"},{"CIMType":"String","Description":"The publisher of the app.","Name":"Publisher","Option":"Write"},{"CIMType":"String[]","Description":"List of scope tag ids for this mobile app.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"MSFT_DeviceManagementMobileAppCategory[]","Description":"The list of categories for this app.","Name":"Categories","Option":"Write"},{"CIMType":"String","Description":"The command line.","Name":"CommandLine","Option":"Write"},{"CIMType":"Boolean","Description":"A boolean to control whether the app's version will be used to detect the app after it is installed on a device. Set this to true for Windows Mobile MSI Line of Business (LoB) apps that use a self update feature.","Name":"IgnoreVersionDetection","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether to install a dual-mode MSI in the device context. If true, app will be installed for all users. If false, app will be installed per-user. If null, service will use the MSI package's default install context. In case of dual-mode MSI, this default will be per-user. Cannot be set for non-dual-mode apps. Cannot be changed after initial creation of the application.","Name":"UseDeviceContext","Option":"Write"},{"CIMType":"MSFT_DeviceManagementMobileAppAssignment[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Mobile Apps Lob App MSI for Windows10"},{"ClassName":"MSFT_DeviceManagementAppxMobileAppAssignmentSettings","Parameters":[{"CIMType":"Boolean","Description":"If true, uses device execution context for Windows Universal AppX mobile app. Device-context install is not allowed when this type of app is targeted with Available intent. Defaults to false.","Name":"useDeviceContext","Option":"Write"}],"Description":"Intune Mobile Apps Lob App for Windows10 for Appx, AppxBundle, Msix and MsixBundle applications."},{"ClassName":"MSFT_DeviceManagementAppxMobileAppAssignment","Parameters":[{"CIMType":"MSFT_DeviceManagementAppxMobileAppAssignmentSettings","Description":"The settings of the assignment.","Name":"assignmentSettings","Option":"Write"}],"Description":"Intune Mobile Apps Lob App for Windows10 for Appx, AppxBundle, Msix and MsixBundle applications."},{"ClassName":"MSFT_IntuneMobileAppsLobAppWindows10","Parameters":[{"CIMType":"String","Description":"The admin provided or imported title of the app.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"The name of the main Lob application file. Required for creating the resource.","Name":"FileName","Option":"Write"},{"CIMType":"String","Description":"The description of the app.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"The developer of the app.","Name":"Developer","Option":"Write"},{"CIMType":"String","Description":"The more information Url.","Name":"InformationUrl","Option":"Write"},{"CIMType":"Boolean","Description":"The value indicating whether the app is marked as featured by the admin.","Name":"IsFeatured","Option":"Write"},{"CIMType":"MSFT_DeviceManagementMimeContent","Description":"The large icon, to be displayed in the app details and used for upload of the icon.","Name":"LargeIcon","Option":"Write"},{"CIMType":"String","Description":"Notes for the app.","Name":"Notes","Option":"Write"},{"CIMType":"String","Description":"The owner of the app.","Name":"Owner","Option":"Write"},{"CIMType":"String","Description":"The privacy statement Url.","Name":"PrivacyInformationUrl","Option":"Write"},{"CIMType":"String","Description":"The publisher of the app.","Name":"Publisher","Option":"Write"},{"CIMType":"String[]","Description":"List of scope tag ids for this mobile app.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"MSFT_DeviceManagementMobileAppCategory[]","Description":"The list of categories for this app.","Name":"Categories","Option":"Write"},{"CIMType":"MSFT_DeviceManagementMobileAppAssignment[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Mobile Apps Lob App for Windows10 for Appx, AppxBundle, Msix and MsixBundle applications."},{"ClassName":"MSFT_DeviceManagementMacOSLobAppAssignmentSettings","Parameters":[{"CIMType":"Boolean","Description":"When TRUE, indicates that the app should be uninstalled when the device is removed from Intune. When FALSE, indicates that the app will not be uninstalled when the device is removed from Intune.","Name":"uninstallOnDeviceRemoval","Option":"Write"}],"Description":"This resource configures an Intune mobile app of MacOSLobApp type for MacOS devices."},{"ClassName":"MSFT_DeviceManagementMacOSLobAppAssignment","Parameters":[{"CIMType":"MSFT_DeviceManagementMacOSLobAppAssignmentSettings","Description":"The settings of the assignment.","Name":"assignmentSettings","Option":"Write"}],"Description":"This resource configures an Intune mobile app of MacOSLobApp type for MacOS devices."},{"ClassName":"MSFT_DeviceManagementMinimumOperatingSystem","Parameters":[{"CIMType":"Boolean","Description":"Indicates if Mac OS X 10.7 or later is required to install the app.","Name":"v10_7","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates if Mac OS X 10.8 or later is required to install the app.","Name":"v10_8","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates if Mac OS X 10.9 or later is required to install the app.","Name":"v10_9","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates if Mac OS X 10.10 or later is required to install the app.","Name":"v10_10","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates if Mac OS X 10.11 or later is required to install the app.","Name":"v10_11","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates if Mac OS X 10.12 or later is required to install the app.","Name":"v10_12","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates if Mac OS X 10.13 or later is required to install the app.","Name":"v10_13","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates if Mac OS X 10.14 or later is required to install the app.","Name":"v10_14","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates if Mac OS X 10.15 or later is required to install the app.","Name":"v10_15","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates if Mac OS X 11.0 or later is required to install the app.","Name":"v11_0","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates if Mac OS X 12.0 or later is required to install the app.","Name":"v12_0","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates if Mac OS X 13.0 or later is required to install the app.","Name":"v13_0","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates if Mac OS X 14.0 or later is required to install the app.","Name":"v14_0","Option":"Write"}],"Description":"This resource configures an Intune mobile app of MacOSLobApp type for MacOS devices."},{"ClassName":"MSFT_DeviceManagementMobileAppChildApp","Parameters":[{"CIMType":"String","Description":"The bundleId of the app.","Name":"BundleId","Option":"Key"},{"CIMType":"String","Description":"The build number of the app.","Name":"BuildNumber","Option":"Write"},{"CIMType":"String","Description":"The version number of the app.","Name":"VersionNumber","Option":"Write"}],"Description":"This resource configures an Intune mobile app of MacOSLobApp type for MacOS devices."},{"ClassName":"MSFT_IntuneMobileAppsMacOSLobApp","Parameters":[{"CIMType":"String","Description":"The admin provided or imported title of the app. Inherited from mobileApp.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only. Inherited from mobileApp object.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"The description of the app. Inherited from mobileApp.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"The dewveloper of the app. Inherited from mobileApp.","Name":"Developer","Option":"Write"},{"CIMType":"String","Description":"The InformationUrl of the app. Inherited from mobileApp.","Name":"InformationUrl","Option":"Write"},{"CIMType":"Boolean","Description":"The value indicating whether the app is marked as featured by the admin. Inherited from mobileApp.","Name":"IsFeatured","Option":"Write"},{"CIMType":"String","Description":"Notes for the app. Inherited from mobileApp.","Name":"Notes","Option":"Write"},{"CIMType":"String","Description":"The owner of the app. Inherited from mobileApp.","Name":"Owner","Option":"Write"},{"CIMType":"String","Description":"The privacy statement Url. Inherited from mobileApp.","Name":"PrivacyInformationUrl","Option":"Write"},{"CIMType":"String","Description":"The publisher of the app. Inherited from mobileApp.","Name":"Publisher","Option":"Write"},{"CIMType":"String","Description":"The bundleId of the app.","Name":"BundleId","Option":"Write"},{"CIMType":"String","Description":"The build number of the app.","Name":"BuildNumber","Option":"Write"},{"CIMType":"String","Description":"The version number of the app.","Name":"VersionNumber","Option":"Write"},{"CIMType":"String[]","Description":"List of Scope Tag IDs for mobile app.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"Boolean","Description":"Whether to ignore the version of the app or not.","Name":"IgnoreVersionDetection","Option":"Write"},{"CIMType":"Boolean","Description":"Install the app as managed. Requires macOS 11.0.","Name":"InstallAsManaged","Option":"Write"},{"CIMType":"MSFT_DeviceManagementMimeContent","Description":"The icon for this app.","Name":"LargeIcon","Option":"Write"},{"CIMType":"MSFT_DeviceManagementMinimumOperatingSystem","Description":"The minimum supported operating system to install the app.","Name":"MinimumSupportedOperatingSystem","Option":"Write"},{"CIMType":"MSFT_DeviceManagementMobileAppCategory[]","Description":"The list of categories for this app.","Name":"Categories","Option":"Write"},{"CIMType":"MSFT_DeviceManagementMacOSLobAppAssignment[]","Description":"The list of assignments for this app.","Name":"Assignments","Option":"Write"},{"CIMType":"MSFT_DeviceManagementMobileAppChildApp[]","Description":"The list of child apps for this app package.","Name":"ChildApps","Option":"Write"},{"CIMType":"String","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures an Intune mobile app of MacOSLobApp type for MacOS devices."},{"ClassName":"MSFT_DeviceManagementManagedGooglePlayMobileAppAssignmentSettings","Parameters":[{"CIMType":"String","Description":"Priority for automatic udpates for this app assignment. Possible values are: default, postponed, priority.","Name":"autoUpdateMode","Option":"Write","ValueMap":["default","postponed","priority"],"Values":["default","postponed","priority"]}],"Description":"Intune Mobile Apps Managed Google Play Store App for Android"},{"ClassName":"MSFT_DeviceManagementManagedGooglePlayMobileAppAssignment","Parameters":[{"CIMType":"MSFT_DeviceManagementManagedGooglePlayMobileAppAssignmentSettings","Description":"The settings of the assignment.","Name":"assignmentSettings","Option":"Write"}],"Description":"Intune Mobile Apps Managed Google Play Store App for Android"},{"ClassName":"MSFT_IntuneMobileAppsManagedGooglePlayApp","Parameters":[{"CIMType":"String","Description":"The admin provided or imported title of the app.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"The package identifier. Required to sync from Google Play Store. Cannot be changed after creation.","Name":"PackageId","Option":"Required"},{"CIMType":"String[]","Description":"List of scope tag ids for this mobile app.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"MSFT_DeviceManagementManagedGooglePlayMobileAppAssignment[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Mobile Apps Managed Google Play Store App for Android"},{"ClassName":"MSFT_IntuneMobileAppsMicrosoft365SuiteMacOS","Parameters":[{"CIMType":"String","Description":"The admin provided or imported title of the app.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"The description of the app.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"The developer of the app.","Name":"Developer","Option":"Write"},{"CIMType":"String","Description":"The more information Url.","Name":"InformationUrl","Option":"Write"},{"CIMType":"Boolean","Description":"The value indicating whether the app is marked as featured by the admin.","Name":"IsFeatured","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphmimeContent","Description":"The large icon, to be displayed in the app details and used for upload of the icon.","Name":"LargeIcon","Option":"Write"},{"CIMType":"String","Description":"Notes for the app.","Name":"Notes","Option":"Write"},{"CIMType":"String","Description":"The owner of the app.","Name":"Owner","Option":"Write"},{"CIMType":"String","Description":"The privacy statement Url.","Name":"PrivacyInformationUrl","Option":"Write"},{"CIMType":"String","Description":"The publisher of the app.","Name":"Publisher","Option":"Write"},{"CIMType":"MSFT_DeviceManagementMobileAppCategory[]","Description":"The list of categories for this app.","Name":"Categories","Option":"Write"},{"CIMType":"String[]","Description":"List of scope tag ids for this mobile app.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"MSFT_DeviceManagementMobileAppAssignment[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Mobile Apps Microsoft365 Suite for macOS"},{"ClassName":"MSFT_IntuneMobileAppsMicrosoftEdge","Parameters":[{"CIMType":"String","Description":"The admin provided or imported title of the app.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"The channel to install on target devices. Cannot be updated after creation. Instead, a new policy must be created. The possible values are dev, beta, and stable. By default, this property is set to dev. Possible values are: dev, beta, stable, unknownFutureValue.","Name":"Channel","Option":"Write","ValueMap":["dev","beta","stable","unknownFutureValue"],"Values":["dev","beta","stable","unknownFutureValue"]},{"CIMType":"String","Description":"The language locale to use when the Edge app displays text to the user. Only applicable for the 'windows' target platform.","Name":"DisplayLanguageLocale","Option":"Write"},{"CIMType":"String","Description":"The description of the app.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"The developer of the app.","Name":"Developer","Option":"Write"},{"CIMType":"String","Description":"The more information Url.","Name":"InformationUrl","Option":"Write"},{"CIMType":"Boolean","Description":"The value indicating whether the app is marked as featured by the admin.","Name":"IsFeatured","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphmimeContent","Description":"The large icon, to be displayed in the app details and used for upload of the icon.","Name":"LargeIcon","Option":"Write"},{"CIMType":"String","Description":"Notes for the app.","Name":"Notes","Option":"Write"},{"CIMType":"String","Description":"The owner of the app.","Name":"Owner","Option":"Write"},{"CIMType":"String","Description":"The privacy statement Url.","Name":"PrivacyInformationUrl","Option":"Write"},{"CIMType":"String","Description":"The publisher of the app.","Name":"Publisher","Option":"Write"},{"CIMType":"MSFT_DeviceManagementMobileAppCategory[]","Description":"The list of categories for this app.","Name":"Categories","Option":"Write"},{"CIMType":"String[]","Description":"List of scope tag ids for this mobile app.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"String","Description":"The target platform of the mobile app.","Name":"TargetPlatform","Option":"Required","ValueMap":["macOS","windows"],"Values":["macOS","windows"]},{"CIMType":"MSFT_DeviceManagementMobileAppAssignment[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Mobile Apps Microsoft Edge for the Windows and MacOS platform."},{"ClassName":"MSFT_DeviceManagementWinGetMobileAppAssignmentSettingsRestartSettings","Parameters":[{"CIMType":"SInt32","Description":"The number of minutes to wait before restarting the device after an app installation.","Name":"countdownDisplayBeforeRestartInMinutes","Option":"Write"},{"CIMType":"SInt32","Description":"The number of minutes before the restart time to display the countdown dialog for pending restarts.","Name":"gracePeriodInMinutes","Option":"Write"},{"CIMType":"SInt32","Description":"The number of minutes to snooze the restart notification dialog when the snooze button is selected.","Name":"restartNotificationSnoozeDurationInMinutes","Option":"Write"}],"Description":"Intune Mobile Apps Microsoft Store App for Windows10 (new experience)"},{"ClassName":"MSFT_DeviceManagementWinGetMobileAppAssignmentSettingsInstallTimeSettings","Parameters":[{"CIMType":"Boolean","Description":"Whether the local device time or UTC time should be used when determining the available and deadline times.","Name":"useLocalTime","Option":"Write"},{"CIMType":"String","Description":"The time at which the app should be available for installation.","Name":"startDateTime","Option":"Write"},{"CIMType":"String","Description":"The time at which the app should be installed.","Name":"deadlineDateTime","Option":"Write"}],"Description":"Intune Mobile Apps Microsoft Store App for Windows10 (new experience)"},{"ClassName":"MSFT_DeviceManagementWingetMobileAppAssignmentSettings","Parameters":[{"CIMType":"MSFT_DeviceManagementWinGetMobileAppAssignmentSettingsInstallTimeSettings","Description":"The install time settings to apply for this app assignment.","Name":"installTimeSettings","Option":"Write"},{"CIMType":"String","Description":"The notification status for this app assignment. Possible values are: showAll, showReboot, hideAll.","Name":"notifications","Option":"Write","ValueMap":["showAll","showReboot","hideAll"],"Values":["showAll","showReboot","hideAll"]},{"CIMType":"MSFT_DeviceManagementWinGetMobileAppAssignmentSettingsRestartSettings","Description":"The reboot settings to apply for this app assignment.","Name":"restartSettings","Option":"Write"}],"Description":"Intune Mobile Apps Microsoft Store App for Windows10 (new experience)"},{"ClassName":"MSFT_DeviceManagementWingetMobileAppAssignment","Parameters":[{"CIMType":"MSFT_DeviceManagementWingetMobileAppAssignmentSettings","Description":"The settings of the assignment.","Name":"assignmentSettings","Option":"Write"}],"Description":"Intune Mobile Apps Microsoft Store App for Windows10 (new experience)"},{"ClassName":"MSFT_MicrosoftGraphWinGetAppInstallExperience","Parameters":[{"CIMType":"String","Description":"Indicates the type of execution context the app setup runs in on target devices. Options include values of the RunAsAccountType enum, which are System and User. Required at creation time, cannot be modified on existing objects. Possible values are: system, user.","Name":"RunAsAccount","Option":"Write","ValueMap":["system","user"],"Values":["system","user"]}],"Description":"Intune Mobile Apps Microsoft Store App for Windows10 (new experience)"},{"ClassName":"MSFT_IntuneMobileAppsMicrosoftStoreAppWindows10","Parameters":[{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"The admin provided or imported title of the app.","Name":"DisplayName","Option":"Key"},{"CIMType":"MSFT_MicrosoftGraphwinGetAppInstallExperience","Description":"The install experience settings associated with this application, which are used to ensure the desired install experiences on the target device are taken into account. This includes the account type (System or User) that actions should be run as on target devices. Cannot be changed after creation.","Name":"InstallExperience","Option":"Write"},{"CIMType":"String","Description":"The PackageIdentifier from the WinGet source repository REST API. This also maps to the Id when using the WinGet client command line application. Required at creation time, cannot be modified on existing objects.","Name":"PackageIdentifier","Option":"Required"},{"CIMType":"String","Description":"The description of the app.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"The developer of the app.","Name":"Developer","Option":"Write"},{"CIMType":"String","Description":"The more information Url.","Name":"InformationUrl","Option":"Write"},{"CIMType":"Boolean","Description":"The value indicating whether the app is marked as featured by the admin.","Name":"IsFeatured","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphMimeContent","Description":"The large icon, to be displayed in the app details and used for upload of the icon.","Name":"LargeIcon","Option":"Write"},{"CIMType":"String","Description":"Notes for the app.","Name":"Notes","Option":"Write"},{"CIMType":"String","Description":"The owner of the app.","Name":"Owner","Option":"Write"},{"CIMType":"String","Description":"The privacy statement Url.","Name":"PrivacyInformationUrl","Option":"Write"},{"CIMType":"String","Description":"The publisher of the app.","Name":"Publisher","Option":"Write"},{"CIMType":"MSFT_DeviceManagementMobileAppCategory[]","Description":"The list of categories for this app.","Name":"Categories","Option":"Write"},{"CIMType":"String[]","Description":"List of scope tag ids for this mobile app.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"MSFT_DeviceManagementWingetMobileAppAssignment[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Mobile Apps Microsoft Store App for Windows10 (new experience)"},{"ClassName":"MSFT_DeviceManagementStoreMobileAppAssignmentSettings","Parameters":[{"CIMType":"String","Description":"Display name or Id of the VPN configuration profile associated with this policy.","Name":"vpnConfigurationId","Option":"Write"},{"CIMType":"Boolean","Description":"When TRUE, indicates that the app should be uninstalled when the device is removed from Intune. When FALSE, indicates that the app will not be uninstalled when the device is removed from Intune. By default, property is set to null which internally is treated as TRUE.","Name":"uninstallOnDeviceRemoval","Option":"Write"},{"CIMType":"Boolean","Description":"When TRUE, indicates that the app can be uninstalled by the user. When FALSE, indicates that the app cannot be uninstalled by the user. By default, this property is set to null which internally is treated as TRUE.","Name":"isRemovable","Option":"Write"},{"CIMType":"Boolean","Description":"When TRUE, indicates that the app should not be backed up to iCloud. When FALSE, indicates that the app may be backed up to iCloud. By default, this property is set to null which internally is treated as FALSE.","Name":"preventManagedAppBackup","Option":"Write"}],"Description":"Intune Mobile Apps Store App for Android and iOS"},{"ClassName":"MSFT_DeviceManagementStoreMobileAppAssignment","Parameters":[{"CIMType":"MSFT_DeviceManagementStoreMobileAppAssignmentSettings","Description":"The settings of the assignment.","Name":"assignmentSettings","Option":"Write"}],"Description":"Intune Mobile Apps Store App for Android and iOS"},{"ClassName":"MSFT_IntuneMobileAppsStoreApp","Parameters":[{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"The admin provided or imported title of the app.","Name":"DisplayName","Option":"Key"},{"CIMType":"MSFT_MicrosoftGraphiosDeviceType","Description":"The architecture for which this app can run on. Only applicable for the 'iOS' TargetPlatform.","Name":"ApplicableDeviceType","Option":"Write"},{"CIMType":"String","Description":"The App Store URL. Cannot be changed after creation.","Name":"AppStoreUrl","Option":"Write"},{"CIMType":"String","Description":"The Identity Name. Only applicable for the 'iOS' TargetPlatform.","Name":"BundleId","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphMinimumOperatingSystem","Description":"The value for the minimum applicable operating system.","Name":"MinimumSupportedOperatingSystem","Option":"Write"},{"CIMType":"String","Description":"The description of the app.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"The developer of the app.","Name":"Developer","Option":"Write"},{"CIMType":"String","Description":"The more information Url.","Name":"InformationUrl","Option":"Write"},{"CIMType":"Boolean","Description":"The value indicating whether the app is marked as featured by the admin.","Name":"IsFeatured","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphMimeContent","Description":"The large icon, to be displayed in the app details and used for upload of the icon.","Name":"LargeIcon","Option":"Write"},{"CIMType":"String","Description":"Notes for the app.","Name":"Notes","Option":"Write"},{"CIMType":"String","Description":"The owner of the app.","Name":"Owner","Option":"Write"},{"CIMType":"String","Description":"The privacy statement Url.","Name":"PrivacyInformationUrl","Option":"Write"},{"CIMType":"String","Description":"The publisher of the app.","Name":"Publisher","Option":"Write"},{"CIMType":"String[]","Description":"List of scope tag ids for this mobile app.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"String","Description":"The target platform of the mobile app.","Name":"TargetPlatform","Option":"Required","ValueMap":["android","ios"],"Values":["android","ios"]},{"CIMType":"MSFT_DeviceManagementMobileAppCategory[]","Description":"The list of categories for this app.","Name":"Categories","Option":"Write"},{"CIMType":"MSFT_DeviceManagementStoreMobileAppAssignment[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Mobile Apps Store App for Android and iOS"},{"ClassName":"MSFT_IntuneMobileAppsSystemAppAndroid","Parameters":[{"CIMType":"String","Description":"The app identifier. Cannot be changed after creation.","Name":"AppIdentifier","Option":"Required"},{"CIMType":"String","Description":"The admin provided or imported title of the app.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"The publisher of the app.","Name":"Publisher","Option":"Required"},{"CIMType":"String[]","Description":"List of scope tag ids for this mobile app.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"MSFT_DeviceManagementMobileAppAssignment[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Mobile Apps System App for Android"},{"ClassName":"MSFT_IntuneMobileAppsWebLink","Parameters":[{"CIMType":"String","Description":"The admin provided or imported title of the app.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"The description of the app.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"The developer of the app.","Name":"Developer","Option":"Write"},{"CIMType":"String","Description":"The more information Url.","Name":"InformationUrl","Option":"Write"},{"CIMType":"Boolean","Description":"The value indicating whether the app is marked as featured by the admin.","Name":"IsFeatured","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphmimeContent","Description":"The large icon, to be displayed in the app details and used for upload of the icon.","Name":"LargeIcon","Option":"Write"},{"CIMType":"String","Description":"Notes for the app.","Name":"Notes","Option":"Write"},{"CIMType":"String","Description":"The owner of the app.","Name":"Owner","Option":"Write"},{"CIMType":"String","Description":"The privacy statement Url.","Name":"PrivacyInformationUrl","Option":"Write"},{"CIMType":"String","Description":"The publisher of the app.","Name":"Publisher","Option":"Write"},{"CIMType":"MSFT_DeviceManagementMobileAppCategory[]","Description":"The list of categories for this app.","Name":"Categories","Option":"Write"},{"CIMType":"String[]","Description":"List of scope tag ids for this mobile app.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"MSFT_DeviceManagementMobileAppAssignment[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"},{"CIMType":"String","Description":"The target type of the web link.","Name":"TargetType","Option":"Required","ValueMap":["iosiPadOSWebClip","macOSWebClip","webApp","windowsWebApp"],"Values":["iosiPadOSWebClip","macOSWebClip","webApp","windowsWebApp"]},{"CIMType":"String","Description":"Indicates the web app URL. Example: 'https://www.contoso.com'. Cannot be updated after creation.","Name":"AppUrl","Option":"Write"},{"CIMType":"Boolean","Description":"Whether or not to use managed browser (on iOS it's Microsoft Edge). This property is only applicable 'webApp' and 'iosiPadOSWebClip' target type.","Name":"UseManagedBrowser","Option":"Write"},{"CIMType":"Boolean","Description":"Whether or not to open the web clip as a full-screen web app. Defaults to false. If TRUE, opens the web clip as a full-screen web app. If FALSE, the web clip opens inside of another app such as Safary or the app specified with targetApplicationBundleIdentifier. Only applicable for the 'iosiPadOSWebClip' and 'macOSWebClip' target type.","Name":"FullScreenEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"Whether or not the icon for the app is precomosed. Defaults to false. If TRUE, prevents SpringBoard from adding 'shine' to the icon. If FALSE, SpringBoard can add 'shine'. Only applicable for the 'iosiPadOSWebClip' and 'macOSWebClip' target type.","Name":"PreComposedIconEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"Whether or not a full screen web clip can navigate to an external web site without showing the Safari UI. Defaults to false. If FALSE, the Safari UI appears when navigating away. If TRUE, the Safari UI will not be shown. Only applicable for the 'iosiPadOSWebClip' target type.","Name":"IgnoreManifestScope","Option":"Write"},{"CIMType":"String","Description":"Specifies the application bundle identifier which opens the URL. Available in iOS 14 and later. Only applicable for the 'iosiPadOSWebClip' target type.","Name":"TargetApplicationBundleIdentifier","Option":"Write"}],"Description":"Intune Mobile Apps Web Link for the iOS, MacOS, Windows and general platform."},{"ClassName":"MSFT_DeviceManagementWin32MobileAppAssignmentSettingsRestartSettings","Parameters":[{"CIMType":"SInt32","Description":"The number of minutes to wait before restarting the device after an app installation.","Name":"countdownDisplayBeforeRestartInMinutes","Option":"Write"},{"CIMType":"SInt32","Description":"The number of minutes before the restart time to display the countdown dialog for pending restarts.","Name":"gracePeriodInMinutes","Option":"Write"},{"CIMType":"SInt32","Description":"The number of minutes to snooze the restart notification dialog when the snooze button is selected.","Name":"restartNotificationSnoozeDurationInMinutes","Option":"Write"}],"Description":"Intune Mobile Apps Win32 App for Windows10"},{"ClassName":"MSFT_DeviceManagementWin32MobileAppAssignmentSettingsAutoUpdateSettings","Parameters":[{"CIMType":"String","Description":"The auto-update superseded apps setting for the app assignment. Possible values are notConfigured and enabled. Default value is notConfigured.","Name":"autoUpdateSupersededAppsState","Option":"Write","ValueMap":["enabled","notConfigured"],"Values":["enabled","notConfigured"]}],"Description":"Intune Mobile Apps Win32 App for Windows10"},{"ClassName":"MSFT_DeviceManagementWin32MobileAppAssignmentSettingsInstallTimeSettings","Parameters":[{"CIMType":"Boolean","Description":"Whether the local device time or UTC time should be used when determining the available and deadline times.","Name":"useLocalTime","Option":"Write"},{"CIMType":"String","Description":"The time at which the app should be available for installation.","Name":"startDateTime","Option":"Write"},{"CIMType":"String","Description":"The time at which the app should be installed.","Name":"deadlineDateTime","Option":"Write"}],"Description":"Intune Mobile Apps Win32 App for Windows10"},{"ClassName":"MSFT_DeviceManagementWin32MobileAppAssignmentSettings","Parameters":[{"CIMType":"MSFT_DeviceManagementWin32MobileAppAssignmentSettingsAutoUpdateSettings","Description":"The auto-update settings to apply for this app assignment.","Name":"autoUpdateSettings","Option":"Write"},{"CIMType":"String","Description":"The delivery optimization priority for this app assignment. This setting is not supported in National Cloud environments. Possible values are: notConfigured, foreground.","Name":"deliveryOptimizationPriority","Option":"Write","ValueMap":["foreground","notConfigured"],"Values":["foreground","notConfigured"]},{"CIMType":"MSFT_DeviceManagementWin32MobileAppAssignmentSettingsInstallTimeSettings","Description":"The install time settings to apply for this app assignment.","Name":"installTimeSettings","Option":"Write"},{"CIMType":"String","Description":"The notification status for this app assignment. Possible values are: showAll, showReboot, hideAll.","Name":"notifications","Option":"Write","ValueMap":["showAll","showReboot","hideAll"],"Values":["showAll","showReboot","hideAll"]},{"CIMType":"MSFT_DeviceManagementWin32MobileAppAssignmentSettingsRestartSettings","Description":"The reboot settings to apply for this app assignment.","Name":"restartSettings","Option":"Write"}],"Description":"Intune Mobile Apps Win32 App for Windows10"},{"ClassName":"MSFT_DeviceManagementWin32MobileAppAssignment","Parameters":[{"CIMType":"MSFT_DeviceManagementWin32MobileAppAssignmentSettings","Description":"The settings of the assignment.","Name":"assignmentSettings","Option":"Write"}],"Description":"Intune Mobile Apps Win32 App for Windows10"},{"ClassName":"MSFT_MicrosoftGraphWin32LobAppRule","Parameters":[{"CIMType":"String","Description":"The provider rule type. Possible values are: FileSystem, PowerShellScript, Registry","Name":"OdataType","Option":"Required","ValueMap":["FileSystem","PowerShellScript","ProductCode","Registry"],"Values":["FileSystem","PowerShellScript","ProductCode","Registry"]},{"CIMType":"String","Description":"The type of rule. Possible values are: Detection, Requirement","Name":"RuleType","Option":"Required","ValueMap":["Detection","Requirement"],"Values":["Detection","Requirement"]},{"CIMType":"String","Description":"The value to compare. Not applicable for the 'ProductCode' odata type.","Name":"ComparisonValue","Option":"Write"},{"CIMType":"Boolean","Description":"A value indicating whether to checking 32-bit on 64-bit system. Only applicable for the 'FileSystem' and 'Registry' odata type.","Name":"Check32BitOn64System","Option":"Write"},{"CIMType":"String","Description":"The file or folder path to detect Win32 Line of Business (LoB) app. Only applicable for the 'FileSystem' odata type.","Name":"Path","Option":"Write"},{"CIMType":"String","Description":"The file or folder name to detect Win32 Line of Business (LoB) app. Only applicable for the 'FileSystem' odata type.","Name":"FileOrFolderName","Option":"Write"},{"CIMType":"String","Description":"The file system comparison operator type. Only applicable for the 'FileSystem' odata type. Possible values are: notConfigured, exists, modifiedDate, createdDate, version, sizeInMB, doesNotExist, sizeInBytes, appVersion.","Name":"FileSystemOperationType","Option":"Write","ValueMap":["notConfigured","exists","modifiedDate","createdDate","version","sizeInMB","doesNotExist","sizeInBytes","appVersion"],"Values":["notConfigured","exists","modifiedDate","createdDate","version","sizeInMB","doesNotExist","sizeInBytes","appVersion"]},{"CIMType":"String","Description":"The display name for the rule. Do not specify this value if the rule is used for detection.","Name":"DisplayName","Option":"Write"},{"CIMType":"Boolean","Description":"A value indicating whether signature check is enforced. Only Applicable for the 'PowerShellScript' odata type.","Name":"EnforceSignatureCheck","Option":"Write"},{"CIMType":"Boolean","Description":"A value indicating whether this script should run as 32-bit. Only Applicable for the 'PowerShellScript' odata type.","Name":"RunAs32Bit","Option":"Write"},{"CIMType":"String","Description":"Indicates the type of execution context the script runs in. Only Applicable for the 'PowerShellScript' odata type. Possible values are: system, user.","Name":"RunAsAccount","Option":"Write","ValueMap":["system","user"],"Values":["system","user"]},{"CIMType":"String","Description":"The PowerShell script. Only Applicable for the 'PowerShellScript' odata type.","Name":"Script","Option":"Write"},{"CIMType":"String","Description":"The comparison operator type for script output. Only Applicable for the 'PowerShellScript' odata type. Possible values are: notConfigured, string, dateTime, integer, float, version, boolean.","Name":"PowerShellScriptOperationType","Option":"Write","ValueMap":["notConfigured","string","dateTime","integer","float","version","boolean"],"Values":["notConfigured","string","dateTime","integer","float","version","boolean"]},{"CIMType":"String","Description":"The product code of Win32 Line of Business (LoB) app.","Name":"ProductCode","Option":"Write"},{"CIMType":"String","Description":"The product version of Win32 Line of Business (LoB) app.","Name":"ProductVersion","Option":"Write"},{"CIMType":"String","Description":"The registry key path to detect Win32 Line of Business (LoB) app.","Name":"KeyPath","Option":"Write"},{"CIMType":"String","Description":"The registry value name.","Name":"ValueName","Option":"Write"},{"CIMType":"String","Description":"The registry data comparison operator type. Only applicable for the 'Registry' odata type. Possible values are: notConfigured, exists, doesNotExist, string, integer, version.","Name":"RegistryOperationType","Option":"Write","ValueMap":["notConfigured","exists","doesNotExist","string","integer","version"],"Values":["notConfigured","exists","doesNotExist","string","integer","version"]}],"Description":"Intune Mobile Apps Win32 App for Windows10"},{"ClassName":"MSFT_MicrosoftGraphWin32LobAppInstallExperience","Parameters":[{"CIMType":"String","Description":"Indicates the type of execution context the app runs in. Possible values are: system, user.","Name":"RunAsAccount","Option":"Write","ValueMap":["system","user"],"Values":["system","user"]},{"CIMType":"SInt32","Description":"The number of minutes the system will wait for install program to finish. Default value is 60 minutes.","Name":"MaxRunTimeInMinutes","Option":"Write"},{"CIMType":"String","Description":"Device restart behavior. Possible values are: basedOnReturnCode, allow, suppress, force.","Name":"DeviceRestartBehavior","Option":"Write","ValueMap":["basedOnReturnCode","allow","suppress","force"],"Values":["basedOnReturnCode","allow","suppress","force"]}],"Description":"Intune Mobile Apps Win32 App for Windows10"},{"ClassName":"MSFT_MicrosoftGraphWin32LobAppReturnCode","Parameters":[{"CIMType":"SInt32","Description":"Return code.","Name":"ReturnCode","Option":"Write"},{"CIMType":"String","Description":"The type of return code. Possible values are: failed, success, softReboot, hardReboot, retry.","Name":"Type","Option":"Write","ValueMap":["failed","success","softReboot","hardReboot","retry"],"Values":["failed","success","softReboot","hardReboot","retry"]}],"Description":"Intune Mobile Apps Win32 App for Windows10"},{"ClassName":"MSFT_MicrosoftGraphWin32LobAppMsiInformation","Parameters":[{"CIMType":"String","Description":"The MSI product code.","Name":"ProductCode","Option":"Write"},{"CIMType":"String","Description":"The MSI product version.","Name":"ProductVersion","Option":"Write"},{"CIMType":"String","Description":"The MSI upgrade code.","Name":"UpgradeCode","Option":"Write"},{"CIMType":"Boolean","Description":"Whether the MSI app requires the machine to reboot to complete installation.","Name":"RequiresReboot","Option":"Write"},{"CIMType":"String","Description":"The MSI package type. Possible values are: perMachine, perUser, dualPurpose.","Name":"PackageType","Option":"Write","ValueMap":["perMachine","perUser","dualPurpose"],"Values":["perMachine","perUser","dualPurpose"]},{"CIMType":"String","Description":"The MSI product name.","Name":"ProductName","Option":"Write"},{"CIMType":"String","Description":"The MSI publisher","Name":"Publisher","Option":"Write"}],"Description":"Intune Mobile Apps Win32 App for Windows10"},{"ClassName":"MSFT_IntuneMobileAppsWin32AppWindows10","Parameters":[{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"The admin provided or imported title of the app.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"The description of the app.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"The developer of the app.","Name":"Developer","Option":"Write"},{"CIMType":"String","Description":"The more information Url.","Name":"InformationUrl","Option":"Write"},{"CIMType":"Boolean","Description":"The value indicating whether the app is marked as featured by the admin.","Name":"IsFeatured","Option":"Write"},{"CIMType":"MSFT_DeviceManagementMimeContent","Description":"The large icon, to be displayed in the app details and used for upload of the icon.","Name":"LargeIcon","Option":"Write"},{"CIMType":"String","Description":"Notes for the app.","Name":"Notes","Option":"Write"},{"CIMType":"String","Description":"The owner of the app.","Name":"Owner","Option":"Write"},{"CIMType":"String","Description":"The privacy statement Url.","Name":"PrivacyInformationUrl","Option":"Write"},{"CIMType":"String","Description":"The publisher of the app.","Name":"Publisher","Option":"Write"},{"CIMType":"String","Description":"The file name of the app. Required for creating the resource.","Name":"FileName","Option":"Write"},{"CIMType":"String[]","Description":"List of scope tag ids for this mobile app.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"MSFT_DeviceManagementMobileAppCategory[]","Description":"The list of categories for this app.","Name":"Categories","Option":"Write"},{"CIMType":"String","Description":"Indicates the command line to install this app. Used to install the Win32 app. Example: msiexec /i 'Orca.Msi' /qn.","Name":"InstallCommandLine","Option":"Write"},{"CIMType":"String","Description":"Indicates the command line to uninstall this app. Used to uninstall the app. Example: msiexec /x '{85F4CBCB-9BBC-4B50-A7D8-E1106771498D}' /qn.","Name":"UninstallCommandLine","Option":"Write"},{"CIMType":"String[]","Description":"Indicates the Windows architecture(s) this app should be installed on. The app will be treated as not applicable for devices with architectures not matching the selected value. The value 'none' cannot be combined with other values.","Name":"AllowedArchitectures","Option":"Write","ValueMap":["none","x86","x64","arm64"],"Values":["none","x86","x64","arm64"]},{"CIMType":"SInt32","Description":"Indicates the value for the minimum free disk space which is required to install this app.","Name":"MinimumFreeDiskSpaceInMB","Option":"Write"},{"CIMType":"SInt32","Description":"Indicates the value for the minimum physical memory which is required to install this app.","Name":"MinimumMemoryInMB","Option":"Write"},{"CIMType":"SInt32","Description":"Indicates the value for the minimum number of processors which is required to install this app.","Name":"MinimumNumberOfProcessors","Option":"Write"},{"CIMType":"SInt32","Description":"Indicates the value for the minimum CPU speed which is required to install this app.","Name":"MinimumCpuSpeedInMHz","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphWin32LobAppRule[]","Description":"Indicates the detection and requirement rules for this app.","Name":"Rules","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphWin32LobAppInstallExperience","Description":"Indicates the install experience for this app.","Name":"InstallExperience","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphWin32LobAppReturnCode[]","Description":"Indicates the return codes for post installation behavior.","Name":"ReturnCodes","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphWin32LobAppMsiInformation","Description":"Indicates the MSI details if this Win32 app is an MSI app.","Name":"MsiInformation","Option":"Write"},{"CIMType":"String","Description":"Indicates the relative path of the setup file in the encrypted Win32LobApp package.","Name":"SetupFilePath","Option":"Write"},{"CIMType":"String","Description":"Indicates the value for the minimum supported windows release. Format for Windows 10: <VersionNumber>, e.g. '1709' or '20H2'. For Windows 11: 'Windows11_<VersionNumber>', e.g. 'Windows11_21H2'","Name":"MinimumSupportedWindowsRelease","Option":"Write"},{"CIMType":"String","Description":"Indicates the version displayed in the UX for this app. Used to set the version of the app. Example: 1.0.3.215.","Name":"DisplayVersion","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether the uninstall is supported from the company portal for the Win32 app with an available assignment. When TRUE, indicates that uninstall is supported from the company portal for the Windows app (Win32) with an available assignment. When FALSE, indicates that uninstall is not supported for the Windows app (Win32) with an Available assignment.","Name":"AllowAvailableUninstall","Option":"Write"},{"CIMType":"MSFT_DeviceManagementWin32MobileAppAssignment[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Mobile Apps Win32 App for Windows10"},{"ClassName":"MSFT_DeviceManagementMobileAppExcludedApp","Parameters":[{"CIMType":"Boolean","Description":"Specifies whether to exclude Microsoft Office Access from the installation.","Name":"Access","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies whether to exclude Microsoft Search (Bing) as the default from the installation.","Name":"Bing","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies whether to exclude Microsoft Office Excel from the installation.","Name":"Excel","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies whether to exclude Microsoft Office OneDrive for Business (Groove) from the installation.","Name":"Groove","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies whether to exclude Microsoft Office InfoPath from the installation.","Name":"InfoPath","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies whether to exclude Microsoft Office Skype for Business (Lync) from the installation.","Name":"Lync","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies whether to exclude Microsoft Office OneDrive from the installation.","Name":"OneDrive","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies whether to exclude Microsoft Office OneNote from the installation.","Name":"OneNote","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies whether to exclude Microsoft Office Outlook from the installation.","Name":"Outlook","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies whether to exclude Microsoft Office PowerPoint from the installation.","Name":"PowerPoint","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies whether to exclude Microsoft Office Publisher from the installation.","Name":"Publisher","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies whether to exclude Microsoft Office SharePoint Designer from the installation.","Name":"SharePointDesigner","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies whether to exclude Microsoft Office Teams from the installation.","Name":"Teams","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies whether to exclude Microsoft Office Visio from the installation.","Name":"Visio","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies whether to exclude Microsoft Office Word from the installation.","Name":"Word","Option":"Write"}],"Description":"This resource configures an Intune mobile app of OfficeSuiteApp type for Windows devices."},{"ClassName":"MSFT_IntuneMobileAppsWindowsOfficeSuiteApp","Parameters":[{"CIMType":"String","Description":"The admin provided or imported title of the app. Inherited from mobileApp.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only. Inherited from mobileApp object.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"The description of the app. Inherited from mobileApp.","Name":"Description","Option":"Write"},{"CIMType":"Boolean","Description":"The value indicating whether the app is marked as featured by the admin. Inherited from mobileApp.","Name":"IsFeatured","Option":"Write"},{"CIMType":"String","Description":"The privacy statement Url. Inherited from mobileApp.","Name":"PrivacyInformationUrl","Option":"Write"},{"CIMType":"String","Description":"The InformationUrl of the app. Inherited from mobileApp.","Name":"InformationUrl","Option":"Write"},{"CIMType":"String","Description":"Notes for the app. Inherited from mobileApp.","Name":"Notes","Option":"Write"},{"CIMType":"String[]","Description":"List of Scope Tag IDs for mobile app.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies if the EULA is accepted automatically on the end user's device.","Name":"AutoAcceptEula","Option":"Write"},{"CIMType":"String[]","Description":"The Product IDs that represent the Office 365 Suite SKU, such as 'O365ProPlusRetail' or 'VisioProRetail'.","Name":"ProductIds","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether shared computer activation is used for Office installations.","Name":"UseSharedComputerActivation","Option":"Write"},{"CIMType":"String","Description":"Specifies the update channel for the Office 365 app suite, such as 'Current' or 'Deferred'.","Name":"UpdateChannel","Option":"Write"},{"CIMType":"String","Description":"Specifies the default file format type for Office apps, such as 'OfficeOpenXMLFormat' or 'OfficeOpenDocumentFormat'.","Name":"OfficeSuiteAppDefaultFileFormat","Option":"Write"},{"CIMType":"String","Description":"The architecture of the Office installation (e.g., 'X86', 'X64', or 'Arm64'). Cannot be changed after creation.","Name":"OfficePlatformArchitecture","Option":"Write"},{"CIMType":"String[]","Description":"Specifies the locales to be installed when the Office 365 apps are deployed. Uses the standard RFC 5646 format (e.g., 'en-US', 'fr-FR').","Name":"LocalesToInstall","Option":"Write"},{"CIMType":"String","Description":"Specifies the display level of the installation progress for Office apps. Use 'Full' to display the installation UI, or 'None' for a silent installation.","Name":"InstallProgressDisplayLevel","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether older versions of Office should be uninstalled when deploying the Office 365 app suite.","Name":"ShouldUninstallOlderVersionsOfOffice","Option":"Write"},{"CIMType":"String","Description":"The specific target version of the Office 365 app suite to be deployed.","Name":"TargetVersion","Option":"Write"},{"CIMType":"String","Description":"The update version in which the target version is available for the Office 365 app suite.","Name":"UpdateVersion","Option":"Write"},{"CIMType":"String","Description":"A base64-encoded XML configuration file that specifies Office ProPlus installation settings. Takes precedence over all other properties. When present, this XML file will be used to create the app.","Name":"OfficeConfigurationXml","Option":"Write"},{"CIMType":"MSFT_DeviceManagementMobileAppCategory[]","Description":"The list of categories for this app.","Name":"Categories","Option":"Write"},{"CIMType":"MSFT_DeviceManagementMobileAppAssignment[]","Description":"The list of assignments for this app.","Name":"Assignments","Option":"Write"},{"CIMType":"MSFT_DeviceManagementMobileAppExcludedApp","Description":"The property that represents the apps excluded from the selected Office 365 Product ID.","Name":"ExcludedApps","Option":"Write"},{"CIMType":"String","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures an Intune mobile app of OfficeSuiteApp type for Windows devices."},{"ClassName":"MSFT_IntuneMobileThreatDefenseConnector","Parameters":[{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Key"},{"CIMType":"String","Description":"The DisplayName of the Mobile Threat Defense Connector partner. NOTE: Hard coded for convenience, not returned by the Graph API.","Name":"DisplayName","Option":"Write"},{"CIMType":"Boolean","Description":"When TRUE, indicates the Mobile Threat Defense partner may collect metadata about installed applications from Intune for IOS devices. When FALSE, indicates the Mobile Threat Defense partner may not collect metadata about installed applications from Intune for IOS devices. Default value is FALSE.","Name":"AllowPartnerToCollectIosApplicationMetadata","Option":"Write"},{"CIMType":"Boolean","Description":"When TRUE, indicates the Mobile Threat Defense partner may collect metadata about personally installed applications from Intune for IOS devices. When FALSE, indicates the Mobile Threat Defense partner may not collect metadata about personally installed applications from Intune for IOS devices. Default value is FALSE.","Name":"AllowPartnerToCollectIosPersonalApplicationMetadata","Option":"Write"},{"CIMType":"Boolean","Description":"For Android, set whether Intune must receive data from the Mobile Threat Defense partner prior to marking a device compliant.","Name":"AndroidDeviceBlockedOnMissingPartnerData","Option":"Write"},{"CIMType":"Boolean","Description":"For Android, set whether data from the Mobile Threat Defense partner should be used during compliance evaluations.","Name":"AndroidEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"When TRUE, indicates that data from the Mobile Threat Defense partner can be used during Mobile Application Management (MAM) evaluations for Android devices. When FALSE, indicates that data from the Mobile Threat Defense partner should not be used during Mobile Application Management (MAM) evaluations for Android devices. Only one partner per platform may be enabled for Mobile Application Management (MAM) evaluation. Default value is FALSE.","Name":"AndroidMobileApplicationManagementEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"For IOS, set whether Intune must receive data from the Mobile Threat Defense partner prior to marking a device compliant.","Name":"IosDeviceBlockedOnMissingPartnerData","Option":"Write"},{"CIMType":"Boolean","Description":"For IOS, get or set whether data from the Mobile Threat Defense partner should be used during compliance evaluations.","Name":"IosEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"When TRUE, indicates that data from the Mobile Threat Defense partner can be used during Mobile Application Management (MAM) evaluations for IOS devices. When FALSE, indicates that data from the Mobile Threat Defense partner should not be used during Mobile Application Management (MAM) evaluations for IOS devices. Only one partner per platform may be enabled for Mobile Application Management (MAM) evaluation. Default value is FALSE.","Name":"IosMobileApplicationManagementEnabled","Option":"Write"},{"CIMType":"DateTime","Description":"DateTime of last Heartbeat received from the Mobile Threat Defense partner.","Name":"LastHeartbeatDateTime","Option":"Write"},{"CIMType":"Boolean","Description":"When TRUE, indicates that configuration profile management via Microsoft Defender for Endpoint is enabled. When FALSE, inidicates that configuration profile management via Microsoft Defender for Endpoint is disabled. Default value is FALSE.","Name":"MicrosoftDefenderForEndpointAttachEnabled","Option":"Write"},{"CIMType":"String","Description":"Partner state of this tenant.","Name":"PartnerState","Option":"Write"},{"CIMType":"Uint32","Description":"Get or Set days the per tenant tolerance to unresponsiveness for this partner integration.","Name":"PartnerUnresponsivenessThresholdInDays","Option":"Write"},{"CIMType":"Boolean","Description":"Get or set whether to block devices on the enabled platforms that do not meet the minimum version requirements of the Mobile Threat Defense partner.","Name":"PartnerUnsupportedOSVersionBlocked","Option":"Write"},{"CIMType":"Boolean","Description":"When TRUE, indicates that Intune must receive data from the Mobile Threat Defense partner prior to marking a device compliant for Windows. When FALSE, indicates that Intune may make a device compliant without receiving data from the Mobile Threat Defense partner for Windows. Default value is FALSE.","Name":"WindowsDeviceBlockedOnMissingPartnerData","Option":"Write"},{"CIMType":"Boolean","Description":"When TRUE, indicates that data from the Mobile Threat Defense partner can be used during compliance evaluations for Windows. When FALSE, it indicates that data from the Mobile Threat Defense partner should not be used during compliance evaluations for Windows. Default value is FALSE.","Name":"WindowsEnabled","Option":"Write"},{"CIMType":"string","Description":"Present ensures the instance exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures a connection to Mobile Threat Defense partner."},{"ClassName":"MSFT_DeviceManagementConfigurationPolicyItems","Parameters":[{"CIMType":"String","Description":"The type of policy the item represents.","Name":"dataType","Option":"Write"},{"CIMType":"String","Description":"The group Id of the policy the item represents.","Name":"payloadId","Option":"Write"},{"CIMType":"String","Description":"The collection display name of the policy the item represents","Name":"displayName","Option":"Key"},{"CIMType":"String","Description":"The type of policy the item represents.","Name":"itemType","Option":"Write"},{"CIMType":"String[]","Description":"Tags of the guided deployment","Name":"guidedDeploymentTags","Option":"Write"}],"Description":"Intune Policy Sets"},{"ClassName":"MSFT_IntunePolicySets","Parameters":[{"CIMType":"String","Description":"Description of the PolicySet.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"DisplayName of the PolicySet.","Name":"DisplayName","Option":"Key"},{"CIMType":"String[]","Description":"Tags of the guided deployment","Name":"GuidedDeploymentTags","Option":"Write"},{"CIMType":"String[]","Description":"RoleScopeTags of the PolicySet","Name":"RoleScopeTags","Option":"Write"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyItems[]","Description":"Represents the assignment to the Intune policy.","Name":"Items","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Policy Sets"},{"ClassName":"MSFT_IntuneRoleAssignment","Parameters":[{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"Description of the Role Assignment.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"The display or friendly name of the role Assignment.","Name":"DisplayName","Option":"Key"},{"CIMType":"String[]","Description":"List of ids of role scope member security groups. These are IDs from Azure Active Directory. Ignored if ScopeType is not 'ResourceScope'","Name":"ResourceScopes","Option":"Write"},{"CIMType":"String[]","Description":"List of DisplayName of role scope member security groups. These are Displayname from Azure Active Directory. Ignored if ScopeType is not 'ResourceScope'","Name":"ResourceScopesDisplayNames","Option":"Write"},{"CIMType":"String","Description":"Specifies the type of scope for a Role Assignment. Default type 'ResourceScope' allows assignment of ResourceScopes. Possible values are: resourceScope, allDevices, allLicensedUsers, allDevicesAndLicensedUsers.","Name":"ScopeType","Option":"Write"},{"CIMType":"String[]","Description":"The list of ids of role member security groups. These are IDs from Azure Active Directory.","Name":"Members","Option":"Write"},{"CIMType":"String[]","Description":"The list of Displaynames of role member security groups. These are Displaynamnes from Azure Active Directory.","Name":"MembersDisplayNames","Option":"Write"},{"CIMType":"String","Description":"The Role Definition Id.","Name":"RoleDefinition","Option":"Write"},{"CIMType":"String","Description":"The Role Definition Displayname.","Name":"RoleDefinitionDisplayName","Option":"Write"},{"CIMType":"string","Description":"Present ensures the Role exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Intune Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures an Intune Role Assignment."},{"ClassName":"MSFT_IntuneRoleAssignmentWindows365","Parameters":[{"CIMType":"String[]","Description":"Ids of the app specific scopes when the assignment scopes are app specific. The scopes of an assignment determine the set of resources for which the principal has access.","Name":"AppScopeIds","Option":"Write"},{"CIMType":"String","Description":"Description of the role assignment.","Name":"Description","Option":"Write"},{"CIMType":"String[]","Description":"Display Names of the groups that represent the scopes of the assignment.","Name":"DirectoryScopes","Option":"Write"},{"CIMType":"String","Description":"Name of the role assignment. Required.","Name":"DisplayName","Option":"Key"},{"CIMType":"String[]","Description":"Display name of the principals to which the assignment is granted.","Name":"Principals","Option":"Write"},{"CIMType":"String","Description":"Display name of the IntuneRoleDefinitionWindows365 the assignment is for.","Name":"RoleDefinition","Option":"Required"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Role Assignment Windows365\n\n**Please note:** Once a Role Assignment is created, the role of the assignment cannot be changed.\nIf you want to deploy a new assignment with the same name for another role definition, you must first remove the old assignment (`Ensure` = `Absent`) and then create a new one with the updated `RoleDefinition` property."},{"ClassName":"MSFT_IntuneRoleDefinition","Parameters":[{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"Description of the Role definition.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Display Name of the Role definition.","Name":"DisplayName","Option":"Key"},{"CIMType":"Boolean","Description":"Type of Role. Set to True if it is built-in, or set to False if it is a custom role definition.","Name":"IsBuiltIn","Option":"Write"},{"CIMType":"String[]","Description":"List of allowed resource actions","Name":"allowedResourceActions","Option":"Write"},{"CIMType":"String[]","Description":"List of not allowed resource actions","Name":"notAllowedResourceActions","Option":"Write"},{"CIMType":"String[]","Description":"Id of the Scope Tags to assign","Name":"roleScopeTagIds","Option":"Write"},{"CIMType":"string","Description":"Present ensures the Role exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Intune Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures an Intune Role Definition."},{"ClassName":"MSFT_MicrosoftGraphUnifiedRolePermission","Parameters":[{"CIMType":"String[]","Description":"Set of tasks that can be performed on a resource.","Name":"AllowedResourceActions","Option":"Write"}],"Description":"Intune Role Definition Windows365\n\n**Please note:** Built-in policies cannot be created, updated or removed. They are still provided as is for tenant monitoring purposes."},{"ClassName":"MSFT_IntuneRoleDefinitionWindows365","Parameters":[{"CIMType":"String","Description":"The description for the unifiedRoleDefinition. Read-only when isBuiltIn is true.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"The display name for the Windows 365 Role Definition.","Name":"DisplayName","Option":"Key"},{"CIMType":"Boolean","Description":"Flag indicating if the unifiedRoleDefinition is part of the default set included with the product or custom. Read-only.  Supports $filter (eq).","Name":"IsBuiltIn","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphunifiedRolePermission[]","Description":"List of permissions included in the role. Read-only when isBuiltIn is true. Required.","Name":"RolePermissions","Option":"Write"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Role Definition Windows365\n\n**Please note:** Built-in policies cannot be created, updated or removed. They are still provided as is for tenant monitoring purposes."},{"ClassName":"MSFT_IntuneRoleScopeTag","Parameters":[{"CIMType":"String","Description":"The display or friendly name of the Role Scope Tag.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"Description of the Role Scope Tag.","Name":"Description","Option":"Write"},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures an Intune Role Scope Tag"},{"ClassName":"MSFT_MicrosoftGraphIntuneSettingsCatalogDeviceSettings_IntuneSecurityBaselineDefenderForEndpoint","Parameters":[{"CIMType":"SInt32","Description":"Prevent installation of devices using drivers that match these device setup classes (0: Disabled, 1: Enabled)","Name":"DeviceInstall_Classes_Deny","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"String[]","Description":"Prevented Classes - Depends on DeviceInstall_Classes_Deny","Name":"DeviceInstall_Classes_Deny_List","Option":"Write"},{"CIMType":"SInt32","Description":"Also apply to matching devices that are already installed. - Depends on DeviceInstall_Classes_Deny (0: False, 1: True)","Name":"DeviceInstall_Classes_Deny_Retroactive","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Choose drive encryption method and cipher strength (Windows 10 [Version 1511] and later) (0: Disabled, 1: Enabled)","Name":"EncryptionMethodWithXts_Name","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"String","Description":"Select the encryption method for operating system drives: - Depends on EncryptionMethodWithXts_Name (3: AES-CBC 128-bit, 4: AES-CBC 256-bit, 6: XTS-AES 128-bit (default), 7: XTS-AES 256-bit)","Name":"EncryptionMethodWithXtsOsDropDown_Name","Option":"Write","ValueMap":["3","4","6","7"],"Values":["3","4","6","7"]},{"CIMType":"String","Description":"Select the encryption method for fixed data drives: - Depends on EncryptionMethodWithXts_Name (3: AES-CBC 128-bit, 4: AES-CBC 256-bit, 6: XTS-AES 128-bit (default), 7: XTS-AES 256-bit)","Name":"EncryptionMethodWithXtsFdvDropDown_Name","Option":"Write","ValueMap":["3","4","6","7"],"Values":["3","4","6","7"]},{"CIMType":"String","Description":"Select the encryption method for removable data drives: - Depends on EncryptionMethodWithXts_Name (3: AES-CBC 128-bit  (default), 4: AES-CBC 256-bit, 6: XTS-AES 128-bit, 7: XTS-AES 256-bit)","Name":"EncryptionMethodWithXtsRdvDropDown_Name","Option":"Write","ValueMap":["3","4","6","7"],"Values":["3","4","6","7"]},{"CIMType":"SInt32","Description":"Choose how BitLocker-protected fixed drives can be recovered (0: Disabled, 1: Enabled)","Name":"FDVRecoveryUsage_Name","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Save BitLocker recovery information to AD DS for fixed data drives - Depends on FDVRecoveryUsage_Name (0: False, 1: True)","Name":"FDVActiveDirectoryBackup_Name","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Omit recovery options from the BitLocker setup wizard - Depends on FDVRecoveryUsage_Name (0: False, 1: True)","Name":"FDVHideRecoveryPage_Name","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"String","Description":"Configure user storage of BitLocker recovery information: - Depends on FDVRecoveryUsage_Name (2: Allow 48-digit recovery password, 1: Require 48-digit recovery password, 0: Do not allow 48-digit recovery password)","Name":"FDVRecoveryPasswordUsageDropDown_Name","Option":"Write","ValueMap":["2","1","0"],"Values":["2","1","0"]},{"CIMType":"SInt32","Description":"Do not enable BitLocker until recovery information is stored to AD DS for fixed data drives - Depends on FDVRecoveryUsage_Name (0: False, 1: True)","Name":"FDVRequireActiveDirectoryBackup_Name","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow data recovery agent - Depends on FDVRecoveryUsage_Name (0: False, 1: True)","Name":"FDVAllowDRA_Name","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"String","Description":"Configure storage of BitLocker recovery information to AD DS: - Depends on FDVRecoveryUsage_Name (1: Backup recovery passwords and key packages, 2: Backup recovery passwords only)","Name":"FDVActiveDirectoryBackupDropDown_Name","Option":"Write","ValueMap":["1","2"],"Values":["1","2"]},{"CIMType":"String","Description":" - Depends on FDVRecoveryUsage_Name (2: Allow 256-bit recovery key, 1: Require 256-bit recovery key, 0: Do not allow 256-bit recovery key)","Name":"FDVRecoveryKeyUsageDropDown_Name","Option":"Write","ValueMap":["2","1","0"],"Values":["2","1","0"]},{"CIMType":"SInt32","Description":"Deny write access to fixed drives not protected by BitLocker (0: Disabled, 1: Enabled)","Name":"FDVDenyWriteAccess_Name","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Enforce drive encryption type on fixed data drives (0: Disabled, 1: Enabled)","Name":"FDVEncryptionType_Name","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"String","Description":"Select the encryption type: (Device) - Depends on FDVEncryptionType_Name (0: Allow user to choose (default), 1: Full encryption, 2: Used Space Only encryption)","Name":"FDVEncryptionTypeDropDown_Name","Option":"Write","ValueMap":["0","1","2"],"Values":["0","1","2"]},{"CIMType":"SInt32","Description":"Allow devices compliant with InstantGo or HSTI to opt out of pre-boot PIN. (0: Disabled, 1: Enabled)","Name":"EnablePreBootPinExceptionOnDECapableDevice_Name","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow enhanced PINs for startup (0: Disabled, 1: Enabled)","Name":"EnhancedPIN_Name","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Choose how BitLocker-protected operating system drives can be recovered (0: Disabled, 1: Enabled)","Name":"OSRecoveryUsage_Name","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Do not enable BitLocker until recovery information is stored to AD DS for operating system drives - Depends on OSRecoveryUsage_Name (0: False, 1: True)","Name":"OSRequireActiveDirectoryBackup_Name","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Save BitLocker recovery information to AD DS for operating system drives - Depends on OSRecoveryUsage_Name (0: False, 1: True)","Name":"OSActiveDirectoryBackup_Name","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"String","Description":"Configure user storage of BitLocker recovery information: - Depends on OSRecoveryUsage_Name (2: Allow 48-digit recovery password, 1: Require 48-digit recovery password, 0: Do not allow 48-digit recovery password)","Name":"OSRecoveryPasswordUsageDropDown_Name","Option":"Write","ValueMap":["2","1","0"],"Values":["2","1","0"]},{"CIMType":"SInt32","Description":"Omit recovery options from the BitLocker setup wizard - Depends on OSRecoveryUsage_Name (0: False, 1: True)","Name":"OSHideRecoveryPage_Name","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow data recovery agent - Depends on OSRecoveryUsage_Name (0: False, 1: True)","Name":"OSAllowDRA_Name","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"String","Description":" - Depends on OSRecoveryUsage_Name (2: Allow 256-bit recovery key, 1: Require 256-bit recovery key, 0: Do not allow 256-bit recovery key)","Name":"OSRecoveryKeyUsageDropDown_Name","Option":"Write","ValueMap":["2","1","0"],"Values":["2","1","0"]},{"CIMType":"String","Description":"Configure storage of BitLocker recovery information to AD DS: - Depends on OSRecoveryUsage_Name (1: Store recovery passwords and key packages, 2: Store recovery passwords only)","Name":"OSActiveDirectoryBackupDropDown_Name","Option":"Write","ValueMap":["1","2"],"Values":["1","2"]},{"CIMType":"SInt32","Description":"Enable use of BitLocker authentication requiring preboot keyboard input on slates (0: Disabled, 1: Enabled)","Name":"EnablePrebootInputProtectorsOnSlates_Name","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Enforce drive encryption type on operating system drives (0: Disabled, 1: Enabled)","Name":"OSEncryptionType_Name","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"String","Description":"Select the encryption type: (Device) - Depends on OSEncryptionType_Name (0: Allow user to choose (default), 1: Full encryption, 2: Used Space Only encryption)","Name":"OSEncryptionTypeDropDown_Name","Option":"Write","ValueMap":["0","1","2"],"Values":["0","1","2"]},{"CIMType":"SInt32","Description":"Require additional authentication at startup (0: Disabled, 1: Enabled)","Name":"ConfigureAdvancedStartup_Name","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"String","Description":"Configure TPM startup key: - Depends on ConfigureAdvancedStartup_Name (2: Allow startup key with TPM, 1: Require startup key with TPM, 0: Do not allow startup key with TPM)","Name":"ConfigureTPMStartupKeyUsageDropDown_Name","Option":"Write","ValueMap":["2","1","0"],"Values":["2","1","0"]},{"CIMType":"String","Description":"Configure TPM startup key and PIN: - Depends on ConfigureAdvancedStartup_Name (2: Allow startup key and PIN with TPM, 1: Require startup key and PIN with TPM, 0: Do not allow startup key and PIN with TPM)","Name":"ConfigureTPMPINKeyUsageDropDown_Name","Option":"Write","ValueMap":["2","1","0"],"Values":["2","1","0"]},{"CIMType":"String","Description":"Configure TPM startup: - Depends on ConfigureAdvancedStartup_Name (2: Allow TPM, 1: Require TPM, 0: Do not allow TPM)","Name":"ConfigureTPMUsageDropDown_Name","Option":"Write","ValueMap":["2","1","0"],"Values":["2","1","0"]},{"CIMType":"SInt32","Description":"Allow BitLocker without a compatible TPM (requires a password or a startup key on a USB flash drive) - Depends on ConfigureAdvancedStartup_Name (0: False, 1: True)","Name":"ConfigureNonTPMStartupKeyUsage_Name","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"String","Description":"Configure TPM startup PIN: - Depends on ConfigureAdvancedStartup_Name (2: Allow startup PIN with TPM, 1: Require startup PIN with TPM, 0: Do not allow startup PIN with TPM)","Name":"ConfigurePINUsageDropDown_Name","Option":"Write","ValueMap":["2","1","0"],"Values":["2","1","0"]},{"CIMType":"SInt32","Description":"Control use of BitLocker on removable drives (0: Disabled, 1: Enabled)","Name":"RDVConfigureBDE","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow users to apply BitLocker protection on removable data drives (Device) - Depends on RDVConfigureBDE (0: False, 1: True)","Name":"RDVAllowBDE_Name","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Enforce drive encryption type on removable data drives (0: Disabled, 1: Enabled)","Name":"RDVEncryptionType_Name","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"String","Description":"Select the encryption type: (Device) (0: Allow user to choose (default), 1: Full encryption, 2: Used Space Only encryption)","Name":"RDVEncryptionTypeDropDown_Name","Option":"Write","ValueMap":["0","1","2"],"Values":["0","1","2"]},{"CIMType":"SInt32","Description":"Allow users to suspend and decrypt BitLocker protection on removable data drives (Device) - Depends on RDVConfigureBDE (0: False, 1: True)","Name":"RDVDisableBDE_Name","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Deny write access to removable drives not protected by BitLocker (0: Disabled, 1: Enabled)","Name":"RDVDenyWriteAccess_Name","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Do not allow write access to devices configured in another organization - Depends on RDVDenyWriteAccess_Name (0: False, 1: True)","Name":"RDVCrossOrg","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Configure Windows Defender SmartScreen (0: Disabled, 1: Enabled)","Name":"EnableSmartScreen","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"String","Description":"Pick one of the following settings: (Device) - Depends on EnableSmartScreen (block: Warn and prevent bypass, warn: Warn)","Name":"EnableSmartScreenDropdown","Option":"Write","ValueMap":["Block","Warn"],"Values":["Block","Warn"]},{"CIMType":"SInt32","Description":"Prevent bypassing SmartScreen Filter warnings about files that are not commonly downloaded from the Internet (0: Disabled, 1: Enabled)","Name":"DisableSafetyFilterOverrideForAppRepUnknown","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Prevent managing SmartScreen Filter (0: Disabled, 1: Enabled)","Name":"Disable_Managing_Safety_Filter_IE9","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"String","Description":"Select SmartScreen Filter mode - Depends on Disable_Managing_Safety_Filter_IE9 (0: Off, 1: On)","Name":"IE9SafetyFilterOptions","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"SInt32","Description":"Allow Warning For Other Disk Encryption (0: Disabled, 1: Enabled)","Name":"AllowWarningForOtherDiskEncryption","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow Standard User Encryption - Depends on AllowWarningForOtherDiskEncryption (0: This is the default, when the policy is not set. If current logged on user is a standard user, 'RequireDeviceEncryption' policy will not try to enable encryption on any drive., 1: 'RequireDeviceEncryption' policy will try to enable encryption on all fixed drives even if a current logged in user is standard user.)","Name":"AllowStandardUserEncryption","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"String","Description":"Configure Recovery Password Rotation (0: Refresh off (default), 1: Refresh on for Azure AD-joined devices, 2: Refresh on for both Azure AD-joined and hybrid-joined devices)","Name":"ConfigureRecoveryPasswordRotation","Option":"Write","ValueMap":["0","1","2"],"Values":["0","1","2"]},{"CIMType":"String","Description":"Require Device Encryption (0: Disabled, 1: Enabled)","Name":"RequireDeviceEncryption","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"SInt32","Description":"Allow Archive Scanning (0: Not allowed. Turns off scanning on archived files., 1: Allowed. Scans the archive files.)","Name":"AllowArchiveScanning","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow Behavior Monitoring (0: Not allowed. Turns off behavior monitoring., 1: Allowed. Turns on real-time behavior monitoring.)","Name":"AllowBehaviorMonitoring","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow Cloud Protection (0: Not allowed. Turns off the Microsoft Active Protection Service., 1: Allowed. Turns on the Microsoft Active Protection Service.)","Name":"AllowCloudProtection","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow Email Scanning (0: Not allowed. Turns off email scanning., 1: Allowed. Turns on email scanning.)","Name":"AllowEmailScanning","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow Full Scan Removable Drive Scanning (0: Not allowed. Turns off scanning on removable drives., 1: Allowed. Scans removable drives.)","Name":"AllowFullScanRemovableDriveScanning","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow On Access Protection (0: Not allowed., 1: Allowed.)","Name":"AllowOnAccessProtection","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow Realtime Monitoring (0: Not allowed. Turns off the real-time monitoring service., 1: Allowed. Turns on and runs the real-time monitoring service.)","Name":"AllowRealtimeMonitoring","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow Scanning Network Files (0: Not allowed. Turns off scanning of network files., 1: Allowed. Scans network files.)","Name":"AllowScanningNetworkFiles","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow scanning of all downloaded files and attachments (0: Not allowed., 1: Allowed.)","Name":"AllowIOAVProtection","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow Script Scanning (0: Not allowed., 1: Allowed.)","Name":"AllowScriptScanning","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow User UI Access (0: Not allowed. Prevents users from accessing UI., 1: Allowed. Lets users access UI.)","Name":"AllowUserUIAccess","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"String","Description":"Block execution of potentially obfuscated scripts - Depends on AttackSurfaceReductionRules (off: Off, block: Block, audit: Audit, warn: Warn)","Name":"BlockExecutionOfPotentiallyObfuscatedScripts","Option":"Write","ValueMap":["off","block","audit","warn"],"Values":["off","block","audit","warn"]},{"CIMType":"String[]","Description":"ASR Only Per Rule Exclusions","Name":"BlockExecutionOfPotentiallyObfuscatedScripts_ASROnlyPerRuleExclusions","Option":"Write"},{"CIMType":"String","Description":"Block Win32 API calls from Office macros - Depends on AttackSurfaceReductionRules (off: Off, block: Block, audit: Audit, warn: Warn)","Name":"BlockWin32APICallsFromOfficeMacros","Option":"Write","ValueMap":["off","block","audit","warn"],"Values":["off","block","audit","warn"]},{"CIMType":"String[]","Description":"ASR Only Per Rule Exclusions","Name":"BlockWin32APICallsFromOfficeMacros_ASROnlyPerRuleExclusions","Option":"Write"},{"CIMType":"String","Description":"Block executable files from running unless they meet a prevalence, age, or trusted list criterion - Depends on AttackSurfaceReductionRules (off: Off, block: Block, audit: Audit, warn: Warn)","Name":"BlockExecutableFilesRunningUnlessTheyMeetPrevalenceAgeTrustedListCriterion","Option":"Write","ValueMap":["off","block","audit","warn"],"Values":["off","block","audit","warn"]},{"CIMType":"String[]","Description":"ASR Only Per Rule Exclusions","Name":"BlockExecutableFilesRunningUnlessTheyMeetPrevalenceAgeTrustedListCriterion_ASROnlyPerRuleExclusions","Option":"Write"},{"CIMType":"String","Description":"Block Office communication application from creating child processes - Depends on AttackSurfaceReductionRules (off: Off, block: Block, audit: Audit, warn: Warn)","Name":"BlockOfficeCommunicationAppFromCreatingChildProcesses","Option":"Write","ValueMap":["off","block","audit","warn"],"Values":["off","block","audit","warn"]},{"CIMType":"String[]","Description":"ASR Only Per Rule Exclusions","Name":"BlockOfficeCommunicationAppFromCreatingChildProcesses_ASROnlyPerRuleExclusions","Option":"Write"},{"CIMType":"String","Description":"Block all Office applications from creating child processes - Depends on AttackSurfaceReductionRules (off: Off, block: Block, audit: Audit, warn: Warn)","Name":"BlockAllOfficeApplicationsFromCreatingChildProcesses","Option":"Write","ValueMap":["off","block","audit","warn"],"Values":["off","block","audit","warn"]},{"CIMType":"String[]","Description":"ASR Only Per Rule Exclusions","Name":"BlockAllOfficeApplicationsFromCreatingChildProcesses_ASROnlyPerRuleExclusions","Option":"Write"},{"CIMType":"String","Description":"Block Adobe Reader from creating child processes - Depends on AttackSurfaceReductionRules (off: Off, block: Block, audit: Audit, warn: Warn)","Name":"BlockAdobeReaderFromCreatingChildProcesses","Option":"Write","ValueMap":["off","block","audit","warn"],"Values":["off","block","audit","warn"]},{"CIMType":"String[]","Description":"ASR Only Per Rule Exclusions","Name":"BlockAdobeReaderFromCreatingChildProcesses_ASROnlyPerRuleExclusions","Option":"Write"},{"CIMType":"String","Description":"Block credential stealing from the Windows local security authority subsystem - Depends on AttackSurfaceReductionRules (off: Off, block: Block, audit: Audit, warn: Warn)","Name":"BlockCredentialStealingFromWindowsLocalSecurityAuthoritySubsystem","Option":"Write","ValueMap":["off","block","audit","warn"],"Values":["off","block","audit","warn"]},{"CIMType":"String[]","Description":"ASR Only Per Rule Exclusions","Name":"BlockCredentialStealingFromWindowsLocalSecurityAuthoritySubsystem_ASROnlyPerRuleExclusions","Option":"Write"},{"CIMType":"String","Description":"Block JavaScript or VBScript from launching downloaded executable content - Depends on AttackSurfaceReductionRules (off: Off, block: Block, audit: Audit, warn: Warn)","Name":"BlockJavaScriptOrVBScriptFromLaunchingDownloadedExecutableContent","Option":"Write","ValueMap":["off","block","audit","warn"],"Values":["off","block","audit","warn"]},{"CIMType":"String[]","Description":"ASR Only Per Rule Exclusions","Name":"BlockJavaScriptOrVBScriptFromLaunchingDownloadedExecutableContent_ASROnlyPerRuleExclusions","Option":"Write"},{"CIMType":"String","Description":"Block Webshell creation for Servers - Depends on AttackSurfaceReductionRules (off: Off, block: Block, audit: Audit, warn: Warn)","Name":"BlockWebshellCreationForServers","Option":"Write","ValueMap":["off","block","audit","warn"],"Values":["off","block","audit","warn"]},{"CIMType":"String[]","Description":"ASR Only Per Rule Exclusions","Name":"BlockWebshellCreationForServers_ASROnlyPerRuleExclusions","Option":"Write"},{"CIMType":"String","Description":"Block untrusted and unsigned processes that run from USB - Depends on AttackSurfaceReductionRules (off: Off, block: Block, audit: Audit, warn: Warn)","Name":"BlockUntrustedUnsignedProcessesThatRunFromUSB","Option":"Write","ValueMap":["off","block","audit","warn"],"Values":["off","block","audit","warn"]},{"CIMType":"String[]","Description":"ASR Only Per Rule Exclusions","Name":"BlockUntrustedUnsignedProcessesThatRunFromUSB_ASROnlyPerRuleExclusions","Option":"Write"},{"CIMType":"String","Description":"Block persistence through WMI event subscription - Depends on AttackSurfaceReductionRules (off: Off, block: Block, audit: Audit, warn: Warn)","Name":"BlockPersistenceThroughWMIEventSubscription","Option":"Write","ValueMap":["off","block","audit","warn"],"Values":["off","block","audit","warn"]},{"CIMType":"String","Description":"[PREVIEW] Block use of copied or impersonated system tools - Depends on AttackSurfaceReductionRules (off: Off, block: Block, audit: Audit, warn: Warn)","Name":"BlockUseOfCopiedOrImpersonatedSystemTools","Option":"Write","ValueMap":["off","block","audit","warn"],"Values":["off","block","audit","warn"]},{"CIMType":"String[]","Description":"ASR Only Per Rule Exclusions","Name":"BlockUseOfCopiedOrImpersonatedSystemTools_ASROnlyPerRuleExclusions","Option":"Write"},{"CIMType":"String","Description":"Block abuse of exploited vulnerable signed drivers (Device) - Depends on AttackSurfaceReductionRules (off: Off, block: Block, audit: Audit, warn: Warn)","Name":"BlockAbuseOfExploitedVulnerableSignedDrivers","Option":"Write","ValueMap":["off","block","audit","warn"],"Values":["off","block","audit","warn"]},{"CIMType":"String[]","Description":"ASR Only Per Rule Exclusions","Name":"BlockAbuseOfExploitedVulnerableSignedDrivers_ASROnlyPerRuleExclusions","Option":"Write"},{"CIMType":"String","Description":"Block process creations originating from PSExec and WMI commands - Depends on AttackSurfaceReductionRules (off: Off, block: Block, audit: Audit, warn: Warn)","Name":"BlockProcessCreationsFromPSExecAndWMICommands","Option":"Write","ValueMap":["off","block","audit","warn"],"Values":["off","block","audit","warn"]},{"CIMType":"String[]","Description":"ASR Only Per Rule Exclusions","Name":"BlockProcessCreationsFromPSExecAndWMICommands_ASROnlyPerRuleExclusions","Option":"Write"},{"CIMType":"String","Description":"Block Office applications from creating executable content - Depends on AttackSurfaceReductionRules (off: Off, block: Block, audit: Audit, warn: Warn)","Name":"BlockOfficeApplicationsFromCreatingExecutableContent","Option":"Write","ValueMap":["off","block","audit","warn"],"Values":["off","block","audit","warn"]},{"CIMType":"String[]","Description":"ASR Only Per Rule Exclusions","Name":"BlockOfficeApplicationsFromCreatingExecutableContent_ASROnlyPerRuleExclusions","Option":"Write"},{"CIMType":"String","Description":"Block Office applications from injecting code into other processes - Depends on AttackSurfaceReductionRules (off: Off, block: Block, audit: Audit, warn: Warn)","Name":"BlockOfficeApplicationsFromInjectingCodeIntoOtherProcesses","Option":"Write","ValueMap":["off","block","audit","warn"],"Values":["off","block","audit","warn"]},{"CIMType":"String[]","Description":"ASR Only Per Rule Exclusions","Name":"BlockOfficeApplicationsFromInjectingCodeIntoOtherProcesses_ASROnlyPerRuleExclusions","Option":"Write"},{"CIMType":"String","Description":"[PREVIEW] Block rebooting machine in Safe Mode - Depends on AttackSurfaceReductionRules (off: Off, block: Block, audit: Audit, warn: Warn)","Name":"BlockRebootingMachineInSafeMode","Option":"Write","ValueMap":["off","block","audit","warn"],"Values":["off","block","audit","warn"]},{"CIMType":"String[]","Description":"ASR Only Per Rule Exclusions","Name":"BlockRebootingMachineInSafeMode_ASROnlyPerRuleExclusions","Option":"Write"},{"CIMType":"String","Description":"Use advanced protection against ransomware - Depends on AttackSurfaceReductionRules (off: Off, block: Block, audit: Audit, warn: Warn)","Name":"UseAdvancedProtectionAgainstRansomware","Option":"Write","ValueMap":["off","block","audit","warn"],"Values":["off","block","audit","warn"]},{"CIMType":"String[]","Description":"ASR Only Per Rule Exclusions","Name":"UseAdvancedProtectionAgainstRansomware_ASROnlyPerRuleExclusions","Option":"Write"},{"CIMType":"String","Description":"Block executable content from email client and webmail - Depends on AttackSurfaceReductionRules (off: Off, block: Block, audit: Audit, warn: Warn)","Name":"BlockExecutableContentFromEmailClientAndWebmail","Option":"Write","ValueMap":["off","block","audit","warn"],"Values":["off","block","audit","warn"]},{"CIMType":"String[]","Description":"ASR Only Per Rule Exclusions","Name":"BlockExecutableContentFromEmailClientAndWebmail_ASROnlyPerRuleExclusions","Option":"Write"},{"CIMType":"SInt32","Description":"Check For Signatures Before Running Scan (0: Disabled, 1: Enabled)","Name":"CheckForSignaturesBeforeRunningScan","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Cloud Block Level (0: NotConfigured, 2: High, 4: HighPlus, 6: ZeroTolerance)","Name":"CloudBlockLevel","Option":"Write","ValueMap":[0,2,4,6],"Values":[0,2,4,6]},{"CIMType":"SInt32","Description":"Cloud Extended Timeout","Name":"CloudExtendedTimeout","Option":"Write"},{"CIMType":"SInt32","Description":"Disable Local Admin Merge (0: Enable Local Admin Merge, 1: Disable Local Admin Merge)","Name":"DisableLocalAdminMerge","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Enable Network Protection (0: Disabled, 1: Enabled (block mode), 2: Enabled (audit mode))","Name":"EnableNetworkProtection","Option":"Write","ValueMap":[0,1,2],"Values":[0,1,2]},{"CIMType":"SInt32","Description":"Hide Exclusions From Local Admins (1: If you enable this setting, local admins will no longer be able to see the exclusion list in Windows Security App or via PowerShell., 0: If you disable or do not configure this setting, local admins will be able to see exclusions in the Windows Security App and via PowerShell.)","Name":"HideExclusionsFromLocalAdmins","Option":"Write","ValueMap":[1,0],"Values":[1,0]},{"CIMType":"SInt32","Description":"Hide Exclusions From Local Users (1: If you enable this setting, local users will no longer be able to see the exclusion list in Windows Security App or via PowerShell., 0: If you disable or do not configure this setting, local users will be able to see exclusions in the Windows Security App and via PowerShell.)","Name":"HideExclusionsFromLocalUsers","Option":"Write","ValueMap":[1,0],"Values":[1,0]},{"CIMType":"SInt32","Description":"Oobe Enable Rtp And Sig Update (1: If you enable this setting, real-time protection and Security Intelligence Updates are enabled during OOBE., 0: If you either disable or do not configure this setting, real-time protection and Security Intelligence Updates during OOBE is not enabled.)","Name":"OobeEnableRtpAndSigUpdate","Option":"Write","ValueMap":[1,0],"Values":[1,0]},{"CIMType":"SInt32","Description":"PUA Protection (0: PUA Protection off. Windows Defender will not protect against potentially unwanted applications., 1: PUA Protection on. Detected items are blocked. They will show in history along with other threats., 2: Audit mode. Windows Defender will detect potentially unwanted applications, but take no action. You can review information about the applications Windows Defender would have taken action against by searching for events created by Windows Defender in the Event Viewer.)","Name":"PUAProtection","Option":"Write","ValueMap":[0,1,2],"Values":[0,1,2]},{"CIMType":"SInt32","Description":"Real Time Scan Direction (0: Monitor all files (bi-directional)., 1: Monitor incoming files., 2: Monitor outgoing files.)","Name":"RealTimeScanDirection","Option":"Write","ValueMap":[0,1,2],"Values":[0,1,2]},{"CIMType":"SInt32","Description":"Scan Parameter (1: Quick scan, 2: Full scan)","Name":"ScanParameter","Option":"Write","ValueMap":[1,2],"Values":[1,2]},{"CIMType":"SInt32","Description":"Schedule Quick Scan Time","Name":"ScheduleQuickScanTime","Option":"Write"},{"CIMType":"SInt32","Description":"Schedule Scan Day (0: Every day, 1: Sunday, 2: Monday, 3: Tuesday, 4: Wednesday, 5: Thursday, 6: Friday, 7: Saturday, 8: No scheduled scan)","Name":"ScheduleScanDay","Option":"Write","ValueMap":[0,1,2,3,4,5,6,7,8],"Values":[0,1,2,3,4,5,6,7,8]},{"CIMType":"SInt32","Description":"Schedule Scan Time","Name":"ScheduleScanTime","Option":"Write"},{"CIMType":"SInt32","Description":"Signature Update Interval","Name":"SignatureUpdateInterval","Option":"Write"},{"CIMType":"SInt32","Description":"Submit Samples Consent (0: Always prompt., 1: Send safe samples automatically., 2: Never send., 3: Send all samples automatically.)","Name":"SubmitSamplesConsent","Option":"Write","ValueMap":[0,1,2,3],"Values":[0,1,2,3]},{"CIMType":"SInt32","Description":"Credential Guard (0: (Disabled) Turns off Credential Guard remotely if configured previously without UEFI Lock., 1: (Enabled with UEFI lock) Turns on Credential Guard with UEFI lock., 2: (Enabled without lock) Turns on Credential Guard without UEFI lock.)","Name":"LsaCfgFlags","Option":"Write","ValueMap":[0,1,2],"Values":[0,1,2]},{"CIMType":"SInt32","Description":"Device Enumeration Policy (0: Block all (Most restrictive), 1: Only after log in/screen unlock, 2: Allow all (Least restrictive))","Name":"DeviceEnumerationPolicy","Option":"Write","ValueMap":[0,1,2],"Values":[0,1,2]},{"CIMType":"SInt32","Description":"Configure Microsoft Defender SmartScreen (0: Disabled, 1: Enabled)","Name":"SmartScreenEnabled","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Configure Microsoft Defender SmartScreen to block potentially unwanted apps (0: Disabled, 1: Enabled)","Name":"SmartScreenPuaEnabled","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Enable Microsoft Defender SmartScreen DNS requests (0: Disabled, 1: Enabled)","Name":"SmartScreenDnsRequestsEnabled","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Enable new SmartScreen library (0: Disabled, 1: Enabled)","Name":"NewSmartScreenLibraryEnabled","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Force Microsoft Defender SmartScreen checks on downloads from trusted sources (0: Disabled, 1: Enabled)","Name":"SmartScreenForTrustedDownloadsEnabled","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Prevent bypassing Microsoft Defender SmartScreen prompts for sites (0: Disabled, 1: Enabled)","Name":"PreventSmartScreenPromptOverride","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Prevent bypassing of Microsoft Defender SmartScreen warnings about downloads (0: Disabled, 1: Enabled)","Name":"PreventSmartScreenPromptOverrideForFiles","Option":"Write","ValueMap":[0,1],"Values":[0,1]}],"Description":"Intune Security Baseline Defender For Endpoint"},{"ClassName":"MSFT_MicrosoftGraphIntuneSettingsCatalogUserSettings_IntuneSecurityBaselineDefenderForEndpoint","Parameters":[{"CIMType":"SInt32","Description":"Prevent bypassing SmartScreen Filter warnings about files that are not commonly downloaded from the Internet (User) (0: Disabled, 1: Enabled)","Name":"DisableSafetyFilterOverrideForAppRepUnknown","Option":"Write","ValueMap":[0,1],"Values":[0,1]}],"Description":"Intune Security Baseline Defender For Endpoint"},{"ClassName":"MSFT_IntuneSecurityBaselineDefenderForEndpoint","Parameters":[{"CIMType":"String","Description":"Policy description","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Policy name","Name":"DisplayName","Option":"Key"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphIntuneSettingsCatalogDeviceSettings_IntuneSecurityBaselineDefenderForEndpoint","Description":"Scope for Device Setting","Name":"DeviceSettings","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphIntuneSettingsCatalogUserSettings_IntuneSecurityBaselineDefenderForEndpoint","Description":"Scope for Device Setting","Name":"UserSettings","Option":"Write"},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Security Baseline Defender For Endpoint"},{"ClassName":"MSFT_IntuneSecurityBaselineHoloLens2Advanced","Parameters":[{"CIMType":"String","Description":"Policy description","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Policy name","Name":"DisplayName","Option":"Key"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"SInt32","Description":"Deletion Policy (0: Delete immediately upon device returning to a state with no currently active users, 1: Delete at storage capacity threshold, 2: Delete at both storage capacity threshold and profile inactivity threshold)","Name":"DeletionPolicy","Option":"Write","ValueMap":[0,1,2],"Values":[0,1,2]},{"CIMType":"String","Description":"Enable Profile Manager (false: False, true: True)","Name":"EnableProfileManager","Option":"Write","ValueMap":["false","true"],"Values":["false","true"]},{"CIMType":"SInt32","Description":"Profile Inactivity Threshold","Name":"ProfileInactivityThreshold","Option":"Write"},{"CIMType":"SInt32","Description":"Storage Capacity Start Deletion","Name":"StorageCapacityStartDeletion","Option":"Write"},{"CIMType":"SInt32","Description":"Storage Capacity Stop Deletion","Name":"StorageCapacityStopDeletion","Option":"Write"},{"CIMType":"SInt32","Description":"Allow Microsoft Account Connection (0: Not allowed., 1: Allowed.)","Name":"AllowMicrosoftAccountConnection","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Turn off the display (plugged in) (0: Disabled, 1: Enabled)","Name":"VideoPowerDownTimeOutAC_2","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"When plugged in, turn display off after (seconds) - Depends on VideoPowerDownTimeOutAC_2","Name":"EnterVideoACPowerDownTimeOut","Option":"Write"},{"CIMType":"SInt32","Description":"Allow Autofill (0: Prevented/Not allowed., 1: Allowed.)","Name":"AllowAutofill","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow Cookies (0: Block all cookies from all sites, 1: Block only cookies from third party websites, 2: Allow all cookies from all sites)","Name":"AllowCookies","Option":"Write","ValueMap":[0,1,2],"Values":[0,1,2]},{"CIMType":"SInt32","Description":"Allow Do Not Track (0: Never send tracking information., 1: Send tracking information.)","Name":"AllowDoNotTrack","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow Password Manager (0: Not allowed., 1: Allowed.)","Name":"AllowPasswordManager","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow Popups (0: Turn off Pop-up Blocker letting pop-up windows open., 1: Turn on Pop-up Blocker stopping pop-up windows from opening.)","Name":"AllowPopups","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow Search Suggestionsin Address Bar (0: Prevented/Not allowed. Hide the search suggestions., 1: Allowed. Show the search suggestions.)","Name":"AllowSearchSuggestionsinAddressBar","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow Smart Screen (0: Turned off. Do not protect users from potential threats and prevent users from turning it on., 1: Turned on. Protect users from potential threats and prevent users from turning it off.)","Name":"AllowSmartScreen","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow Bluetooth (0: Disallow Bluetooth. If this is set to 0, the radio in the Bluetooth control panel will be grayed out and the user will not be able to turn Bluetooth on., 1: Reserved. If this is set to 1, the radio in the Bluetooth control panel will be functional and the user will be able to turn Bluetooth on., 2: Allow Bluetooth. If this is set to 2, the radio in the Bluetooth control panel will be functional and the user will be able to turn Bluetooth on.)","Name":"AllowBluetooth","Option":"Write","ValueMap":[0,1,2],"Values":[0,1,2]},{"CIMType":"SInt32","Description":"Allow USB Connection (0: Not allowed., 1: Allowed.)","Name":"AllowUSBConnection","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Device Password Enabled (0: Enabled, 1: Disabled)","Name":"DevicePasswordEnabled","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Device Password Expiration - Depends on DevicePasswordEnabled","Name":"DevicePasswordExpiration","Option":"Write"},{"CIMType":"SInt32","Description":"Min Device Password Length - Depends on DevicePasswordEnabled","Name":"MinDevicePasswordLength","Option":"Write"},{"CIMType":"SInt32","Description":"Alphanumeric Device Password Required - Depends on DevicePasswordEnabled (0: Password or Alphanumeric PIN required., 1: Password or Numeric PIN required., 2: Password, Numeric PIN, or Alphanumeric PIN required.)","Name":"AlphanumericDevicePasswordRequired","Option":"Write","ValueMap":[0,1,2],"Values":[0,1,2]},{"CIMType":"SInt32","Description":"Max Device Password Failed Attempts - Depends on DevicePasswordEnabled","Name":"MaxDevicePasswordFailedAttempts","Option":"Write"},{"CIMType":"SInt32","Description":"Min Device Password Complex Characters - Depends on DevicePasswordEnabled (1: Digits only, 2: Digits and lowercase letters are required, 3: Digits lowercase letters and uppercase letters are required. Not supported in desktop Microsoft accounts and domain accounts, 4: Digits lowercase letters uppercase letters and special characters are required. Not supported in desktop)","Name":"MinDevicePasswordComplexCharacters","Option":"Write","ValueMap":[1,2,3,4],"Values":[1,2,3,4]},{"CIMType":"SInt32","Description":"Max Inactivity Time Device Lock - Depends on DevicePasswordEnabled","Name":"MaxInactivityTimeDeviceLock","Option":"Write"},{"CIMType":"SInt32","Description":"Device Password History - Depends on DevicePasswordEnabled","Name":"DevicePasswordHistory","Option":"Write"},{"CIMType":"SInt32","Description":"Allow Simple Device Password - Depends on DevicePasswordEnabled (0: Not allowed., 1: Allowed.)","Name":"AllowSimpleDevicePassword","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow Manual MDM Unenrollment (0: Not allowed., 1: Allowed.)","Name":"AllowManualMDMUnenrollment","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow All Trusted Apps (0: Explicit deny., 1: Explicit allow unlock., 65535: Not configured.)","Name":"AllowAllTrustedApps","Option":"Write","ValueMap":[0,1,65535],"Values":[0,1,65535]},{"CIMType":"SInt32","Description":"Allow apps from the Microsoft app store to auto update (0: Not allowed., 1: Allowed., 2: Not configured.)","Name":"AllowAppStoreAutoUpdate","Option":"Write","ValueMap":[0,1,2],"Values":[0,1,2]},{"CIMType":"SInt32","Description":"Allow Developer Unlock (0: Explicit deny., 1: Explicit allow unlock., 65535: Not configured.)","Name":"AllowDeveloperUnlock","Option":"Write","ValueMap":[0,1,65535],"Values":[0,1,65535]},{"CIMType":"SInt32","Description":"Block third party cookies (0: Disabled, 1: Enabled)","Name":"BlockThirdPartyCookies","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Configure Do Not Track (0: Disabled, 1: Enabled)","Name":"ConfigureDoNotTrack","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Default pop-up window setting (0: Disabled, 1: Enabled)","Name":"MicrosoftEdge_ContentSettings_DefaultPopupsSetting","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Default pop-up window setting (Device) - Depends on MicrosoftEdge_ContentSettings_DefaultPopupsSetting (1: Allow all sites to show pop-ups, 2: Do not allow any site to show popups)","Name":"DefaultPopupsSetting_DefaultPopupsSetting","Option":"Write","ValueMap":[1,2],"Values":[1,2]},{"CIMType":"SInt32","Description":"Enable AutoFill for addresses (0: Disabled, 1: Enabled)","Name":"AutofillAddressEnabled","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Enable AutoFill for payment instruments (0: Disabled, 1: Enabled)","Name":"AutofillCreditCardEnabled","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Enable search suggestions (0: Disabled, 1: Enabled)","Name":"SearchSuggestEnabled","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Control which extensions cannot be installed (0: Disabled, 1: Enabled)","Name":"ExtensionInstallBlocklist","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"String[]","Description":"Extension IDs the user should be prevented from installing (or * for all) (Device) - Depends on ExtensionInstallBlocklist","Name":"ExtensionInstallBlocklistDesc","Option":"Write"},{"CIMType":"SInt32","Description":"Configures a setting that asks users to enter their device password while using password autofill (0: Disabled, 1: Enabled)","Name":"MicrosoftEdge_PasswordManager_PrimaryPasswordSetting","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Configures a setting that asks users to enter their device password while using password autofill (Device) - Depends on MicrosoftEdge_PasswordManager_PrimaryPasswordSetting (0: Automatically, 1: With device password, 2: With custom primary password, 3: Autofill off)","Name":"PrimaryPasswordSetting_PrimaryPasswordSetting","Option":"Write","ValueMap":[0,1,2,3],"Values":[0,1,2,3]},{"CIMType":"SInt32","Description":"Enable saving passwords to the password manager (0: Disabled, 1: Enabled)","Name":"PasswordManagerEnabled","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Configure Microsoft Defender SmartScreen (0: Disabled, 1: Enabled)","Name":"SmartScreenEnabled","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"AAD Group Membership Cache Validity In Days","Name":"AADGroupMembershipCacheValidityInDays","Option":"Write"},{"CIMType":"SInt32","Description":"Let Apps Access Account Info (0: User in control., 1: Force allow., 2: Force deny.)","Name":"LetAppsAccessAccountInfo","Option":"Write","ValueMap":[0,1,2],"Values":[0,1,2]},{"CIMType":"String[]","Description":"Let Apps Access Account Info Force Allow These Apps","Name":"LetAppsAccessAccountInfo_ForceAllowTheseApps","Option":"Write"},{"CIMType":"SInt32","Description":"Let Apps Access Background Spatial Perception (0: User in control., 1: Force allow., 2: Force deny.)","Name":"LetAppsAccessBackgroundSpatialPerception","Option":"Write","ValueMap":[0,1,2],"Values":[0,1,2]},{"CIMType":"String[]","Description":"Let Apps Access Background Spatial Perception Force Allow These Apps","Name":"LetAppsAccessBackgroundSpatialPerception_ForceAllowTheseApps","Option":"Write"},{"CIMType":"SInt32","Description":"Let Apps Access Camera (0: User in control., 1: Force allow., 2: Force deny.)","Name":"LetAppsAccessCamera","Option":"Write","ValueMap":[0,1,2],"Values":[0,1,2]},{"CIMType":"String[]","Description":"Let Apps Access Camera Force Allow These Apps","Name":"LetAppsAccessCamera_ForceAllowTheseApps","Option":"Write"},{"CIMType":"SInt32","Description":"Let Apps Access Microphone (0: User in control., 1: Force allow., 2: Force deny.)","Name":"LetAppsAccessMicrophone","Option":"Write","ValueMap":[0,1,2],"Values":[0,1,2]},{"CIMType":"String[]","Description":"Let Apps Access Microphone Force Allow These Apps","Name":"LetAppsAccessMicrophone_ForceAllowTheseApps","Option":"Write"},{"CIMType":"SInt32","Description":"Allow Search To Use Location (0: Not allowed., 1: Allowed.)","Name":"AllowSearchToUseLocation","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow Add Provisioning Package (0: Not allowed., 1: Allowed.)","Name":"AllowAddProvisioningPackage","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow VPN (0: Not allowed., 1: Allowed.)","Name":"AllowVPN","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"String","Description":"Page Visibility List","Name":"PageVisibilityList","Option":"Write"},{"CIMType":"SInt32","Description":"Allow Storage Card (0: SD card use is not allowed and USB drives are disabled. This setting does not prevent programmatic access to the storage card., 1: Allow a storage card.)","Name":"AllowStorageCard","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow Telemetry (0: Security. Information that is required to help keep Windows more secure, including data about the Connected User Experience and Telemetry component settings, the Malicious Software Removal Tool, and Windows Defender, 1: Basic. Basic device info, including: quality-related data, app compatibility, app usage data, and data from the Security level, 3: Full. All data necessary to identify and help to fix problems, plus data from the Security, Basic, and Enhanced levels.)","Name":"AllowTelemetry","Option":"Write","ValueMap":[0,1,3],"Values":[0,1,3]},{"CIMType":"SInt32","Description":"Allow Manual Wi Fi Configuration (0: No Wi-Fi connection outside of MDM provisioned network is allowed., 1: Adding new network SSIDs beyond the already MDM provisioned ones is allowed.)","Name":"AllowManualWiFiConfiguration","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"String","Description":"Enable Pin Recovery - Depends on TenantId (false: Disabled, true: Enabled)","Name":"EnablePinRecovery","Option":"Write","ValueMap":["false","true"],"Values":["false","true"]},{"CIMType":"String","Description":"Restrict use of TPM 1.2 - Depends on TenantId (false: Disabled, true: Enabled)","Name":"TPM12","Option":"Write","ValueMap":["false","true"],"Values":["false","true"]},{"CIMType":"SInt32","Description":"Digits - Depends on TenantId (0: Allows the use of digits in PIN., 1: Requires the use of at least one digits in PIN., 2: Does not allow the use of digits in PIN.)","Name":"Digits","Option":"Write","ValueMap":[0,1,2],"Values":[0,1,2]},{"CIMType":"SInt32","Description":"Expiration - Depends on TenantId","Name":"Expiration","Option":"Write"},{"CIMType":"SInt32","Description":"PIN History - Depends on TenantId","Name":"History","Option":"Write"},{"CIMType":"SInt32","Description":"Lowercase Letters - Depends on TenantId (0: Allows the use of lowercase letters in PIN., 1: Requires the use of at least one lowercase letters in PIN., 2: Does not allow the use of lowercase letters in PIN.)","Name":"LowercaseLetters","Option":"Write","ValueMap":[0,1,2],"Values":[0,1,2]},{"CIMType":"SInt32","Description":"Maximum PIN Length - Depends on TenantId","Name":"MaximumPINLength","Option":"Write"},{"CIMType":"SInt32","Description":"Minimum PIN Length - Depends on TenantId","Name":"MinimumPINLength","Option":"Write"},{"CIMType":"SInt32","Description":"Special Characters - Depends on TenantId (0: Allows the use of special characters in PIN., 1: Requires the use of at least one special characters in PIN., 2: Does not allow the use of special characters in PIN.)","Name":"SpecialCharacters","Option":"Write","ValueMap":[0,1,2],"Values":[0,1,2]},{"CIMType":"SInt32","Description":"Uppercase Letters - Depends on TenantId (0: Allows the use of uppercase letters in PIN., 1: Requires the use of at least one uppercase letters in PIN., 2: Does not allow the use of uppercase letters in PIN.)","Name":"UppercaseLetters","Option":"Write","ValueMap":[0,1,2],"Values":[0,1,2]},{"CIMType":"String","Description":"Require Security Device - Depends on TenantId (false: Disabled, true: Enabled)","Name":"RequireSecurityDevice","Option":"Write","ValueMap":["false","true"],"Values":["false","true"]},{"CIMType":"String","Description":"Use Certificate For On Prem Auth - Depends on TenantId (false: Disabled, true: Enabled)","Name":"UseCertificateForOnPremAuth","Option":"Write","ValueMap":["false","true"],"Values":["false","true"]},{"CIMType":"String","Description":"Use Hello Certificates As Smart Card Certificates - Depends on TenantId (false: Disabled, true: Enabled)","Name":"UseHelloCertificatesAsSmartCardCertificates","Option":"Write","ValueMap":["false","true"],"Values":["false","true"]},{"CIMType":"String","Description":"Use Windows Hello For Business (Device) - Depends on TenantId (false: Disabled, true: Enabled)","Name":"UsePassportForWork","Option":"Write","ValueMap":["false","true"],"Values":["false","true"]},{"CIMType":"SInt32","Description":"Allow Update Service (0: Not allowed., 1: Allowed.)","Name":"AllowUpdateService","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Manage Preview Builds (0: Disable Preview builds, 1: Disable Preview builds once the next release is public, 2: Enable Preview builds, 3: Preview builds is left to user selection)","Name":"ManagePreviewBuilds","Option":"Write","ValueMap":[0,1,2,3],"Values":[0,1,2,3]},{"CIMType":"String","Description":"Require Network In OOBE (Device) (true: true, false: false)","Name":"RequireNetworkInOOBE","Option":"Write","ValueMap":["true","false"],"Values":["true","false"]},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Security Baseline HoloLens2 Advanced"},{"ClassName":"MSFT_IntuneSecurityBaselineHoloLens2Standard","Parameters":[{"CIMType":"String","Description":"Policy description","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Policy name","Name":"DisplayName","Option":"Key"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"SInt32","Description":"Allow Microsoft Account Connection (0: Not allowed., 1: Allowed.)","Name":"AllowMicrosoftAccountConnection","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Turn off the display (plugged in) (0: Disabled, 1: Enabled)","Name":"VideoPowerDownTimeOutAC_2","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"When plugged in, turn display off after (seconds) - Depends on VideoPowerDownTimeOutAC_2","Name":"EnterVideoACPowerDownTimeOut","Option":"Write"},{"CIMType":"SInt32","Description":"Allow Cookies (0: Block all cookies from all sites, 1: Block only cookies from third party websites, 2: Allow all cookies from all sites)","Name":"AllowCookies","Option":"Write","ValueMap":[0,1,2],"Values":[0,1,2]},{"CIMType":"SInt32","Description":"Allow Password Manager (0: Not allowed., 1: Allowed.)","Name":"AllowPasswordManager","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow Smart Screen (0: Turned off. Do not protect users from potential threats and prevent users from turning it on., 1: Turned on. Protect users from potential threats and prevent users from turning it off.)","Name":"AllowSmartScreen","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow USB Connection (0: Not allowed., 1: Allowed.)","Name":"AllowUSBConnection","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Device Password Enabled (0: Enabled, 1: Disabled)","Name":"DevicePasswordEnabled","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Device Password Expiration - Depends on DevicePasswordEnabled","Name":"DevicePasswordExpiration","Option":"Write"},{"CIMType":"SInt32","Description":"Min Device Password Length - Depends on DevicePasswordEnabled","Name":"MinDevicePasswordLength","Option":"Write"},{"CIMType":"SInt32","Description":"Alphanumeric Device Password Required - Depends on DevicePasswordEnabled (0: Password or Alphanumeric PIN required., 1: Password or Numeric PIN required., 2: Password, Numeric PIN, or Alphanumeric PIN required.)","Name":"AlphanumericDevicePasswordRequired","Option":"Write","ValueMap":[0,1,2],"Values":[0,1,2]},{"CIMType":"SInt32","Description":"Max Device Password Failed Attempts - Depends on DevicePasswordEnabled","Name":"MaxDevicePasswordFailedAttempts","Option":"Write"},{"CIMType":"SInt32","Description":"Min Device Password Complex Characters - Depends on DevicePasswordEnabled (1: Digits only, 2: Digits and lowercase letters are required, 3: Digits lowercase letters and uppercase letters are required. Not supported in desktop Microsoft accounts and domain accounts, 4: Digits lowercase letters uppercase letters and special characters are required. Not supported in desktop)","Name":"MinDevicePasswordComplexCharacters","Option":"Write","ValueMap":[1,2,3,4],"Values":[1,2,3,4]},{"CIMType":"SInt32","Description":"Max Inactivity Time Device Lock - Depends on DevicePasswordEnabled","Name":"MaxInactivityTimeDeviceLock","Option":"Write"},{"CIMType":"SInt32","Description":"Device Password History - Depends on DevicePasswordEnabled","Name":"DevicePasswordHistory","Option":"Write"},{"CIMType":"SInt32","Description":"Allow Simple Device Password - Depends on DevicePasswordEnabled (0: Not allowed., 1: Allowed.)","Name":"AllowSimpleDevicePassword","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow Manual MDM Unenrollment (0: Not allowed., 1: Allowed.)","Name":"AllowManualMDMUnenrollment","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow All Trusted Apps (0: Explicit deny., 1: Explicit allow unlock., 65535: Not configured.)","Name":"AllowAllTrustedApps","Option":"Write","ValueMap":[0,1,65535],"Values":[0,1,65535]},{"CIMType":"SInt32","Description":"Allow apps from the Microsoft app store to auto update (0: Not allowed., 1: Allowed., 2: Not configured.)","Name":"AllowAppStoreAutoUpdate","Option":"Write","ValueMap":[0,1,2],"Values":[0,1,2]},{"CIMType":"SInt32","Description":"Allow Developer Unlock (0: Explicit deny., 1: Explicit allow unlock., 65535: Not configured.)","Name":"AllowDeveloperUnlock","Option":"Write","ValueMap":[0,1,65535],"Values":[0,1,65535]},{"CIMType":"SInt32","Description":"Block third party cookies (0: Disabled, 1: Enabled)","Name":"BlockThirdPartyCookies","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Control which extensions cannot be installed (0: Disabled, 1: Enabled)","Name":"ExtensionInstallBlocklist","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"String[]","Description":"Extension IDs the user should be prevented from installing (or * for all) (Device) - Depends on ExtensionInstallBlocklist","Name":"ExtensionInstallBlocklistDesc","Option":"Write"},{"CIMType":"SInt32","Description":"Enable saving passwords to the password manager (0: Disabled, 1: Enabled)","Name":"PasswordManagerEnabled","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Configure Microsoft Defender SmartScreen (0: Disabled, 1: Enabled)","Name":"SmartScreenEnabled","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"AAD Group Membership Cache Validity In Days","Name":"AADGroupMembershipCacheValidityInDays","Option":"Write"},{"CIMType":"SInt32","Description":"Allow VPN (0: Not allowed., 1: Allowed.)","Name":"AllowVPN","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"String","Description":"Page Visibility List","Name":"PageVisibilityList","Option":"Write"},{"CIMType":"SInt32","Description":"Allow Storage Card (0: SD card use is not allowed and USB drives are disabled. This setting does not prevent programmatic access to the storage card., 1: Allow a storage card.)","Name":"AllowStorageCard","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"String","Description":"Enable Pin Recovery - Depends on TenantId (false: Disabled, true: Enabled)","Name":"EnablePinRecovery","Option":"Write","ValueMap":["false","true"],"Values":["false","true"]},{"CIMType":"String","Description":"Restrict use of TPM 1.2 - Depends on TenantId (false: Disabled, true: Enabled)","Name":"TPM12","Option":"Write","ValueMap":["false","true"],"Values":["false","true"]},{"CIMType":"SInt32","Description":"Digits - Depends on TenantId (0: Allows the use of digits in PIN., 1: Requires the use of at least one digits in PIN., 2: Does not allow the use of digits in PIN.)","Name":"Digits","Option":"Write","ValueMap":[0,1,2],"Values":[0,1,2]},{"CIMType":"SInt32","Description":"Expiration - Depends on TenantId","Name":"Expiration","Option":"Write"},{"CIMType":"SInt32","Description":"PIN History - Depends on TenantId","Name":"History","Option":"Write"},{"CIMType":"SInt32","Description":"Lowercase Letters - Depends on TenantId (0: Allows the use of lowercase letters in PIN., 1: Requires the use of at least one lowercase letters in PIN., 2: Does not allow the use of lowercase letters in PIN.)","Name":"LowercaseLetters","Option":"Write","ValueMap":[0,1,2],"Values":[0,1,2]},{"CIMType":"SInt32","Description":"Maximum PIN Length - Depends on TenantId","Name":"MaximumPINLength","Option":"Write"},{"CIMType":"SInt32","Description":"Minimum PIN Length - Depends on TenantId","Name":"MinimumPINLength","Option":"Write"},{"CIMType":"SInt32","Description":"Special Characters - Depends on TenantId (0: Allows the use of special characters in PIN., 1: Requires the use of at least one special characters in PIN., 2: Does not allow the use of special characters in PIN.)","Name":"SpecialCharacters","Option":"Write","ValueMap":[0,1,2],"Values":[0,1,2]},{"CIMType":"SInt32","Description":"Uppercase Letters - Depends on TenantId (0: Allows the use of uppercase letters in PIN., 1: Requires the use of at least one uppercase letters in PIN., 2: Does not allow the use of uppercase letters in PIN.)","Name":"UppercaseLetters","Option":"Write","ValueMap":[0,1,2],"Values":[0,1,2]},{"CIMType":"String","Description":"Require Security Device - Depends on TenantId (false: Disabled, true: Enabled)","Name":"RequireSecurityDevice","Option":"Write","ValueMap":["false","true"],"Values":["false","true"]},{"CIMType":"String","Description":"Use Certificate For On Prem Auth - Depends on TenantId (false: Disabled, true: Enabled)","Name":"UseCertificateForOnPremAuth","Option":"Write","ValueMap":["false","true"],"Values":["false","true"]},{"CIMType":"String","Description":"Use Hello Certificates As Smart Card Certificates - Depends on TenantId (false: Disabled, true: Enabled)","Name":"UseHelloCertificatesAsSmartCardCertificates","Option":"Write","ValueMap":["false","true"],"Values":["false","true"]},{"CIMType":"String","Description":"Use Windows Hello For Business (Device) - Depends on TenantId (false: Disabled, true: Enabled)","Name":"UsePassportForWork","Option":"Write","ValueMap":["false","true"],"Values":["false","true"]},{"CIMType":"String","Description":"Allow Update Service (0: Not allowed., 1: Allowed.)","Name":"AllowUpdateService","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Manage Preview Builds (0: Disable Preview builds, 1: Disable Preview builds once the next release is public, 2: Enable Preview builds, 3: Preview builds is left to user selection)","Name":"ManagePreviewBuilds","Option":"Write","ValueMap":["0","1","2","3"],"Values":["0","1","2","3"]},{"CIMType":"String","Description":"Require Network In OOBE (Device) (true: true, false: false)","Name":"RequireNetworkInOOBE","Option":"Write","ValueMap":["true","false"],"Values":["true","false"]},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Security Baseline HoloLens2 Standard"},{"ClassName":"MSFT_MicrosoftGraphIntuneSettingsCatalogDeviceSettings_IntuneSecurityBaselineMicrosoft365AppsForEnterprise","Parameters":[{"CIMType":"SInt32","Description":"Block Flash activation in Office documents (0: Disabled, 1: Enabled)","Name":"Pol_SecGuide_A001_Block_Flash","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"String","Description":"Block Flash player in Office (Device) - Depends on Pol_SecGuide_A001_Block_Flash (block all flash activation: Block all activation, block embedded flash activation only: Block embedding/linking, allow other activation, allow all flash activation: Allow all activation)","Name":"Pol_SecGuide_Block_Flash","Option":"Write","ValueMap":["block all flash activation","block embedded flash activation only","allow all flash activation"],"Values":["block all flash activation","block embedded flash activation only","allow all flash activation"]},{"CIMType":"SInt32","Description":"Restrict legacy JScript execution for Office (0: Disabled, 1: Enabled)","Name":"Pol_SecGuide_Legacy_JScript","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"PowerPoint: (Device) - Depends on Pol_SecGuide_Legacy_JScript","Name":"POL_SG_powerpnt","Option":"Write"},{"CIMType":"SInt32","Description":"OneNote: (Device) - Depends on Pol_SecGuide_Legacy_JScript","Name":"POL_SG_onenote","Option":"Write"},{"CIMType":"SInt32","Description":"Publisher: (Device) - Depends on Pol_SecGuide_Legacy_JScript","Name":"POL_SG_mspub","Option":"Write"},{"CIMType":"SInt32","Description":"Access: (Device) - Depends on Pol_SecGuide_Legacy_JScript","Name":"POL_SG_msaccess","Option":"Write"},{"CIMType":"SInt32","Description":"Project: (Device) - Depends on Pol_SecGuide_Legacy_JScript","Name":"POL_SG_winproj","Option":"Write"},{"CIMType":"SInt32","Description":"Visio: (Device) - Depends on Pol_SecGuide_Legacy_JScript","Name":"POL_SG_visio","Option":"Write"},{"CIMType":"SInt32","Description":"Outlook: (Device) - Depends on Pol_SecGuide_Legacy_JScript","Name":"POL_SG_outlook","Option":"Write"},{"CIMType":"SInt32","Description":"Word: (Device) - Depends on Pol_SecGuide_Legacy_JScript","Name":"POL_SG_winword","Option":"Write"},{"CIMType":"SInt32","Description":"Excel: (Device) - Depends on Pol_SecGuide_Legacy_JScript","Name":"POL_SG_excel","Option":"Write"},{"CIMType":"SInt32","Description":"Configure SIP security mode (0: Disabled, 1: Enabled)","Name":"L_PolicyEnableSIPHighSecurityMode","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Disable HTTP fallback for SIP connection (0: Disabled, 1: Enabled)","Name":"L_PolicyDisableHttpConnect","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Add-on Management (0: Disabled, 1: Enabled)","Name":"L_AddonManagement","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"powerpnt.exe (Device) - Depends on L_AddonManagement (0: False, 1: True)","Name":"L_powerpntexe17","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"excel.exe (Device) - Depends on L_AddonManagement (0: False, 1: True)","Name":"L_excelexe15","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"visio.exe (Device) - Depends on L_AddonManagement (0: False, 1: True)","Name":"L_visioexe19","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"onent.exe (Device) - Depends on L_AddonManagement (0: False, 1: True)","Name":"L_onenoteexe26","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"outlook.exe (Device) - Depends on L_AddonManagement (0: False, 1: True)","Name":"L_outlookexe22","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"pptview.exe (Device) - Depends on L_AddonManagement (0: False, 1: True)","Name":"L_pptviewexe18","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"winword.exe (Device) - Depends on L_AddonManagement (0: False, 1: True)","Name":"L_winwordexe21","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"exprwd.exe (Device) - Depends on L_AddonManagement (0: False, 1: True)","Name":"L_exprwdexe24","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"spDesign.exe (Device) - Depends on L_AddonManagement (0: False, 1: True)","Name":"L_spdesignexe23","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"winproj.exe (Device) - Depends on L_AddonManagement (0: False, 1: True)","Name":"L_winprojexe20","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"groove.exe (Device) - Depends on L_AddonManagement (0: False, 1: True)","Name":"L_grooveexe14","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"mspub.exe (Device) - Depends on L_AddonManagement (0: False, 1: True)","Name":"L_mspubexe16","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"mse7.exe (Device) - Depends on L_AddonManagement (0: False, 1: True)","Name":"L_mse7exe27","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"msaccess.exe (Device) - Depends on L_AddonManagement (0: False, 1: True)","Name":"L_msaccessexe25","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Consistent Mime Handling (0: Disabled, 1: Enabled)","Name":"L_ConsistentMimeHandling","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"excel.exe (Device) - Depends on L_ConsistentMimeHandling (0: False, 1: True)","Name":"L_excelexe43","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"spDesign.exe (Device) - Depends on L_ConsistentMimeHandling (0: False, 1: True)","Name":"L_spdesignexe51","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"onent.exe (Device) - Depends on L_ConsistentMimeHandling (0: False, 1: True)","Name":"L_onenoteexe54","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"outlook.exe (Device) - Depends on L_ConsistentMimeHandling (0: False, 1: True)","Name":"L_outlookexe50","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"pptview.exe (Device) - Depends on L_ConsistentMimeHandling (0: False, 1: True)","Name":"L_pptviewexe46","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"mspub.exe (Device) - Depends on L_ConsistentMimeHandling (0: False, 1: True)","Name":"L_mspubexe44","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"visio.exe (Device) - Depends on L_ConsistentMimeHandling (0: False, 1: True)","Name":"L_visioexe47","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"winproj.exe (Device) - Depends on L_ConsistentMimeHandling (0: False, 1: True)","Name":"L_winprojexe48","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"msaccess.exe (Device) - Depends on L_ConsistentMimeHandling (0: False, 1: True)","Name":"L_msaccessexe53","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"powerpnt.exe (Device) - Depends on L_ConsistentMimeHandling (0: False, 1: True)","Name":"L_powerpntexe45","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"groove.exe (Device) - Depends on L_ConsistentMimeHandling (0: False, 1: True)","Name":"L_grooveexe42","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"mse7.exe (Device) - Depends on L_ConsistentMimeHandling (0: False, 1: True)","Name":"L_mse7exe55","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"winword.exe (Device) - Depends on L_ConsistentMimeHandling (0: False, 1: True)","Name":"L_winwordexe49","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"exprwd.exe (Device) - Depends on L_ConsistentMimeHandling (0: False, 1: True)","Name":"L_exprwdexe52","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Disable user name and password (0: Disabled, 1: Enabled)","Name":"L_Disableusernameandpassword","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"excel.exe (Device) - Depends on L_Disableusernameandpassword (0: False, 1: True)","Name":"L_excelexe127","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"groove.exe (Device) - Depends on L_Disableusernameandpassword (0: False, 1: True)","Name":"L_grooveexe126","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"onent.exe (Device) - Depends on L_Disableusernameandpassword (0: False, 1: True)","Name":"L_onenoteexe138","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"mse7.exe (Device) - Depends on L_Disableusernameandpassword (0: False, 1: True)","Name":"L_mse7exe139","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"mspub.exe (Device) - Depends on L_Disableusernameandpassword (0: False, 1: True)","Name":"L_mspubexe128","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"visio.exe (Device) - Depends on L_Disableusernameandpassword (0: False, 1: True)","Name":"L_visioexe131","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"exprwd.exe (Device) - Depends on L_Disableusernameandpassword (0: False, 1: True)","Name":"L_exprwdexe136","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"msaccess.exe (Device) - Depends on L_Disableusernameandpassword (0: False, 1: True)","Name":"L_msaccessexe137","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"spDesign.exe (Device) - Depends on L_Disableusernameandpassword (0: False, 1: True)","Name":"L_spdesignexe135","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"winword.exe (Device) - Depends on L_Disableusernameandpassword (0: False, 1: True)","Name":"L_winwordexe133","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"powerpnt.exe (Device) - Depends on L_Disableusernameandpassword (0: False, 1: True)","Name":"L_powerpntexe129","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"outlook.exe (Device) - Depends on L_Disableusernameandpassword (0: False, 1: True)","Name":"L_outlookexe134","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"winproj.exe (Device) - Depends on L_Disableusernameandpassword (0: False, 1: True)","Name":"L_winprojexe132","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"pptview.exe (Device) - Depends on L_Disableusernameandpassword (0: False, 1: True)","Name":"L_pptviewexe130","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Information Bar (0: Disabled, 1: Enabled)","Name":"L_Informationbar","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"excel.exe (Device) - Depends on L_Informationbar (0: False, 1: True)","Name":"L_excelexe113","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"mspub.exe (Device) - Depends on L_Informationbar (0: False, 1: True)","Name":"L_mspubexe114","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"msaccess.exe (Device) - Depends on L_Informationbar (0: False, 1: True)","Name":"L_msaccessexe123","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"onent.exe (Device) - Depends on L_Informationbar (0: False, 1: True)","Name":"L_onenoteexe124","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"outlook.exe (Device) - Depends on L_Informationbar (0: False, 1: True)","Name":"L_outlookexe120","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"winproj.exe (Device) - Depends on L_Informationbar (0: False, 1: True)","Name":"L_winprojexe118","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"powerpnt.exe (Device) - Depends on L_Informationbar (0: False, 1: True)","Name":"L_powerpntexe115","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"spDesign.exe (Device) - Depends on L_Informationbar (0: False, 1: True)","Name":"L_spdesignexe121","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"groove.exe (Device) - Depends on L_Informationbar (0: False, 1: True)","Name":"L_grooveexe112","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"visio.exe (Device) - Depends on L_Informationbar (0: False, 1: True)","Name":"L_visioexe117","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"mse7.exe (Device) - Depends on L_Informationbar (0: False, 1: True)","Name":"L_mse7exe125","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"winword.exe (Device) - Depends on L_Informationbar (0: False, 1: True)","Name":"L_winwordexe119","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"exprwd.exe (Device) - Depends on L_Informationbar (0: False, 1: True)","Name":"L_exprwdexe122","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"pptview.exe (Device) - Depends on L_Informationbar (0: False, 1: True)","Name":"L_pptviewexe116","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Local Machine Zone Lockdown Security (0: Disabled, 1: Enabled)","Name":"L_LocalMachineZoneLockdownSecurity","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"mse7.exe (Device) - Depends on L_LocalMachineZoneLockdownSecurity (0: False, 1: True)","Name":"L_mse7exe41","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"powerpnt.exe (Device) - Depends on L_LocalMachineZoneLockdownSecurity (0: False, 1: True)","Name":"L_powerpntexe31","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"mspub.exe (Device) - Depends on L_LocalMachineZoneLockdownSecurity (0: False, 1: True)","Name":"L_mspubexe30","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"outlook.exe (Device) - Depends on L_LocalMachineZoneLockdownSecurity (0: False, 1: True)","Name":"L_outlookexe36","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"pptview.exe (Device) - Depends on L_LocalMachineZoneLockdownSecurity (0: False, 1: True)","Name":"L_pptviewexe32","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"excel.exe (Device) - Depends on L_LocalMachineZoneLockdownSecurity (0: False, 1: True)","Name":"L_excelexe29","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"exprwd.exe (Device) - Depends on L_LocalMachineZoneLockdownSecurity (0: False, 1: True)","Name":"L_exprwdexe38","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"groove.exe (Device) - Depends on L_LocalMachineZoneLockdownSecurity (0: False, 1: True)","Name":"L_grooveexe28","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"winword.exe (Device) - Depends on L_LocalMachineZoneLockdownSecurity (0: False, 1: True)","Name":"L_winwordexe35","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"msaccess.exe (Device) - Depends on L_LocalMachineZoneLockdownSecurity (0: False, 1: True)","Name":"L_msaccessexe39","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"spDesign.exe (Device) - Depends on L_LocalMachineZoneLockdownSecurity (0: False, 1: True)","Name":"L_spdesignexe37","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"visio.exe (Device) - Depends on L_LocalMachineZoneLockdownSecurity (0: False, 1: True)","Name":"L_visioexe33","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"onent.exe (Device) - Depends on L_LocalMachineZoneLockdownSecurity (0: False, 1: True)","Name":"L_onenoteexe40","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"winproj.exe (Device) - Depends on L_LocalMachineZoneLockdownSecurity (0: False, 1: True)","Name":"L_winprojexe34","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Mime Sniffing Safety Feature (0: Disabled, 1: Enabled)","Name":"L_MimeSniffingSafetyFature","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"powerpnt.exe (Device) - Depends on L_MimeSniffingSafetyFature (0: False, 1: True)","Name":"L_powerpntexe59","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"exprwd.exe (Device) - Depends on L_MimeSniffingSafetyFature (0: False, 1: True)","Name":"L_exprwdexe66","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"groove.exe (Device) - Depends on L_MimeSniffingSafetyFature (0: False, 1: True)","Name":"L_grooveexe56","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"visio.exe (Device) - Depends on L_MimeSniffingSafetyFature (0: False, 1: True)","Name":"L_visioexe61","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"outlook.exe (Device) - Depends on L_MimeSniffingSafetyFature (0: False, 1: True)","Name":"L_outlookexe64","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"mspub.exe (Device) - Depends on L_MimeSniffingSafetyFature (0: False, 1: True)","Name":"L_mspubexe58","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"mse7.exe (Device) - Depends on L_MimeSniffingSafetyFature (0: False, 1: True)","Name":"L_mse7exe69","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"msaccess.exe (Device) - Depends on L_MimeSniffingSafetyFature (0: False, 1: True)","Name":"L_msaccessexe67","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"pptview.exe (Device) - Depends on L_MimeSniffingSafetyFature (0: False, 1: True)","Name":"L_pptviewexe60","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"winproj.exe (Device) - Depends on L_MimeSniffingSafetyFature (0: False, 1: True)","Name":"L_winprojexe62","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"spDesign.exe (Device) - Depends on L_MimeSniffingSafetyFature (0: False, 1: True)","Name":"L_spdesignexe65","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"onent.exe (Device) - Depends on L_MimeSniffingSafetyFature (0: False, 1: True)","Name":"L_onenoteexe68","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"winword.exe (Device) - Depends on L_MimeSniffingSafetyFature (0: False, 1: True)","Name":"L_winwordexe63","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"excel.exe (Device) - Depends on L_MimeSniffingSafetyFature (0: False, 1: True)","Name":"L_excelexe57","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Navigate URL (0: Disabled, 1: Enabled)","Name":"L_NavigateURL","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"spDesign.exe (Device) - Depends on L_NavigateURL (0: False, 1: True)","Name":"L_spdesignexe177","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"onent.exe (Device) - Depends on L_NavigateURL (0: False, 1: True)","Name":"L_onenoteexe180","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"pptview.exe (Device) - Depends on L_NavigateURL (0: False, 1: True)","Name":"L_pptviewexe172","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"outlook.exe (Device) - Depends on L_NavigateURL (0: False, 1: True)","Name":"L_outlookexe176","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"winproj.exe (Device) - Depends on L_NavigateURL (0: False, 1: True)","Name":"L_winprojexe174","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"msaccess.exe (Device) - Depends on L_NavigateURL (0: False, 1: True)","Name":"L_msaccessexe179","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"winword.exe (Device) - Depends on L_NavigateURL (0: False, 1: True)","Name":"L_winwordexe175","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"excel.exe (Device) - Depends on L_NavigateURL (0: False, 1: True)","Name":"L_excelexe169","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"mspub.exe (Device) - Depends on L_NavigateURL (0: False, 1: True)","Name":"L_mspubexe170","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"exprwd.exe (Device) - Depends on L_NavigateURL (0: False, 1: True)","Name":"L_exprwdexe178","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"powerpnt.exe (Device) - Depends on L_NavigateURL (0: False, 1: True)","Name":"L_powerpntexe171","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"visio.exe (Device) - Depends on L_NavigateURL (0: False, 1: True)","Name":"L_visioexe173","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"mse7.exe (Device) - Depends on L_NavigateURL (0: False, 1: True)","Name":"L_mse7exe181","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"groove.exe (Device) - Depends on L_NavigateURL (0: False, 1: True)","Name":"L_grooveexe168","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Object Caching Protection (0: Disabled, 1: Enabled)","Name":"L_ObjectCachingProtection","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"winword.exe (Device) - Depends on L_ObjectCachingProtection (0: False, 1: True)","Name":"L_winwordexe77","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"powerpnt.exe (Device) - Depends on L_ObjectCachingProtection (0: False, 1: True)","Name":"L_powerpntexe73","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"spDesign.exe (Device) - Depends on L_ObjectCachingProtection (0: False, 1: True)","Name":"L_spdesignexe79","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"mse7.exe (Device) - Depends on L_ObjectCachingProtection (0: False, 1: True)","Name":"L_mse7exe83","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"mspub.exe (Device) - Depends on L_ObjectCachingProtection (0: False, 1: True)","Name":"L_mspubexe72","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"msaccess.exe (Device) - Depends on L_ObjectCachingProtection (0: False, 1: True)","Name":"L_msaccessexe81","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"onent.exe (Device) - Depends on L_ObjectCachingProtection (0: False, 1: True)","Name":"L_onenoteexe82","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"outlook.exe (Device) - Depends on L_ObjectCachingProtection (0: False, 1: True)","Name":"L_outlookexe78","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"groove.exe (Device) - Depends on L_ObjectCachingProtection (0: False, 1: True)","Name":"L_grooveexe70","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"excel.exe (Device) - Depends on L_ObjectCachingProtection (0: False, 1: True)","Name":"L_excelexe71","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"visio.exe (Device) - Depends on L_ObjectCachingProtection (0: False, 1: True)","Name":"L_visioexe75","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"pptview.exe (Device) - Depends on L_ObjectCachingProtection (0: False, 1: True)","Name":"L_pptviewexe74","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"winproj.exe (Device) - Depends on L_ObjectCachingProtection (0: False, 1: True)","Name":"L_winprojexe76","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"exprwd.exe (Device) - Depends on L_ObjectCachingProtection (0: False, 1: True)","Name":"L_exprwdexe80","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Protection From Zone Elevation (0: Disabled, 1: Enabled)","Name":"L_ProtectionFromZoneElevation","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"mspub.exe (Device) - Depends on L_ProtectionFromZoneElevation (0: False, 1: True)","Name":"L_mspubexe100","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"visio.exe (Device) - Depends on L_ProtectionFromZoneElevation (0: False, 1: True)","Name":"L_visioexe103","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"powerpnt.exe (Device) - Depends on L_ProtectionFromZoneElevation (0: False, 1: True)","Name":"L_powerpntexe101","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"excel.exe (Device) - Depends on L_ProtectionFromZoneElevation (0: False, 1: True)","Name":"L_excelexe99","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"mse7.exe (Device) - Depends on L_ProtectionFromZoneElevation (0: False, 1: True)","Name":"L_mse7exe111","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"winword.exe (Device) - Depends on L_ProtectionFromZoneElevation (0: False, 1: True)","Name":"L_winwordexe105","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"exprwd.exe (Device) - Depends on L_ProtectionFromZoneElevation (0: False, 1: True)","Name":"L_exprwdexe108","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"msaccess.exe (Device) - Depends on L_ProtectionFromZoneElevation (0: False, 1: True)","Name":"L_msaccessexe109","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"spDesign.exe (Device) - Depends on L_ProtectionFromZoneElevation (0: False, 1: True)","Name":"L_spdesignexe107","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"onent.exe (Device) - Depends on L_ProtectionFromZoneElevation (0: False, 1: True)","Name":"L_onenoteexe110","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"pptview.exe (Device) - Depends on L_ProtectionFromZoneElevation (0: False, 1: True)","Name":"L_pptviewexe102","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"winproj.exe (Device) - Depends on L_ProtectionFromZoneElevation (0: False, 1: True)","Name":"L_winprojexe104","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"groove.exe (Device) - Depends on L_ProtectionFromZoneElevation (0: False, 1: True)","Name":"L_grooveexe98","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"outlook.exe (Device) - Depends on L_ProtectionFromZoneElevation (0: False, 1: True)","Name":"L_outlookexe106","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Restrict ActiveX Install (0: Disabled, 1: Enabled)","Name":"L_RestrictActiveXInstall","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"mse7.exe (Device) - Depends on L_RestrictActiveXInstall (0: False, 1: True)","Name":"L_mse7exe","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"powerpnt.exe (Device) - Depends on L_RestrictActiveXInstall (0: False, 1: True)","Name":"L_powerpntexe","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"spDesign.exe (Device) - Depends on L_RestrictActiveXInstall (0: False, 1: True)","Name":"L_spDesignexe","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"onent.exe (Device) - Depends on L_RestrictActiveXInstall (0: False, 1: True)","Name":"L_onenoteexe","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"excel.exe (Device) - Depends on L_RestrictActiveXInstall (0: False, 1: True)","Name":"L_excelexe","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"mspub.exe (Device) - Depends on L_RestrictActiveXInstall (0: False, 1: True)","Name":"L_mspubexe","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"visio.exe (Device) - Depends on L_RestrictActiveXInstall (0: False, 1: True)","Name":"L_visioexe","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"exprwd.exe (Device) - Depends on L_RestrictActiveXInstall (0: False, 1: True)","Name":"L_exprwdexe","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"outlook.exe (Device) - Depends on L_RestrictActiveXInstall (0: False, 1: True)","Name":"L_outlookexe","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"pptview.exe (Device) - Depends on L_RestrictActiveXInstall (0: False, 1: True)","Name":"L_pptviewexe","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"winproj.exe (Device) - Depends on L_RestrictActiveXInstall (0: False, 1: True)","Name":"L_winprojexe","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"winword.exe (Device) - Depends on L_RestrictActiveXInstall (0: False, 1: True)","Name":"L_winwordexe","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"groove.exe (Device) - Depends on L_RestrictActiveXInstall (0: False, 1: True)","Name":"L_grooveexe","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"msaccess.exe (Device) - Depends on L_RestrictActiveXInstall (0: False, 1: True)","Name":"L_msaccessexe","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Restrict File Download (0: Disabled, 1: Enabled)","Name":"L_RestrictFileDownload","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"visio.exe (Device) - Depends on L_RestrictFileDownload (0: False, 1: True)","Name":"L_visioexe5","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"winproj.exe (Device) - Depends on L_RestrictFileDownload (0: False, 1: True)","Name":"L_winprojexe6","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"msaccess.exe (Device) - Depends on L_RestrictFileDownload (0: False, 1: True)","Name":"L_msaccessexe11","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"spDesign.exe (Device) - Depends on L_RestrictFileDownload (0: False, 1: True)","Name":"L_spdesignexe9","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"excel.exe (Device) - Depends on L_RestrictFileDownload (0: False, 1: True)","Name":"L_excelexe1","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"powerpnt.exe (Device) - Depends on L_RestrictFileDownload (0: False, 1: True)","Name":"L_powerpntexe3","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"mspub.exe (Device) - Depends on L_RestrictFileDownload (0: False, 1: True)","Name":"L_mspubexe2","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"exprwd.exe (Device) - Depends on L_RestrictFileDownload (0: False, 1: True)","Name":"L_exprwdexe10","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"outlook.exe (Device) - Depends on L_RestrictFileDownload (0: False, 1: True)","Name":"L_outlookexe8","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"pptview.exe (Device) - Depends on L_RestrictFileDownload (0: False, 1: True)","Name":"L_pptviewexe4","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"winword.exe (Device) - Depends on L_RestrictFileDownload (0: False, 1: True)","Name":"L_winwordexe7","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"onent.exe (Device) - Depends on L_RestrictFileDownload (0: False, 1: True)","Name":"L_onenoteexe12","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"mse7.exe (Device) - Depends on L_RestrictFileDownload (0: False, 1: True)","Name":"L_mse7exe13","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"groove.exe (Device) - Depends on L_RestrictFileDownload (0: False, 1: True)","Name":"L_grooveexe0","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Saved from URL (0: Disabled, 1: Enabled)","Name":"L_SavedfromURL","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"pptview.exe (Device) - Depends on L_SavedfromURL (0: False, 1: True)","Name":"L_pptviewexe158","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"exprwd.exe (Device) - Depends on L_SavedfromURL (0: False, 1: True)","Name":"L_exprwdexe164","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"mse7.exe (Device) - Depends on L_SavedfromURL (0: False, 1: True)","Name":"L_mse7exe167","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"spDesign.exe (Device) - Depends on L_SavedfromURL (0: False, 1: True)","Name":"L_spdesignexe163","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"winproj.exe (Device) - Depends on L_SavedfromURL (0: False, 1: True)","Name":"L_winprojexe160","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"mspub.exe (Device) - Depends on L_SavedfromURL (0: False, 1: True)","Name":"L_mspubexe156","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"visio.exe (Device) - Depends on L_SavedfromURL (0: False, 1: True)","Name":"L_visioexe159","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"winword.exe (Device) - Depends on L_SavedfromURL (0: False, 1: True)","Name":"L_winwordexe161","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"msaccess.exe (Device) - Depends on L_SavedfromURL (0: False, 1: True)","Name":"L_msaccessexe165","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"onent.exe (Device) - Depends on L_SavedfromURL (0: False, 1: True)","Name":"L_onenoteexe166","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"outlook.exe (Device) - Depends on L_SavedfromURL (0: False, 1: True)","Name":"L_outlookexe162","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"groove.exe (Device) - Depends on L_SavedfromURL (0: False, 1: True)","Name":"L_grooveexe154","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"excel.exe (Device) - Depends on L_SavedfromURL (0: False, 1: True)","Name":"L_excelexe155","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"powerpnt.exe (Device) - Depends on L_SavedfromURL (0: False, 1: True)","Name":"L_powerpntexe157","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Scripted Window Security Restrictions (0: Disabled, 1: Enabled)","Name":"L_ScriptedWindowSecurityRestrictions","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"exprwd.exe (Device) - Depends on L_ScriptedWindowSecurityRestrictions (0: False, 1: True)","Name":"L_exprwdexe94","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"mse7.exe (Device) - Depends on L_ScriptedWindowSecurityRestrictions (0: False, 1: True)","Name":"L_mse7exe97","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"mspub.exe (Device) - Depends on L_ScriptedWindowSecurityRestrictions (0: False, 1: True)","Name":"L_mspubexe86","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"outlook.exe (Device) - Depends on L_ScriptedWindowSecurityRestrictions (0: False, 1: True)","Name":"L_outlookexe92","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"msaccess.exe (Device) - Depends on L_ScriptedWindowSecurityRestrictions (0: False, 1: True)","Name":"L_msaccessexe95","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"powerpnt.exe (Device) - Depends on L_ScriptedWindowSecurityRestrictions (0: False, 1: True)","Name":"L_powerpntexe87","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"groove.exe (Device) - Depends on L_ScriptedWindowSecurityRestrictions (0: False, 1: True)","Name":"L_grooveexe84","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"excel.exe (Device) - Depends on L_ScriptedWindowSecurityRestrictions (0: False, 1: True)","Name":"L_excelexe85","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"pptview.exe (Device) - Depends on L_ScriptedWindowSecurityRestrictions (0: False, 1: True)","Name":"L_pptviewexe88","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"spDesign.exe (Device) - Depends on L_ScriptedWindowSecurityRestrictions (0: False, 1: True)","Name":"L_spdesignexe93","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"visio.exe (Device) - Depends on L_ScriptedWindowSecurityRestrictions (0: False, 1: True)","Name":"L_visioexe89","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"onent.exe (Device) - Depends on L_ScriptedWindowSecurityRestrictions (0: False, 1: True)","Name":"L_onenoteexe96","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"winproj.exe (Device) - Depends on L_ScriptedWindowSecurityRestrictions (0: False, 1: True)","Name":"L_winprojexe90","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"winword.exe (Device) - Depends on L_ScriptedWindowSecurityRestrictions (0: False, 1: True)","Name":"L_winwordexe91","Option":"Write","ValueMap":[0,1],"Values":[0,1]}],"Description":"Intune Security Baseline Microsoft365 Apps For Enterprise"},{"ClassName":"MSFT_MicrosoftGraphIntuneSettingsCatalogUserSettings_IntuneSecurityBaselineMicrosoft365AppsForEnterprise","Parameters":[{"CIMType":"SInt32","Description":"Block macros from running in Office files from the Internet (User) (0: Disabled, 1: Enabled)","Name":"MicrosoftAccess_Security_TrustCenter_L_BlockMacroExecutionFromInternet","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Disable Trust Bar Notification for unsigned application add-ins and block them (User) (0: Disabled, 1: Enabled)","Name":"MicrosoftAccess_Security_TrustCenter_L_DisableTrustBarNotificationforunsigned","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Require that application add-ins are signed by Trusted Publisher (User) (0: Disabled, 1: Enabled)","Name":"MicrosoftAccess_Security_TrustCenter_L_RequirethatApplicationExtensionsaresigned","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow Trusted Locations on the network (User) (0: Disabled, 1: Enabled)","Name":"MicrosoftAccess_Security_TrustCenterTrustedLocations_L_AllowTrustedLocationsOnTheNetwork","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"VBA Macro Notification Settings (User) (0: Disabled, 1: Enabled)","Name":"MicrosoftAccess_Security_TrustCenter_L_VBAWarningsPolicy","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":" - Depends on MicrosoftAccess_Security_TrustCenter_L_VBAWarningsPolicy (2: Disable all with notification, 3: Disable all except digitally signed macros, 4: Disable all without notification, 1: Enable all macros (not recommended))","Name":"MicrosoftAccess_Security_TrustCenter_L_VBAWarningsPolicy_L_Empty","Option":"Write","ValueMap":[2,3,4,1],"Values":[2,3,4,1]},{"CIMType":"SInt32","Description":"Do not show data extraction options when opening corrupt workbooks (User) (0: Disabled, 1: Enabled)","Name":"L_Donotshowdataextractionoptionswhenopeningcorruptworkbooks","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Ask to update automatic links (User) (0: Disabled, 1: Enabled)","Name":"L_Asktoupdateautomaticlinks","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Load pictures from Web pages not created in Excel (User) (0: Disabled, 1: Enabled)","Name":"L_LoadpicturesfromWebpagesnotcreatedinExcel","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Disable AutoRepublish (User) (0: Disabled, 1: Enabled)","Name":"L_DisableAutoRepublish","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Do not show AutoRepublish warning alert (User) (0: Disabled, 1: Enabled)","Name":"L_DoNotShowAutoRepublishWarningAlert","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Force file extension to match file type (User) (0: Disabled, 1: Enabled)","Name":"L_Forcefileextenstionstomatch","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":" - Depends on L_Forcefileextenstionstomatch (0: Allow different, 1: Allow different, but warn, 2: Always match file type)","Name":"L_Forcefileextenstionstomatch_L_Empty","Option":"Write","ValueMap":[0,1,2],"Values":[0,1,2]},{"CIMType":"SInt32","Description":"Scan encrypted macros in Excel Open XML workbooks (User) (0: Disabled, 1: Enabled)","Name":"L_DeterminewhethertoforceencryptedExcel","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":" - Depends on L_DeterminewhethertoforceencryptedExcel (0: Scan encrypted macros (default), 1: Scan if anti-virus software available, 2: Load macros without scanning)","Name":"L_DeterminewhethertoforceencryptedExcelDropID","Option":"Write","ValueMap":[0,1,2],"Values":[0,1,2]},{"CIMType":"SInt32","Description":"Block Excel XLL Add-ins that come from an untrusted source (User) (0: Disabled, 1: Enabled)","Name":"L_BlockXLLFromInternet","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":" - Depends on L_BlockXLLFromInternet (1: Block, 0: Show Additional Warning, 2: Allow)","Name":"L_BlockXLLFromInternetEnum","Option":"Write","ValueMap":[1,0,2],"Values":[1,0,2]},{"CIMType":"SInt32","Description":"Block macros from running in Office files from the Internet (User) (0: Disabled, 1: Enabled)","Name":"MicrosoftExcel_Security_TrustCenter_L_BlockMacroExecutionFromInternet","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Disable Trust Bar Notification for unsigned application add-ins and block them (User) (Deprecated) (0: Disabled, 1: Enabled)","Name":"MicrosoftExcel_Security_TrustCenter_L_DisableTrustBarNotificationforunsigned","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Always prevent untrusted Microsoft Query files from opening (User) (0: Disabled, 1: Enabled)","Name":"L_EnableBlockUnsecureQueryFiles","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"dBase III / IV files (User) (0: Disabled, 1: Enabled)","Name":"L_DBaseIIIANDIVFiles","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"File block setting: (User) - Depends on L_DBaseIIIANDIVFiles (0: Do not block, 2: Open/Save blocked, use open policy)","Name":"L_DBaseIIIANDIVFilesDropID","Option":"Write","ValueMap":[0,2],"Values":[0,2]},{"CIMType":"SInt32","Description":"Dif and Sylk files (User) (0: Disabled, 1: Enabled)","Name":"L_DifAndSylkFiles","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"File block setting: (User) - Depends on L_DifAndSylkFiles (0: Do not block, 1: Save blocked, 2: Open/Save blocked, use open policy)","Name":"L_DifAndSylkFilesDropID","Option":"Write","ValueMap":[0,1,2],"Values":[0,1,2]},{"CIMType":"SInt32","Description":"Excel 2 macrosheets and add-in files (User) (0: Disabled, 1: Enabled)","Name":"L_Excel2MacrosheetsAndAddInFiles","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"File block setting: (User) - Depends on L_Excel2MacrosheetsAndAddInFiles (0: Do not block, 2: Open/Save blocked, use open policy, 3: Block, 4: Open in Protected View, 5: Allow editing and open in Protected View)","Name":"L_Excel2MacrosheetsAndAddInFilesDropID","Option":"Write","ValueMap":[0,2,3,4,5],"Values":[0,2,3,4,5]},{"CIMType":"SInt32","Description":"Excel 2 worksheets (User) (0: Disabled, 1: Enabled)","Name":"L_Excel2Worksheets","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"File block setting: (User) - Depends on L_Excel2Worksheets (0: Do not block, 2: Open/Save blocked, use open policy, 3: Block, 4: Open in Protected View, 5: Allow editing and open in Protected View)","Name":"L_Excel2WorksheetsDropID","Option":"Write","ValueMap":[0,2,3,4,5],"Values":[0,2,3,4,5]},{"CIMType":"SInt32","Description":"Excel 3 macrosheets and add-in files (User) (0: Disabled, 1: Enabled)","Name":"L_Excel3MacrosheetsAndAddInFiles","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"File block setting: (User) - Depends on L_Excel3MacrosheetsAndAddInFiles (0: Do not block, 2: Open/Save blocked, use open policy, 3: Block, 4: Open in Protected View, 5: Allow editing and open in Protected View)","Name":"L_Excel3MacrosheetsAndAddInFilesDropID","Option":"Write","ValueMap":[0,2,3,4,5],"Values":[0,2,3,4,5]},{"CIMType":"SInt32","Description":"Excel 3 worksheets (User) (0: Disabled, 1: Enabled)","Name":"L_Excel3Worksheets","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"File block setting: (User) - Depends on L_Excel3Worksheets (0: Do not block, 2: Open/Save blocked, use open policy, 3: Block, 4: Open in Protected View, 5: Allow editing and open in Protected View)","Name":"L_Excel3WorksheetsDropID","Option":"Write","ValueMap":[0,2,3,4,5],"Values":[0,2,3,4,5]},{"CIMType":"SInt32","Description":"Excel 4 macrosheets and add-in files (User) (0: Disabled, 1: Enabled)","Name":"L_Excel4MacrosheetsAndAddInFiles","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"File block setting: (User) - Depends on L_Excel4MacrosheetsAndAddInFiles (0: Do not block, 2: Open/Save blocked, use open policy, 3: Block, 4: Open in Protected View, 5: Allow editing and open in Protected View)","Name":"L_Excel4MacrosheetsAndAddInFilesDropID","Option":"Write","ValueMap":[0,2,3,4,5],"Values":[0,2,3,4,5]},{"CIMType":"SInt32","Description":"Excel 4 workbooks (User) (0: Disabled, 1: Enabled)","Name":"L_Excel4Workbooks","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"File block setting: (User) - Depends on L_Excel4Workbooks (0: Do not block, 2: Open/Save blocked, use open policy, 3: Block, 4: Open in Protected View, 5: Allow editing and open in Protected View)","Name":"L_Excel4WorkbooksDropID","Option":"Write","ValueMap":[0,2,3,4,5],"Values":[0,2,3,4,5]},{"CIMType":"SInt32","Description":"Excel 4 worksheets (User) (0: Disabled, 1: Enabled)","Name":"L_Excel4Worksheets","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"File block setting: (User) - Depends on L_Excel4Worksheets (0: Do not block, 2: Open/Save blocked, use open policy, 3: Block, 4: Open in Protected View, 5: Allow editing and open in Protected View)","Name":"L_Excel4WorksheetsDropID","Option":"Write","ValueMap":[0,2,3,4,5],"Values":[0,2,3,4,5]},{"CIMType":"SInt32","Description":"Excel 95 workbooks (User) (0: Disabled, 1: Enabled)","Name":"L_Excel95Workbooks","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"File block setting: (User) - Depends on L_Excel95Workbooks (0: Do not block, 1: Save blocked, 2: Open/Save blocked, use open policy, 3: Block, 4: Open in Protected View, 5: Allow editing and open in Protected View)","Name":"L_Excel95WorkbooksDropID","Option":"Write","ValueMap":[0,1,2,3,4,5],"Values":[0,1,2,3,4,5]},{"CIMType":"SInt32","Description":"Excel 95-97 workbooks and templates (User) (0: Disabled, 1: Enabled)","Name":"L_Excel9597WorkbooksAndTemplates","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"File block setting: (User) - Depends on L_Excel9597WorkbooksAndTemplates (0: Do not block, 2: Open/Save blocked, use open policy, 3: Block, 4: Open in Protected View, 5: Allow editing and open in Protected View)","Name":"L_Excel9597WorkbooksAndTemplatesDropID","Option":"Write","ValueMap":[0,2,3,4,5],"Values":[0,2,3,4,5]},{"CIMType":"SInt32","Description":"Excel 97-2003 workbooks and templates (User) (0: Disabled, 1: Enabled)","Name":"L_Excel972003WorkbooksAndTemplates","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"File block setting: (User) - Depends on L_Excel972003WorkbooksAndTemplates (0: Do not block, 1: Save blocked, 2: Open/Save blocked, use open policy, 3: Block, 4: Open in Protected View, 5: Allow editing and open in Protected View)","Name":"L_Excel972003WorkbooksAndTemplatesDropID","Option":"Write","ValueMap":[0,1,2,3,4,5],"Values":[0,1,2,3,4,5]},{"CIMType":"SInt32","Description":"Set default file block behavior (User) (0: Disabled, 1: Enabled)","Name":"MicrosoftExcel_Security_TrustCenterFileBlockSettings_L_SetDefaultFileBlockBehavior","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":" - Depends on MicrosoftExcel_Security_TrustCenterFileBlockSettings_L_SetDefaultFileBlockBehavior (0: Blocked files are not opened, 1: Blocked files open in Protected View and can not be edited, 2: Blocked files open in Protected View and can be edited)","Name":"MicrosoftExcel_Security_TrustCenterFileBlockSettings_L_SetDefaultFileBlockBehaviorDropID","Option":"Write","ValueMap":[0,1,2],"Values":[0,1,2]},{"CIMType":"SInt32","Description":"Web pages and Excel 2003 XML spreadsheets (User) (0: Disabled, 1: Enabled)","Name":"L_WebPagesAndExcel2003XMLSpreadsheets","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"File block setting: (User) - Depends on L_WebPagesAndExcel2003XMLSpreadsheets (0: Do not block, 1: Save blocked, 2: Open/Save blocked, use open policy, 3: Block, 4: Open in Protected View, 5: Allow editing and open in Protected View)","Name":"L_WebPagesAndExcel2003XMLSpreadsheetsDropID","Option":"Write","ValueMap":[0,1,2,3,4,5],"Values":[0,1,2,3,4,5]},{"CIMType":"SInt32","Description":"Prevent Excel from running XLM macros (User) (0: Disabled, 1: Enabled)","Name":"L_XL4KillSwitchPolicy","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Always open untrusted database files in Protected View (User) (0: Disabled, 1: Enabled)","Name":"L_EnableDataBaseFileProtectedView","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Do not open files from the Internet zone in Protected View (User) (0: Disabled, 1: Enabled)","Name":"MicrosoftExcel_Security_TrustCenterProtectedView_L_DoNotOpenFilesFromTheInternetZoneInProtectedView","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Do not open files in unsafe locations in Protected View (User) (0: Disabled, 1: Enabled)","Name":"MicrosoftExcel_Security_TrustCenterProtectedView_L_DoNotOpenFilesInUnsafeLocationsInProtectedView","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Set document behavior if file validation fails (User) (0: Disabled, 1: Enabled)","Name":"MicrosoftExcel_Security_TrustCenterProtectedView_L_SetDocumentBehaviorIfFileValidationFails","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Checked: Allow edit.  Unchecked: Do not allow edit. (User) - Depends on MicrosoftExcel_Security_TrustCenterProtectedView_L_SetDocumentBehaviorIfFileValidationFails (0: False, 1: True)","Name":"MicrosoftExcel_Security_TrustCenterProtectedView_L_SetDocumentBehaviorIfFileValidationFailsStr3","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":" - Depends on MicrosoftExcel_Security_TrustCenterProtectedView_L_SetDocumentBehaviorIfFileValidationFails (0: Block files, 1: Open in Protected View)","Name":"MicrosoftExcel_Security_TrustCenterProtectedView_L_SetDocumentBehaviorIfFileValidationFailsDropID","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Turn off Protected View for attachments opened from Outlook (User) (0: Disabled, 1: Enabled)","Name":"MicrosoftExcel_Security_TrustCenterProtectedView_L_TurnOffProtectedViewForAttachmentsOpenedFromOutlook","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Require that application add-ins are signed by Trusted Publisher (User) (0: Disabled, 1: Enabled)","Name":"MicrosoftExcel_Security_TrustCenter_L_RequirethatApplicationExtensionsaresigned","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Disable Trust Bar Notification for unsigned application add-ins and block them (User) - Depends on MicrosoftExcel_Security_TrustCenter_L_RequirethatApplicationExtensionsaresigned (0: Disabled, 1: Enabled)","Name":"MicrosoftExcel_Security_TrustCenter_L_DisableTrustBarNotificationforunsigned_v2","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow Trusted Locations on the network (User) (0: Disabled, 1: Enabled)","Name":"MicrosoftExcel_Security_TrustCenterTrustedLocations_L_AllowTrustedLocationsOnTheNetwork","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"VBA Macro Notification Settings (User) (0: Disabled, 1: Enabled)","Name":"MicrosoftExcel_Security_TrustCenter_L_VBAWarningsPolicy","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":" - Depends on MicrosoftExcel_Security_TrustCenter_L_VBAWarningsPolicy (2: Disable VBA macros with notification, 3: Disable VBA macros except digitally signed macros, 4: Disable VBA macros without notification, 1: Enable VBA macros (not recommended))","Name":"L_empty4","Option":"Write","ValueMap":[2,3,4,1],"Values":[2,3,4,1]},{"CIMType":"SInt32","Description":"Turn off file validation (User) (0: Disabled, 1: Enabled)","Name":"MicrosoftExcel_Security_L_TurnOffFileValidation","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"WEBSERVICE Function Notification Settings (User) (0: Disabled, 1: Enabled)","Name":"L_WebContentWarningLevel","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":" - Depends on L_WebContentWarningLevel (0: Enable all WEBSERVICE functions (not recommended), 1: Disable all with notification, 2: Disable all without notification)","Name":"L_WebContentWarningLevelValue","Option":"Write","ValueMap":[0,1,2],"Values":[0,1,2]},{"CIMType":"SInt32","Description":"Disable UI extending from documents and templates (User) (0: Disabled, 1: Enabled)","Name":"L_NoExtensibilityCustomizationFromDocumentPolicy","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Disallow in Word (User) - Depends on L_NoExtensibilityCustomizationFromDocumentPolicy (0: False, 1: True)","Name":"L_NoExtensibilityCustomizationFromDocumentPolicyWord","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Disallow in Excel (User) - Depends on L_NoExtensibilityCustomizationFromDocumentPolicy (0: False, 1: True)","Name":"L_NoExtensibilityCustomizationFromDocumentPolicyExcel","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Disallow in Visio (User) - Depends on L_NoExtensibilityCustomizationFromDocumentPolicy (0: False, 1: True)","Name":"L_NoExtensibilityCustomizationFromDocumentPolicyVisio","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Disallow in PowerPoint (User) - Depends on L_NoExtensibilityCustomizationFromDocumentPolicy (0: False, 1: True)","Name":"L_NoExtensibilityCustomizationFromDocumentPolicyPowerPoint","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Disallow in Publisher (User) - Depends on L_NoExtensibilityCustomizationFromDocumentPolicy (0: False, 1: True)","Name":"L_NoExtensibilityCustomizationFromDocumentPolicyPublisher","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Disallow in Outlook (User) - Depends on L_NoExtensibilityCustomizationFromDocumentPolicy (0: False, 1: True)","Name":"L_NoExtensibilityCustomizationFromDocumentPolicyOutlook","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Disallow in Project (User) - Depends on L_NoExtensibilityCustomizationFromDocumentPolicy (0: False, 1: True)","Name":"L_NoExtensibilityCustomizationFromDocumentPolicyProject","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Disallow in Access (User) - Depends on L_NoExtensibilityCustomizationFromDocumentPolicy (0: False, 1: True)","Name":"L_NoExtensibilityCustomizationFromDocumentPolicyAccess","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Disallow in InfoPath (User) - Depends on L_NoExtensibilityCustomizationFromDocumentPolicy (0: False, 1: True)","Name":"L_NoExtensibilityCustomizationFromDocumentPolicyInfoPath","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"ActiveX Control Initialization (User) (0: Disabled, 1: Enabled)","Name":"L_ActiveXControlInitialization","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"ActiveX Control Initialization: (User) - Depends on L_ActiveXControlInitialization (1: 1, 2: 2, 3: 3, 4: 4, 5: 5, 6: 6)","Name":"L_ActiveXControlInitializationcolon","Option":"Write","ValueMap":[1,2,3,4,5,6],"Values":[1,2,3,4,5,6]},{"CIMType":"SInt32","Description":"Allow Basic Authentication prompts from network proxies (User) (0: Disabled, 1: Enabled)","Name":"L_BasicAuthProxyBehavior","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow VBA to load typelib references by path from untrusted intranet locations (User) (0: Disabled, 1: Enabled)","Name":"L_AllowVbaIntranetRefs","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Automation Security (User) (0: Disabled, 1: Enabled)","Name":"L_AutomationSecurity","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Set the Automation Security level (User) - Depends on L_AutomationSecurity (3: Disable macros by default, 2: Use application macro security level, 1: Macros enabled (default))","Name":"L_SettheAutomationSecuritylevel","Option":"Write","ValueMap":[3,2,1],"Values":[3,2,1]},{"CIMType":"SInt32","Description":"Control how Office handles form-based sign-in prompts (User) (0: Disabled, 1: Enabled)","Name":"L_AuthenticationFBABehavior","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"String","Description":"Specify hosts allowed to show form-based sign-in prompts to users: (User) - Depends on L_AuthenticationFBABehavior","Name":"L_AuthenticationFBAEnabledHostsID","Option":"Write"},{"CIMType":"SInt32","Description":"Behavior: (User) - Depends on L_AuthenticationFBABehavior (1: Block all prompts, 2: Ask the user what to do for each new host, 3: Show prompts only from allowed hosts)","Name":"L_authenticationFBABehaviorEnum","Option":"Write","ValueMap":[1,2,3],"Values":[1,2,3]},{"CIMType":"SInt32","Description":"Disable additional security checks on VBA library references that may refer to unsafe locations on the local machine (User) (0: Disabled, 1: Enabled)","Name":"L_DisableStrictVbaRefsSecurityPolicy","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Disable all Trust Bar notifications for security issues (User) (0: Disabled, 1: Enabled)","Name":"L_DisableallTrustBarnotificationsfor","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Encryption mode for Information Rights Management (IRM) (User) (0: Disabled, 1: Enabled)","Name":"L_Encryptiontypeforirm","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"IRM Encryption Mode: (User) - Depends on L_Encryptiontypeforirm (1: Cipher Block Chaining (CBC), 2: Electronic Codebook (ECB))","Name":"L_Encryptiontypeforirmcolon","Option":"Write","ValueMap":[1,2],"Values":[1,2]},{"CIMType":"SInt32","Description":"Encryption type for password protected Office 97-2003 files (User) (0: Disabled, 1: Enabled)","Name":"L_Encryptiontypeforpasswordprotectedoffice972003","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"String","Description":"Encryption type: (User) - Depends on L_Encryptiontypeforpasswordprotectedoffice972003","Name":"L_encryptiontypecolon318","Option":"Write"},{"CIMType":"SInt32","Description":"Encryption type for password protected Office Open XML files (User) (0: Disabled, 1: Enabled)","Name":"L_Encryptiontypeforpasswordprotectedofficeopen","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"String","Description":"Encryption type: (User) - Depends on L_Encryptiontypeforpasswordprotectedofficeopen","Name":"L_Encryptiontypecolon","Option":"Write"},{"CIMType":"SInt32","Description":"Load Controls in Forms3 (User) (0: Disabled, 1: Enabled)","Name":"L_LoadControlsinForms3","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Load Controls in Forms3: (User) - Depends on L_LoadControlsinForms3 (1: 1, 2: 2, 3: 3, 4: 4)","Name":"L_LoadControlsinForms3colon","Option":"Write","ValueMap":[1,2,3,4],"Values":[1,2,3,4]},{"CIMType":"SInt32","Description":"Macro Runtime Scan Scope (User) (0: Disabled, 1: Enabled)","Name":"L_MacroRuntimeScanScope","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":" - Depends on L_MacroRuntimeScanScope (0: Disable for all documents, 1: Enable for low trust documents, 2: Enable for all documents)","Name":"L_MacroRuntimeScanScopeEnum","Option":"Write","ValueMap":[0,1,2],"Values":[0,1,2]},{"CIMType":"SInt32","Description":"Protect document metadata for rights managed Office Open XML Files (User) (0: Disabled, 1: Enabled)","Name":"L_Protectdocumentmetadataforrightsmanaged","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow mix of policy and user locations (User) (0: Disabled, 1: Enabled)","Name":"L_Allowmixofpolicyanduserlocations","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Disable the Office client from polling the SharePoint Server for published links (User) (0: Disabled, 1: Enabled)","Name":"L_DisabletheOfficeclientfrompolling","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Disable Smart Document's use of manifests (User) (0: Disabled, 1: Enabled)","Name":"L_DisableSmartDocumentsuseofmanifests","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Outlook Security Mode (User) (0: Disabled, 1: Enabled)","Name":"L_OutlookSecurityMode","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Configure Outlook object model prompt when reading address information (User) - Depends on L_OutlookSecurityMode (0: Disabled, 1: Enabled)","Name":"L_OOMAddressAccess","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Guard behavior: (User) (1: Prompt User, 2: Automatically Approve, 0: Automatically Deny, 3: Prompt user based on computer security)","Name":"L_OOMAddressAccess_Setting","Option":"Write","ValueMap":[1,2,0,3],"Values":[1,2,0,3]},{"CIMType":"SInt32","Description":"Configure Outlook object model prompt when responding to meeting and task requests (User) - Depends on L_OutlookSecurityMode (0: Disabled, 1: Enabled)","Name":"L_OOMMeetingTaskRequest","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Guard behavior: (User) (1: Prompt User, 2: Automatically Approve, 0: Automatically Deny, 3: Prompt user based on computer security)","Name":"L_OOMMeetingTaskRequest_Setting","Option":"Write","ValueMap":[1,2,0,3],"Values":[1,2,0,3]},{"CIMType":"SInt32","Description":"Configure Outlook object model prompt when sending mail (User) - Depends on L_OutlookSecurityMode (0: Disabled, 1: Enabled)","Name":"L_OOMSend","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Guard behavior: (User) (1: Prompt User, 2: Automatically Approve, 0: Automatically Deny, 3: Prompt user based on computer security)","Name":"L_OOMSend_Setting","Option":"Write","ValueMap":[1,2,0,3],"Values":[1,2,0,3]},{"CIMType":"SInt32","Description":"Prevent users from customizing attachment security settings (User) - Depends on L_OutlookSecurityMode (0: Disabled, 1: Enabled)","Name":"L_Preventusersfromcustomizingattachmentsecuritysettings","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Retrieving CRLs (Certificate Revocation Lists) (User) - Depends on L_OutlookSecurityMode (0: Disabled, 1: Enabled)","Name":"L_RetrievingCRLsCertificateRevocationLists","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":" (0: Use system Default, 1: When online always retreive the CRL, 2: Never retreive the CRL)","Name":"L_empty31","Option":"Write","ValueMap":[0,1,2],"Values":[0,1,2]},{"CIMType":"SInt32","Description":"Configure Outlook object model prompt When accessing the Formula property of a UserProperty object (User) - Depends on L_OutlookSecurityMode (0: Disabled, 1: Enabled)","Name":"L_OOMFormula","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Guard behavior: (User) (1: Prompt User, 2: Automatically Approve, 0: Automatically Deny, 3: Prompt user based on computer security)","Name":"L_OOMFormula_Setting","Option":"Write","ValueMap":[1,2,0,3],"Values":[1,2,0,3]},{"CIMType":"SInt32","Description":"Authentication with Exchange Server (User) - Depends on L_OutlookSecurityMode (0: Disabled, 1: Enabled)","Name":"L_AuthenticationwithExchangeServer","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"String","Description":"Select the authentication with Exchange server. (User) (9: Kerberos/NTLM Password Authentication, 16: Kerberos Password Authentication, 10: NTLM Password Authentication, 2147545088: Insert a smart card)","Name":"L_SelecttheauthenticationwithExchangeserver","Option":"Write","ValueMap":["9","16","10","2147545088"],"Values":["9","16","10","2147545088"]},{"CIMType":"SInt32","Description":"Enable RPC encryption (User) - Depends on L_OutlookSecurityMode (0: Disabled, 1: Enabled)","Name":"L_EnableRPCEncryption","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow hyperlinks in suspected phishing e-mail messages (User) - Depends on L_OutlookSecurityMode (0: Disabled, 1: Enabled)","Name":"L_Enablelinksinemailmessages","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Configure Outlook object model prompt when accessing an address book (User) - Depends on L_OutlookSecurityMode (0: Disabled, 1: Enabled)","Name":"L_OOMAddressBook","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Guard behavior: (User) (1: Prompt User, 2: Automatically Approve, 0: Automatically Deny, 3: Prompt user based on computer security)","Name":"L_OOMAddressBook_Setting","Option":"Write","ValueMap":[1,2,0,3],"Values":[1,2,0,3]},{"CIMType":"SInt32","Description":"Outlook Security Policy: (User) - Depends on L_OutlookSecurityMode (0: Outlook Default Security, 1: Use Security Form from 'Outlook Security Settings' Public Folder, 2: Use Security Form from 'Outlook 10 Security Settings' Public Folder, 3: Use Outlook Security Group Policy)","Name":"L_OutlookSecurityPolicy","Option":"Write","ValueMap":[0,1,2,3],"Values":[0,1,2,3]},{"CIMType":"SInt32","Description":"Allow users to demote attachments to Level 2 (User) - Depends on L_OutlookSecurityMode (0: Disabled, 1: Enabled)","Name":"L_AllowUsersToLowerAttachments","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow Active X One Off Forms (User) - Depends on L_OutlookSecurityMode (0: Disabled, 1: Enabled)","Name":"L_AllowActiveXOneOffForms","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Sets which ActiveX controls to allow. (0: Load only Outlook Controls, 1: Allows only Safe Controls, 2: Allows all ActiveX Controls)","Name":"L_empty29","Option":"Write","ValueMap":[0,1,2],"Values":[0,1,2]},{"CIMType":"SInt32","Description":"Allow scripts in one-off Outlook forms (User) - Depends on L_OutlookSecurityMode (0: Disabled, 1: Enabled)","Name":"L_EnableScriptsInOneOffForms","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Remove file extensions blocked as Level 2 (User) - Depends on L_OutlookSecurityMode (0: Disabled, 1: Enabled)","Name":"L_Level2RemoveFilePolicy","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"String","Description":"Removed Extensions: (User)","Name":"L_removedextensions25","Option":"Write"},{"CIMType":"SInt32","Description":"Use Unicode format when dragging e-mail message to file system (User) - Depends on L_OutlookSecurityMode (0: Disabled, 1: Enabled)","Name":"L_MSGUnicodeformatwhendraggingtofilesystem","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Set Outlook object model custom actions execution prompt (User) - Depends on L_OutlookSecurityMode (0: Disabled, 1: Enabled)","Name":"L_OnExecuteCustomActionOOM","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"When executing a custom action: (User) (1: Prompt User, 2: Automatically Approve, 0: Automatically Deny, 3: Prompt user based on computer security)","Name":"L_OnExecuteCustomActionOOM_Setting","Option":"Write","ValueMap":[1,2,0,3],"Values":[1,2,0,3]},{"CIMType":"SInt32","Description":"Do not allow Outlook object model scripts to run for public folders (User) - Depends on L_OutlookSecurityMode (0: Disabled, 1: Enabled)","Name":"L_DisableOutlookobjectmodelscriptsforpublicfolders","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Include Internet in Safe Zones for Automatic Picture Download (User) - Depends on L_OutlookSecurityMode (0: Disabled, 1: Enabled)","Name":"L_BlockInternet","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Security setting for macros (User) - Depends on L_OutlookSecurityMode (0: Disabled, 1: Enabled)","Name":"L_SecurityLevelOutlook","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Security Level (User) (2: Always warn, 4: Never warn, disable all, 3: Warn for signed, disable unsigned, 1: No security check)","Name":"L_SecurityLevel","Option":"Write","ValueMap":[2,4,3,1],"Values":[2,4,3,1]},{"CIMType":"SInt32","Description":"Remove file extensions blocked as Level 1 (User) - Depends on L_OutlookSecurityMode (0: Disabled, 1: Enabled)","Name":"L_Level1RemoveFilePolicy","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"String","Description":"Removed Extensions: (User)","Name":"L_RemovedExtensions","Option":"Write"},{"CIMType":"SInt32","Description":"Signature Warning (User) - Depends on L_OutlookSecurityMode (0: Disabled, 1: Enabled)","Name":"L_SignatureWarning","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Signature Warning (User) (0: Let user decide if they want to be warned, 1: Always warn about invalid signatures, 2: Never warn about invalid signatures)","Name":"L_signaturewarning30","Option":"Write","ValueMap":[0,1,2],"Values":[0,1,2]},{"CIMType":"SInt32","Description":"Display Level 1 attachments (User) - Depends on L_OutlookSecurityMode (0: Disabled, 1: Enabled)","Name":"L_Level1Attachments","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Minimum encryption settings (User) - Depends on L_OutlookSecurityMode (0: Disabled, 1: Enabled)","Name":"L_Minimumencryptionsettings","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Minimum key size (in bits): (User)","Name":"L_Minimumkeysizeinbits","Option":"Write"},{"CIMType":"SInt32","Description":"Do not allow Outlook object model scripts to run for shared folders (User) - Depends on L_OutlookSecurityMode (0: Disabled, 1: Enabled)","Name":"L_DisableOutlookobjectmodelscripts","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Configure Outlook object model prompt when executing Save As (User) - Depends on L_OutlookSecurityMode (0: Disabled, 1: Enabled)","Name":"L_OOMSaveAs","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Guard behavior: (User) (1: Prompt User, 2: Automatically Approve, 0: Automatically Deny, 3: Prompt user based on computer security)","Name":"L_OOMSaveAs_Setting","Option":"Write","ValueMap":[1,2,0,3],"Values":[1,2,0,3]},{"CIMType":"SInt32","Description":"Junk E-mail protection level (User) - Depends on L_OutlookSecurityMode (0: Disabled, 1: Enabled)","Name":"L_JunkEmailprotectionlevel","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"String","Description":"Select level: (User) (4294967295: No Protection, 6: Low (Default), 3: High, 2147483648: Trusted Lists Only)","Name":"L_Selectlevel","Option":"Write","ValueMap":["4294967295","6","3","2147483648"],"Values":["4294967295","6","3","2147483648"]},{"CIMType":"SInt32","Description":"Run Programs (User) (0: Disabled, 1: Enabled)","Name":"L_RunPrograms","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":" - Depends on L_RunPrograms (0: disable (don't run any programs), 1: enable (prompt user before running), 2: enable all (run without prompting))","Name":"L_RunPrograms_L_Empty","Option":"Write","ValueMap":[0,1,2],"Values":[0,1,2]},{"CIMType":"SInt32","Description":"Scan encrypted macros in PowerPoint Open XML presentations (User) (0: Disabled, 1: Enabled)","Name":"L_Determinewhethertoforceencryptedppt","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":" - Depends on L_Determinewhethertoforceencryptedppt (0: Scan encrypted macros (default), 1: Scan if anti-virus software available, 2: Load macros without scanning)","Name":"L_DeterminewhethertoforceencryptedpptDropID","Option":"Write","ValueMap":[0,1,2],"Values":[0,1,2]},{"CIMType":"SInt32","Description":"Block macros from running in Office files from the Internet (User) (0: Disabled, 1: Enabled)","Name":"MicrosoftPowerPoint_Security_TrustCenter_L_BlockMacroExecutionFromInternet","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Disable Trust Bar Notification for unsigned application add-ins and block them (User) (Deprecated) (0: Disabled, 1: Enabled)","Name":"MicrosoftPowerPoint_Security_TrustCenter_L_DisableTrustBarNotificationforunsigned","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"PowerPoint 97-2003 presentations, shows, templates and add-in files (User) (0: Disabled, 1: Enabled)","Name":"L_PowerPoint972003PresentationsShowsTemplatesandAddInFiles","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"File block setting: (User) - Depends on L_PowerPoint972003PresentationsShowsTemplatesandAddInFiles (0: Do not block, 1: Save blocked, 2: Open/Save blocked, use open policy, 3: Block, 4: Open in Protected View, 5: Allow editing and open in Protected View)","Name":"L_PowerPoint972003PresentationsShowsTemplatesandAddInFilesDropID","Option":"Write","ValueMap":[0,1,2,3,4,5],"Values":[0,1,2,3,4,5]},{"CIMType":"SInt32","Description":"Set default file block behavior (User) (0: Disabled, 1: Enabled)","Name":"MicrosoftPowerPoint_Security_TrustCenterFileBlockSettings_L_SetDefaultFileBlockBehavior","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":" - Depends on MicrosoftPowerPoint_Security_TrustCenterFileBlockSettings_L_SetDefaultFileBlockBehavior (0: Blocked files are not opened, 1: Blocked files open in Protected View and can not be edited, 2: Blocked files open in Protected View and can be edited)","Name":"MicrosoftPowerPoint_Security_TrustCenterFileBlockSettings_L_SetDefaultFileBlockBehaviorDropID","Option":"Write","ValueMap":[0,1,2],"Values":[0,1,2]},{"CIMType":"SInt32","Description":"Do not open files from the Internet zone in Protected View (User) (0: Disabled, 1: Enabled)","Name":"MicrosoftPowerPoint_Security_TrustCenterProtectedView_L_DoNotOpenFilesFromTheInternetZoneInProtectedView","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Do not open files in unsafe locations in Protected View (User) (0: Disabled, 1: Enabled)","Name":"MicrosoftPowerPoint_Security_TrustCenterProtectedView_L_DoNotOpenFilesInUnsafeLocationsInProtectedView","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Set document behavior if file validation fails (User) (0: Disabled, 1: Enabled)","Name":"MicrosoftPowerPoint_Security_TrustCenterProtectedView_L_SetDocumentBehaviorIfFileValidationFails","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Checked: Allow edit.  Unchecked: Do not allow edit. (User) - Depends on MicrosoftPowerPoint_Security_TrustCenterProtectedView_L_SetDocumentBehaviorIfFileValidationFails (0: False, 1: True)","Name":"MicrosoftPowerPoint_Security_TrustCenterProtectedView_L_SetDocumentBehaviorIfFileValidationFailsStr3","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":" - Depends on MicrosoftPowerPoint_Security_TrustCenterProtectedView_L_SetDocumentBehaviorIfFileValidationFails (0: Block files, 1: Open in Protected View)","Name":"MicrosoftPowerPoint_Security_TrustCenterProtectedView_L_SetDocumentBehaviorIfFileValidationFailsDropID","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Turn off Protected View for attachments opened from Outlook (User) (0: Disabled, 1: Enabled)","Name":"MicrosoftPowerPoint_Security_TrustCenterProtectedView_L_TurnOffProtectedViewForAttachmentsOpenedFromOutlook","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Require that application add-ins are signed by Trusted Publisher (User) (0: Disabled, 1: Enabled)","Name":"MicrosoftPowerPoint_Security_TrustCenter_L_RequirethatApplicationExtensionsaresigned","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Disable Trust Bar Notification for unsigned application add-ins and block them (User) - Depends on MicrosoftPowerPoint_Security_TrustCenter_L_RequirethatApplicationExtensionsaresigned (0: Disabled, 1: Enabled)","Name":"MicrosoftPowerPoint_Security_TrustCenter_L_DisableTrustBarNotificationforunsigned_v2","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow Trusted Locations on the network (User) (0: Disabled, 1: Enabled)","Name":"MicrosoftPowerPoint_Security_TrustCenterTrustedLocations_L_AllowTrustedLocationsOnTheNetwork","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"VBA Macro Notification Settings (User) (0: Disabled, 1: Enabled)","Name":"MicrosoftPowerPoint_Security_TrustCenter_L_VBAWarningsPolicy","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":" - Depends on MicrosoftPowerPoint_Security_TrustCenter_L_VBAWarningsPolicy (2: Disable all with notification, 3: Disable all except digitally signed macros, 4: Disable all without notification, 1: Enable all macros (not recommended))","Name":"L_empty3","Option":"Write","ValueMap":[2,3,4,1],"Values":[2,3,4,1]},{"CIMType":"SInt32","Description":"Turn off file validation (User) (0: Disabled, 1: Enabled)","Name":"MicrosoftPowerPoint_Security_L_TurnOffFileValidation","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow Trusted Locations on the network (User) (0: Disabled, 1: Enabled)","Name":"MicrosoftProject_Security_TrustCenter_L_AllowTrustedLocationsOnTheNetwork","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Disable Trust Bar Notification for unsigned application add-ins and block them (User) (Deprecated) (0: Disabled, 1: Enabled)","Name":"MicrosoftProject_Security_TrustCenter_L_DisableTrustBarNotificationforunsigned","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Require that application add-ins are signed by Trusted Publisher (User) (0: Disabled, 1: Enabled)","Name":"MicrosoftProject_Security_TrustCenter_L_RequirethatApplicationExtensionsaresigned","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Disable Trust Bar Notification for unsigned application add-ins and block them (User) - Depends on MicrosoftProject_Security_TrustCenter_L_RequirethatApplicationExtensionsaresigned (0: Disabled, 1: Enabled)","Name":"MicrosoftProject_Security_TrustCenter_L_DisableTrustBarNotificationforunsigned_v2","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"VBA Macro Notification Settings (User) (0: Disabled, 1: Enabled)","Name":"MicrosoftProject_Security_TrustCenter_L_VBAWarningsPolicy","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":" - Depends on MicrosoftProject_Security_TrustCenter_L_VBAWarningsPolicy (2: Disable all with notification, 3: Disable all except digitally signed macros, 4: Disable all without notification, 1: Enable all macros (not recommended))","Name":"MicrosoftProject_Security_TrustCenter_L_VBAWarningsPolicy_L_Empty","Option":"Write","ValueMap":[2,3,4,1],"Values":[2,3,4,1]},{"CIMType":"SInt32","Description":"Publisher Automation Security Level (User) (0: Disabled, 1: Enabled)","Name":"L_PublisherAutomationSecurityLevel","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":" - Depends on L_PublisherAutomationSecurityLevel (1: Low (enabled), 2: By UI (prompted), 3: High (disabled))","Name":"L_PublisherAutomationSecurityLevel_L_Empty","Option":"Write","ValueMap":[1,2,3],"Values":[1,2,3]},{"CIMType":"SInt32","Description":"Block macros from running in Office files from the internet (User) (0: Disabled, 1: Enabled)","Name":"MicrosoftPublisherV3_Security_TrustCenter_L_BlockMacroExecutionFromInternet","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Disable Trust Bar Notification for unsigned application add-ins (User) (Deprecated) (0: Disabled, 1: Enabled)","Name":"MicrosoftPublisherV2_Security_TrustCenter_L_DisableTrustBarNotificationforunsigned","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Require that application add-ins are signed by Trusted Publisher (User) (0: Disabled, 1: Enabled)","Name":"MicrosoftPublisherV2_Security_TrustCenter_L_RequirethatApplicationExtensionsaresigned","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Disable Trust Bar Notification for unsigned application add-ins (User) - Depends on MicrosoftPublisherV2_Security_TrustCenter_L_RequirethatApplicationExtensionsaresigned (0: Disabled, 1: Enabled)","Name":"MicrosoftPublisherV2_Security_TrustCenter_L_DisableTrustBarNotificationforunsigned_v2","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"VBA Macro Notification Settings (User) (0: Disabled, 1: Enabled)","Name":"MicrosoftPublisherV2_Security_TrustCenter_L_VBAWarningsPolicy","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":" - Depends on MicrosoftPublisherV2_Security_TrustCenter_L_VBAWarningsPolicy (2: Disable all with notification, 3: Disable all except digitally signed macros, 4: Disable all without notification, 1: Enable all macros (not recommended))","Name":"L_empty0","Option":"Write","ValueMap":[2,3,4,1],"Values":[2,3,4,1]},{"CIMType":"SInt32","Description":"Allow Trusted Locations on the network (User) (0: Disabled, 1: Enabled)","Name":"MicrosoftVisio_Security_TrustCenter_L_AllowTrustedLocationsOnTheNetwork","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Block macros from running in Office files from the Internet (User) (0: Disabled, 1: Enabled)","Name":"MicrosoftVisio_Security_TrustCenter_L_BlockMacroExecutionFromInternet","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Disable Trust Bar Notification for unsigned application add-ins and block them (User) (Deprecated) (0: Disabled, 1: Enabled)","Name":"MicrosoftVisio_Security_TrustCenter_L_DisableTrustBarNotificationforunsigned","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Visio 2000-2002 Binary Drawings, Templates and Stencils (User) (0: Disabled, 1: Enabled)","Name":"L_Visio2000Files","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"File block setting: (User) - Depends on L_Visio2000Files (0: Do not block, 2: Open/Save blocked)","Name":"L_Visio2000FilesDropID","Option":"Write","ValueMap":[0,2],"Values":[0,2]},{"CIMType":"SInt32","Description":"Visio 2003-2010 Binary Drawings, Templates and Stencils (User) (0: Disabled, 1: Enabled)","Name":"L_Visio2003Files","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"File block setting: (User) - Depends on L_Visio2003Files (0: Do not block, 1: Save blocked, 2: Open/Save blocked)","Name":"L_Visio2003FilesDropID","Option":"Write","ValueMap":[0,1,2],"Values":[0,1,2]},{"CIMType":"SInt32","Description":"Visio 5.0 or earlier Binary Drawings, Templates and Stencils (User) (0: Disabled, 1: Enabled)","Name":"L_Visio50AndEarlierFiles","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"File block setting: (User) - Depends on L_Visio50AndEarlierFiles (0: Do not block, 2: Open/Save blocked)","Name":"L_Visio50AndEarlierFilesDropID","Option":"Write","ValueMap":[0,2],"Values":[0,2]},{"CIMType":"SInt32","Description":"Require that application add-ins are signed by Trusted Publisher (User) (0: Disabled, 1: Enabled)","Name":"MicrosoftVisio_Security_TrustCenter_L_RequirethatApplicationExtensionsaresigned","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Disable Trust Bar Notification for unsigned application add-ins and block them (User) - Depends on MicrosoftVisio_Security_TrustCenter_L_RequirethatApplicationExtensionsaresigned (0: Disabled, 1: Enabled)","Name":"MicrosoftVisio_Security_TrustCenter_L_DisableTrustBarNotificationforunsigned_v2","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"VBA Macro Notification Settings (User) (0: Disabled, 1: Enabled)","Name":"MicrosoftVisio_Security_TrustCenter_L_VBAWarningsPolicy","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":" - Depends on MicrosoftVisio_Security_TrustCenter_L_VBAWarningsPolicy (2: Disable all with notification, 3: Disable all except digitally signed macros, 4: Disable all without notification, 1: Enable all macros (not recommended))","Name":"MicrosoftVisio_Security_TrustCenter_L_VBAWarningsPolicy_L_Empty","Option":"Write","ValueMap":[2,3,4,1],"Values":[2,3,4,1]},{"CIMType":"SInt32","Description":"Block macros from running in Office files from the Internet (User) (0: Disabled, 1: Enabled)","Name":"MicrosoftWord_Security_TrustCenter_L_BlockMacroExecutionFromInternet","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Disable Trust Bar Notification for unsigned application add-ins and block them (User) (Deprecated) (0: Disabled, 1: Enabled)","Name":"MicrosoftWord_Security_TrustCenter_L_DisableTrustBarNotificationforunsigned","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Dynamic Data Exchange (User) (0: Disabled, 1: Enabled)","Name":"L_AllowDDE","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Dynamic Data Exchange setting (User) - Depends on L_AllowDDE (1: Limited Dynamic Data Exchange, 2: Allow Dynamic Data Exchange)","Name":"L_AllowDDEDropID","Option":"Write","ValueMap":[1,2],"Values":[1,2]},{"CIMType":"SInt32","Description":"Set default file block behavior (User) (0: Disabled, 1: Enabled)","Name":"MicrosoftWord_Security_TrustCenterFileBlockSettings_L_SetDefaultFileBlockBehavior","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":" - Depends on MicrosoftWord_Security_TrustCenterFileBlockSettings_L_SetDefaultFileBlockBehavior (0: Blocked files are not opened, 1: Blocked files open in Protected View and can not be edited, 2: Blocked files open in Protected View and can be edited)","Name":"MicrosoftWord_Security_TrustCenterFileBlockSettings_L_SetDefaultFileBlockBehaviorDropID","Option":"Write","ValueMap":[0,1,2],"Values":[0,1,2]},{"CIMType":"SInt32","Description":"Word 2 and earlier binary documents and templates (User) (0: Disabled, 1: Enabled)","Name":"L_Word2AndEarlierBinaryDocumentsAndTemplates","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"File block setting: (User) - Depends on L_Word2AndEarlierBinaryDocumentsAndTemplates (0: Do not block, 2: Open/Save blocked, use open policy, 3: Block, 4: Open in Protected View, 5: Allow editing and open in Protected View)","Name":"L_Word2AndEarlierBinaryDocumentsAndTemplatesDropID","Option":"Write","ValueMap":[0,2,3,4,5],"Values":[0,2,3,4,5]},{"CIMType":"SInt32","Description":"Word 2000 binary documents and templates (User) (0: Disabled, 1: Enabled)","Name":"L_Word2000BinaryDocumentsAndTemplates","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"File block setting: (User) - Depends on L_Word2000BinaryDocumentsAndTemplates (0: Do not block, 2: Open/Save blocked, use open policy, 3: Block, 4: Open in Protected View, 5: Allow editing and open in Protected View)","Name":"L_Word2000BinaryDocumentsAndTemplatesDropID","Option":"Write","ValueMap":[0,2,3,4,5],"Values":[0,2,3,4,5]},{"CIMType":"SInt32","Description":"Word 2003 binary documents and templates (User) (0: Disabled, 1: Enabled)","Name":"L_Word2003BinaryDocumentsAndTemplates","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"File block setting: (User) - Depends on L_Word2003BinaryDocumentsAndTemplates (0: Do not block, 2: Open/Save blocked, use open policy, 3: Block, 4: Open in Protected View, 5: Allow editing and open in Protected View)","Name":"L_Word2003BinaryDocumentsAndTemplatesDropID","Option":"Write","ValueMap":[0,2,3,4,5],"Values":[0,2,3,4,5]},{"CIMType":"SInt32","Description":"Word 2007 and later binary documents and templates (User) (0: Disabled, 1: Enabled)","Name":"L_Word2007AndLaterBinaryDocumentsAndTemplates","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"File block setting: (User) - Depends on L_Word2007AndLaterBinaryDocumentsAndTemplates (0: Do not block, 1: Save blocked, 2: Open/Save blocked, use open policy, 3: Block, 4: Open in Protected View, 5: Allow editing and open in Protected View)","Name":"L_Word2007AndLaterBinaryDocumentsAndTemplatesDropID","Option":"Write","ValueMap":[0,1,2,3,4,5],"Values":[0,1,2,3,4,5]},{"CIMType":"SInt32","Description":"Word 6.0 binary documents and templates (User) (0: Disabled, 1: Enabled)","Name":"L_Word6Pt0BinaryDocumentsAndTemplates","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"File block setting: (User) - Depends on L_Word6Pt0BinaryDocumentsAndTemplates (0: Do not block, 2: Open/Save blocked, use open policy, 3: Block, 4: Open in Protected View, 5: Allow editing and open in Protected View)","Name":"L_Word6Pt0BinaryDocumentsAndTemplatesDropID","Option":"Write","ValueMap":[0,2,3,4,5],"Values":[0,2,3,4,5]},{"CIMType":"SInt32","Description":"Word 95 binary documents and templates (User) (0: Disabled, 1: Enabled)","Name":"L_Word95BinaryDocumentsAndTemplates","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"File block setting: (User) - Depends on L_Word95BinaryDocumentsAndTemplates (0: Do not block, 2: Open/Save blocked, use open policy, 3: Block, 4: Open in Protected View, 5: Allow editing and open in Protected View)","Name":"L_Word95BinaryDocumentsAndTemplatesDropID","Option":"Write","ValueMap":[0,2,3,4,5],"Values":[0,2,3,4,5]},{"CIMType":"SInt32","Description":"Word 97 binary documents and templates (User) (0: Disabled, 1: Enabled)","Name":"L_Word97BinaryDocumentsAndTemplates","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"File block setting: (User) - Depends on L_Word97BinaryDocumentsAndTemplates (0: Do not block, 2: Open/Save blocked, use open policy, 3: Block, 4: Open in Protected View, 5: Allow editing and open in Protected View)","Name":"L_Word97BinaryDocumentsAndTemplatesDropID","Option":"Write","ValueMap":[0,2,3,4,5],"Values":[0,2,3,4,5]},{"CIMType":"SInt32","Description":"Word XP binary documents and templates (User) (0: Disabled, 1: Enabled)","Name":"L_WordXPBinaryDocumentsAndTemplates","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"File block setting: (User) - Depends on L_WordXPBinaryDocumentsAndTemplates (0: Do not block, 2: Open/Save blocked, use open policy, 3: Block, 4: Open in Protected View, 5: Allow editing and open in Protected View)","Name":"L_WordXPBinaryDocumentsAndTemplatesDropID","Option":"Write","ValueMap":[0,2,3,4,5],"Values":[0,2,3,4,5]},{"CIMType":"SInt32","Description":"Do not open files from the Internet zone in Protected View (User) (0: Disabled, 1: Enabled)","Name":"MicrosoftWord_Security_TrustCenterProtectedView_L_DoNotOpenFilesFromTheInternetZoneInProtectedView","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Do not open files in unsafe locations in Protected View (User) (0: Disabled, 1: Enabled)","Name":"MicrosoftWord_Security_TrustCenterProtectedView_L_DoNotOpenFilesInUnsafeLocationsInProtectedView","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Set document behavior if file validation fails (User) (0: Disabled, 1: Enabled)","Name":"MicrosoftWord_Security_TrustCenterProtectedView_L_SetDocumentBehaviorIfFileValidationFails","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":" - Depends on MicrosoftWord_Security_TrustCenterProtectedView_L_SetDocumentBehaviorIfFileValidationFails (0: Block files, 1: Open in Protected View)","Name":"MicrosoftWord_Security_TrustCenterProtectedView_L_SetDocumentBehaviorIfFileValidationFailsDropID","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Checked: Allow edit.  Unchecked: Do not allow edit. (User) - Depends on MicrosoftWord_Security_TrustCenterProtectedView_L_SetDocumentBehaviorIfFileValidationFails (0: False, 1: True)","Name":"MicrosoftWord_Security_TrustCenterProtectedView_L_SetDocumentBehaviorIfFileValidationFailsStr3","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Turn off Protected View for attachments opened from Outlook (User) (0: Disabled, 1: Enabled)","Name":"MicrosoftWord_Security_TrustCenterProtectedView_L_TurnOffProtectedViewForAttachmentsOpenedFromOutlook","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Require that application add-ins are signed by Trusted Publisher (User) (0: Disabled, 1: Enabled)","Name":"MicrosoftWord_Security_TrustCenter_L_RequirethatApplicationExtensionsaresigned","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Disable Trust Bar Notification for unsigned application add-ins and block them (User) - Depends on MicrosoftWord_Security_TrustCenter_L_RequirethatApplicationExtensionsaresigned (0: Disabled, 1: Enabled)","Name":"MicrosoftWord_Security_TrustCenter_L_DisableTrustBarNotificationforunsigned_v2","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Scan encrypted macros in Word Open XML documents (User) (0: Disabled, 1: Enabled)","Name":"L_DeterminewhethertoforceencryptedWord","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":" - Depends on L_DeterminewhethertoforceencryptedWord (0: Scan encrypted macros (default), 1: Scan if anti-virus software available, 2: Load macros without scanning)","Name":"L_DeterminewhethertoforceencryptedWordDropID","Option":"Write","ValueMap":[0,1,2],"Values":[0,1,2]},{"CIMType":"SInt32","Description":"VBA Macro Notification Settings (User) (0: Disabled, 1: Enabled)","Name":"MicrosoftWord_Security_TrustCenter_L_VBAWarningsPolicy","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":" - Depends on MicrosoftWord_Security_TrustCenter_L_VBAWarningsPolicy (2: Disable all with notification, 3: Disable all except digitally signed macros, 4: Disable all without notification, 1: Enable all macros (not recommended))","Name":"L_empty19","Option":"Write","ValueMap":[2,3,4,1],"Values":[2,3,4,1]},{"CIMType":"SInt32","Description":"Turn off file validation (User) (0: Disabled, 1: Enabled)","Name":"MicrosoftWord_Security_L_TurnOffFileValidation","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow Trusted Locations on the network (User) (0: Disabled, 1: Enabled)","Name":"MicrosoftWord_Security_TrustCenterTrustedLocations_L_AllowTrustedLocationsOnTheNetwork","Option":"Write","ValueMap":[0,1],"Values":[0,1]}],"Description":"Intune Security Baseline Microsoft365 Apps For Enterprise"},{"ClassName":"MSFT_IntuneSecurityBaselineMicrosoft365AppsForEnterprise","Parameters":[{"CIMType":"String","Description":"Policy description","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Policy name","Name":"DisplayName","Option":"Key"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphIntuneSettingsCatalogDeviceSettings_IntuneSecurityBaselineMicrosoft365AppsForEnterprise","Description":"The policy settings for the device scope","Name":"DeviceSettings","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphIntuneSettingsCatalogUserSettings_IntuneSecurityBaselineMicrosoft365AppsForEnterprise","Description":"The policy settings for the user scope","Name":"UserSettings","Option":"Write"},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Security Baseline Microsoft365 Apps For Enterprise"},{"ClassName":"MSFT_IntuneSecurityBaselineMicrosoftEdge","Parameters":[{"CIMType":"String","Description":"Policy description","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Policy name","Name":"DisplayName","Option":"Key"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"SInt32","Description":"Allow unconfigured sites to be reloaded in Internet Explorer mode (0: Disabled, 1: Enabled)","Name":"InternetExplorerIntegrationReloadInIEModeAllowed","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow users to proceed from the HTTPS warning page (0: Disabled, 1: Enabled)","Name":"SSLErrorOverrideAllowed","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Automatically open downloaded MHT or MHTML files from the web in Internet Explorer mode (0: Disabled, 1: Enabled)","Name":"InternetExplorerIntegrationZoneIdentifierMhtFileAllowed","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Dynamic Code Settings (0: Disabled, 1: Enabled)","Name":"edge_DynamicCodeSettings","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Dynamic Code Settings (Device) - Depends on edge_DynamicCodeSettings (0: Default dynamic code settings, 1: Prevent the browser process from creating dynamic code)","Name":"DynamicCodeSettings_DynamicCodeSettings","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Enable Application Bound Encryption (0: Disabled, 1: Enabled)","Name":"ApplicationBoundEncryptionEnabled","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Enable browser legacy extension point blocking (0: Disabled, 1: Enabled)","Name":"BrowserLegacyExtensionPointsBlockingEnabled","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Enable site isolation for every site (0: Disabled, 1: Enabled)","Name":"SitePerProcess","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Enhance images enabled (0: Disabled, 1: Enabled)","Name":"EdgeEnhanceImagesEnabled","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Control which extensions cannot be installed (0: Disabled, 1: Enabled)","Name":"ExtensionInstallBlocklist","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"String[]","Description":"Extension IDs the user should be prevented from installing (or * for all) (Device) - Depends on ExtensionInstallBlocklist","Name":"ExtensionInstallBlocklistDesc","Option":"Write"},{"CIMType":"SInt32","Description":"Force WebSQL to be enabled (0: Disabled, 1: Enabled)","Name":"WebSQLAccess","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow Basic authentication for HTTP (0: Disabled, 1: Enabled)","Name":"BasicAuthOverHttpEnabled","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Supported authentication schemes (0: Disabled, 1: Enabled)","Name":"MicrosoftEdge_HTTPAuthentication_AuthSchemes","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"String","Description":"Supported authentication schemes (Device) - Depends on MicrosoftEdge_HTTPAuthentication_AuthSchemes","Name":"AuthSchemes_AuthSchemes","Option":"Write"},{"CIMType":"SInt32","Description":"Allow user-level native messaging hosts (installed without admin permissions) (0: Disabled, 1: Enabled)","Name":"NativeMessagingUserLevelHosts","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Specifies whether to allow insecure websites to make requests to more-private network endpoints (0: Disabled, 1: Enabled)","Name":"InsecurePrivateNetworkRequestsAllowed","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Show the Reload in Internet Explorer mode button in the toolbar (0: Disabled, 1: Enabled)","Name":"InternetExplorerModeToolbarButtonEnabled","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Configure Microsoft Defender SmartScreen (0: Disabled, 1: Enabled)","Name":"SmartScreenEnabled","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Configure Microsoft Defender SmartScreen to block potentially unwanted apps (0: Disabled, 1: Enabled)","Name":"SmartScreenPuaEnabled","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Prevent bypassing Microsoft Defender SmartScreen prompts for sites (0: Disabled, 1: Enabled)","Name":"PreventSmartScreenPromptOverride","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Prevent bypassing of Microsoft Defender SmartScreen warnings about downloads (0: Disabled, 1: Enabled)","Name":"PreventSmartScreenPromptOverrideForFiles","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Specifies whether SharedArrayBuffers can be used in a non cross-origin-isolated context (0: Disabled, 1: Enabled)","Name":"SharedArrayBufferUnrestrictedAccessAllowed","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Configure Edge TyposquattingChecker (0: Disabled, 1: Enabled)","Name":"TyposquattingCheckerEnabled","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Security Baseline Microsoft Edge"},{"ClassName":"MSFT_MicrosoftGraphIntuneSettingsCatalogpol_hardenedpaths","Parameters":[{"CIMType":"String","Description":"Value","Name":"value","Option":"Write"},{"CIMType":"String","Description":"Name","Name":"key","Option":"Key"}],"Description":"Intune Security Baseline for Windows10"},{"ClassName":"MSFT_MicrosoftGraphIntuneSettingsCatalogDeviceSettings_IntuneSecurityBaselineWindows10","Parameters":[{"CIMType":"SInt32","Description":"Prevent enabling lock screen camera (0: Disabled, 1: Enabled)","Name":"CPL_Personalization_NoLockScreenCamera","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Prevent enabling lock screen slide show (0: Disabled, 1: Enabled)","Name":"CPL_Personalization_NoLockScreenSlideshow","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Apply UAC restrictions to local accounts on network logons (0: Disabled, 1: Enabled)","Name":"Pol_SecGuide_0201_LATFP","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Configure SMB v1 client driver (0: Disabled, 1: Enabled)","Name":"Pol_SecGuide_0002_SMBv1_ClientDriver","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Configure MrxSmb10 driver - Depends on Pol_SecGuide_0002_SMBv1_ClientDriver (4: Disable driver (recommended), 3: Manual start (default for Win7/2008/2008R2/2012), 2: Automatic start (default for Win8.1/2012R2/newer))","Name":"Pol_SecGuide_SMB1ClientDriver","Option":"Write","ValueMap":[4,3,2],"Values":[4,3,2]},{"CIMType":"SInt32","Description":"Configure SMB v1 server (0: Disabled, 1: Enabled)","Name":"Pol_SecGuide_0001_SMBv1_Server","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Enable Structured Exception Handling Overwrite Protection (SEHOP) (0: Disabled, 1: Enabled)","Name":"Pol_SecGuide_0102_SEHOP","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"WDigest Authentication (disabling may require KB2871997) (0: Disabled, 1: Enabled)","Name":"Pol_SecGuide_0202_WDigestAuthn","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"MSS: (DisableIPSourceRouting IPv6) IP source routing protection level (protects against packet spoofing) (0: Disabled, 1: Enabled)","Name":"Pol_MSS_DisableIPSourceRoutingIPv6","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"DisableIPSourceRoutingIPv6 (Device) - Depends on Pol_MSS_DisableIPSourceRoutingIPv6 (0: No additional protection, source routed packets are allowed, 1: Medium, source routed packets ignored when IP forwarding is enabled, 2: Highest protection, source routing is completely disabled)","Name":"DisableIPSourceRoutingIPv6","Option":"Write","ValueMap":[0,1,2],"Values":[0,1,2]},{"CIMType":"SInt32","Description":"MSS: (DisableIPSourceRouting) IP source routing protection level (protects against packet spoofing) (0: Disabled, 1: Enabled)","Name":"Pol_MSS_DisableIPSourceRouting","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"DisableIPSourceRouting (Device) - Depends on Pol_MSS_DisableIPSourceRouting (0: No additional protection, source routed packets are allowed, 1: Medium, source routed packets ignored when IP forwarding is enabled, 2: Highest protection, source routing is completely disabled)","Name":"DisableIPSourceRouting","Option":"Write","ValueMap":[0,1,2],"Values":[0,1,2]},{"CIMType":"SInt32","Description":"MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes (0: Disabled, 1: Enabled)","Name":"Pol_MSS_EnableICMPRedirect","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"MSS: (NoNameReleaseOnDemand) Allow the computer to ignore NetBIOS name release requests except from WINS servers (0: Disabled, 1: Enabled)","Name":"Pol_MSS_NoNameReleaseOnDemand","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Turn off multicast name resolution (0: Disabled, 1: Enabled)","Name":"Turn_Off_Multicast","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Prohibit use of Internet Connection Sharing on your DNS domain network (0: Disabled, 1: Enabled)","Name":"NC_ShowSharedAccessUI","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Hardened UNC Paths (0: Disabled, 1: Enabled)","Name":"hardeneduncpaths_Pol_HardenedPaths","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"MSFT_MicrosoftGraphIntuneSettingsCatalogpol_hardenedpaths[]","Description":"Hardened UNC Paths: (Device) - Depends on hardeneduncpaths_Pol_HardenedPaths","Name":"pol_hardenedpaths","Option":"Write"},{"CIMType":"SInt32","Description":"Prohibit connection to non-domain networks when connected to domain authenticated network (0: Disabled, 1: Enabled)","Name":"WCM_BlockNonDomain","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Configure Redirection Guard (0: Disabled, 1: Enabled)","Name":"ConfigureRedirectionGuardPolicy","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Redirection Guard Options (Device) - Depends on ConfigureRedirectionGuardPolicy (0: Redirection Guard Disabled, 1: Redirection Guard Enabled, 2: Redirection Guard Audit Only)","Name":"RedirectionGuardPolicy_Enum","Option":"Write","ValueMap":[0,1,2],"Values":[0,1,2]},{"CIMType":"SInt32","Description":"Configure RPC connection settings (0: Disabled, 1: Enabled)","Name":"ConfigureRpcConnectionPolicy","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Use authentication for outgoing RPC connections: (Device) - Depends on ConfigureRpcConnectionPolicy (0: Default, 1: Authentication enabled, 2: Authentication disabled)","Name":"RpcConnectionAuthentication_Enum","Option":"Write","ValueMap":[0,1,2],"Values":[0,1,2]},{"CIMType":"SInt32","Description":"Protocol to use for outgoing RPC connections: (Device) - Depends on ConfigureRpcConnectionPolicy (0: RPC over TCP, 1: RPC over named pipes)","Name":"RpcConnectionProtocol_Enum","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Configure RPC listener settings (0: Disabled, 1: Enabled)","Name":"ConfigureRpcListenerPolicy","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Authentication protocol to use for incoming RPC connections: (Device) - Depends on ConfigureRpcListenerPolicy (0: Negotiate, 1: Kerberos)","Name":"RpcAuthenticationProtocol_Enum","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Protocols to allow for incoming RPC connections: (Device) - Depends on ConfigureRpcListenerPolicy (3: RPC over named pipes, 5: RPC over TCP, 7: RPC over named pipes and TCP)","Name":"RpcListenerProtocols_Enum","Option":"Write","ValueMap":[3,5,7],"Values":[3,5,7]},{"CIMType":"SInt32","Description":"Configure RPC over TCP port (0: Disabled, 1: Enabled)","Name":"ConfigureRpcTcpPort","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"RPC over TCP port: (Device) - Depends on ConfigureRpcTcpPort","Name":"RpcTcpPort","Option":"Write"},{"CIMType":"SInt32","Description":"Limits print driver installation to Administrators (0: Disabled, 1: Enabled)","Name":"RestrictDriverInstallationToAdministrators","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Manage processing of Queue-specific files (0: Disabled, 1: Enabled)","Name":"ConfigureCopyFilesPolicy","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Manage processing of Queue-Specific files: (Device) - Depends on ConfigureCopyFilesPolicy (0: Do not allow Queue-specific files, 1: Limit Queue-specific files to Color profiles, 2: Allow all Queue-specific files)","Name":"CopyFilesPolicy_Enum","Option":"Write","ValueMap":[0,1,2],"Values":[0,1,2]},{"CIMType":"SInt32","Description":"Encryption Oracle Remediation (0: Disabled, 1: Enabled)","Name":"AllowEncryptionOracle","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Protection Level: (Device) - Depends on AllowEncryptionOracle (0: Force Updated Clients, 1: Mitigated, 2: Vulnerable)","Name":"AllowEncryptionOracleDrop","Option":"Write","ValueMap":[0,1,2],"Values":[0,1,2]},{"CIMType":"SInt32","Description":"Remote host allows delegation of non-exportable credentials (0: Disabled, 1: Enabled)","Name":"AllowProtectedCreds","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Prevent installation of devices using drivers that match these device setup classes (0: Disabled, 1: Enabled)","Name":"DeviceInstall_Classes_Deny","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"String[]","Description":"Prevented Classes - Depends on DeviceInstall_Classes_Deny","Name":"DeviceInstall_Classes_Deny_List","Option":"Write"},{"CIMType":"SInt32","Description":"Also apply to matching devices that are already installed. - Depends on DeviceInstall_Classes_Deny (0: False, 1: True)","Name":"DeviceInstall_Classes_Deny_Retroactive","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Boot-Start Driver Initialization Policy (0: Disabled, 1: Enabled)","Name":"POL_DriverLoadPolicy_Name","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Choose the boot-start drivers that can be initialized: - Depends on POL_DriverLoadPolicy_Name (8: Good only, 1: Good and unknown, 3: Good, unknown and bad but critical, 7: All)","Name":"SelectDriverLoadPolicy","Option":"Write","ValueMap":[8,1,3,7],"Values":[8,1,3,7]},{"CIMType":"SInt32","Description":"Configure registry policy processing (0: Disabled, 1: Enabled)","Name":"CSE_Registry","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Do not apply during periodic background processing (Device) - Depends on CSE_Registry (0: False, 1: True)","Name":"CSE_NOBACKGROUND10","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Process even if the Group Policy objects have not changed (Device) - Depends on CSE_Registry (0: False, 1: True)","Name":"CSE_NOCHANGES10","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Turn off downloading of print drivers over HTTP (0: Disabled, 1: Enabled)","Name":"DisableWebPnPDownload_2","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Turn off Internet download for Web publishing and online ordering wizards (0: Disabled, 1: Enabled)","Name":"ShellPreventWPWDownload_2","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow Custom SSPs and APs to be loaded into LSASS (0: Disabled, 1: Enabled)","Name":"AllowCustomSSPsAPs","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow standby states (S1-S3) when sleeping (on battery) (0: Disabled, 1: Enabled)","Name":"AllowStandbyStatesDC_2","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow standby states (S1-S3) when sleeping (plugged in) (0: Disabled, 1: Enabled)","Name":"AllowStandbyStatesAC_2","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Require a password when a computer wakes (on battery) (0: Disabled, 1: Enabled)","Name":"DCPromptForPasswordOnResume_2","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Require a password when a computer wakes (plugged in) (0: Disabled, 1: Enabled)","Name":"ACPromptForPasswordOnResume_2","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Configure Solicited Remote Assistance (0: Disabled, 1: Enabled)","Name":"RA_Solicit","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Maximum ticket time (units): - Depends on RA_Solicit (0: Minutes, 1: Hours, 2: Days)","Name":"RA_Solicit_ExpireUnits_List","Option":"Write","ValueMap":[0,1,2],"Values":[0,1,2]},{"CIMType":"SInt32","Description":"Maximum ticket time (value): - Depends on RA_Solicit","Name":"RA_Solicit_ExpireValue_Edt","Option":"Write"},{"CIMType":"SInt32","Description":"Permit remote control of this computer: - Depends on RA_Solicit (1: Allow helpers to remotely control the computer, 0: Allow helpers to only view the computer)","Name":"RA_Solicit_Control_List","Option":"Write","ValueMap":[1,0],"Values":[1,0]},{"CIMType":"SInt32","Description":"Method for sending email invitations: - Depends on RA_Solicit (0: Simple MAPI, 1: Mailto)","Name":"RA_Solicit_Mailto_List","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Restrict Unauthenticated RPC clients (0: Disabled, 1: Enabled)","Name":"RpcRestrictRemoteClients","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"RPC Runtime Unauthenticated Client Restriction to Apply: - Depends on RpcRestrictRemoteClients (0: None, 1: Authenticated, 2: Authenticated without exceptions)","Name":"RpcRestrictRemoteClientsList","Option":"Write","ValueMap":[0,1,2],"Values":[0,1,2]},{"CIMType":"SInt32","Description":"Allow Microsoft accounts to be optional (0: Disabled, 1: Enabled)","Name":"AppxRuntimeMicrosoftAccountsOptional","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Disallow Autoplay for non-volume devices (0: Disabled, 1: Enabled)","Name":"NoAutoplayfornonVolume","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Set the default behavior for AutoRun (0: Disabled, 1: Enabled)","Name":"NoAutorun","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Default AutoRun Behavior - Depends on NoAutorun (1: Do not execute any autorun commands, 2: Automatically execute autorun commands)","Name":"NoAutorun_Dropdown","Option":"Write","ValueMap":[1,2],"Values":[1,2]},{"CIMType":"SInt32","Description":"Turn off Autoplay (0: Disabled, 1: Enabled)","Name":"Autorun","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Turn off Autoplay on: - Depends on Autorun (181: CD-ROM and removable media drives, 255: All drives)","Name":"Autorun_Box","Option":"Write","ValueMap":[181,255],"Values":[181,255]},{"CIMType":"SInt32","Description":"Deny write access to fixed drives not protected by BitLocker (0: Disabled, 1: Enabled)","Name":"FDVDenyWriteAccess_Name","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Deny write access to removable drives not protected by BitLocker (0: Disabled, 1: Enabled)","Name":"RDVDenyWriteAccess_Name","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Do not allow write access to devices configured in another organization - Depends on RDVDenyWriteAccess_Name (0: False, 1: True)","Name":"RDVCrossOrg","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Enumerate administrator accounts on elevation (0: Disabled, 1: Enabled)","Name":"EnumerateAdministrators","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Specify the maximum log file size (KB) (0: Disabled, 1: Enabled)","Name":"Channel_LogMaxSize_1","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Maximum Log Size (KB) - Depends on Channel_LogMaxSize_1","Name":"Channel_LogMaxSize_1_Channel_LogMaxSize","Option":"Write"},{"CIMType":"SInt32","Description":"Specify the maximum log file size (KB) (0: Disabled, 1: Enabled)","Name":"Channel_LogMaxSize_2","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Maximum Log Size (KB) - Depends on Channel_LogMaxSize_2","Name":"Channel_LogMaxSize_2_Channel_LogMaxSize","Option":"Write"},{"CIMType":"SInt32","Description":"Specify the maximum log file size (KB) (0: Disabled, 1: Enabled)","Name":"Channel_LogMaxSize_4","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Maximum Log Size (KB) - Depends on Channel_LogMaxSize_4","Name":"Channel_LogMaxSize_4_Channel_LogMaxSize","Option":"Write"},{"CIMType":"SInt32","Description":"Configure Windows Defender SmartScreen (0: Disabled, 1: Enabled)","Name":"EnableSmartScreen","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"String","Description":"Pick one of the following settings: (Device) - Depends on EnableSmartScreen (block: Warn and prevent bypass, warn: Warn)","Name":"EnableSmartScreenDropdown","Option":"Write","ValueMap":["block","warn"],"Values":["block","warn"]},{"CIMType":"SInt32","Description":"Turn off Data Execution Prevention for Explorer (0: Disabled, 1: Enabled)","Name":"NoDataExecutionPrevention","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Turn off heap termination on corruption (0: Disabled, 1: Enabled)","Name":"NoHeapTerminationOnCorruption","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow software to run or install even if the signature is invalid (0: Disabled, 1: Enabled)","Name":"Advanced_InvalidSignatureBlock","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Check for server certificate revocation (0: Disabled, 1: Enabled)","Name":"Advanced_CertificateRevocation","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Check for signatures on downloaded programs (0: Disabled, 1: Enabled)","Name":"Advanced_DownloadSignatures","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Do not allow ActiveX controls to run in Protected Mode when Enhanced Protected Mode is enabled (0: Disabled, 1: Enabled)","Name":"Advanced_DisableEPMCompat","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Turn off encryption support (0: Disabled, 1: Enabled)","Name":"Advanced_SetWinInetProtocols","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"String","Description":"Secure Protocol combinations - Depends on Advanced_SetWinInetProtocols (0: Use no secure protocols, 8: Only use SSL 2.0, 32: Only use SSL 3.0, 40: Use SSL 2.0 and SSL 3.0, 128: Only use TLS 1.0, 136: Use SSL 2.0 and TLS 1.0, 160: Use SSL 3.0 and TLS 1.0, 168: Use SSL 2.0, SSL 3.0, and TLS 1.0, 512: Only use TLS 1.1, 520: Use SSL 2.0 and TLS 1.1, 544: Use SSL 3.0 and TLS 1.1, 552: Use SSL 2.0, SSL 3.0, and TLS 1.1, 640: Use TLS 1.0 and TLS 1.1, 648: Use SSL 2.0, TLS 1.0, and TLS 1.1, 672: Use SSL 3.0, TLS 1.0, and TLS 1.1, 680: Use SSL 2.0, SSL 3.0, TLS 1.0, and TLS 1.1, 2048: Only use TLS 1.2, 2056: Use SSL 2.0 and TLS 1.2, 2080: Use SSL 3.0 and TLS 1.2, 2088: Use SSL 2.0, SSL 3.0, and TLS 1.2, 2176: Use TLS 1.0 and TLS 1.2, 2184: Use SSL 2.0, TLS 1.0, and TLS 1.2, 2208: Use SSL 3.0, TLS 1.0, and TLS 1.2, 2216: Use SSL 2.0, SSL 3.0, TLS 1.0, and TLS 1.2, 2560: Use TLS 1.1 and TLS 1.2, 2568: Use SSL 2.0, TLS 1.1, and TLS 1.2, 2592: Use SSL 3.0, TLS 1.1, and TLS 1.2, 2600: Use SSL 2.0, SSL 3.0, TLS 1.1, and TLS 1.2, 2688: Use TLS 1.0, TLS 1.1, and TLS 1.2, 2696: Use SSL 2.0, TLS 1.0, TLS 1.1, and TLS 1.2, 2720: Use SSL 3.0, TLS 1.0, TLS 1.1, and TLS 1.2, 2728: Use SSL 2.0, SSL 3.0, TLS 1.0, TLS 1.1, and TLS 1.2, 8192: Only use TLS 1.3, 10240: Use TLS 1.2 and TLS 1.3, 10752: Use TLS 1.1, TLS 1.2, and TLS 1.3, 10880: Use TLS 1.0, TLS 1.1, TLS 1.2, and TLS 1.3, 10912: Use SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2, and TLS 1.3)","Name":"Advanced_WinInetProtocolOptions","Option":"Write","ValueMap":["0","8","32","40","128","136","160","168","512","520","544","552","640","648","672","680","2048","2056","2080","2088","2176","2184","2208","2216","2560","2568","2592","2600","2688","2696","2720","2728","8192","10240","10752","10880","10912"],"Values":["0","8","32","40","128","136","160","168","512","520","544","552","640","648","672","680","2048","2056","2080","2088","2176","2184","2208","2216","2560","2568","2592","2600","2688","2696","2720","2728","8192","10240","10752","10880","10912"]},{"CIMType":"SInt32","Description":"Turn on 64-bit tab processes when running in Enhanced Protected Mode on 64-bit versions of Windows (0: Disabled, 1: Enabled)","Name":"Advanced_EnableEnhancedProtectedMode64Bit","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Turn on Enhanced Protected Mode (0: Disabled, 1: Enabled)","Name":"Advanced_EnableEnhancedProtectedMode","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Prevent ignoring certificate errors (0: Disabled, 1: Enabled)","Name":"NoCertError","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Access data sources across domains (0: Disabled, 1: Enabled)","Name":"IZ_PolicyAccessDataSourcesAcrossDomains_1","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Access data sources across domains - Depends on IZ_PolicyAccessDataSourcesAcrossDomains_1 (0: Enable, 3: Disable, 1: Prompt)","Name":"IZ_PolicyAccessDataSourcesAcrossDomains_1_IZ_Partname1406","Option":"Write","ValueMap":[0,3,1],"Values":[0,3,1]},{"CIMType":"SInt32","Description":"Allow cut, copy or paste operations from the clipboard via script (0: Disabled, 1: Enabled)","Name":"IZ_PolicyAllowPasteViaScript_1","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow paste operations via script - Depends on IZ_PolicyAllowPasteViaScript_1 (0: Enable, 3: Disable, 1: Prompt)","Name":"IZ_PolicyAllowPasteViaScript_1_IZ_Partname1407","Option":"Write","ValueMap":[0,3,1],"Values":[0,3,1]},{"CIMType":"SInt32","Description":"Allow drag and drop or copy and paste files (0: Disabled, 1: Enabled)","Name":"IZ_PolicyDropOrPasteFiles_1","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow drag and drop or copy and paste files - Depends on IZ_PolicyDropOrPasteFiles_1 (0: Enable, 3: Disable, 1: Prompt)","Name":"IZ_PolicyDropOrPasteFiles_1_IZ_Partname1802","Option":"Write","ValueMap":[0,3,1],"Values":[0,3,1]},{"CIMType":"SInt32","Description":"Allow loading of XAML files (0: Disabled, 1: Enabled)","Name":"IZ_Policy_XAML_1","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"XAML Files - Depends on IZ_Policy_XAML_1 (0: Enable, 3: Disable, 1: Prompt)","Name":"IZ_Policy_XAML_1_IZ_Partname2402","Option":"Write","ValueMap":[0,3,1],"Values":[0,3,1]},{"CIMType":"SInt32","Description":"Allow only approved domains to use ActiveX controls without prompt (0: Disabled, 1: Enabled)","Name":"IZ_PolicyOnlyAllowApprovedDomainsToUseActiveXWithoutPrompt_Both_Internet","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Only allow approved domains to use ActiveX controls without prompt - Depends on IZ_PolicyOnlyAllowApprovedDomainsToUseActiveXWithoutPrompt_Both_Internet (3: Enable, 0: Disable)","Name":"IZ_PolicyOnlyAllowApprovedDomainsToUseActiveXWithoutPrompt_Both_Internet_IZ_Partname120b","Option":"Write","ValueMap":[3,0],"Values":[3,0]},{"CIMType":"SInt32","Description":"Allow only approved domains to use the TDC ActiveX control (0: Disabled, 1: Enabled)","Name":"IZ_PolicyAllowTDCControl_Both_Internet","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Only allow approved domains to use the TDC ActiveX control - Depends on IZ_PolicyAllowTDCControl_Both_Internet (3: Enable, 0: Disable)","Name":"IZ_PolicyAllowTDCControl_Both_Internet_IZ_Partname120c","Option":"Write","ValueMap":[3,0],"Values":[3,0]},{"CIMType":"SInt32","Description":"Allow script-initiated windows without size or position constraints (0: Disabled, 1: Enabled)","Name":"IZ_PolicyWindowsRestrictionsURLaction_1","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow script-initiated windows without size or position constraints - Depends on IZ_PolicyWindowsRestrictionsURLaction_1 (0: Enable, 3: Disable)","Name":"IZ_PolicyWindowsRestrictionsURLaction_1_IZ_Partname2102","Option":"Write","ValueMap":[0,3],"Values":[0,3]},{"CIMType":"SInt32","Description":"Allow scripting of Internet Explorer WebBrowser controls (0: Disabled, 1: Enabled)","Name":"IZ_Policy_WebBrowserControl_1","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Internet Explorer web browser control - Depends on IZ_Policy_WebBrowserControl_1 (0: Enable, 3: Disable)","Name":"IZ_Policy_WebBrowserControl_1_IZ_Partname1206","Option":"Write","ValueMap":[0,3],"Values":[0,3]},{"CIMType":"SInt32","Description":"Allow scriptlets (0: Disabled, 1: Enabled)","Name":"IZ_Policy_AllowScriptlets_1","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Scriptlets - Depends on IZ_Policy_AllowScriptlets_1 (0: Enable, 3: Disable)","Name":"IZ_Policy_AllowScriptlets_1_IZ_Partname1209","Option":"Write","ValueMap":[0,3],"Values":[0,3]},{"CIMType":"SInt32","Description":"Allow updates to status bar via script (0: Disabled, 1: Enabled)","Name":"IZ_Policy_ScriptStatusBar_1","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Status bar updates via script - Depends on IZ_Policy_ScriptStatusBar_1 (0: Enable, 3: Disable)","Name":"IZ_Policy_ScriptStatusBar_1_IZ_Partname2103","Option":"Write","ValueMap":[0,3],"Values":[0,3]},{"CIMType":"SInt32","Description":"Allow VBScript to run in Internet Explorer (0: Disabled, 1: Enabled)","Name":"IZ_PolicyAllowVBScript_1","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow VBScript to run in Internet Explorer - Depends on IZ_PolicyAllowVBScript_1 (0: Enable, 3: Disable, 1: Prompt)","Name":"IZ_PolicyAllowVBScript_1_IZ_Partname140C","Option":"Write","ValueMap":[0,3,1],"Values":[0,3,1]},{"CIMType":"SInt32","Description":"Automatic prompting for file downloads (0: Disabled, 1: Enabled)","Name":"IZ_PolicyNotificationBarDownloadURLaction_1","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Automatic prompting for file downloads - Depends on IZ_PolicyNotificationBarDownloadURLaction_1 (0: Enable, 3: Disable)","Name":"IZ_PolicyNotificationBarDownloadURLaction_1_IZ_Partname2200","Option":"Write","ValueMap":[0,3],"Values":[0,3]},{"CIMType":"SInt32","Description":"Don't run antimalware programs against ActiveX controls (0: Disabled, 1: Enabled)","Name":"IZ_PolicyAntiMalwareCheckingOfActiveXControls_1","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Don't run antimalware programs against ActiveX controls - Depends on IZ_PolicyAntiMalwareCheckingOfActiveXControls_1 (3: Enable, 0: Disable)","Name":"IZ_PolicyAntiMalwareCheckingOfActiveXControls_1_IZ_Partname270C","Option":"Write","ValueMap":[3,0],"Values":[3,0]},{"CIMType":"SInt32","Description":"Download signed ActiveX controls (0: Disabled, 1: Enabled)","Name":"IZ_PolicyDownloadSignedActiveX_1","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Download signed ActiveX controls - Depends on IZ_PolicyDownloadSignedActiveX_1 (0: Enable, 3: Disable, 1: Prompt)","Name":"IZ_PolicyDownloadSignedActiveX_1_IZ_Partname1001","Option":"Write","ValueMap":[0,3,1],"Values":[0,3,1]},{"CIMType":"SInt32","Description":"Download unsigned ActiveX controls (0: Disabled, 1: Enabled)","Name":"IZ_PolicyDownloadUnsignedActiveX_1","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Download unsigned ActiveX controls - Depends on IZ_PolicyDownloadUnsignedActiveX_1 (0: Enable, 3: Disable, 1: Prompt)","Name":"IZ_PolicyDownloadUnsignedActiveX_1_IZ_Partname1004","Option":"Write","ValueMap":[0,3,1],"Values":[0,3,1]},{"CIMType":"SInt32","Description":"Enable dragging of content from different domains across windows (0: Disabled, 1: Enabled)","Name":"IZ_PolicyDragDropAcrossDomainsAcrossWindows_Both_Internet","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Enable dragging of content from different domains across windows - Depends on IZ_PolicyDragDropAcrossDomainsAcrossWindows_Both_Internet (0: Enable, 3: Disable)","Name":"IZ_PolicyDragDropAcrossDomainsAcrossWindows_Both_Internet_IZ_Partname2709","Option":"Write","ValueMap":[0,3],"Values":[0,3]},{"CIMType":"SInt32","Description":"Enable dragging of content from different domains within a window (0: Disabled, 1: Enabled)","Name":"IZ_PolicyDragDropAcrossDomainsWithinWindow_Both_Internet","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Enable dragging of content from different domains within a window - Depends on IZ_PolicyDragDropAcrossDomainsWithinWindow_Both_Internet (0: Enable, 3: Disable)","Name":"IZ_PolicyDragDropAcrossDomainsWithinWindow_Both_Internet_IZ_Partname2708","Option":"Write","ValueMap":[0,3],"Values":[0,3]},{"CIMType":"SInt32","Description":"Include local path when user is uploading files to a server (0: Disabled, 1: Enabled)","Name":"IZ_Policy_LocalPathForUpload_1","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Include local directory path when uploading files to a server - Depends on IZ_Policy_LocalPathForUpload_1 (0: Enable, 3: Disable)","Name":"IZ_Policy_LocalPathForUpload_1_IZ_Partname160A","Option":"Write","ValueMap":[0,3],"Values":[0,3]},{"CIMType":"SInt32","Description":"Initialize and script ActiveX controls not marked as safe (0: Disabled, 1: Enabled)","Name":"IZ_PolicyScriptActiveXNotMarkedSafe_1","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Initialize and script ActiveX controls not marked as safe - Depends on IZ_PolicyScriptActiveXNotMarkedSafe_1 (0: Enable, 3: Disable, 1: Prompt)","Name":"IZ_PolicyScriptActiveXNotMarkedSafe_1_IZ_Partname1201","Option":"Write","ValueMap":[0,3,1],"Values":[0,3,1]},{"CIMType":"SInt32","Description":"Java permissions (0: Disabled, 1: Enabled)","Name":"IZ_PolicyJavaPermissions_1","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"String","Description":"Java permissions - Depends on IZ_PolicyJavaPermissions_1 (65536: High safety, 131072: Medium safety, 196608: Low safety, 8388608: Custom, 0: Disable Java)","Name":"IZ_PolicyJavaPermissions_1_IZ_Partname1C00","Option":"Write","ValueMap":["65536","131072","196608","8388608","0"],"Values":["65536","131072","196608","8388608","0"]},{"CIMType":"SInt32","Description":"Launching applications and files in an IFRAME (0: Disabled, 1: Enabled)","Name":"IZ_PolicyLaunchAppsAndFilesInIFRAME_1","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Launching applications and files in an IFRAME - Depends on IZ_PolicyLaunchAppsAndFilesInIFRAME_1 (0: Enable, 3: Disable, 1: Prompt)","Name":"IZ_PolicyLaunchAppsAndFilesInIFRAME_1_IZ_Partname1804","Option":"Write","ValueMap":[0,3,1],"Values":[0,3,1]},{"CIMType":"SInt32","Description":"Logon options (0: Disabled, 1: Enabled)","Name":"IZ_PolicyLogon_1","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"String","Description":"Logon options - Depends on IZ_PolicyLogon_1 (196608: Anonymous logon, 131072: Automatic logon only in Intranet zone, 0: Automatic logon with current username and password, 65536: Prompt for user name and password)","Name":"IZ_PolicyLogon_1_IZ_Partname1A00","Option":"Write","ValueMap":["196608","131072","0","65536"],"Values":["196608","131072","0","65536"]},{"CIMType":"SInt32","Description":"Navigate windows and frames across different domains (0: Disabled, 1: Enabled)","Name":"IZ_PolicyNavigateSubframesAcrossDomains_1","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Navigate windows and frames across different domains - Depends on IZ_PolicyNavigateSubframesAcrossDomains_1 (0: Enable, 3: Disable, 1: Prompt)","Name":"IZ_PolicyNavigateSubframesAcrossDomains_1_IZ_Partname1607","Option":"Write","ValueMap":[0,3,1],"Values":[0,3,1]},{"CIMType":"SInt32","Description":"Run .NET Framework-reliant components not signed with Authenticode (0: Disabled, 1: Enabled)","Name":"IZ_PolicyUnsignedFrameworkComponentsURLaction_1","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Run .NET Framework-reliant components not signed with Authenticode - Depends on IZ_PolicyUnsignedFrameworkComponentsURLaction_1 (0: Enable, 3: Disable, 1: Prompt)","Name":"IZ_PolicyUnsignedFrameworkComponentsURLaction_1_IZ_Partname2004","Option":"Write","ValueMap":[0,3,1],"Values":[0,3,1]},{"CIMType":"SInt32","Description":"Run .NET Framework-reliant components signed with Authenticode (0: Disabled, 1: Enabled)","Name":"IZ_PolicySignedFrameworkComponentsURLaction_1","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Run .NET Framework-reliant components signed with Authenticode - Depends on IZ_PolicySignedFrameworkComponentsURLaction_1 (0: Enable, 3: Disable, 1: Prompt)","Name":"IZ_PolicySignedFrameworkComponentsURLaction_1_IZ_Partname2001","Option":"Write","ValueMap":[0,3,1],"Values":[0,3,1]},{"CIMType":"SInt32","Description":"Show security warning for potentially unsafe files (0: Disabled, 1: Enabled)","Name":"IZ_Policy_UnsafeFiles_1","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Launching programs and unsafe files - Depends on IZ_Policy_UnsafeFiles_1 (0: Enable, 3: Disable, 1: Prompt)","Name":"IZ_Policy_UnsafeFiles_1_IZ_Partname1806","Option":"Write","ValueMap":[0,3,1],"Values":[0,3,1]},{"CIMType":"SInt32","Description":"Turn on Cross-Site Scripting Filter (0: Disabled, 1: Enabled)","Name":"IZ_PolicyTurnOnXSSFilter_Both_Internet","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Turn on Cross-Site Scripting (XSS) Filter - Depends on IZ_PolicyTurnOnXSSFilter_Both_Internet (0: Enable, 3: Disable)","Name":"IZ_PolicyTurnOnXSSFilter_Both_Internet_IZ_Partname1409","Option":"Write","ValueMap":[0,3],"Values":[0,3]},{"CIMType":"SInt32","Description":"Turn on Protected Mode (0: Disabled, 1: Enabled)","Name":"IZ_Policy_TurnOnProtectedMode_1","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Protected Mode - Depends on IZ_Policy_TurnOnProtectedMode_1 (0: Enable, 3: Disable)","Name":"IZ_Policy_TurnOnProtectedMode_1_IZ_Partname2500","Option":"Write","ValueMap":[0,3],"Values":[0,3]},{"CIMType":"SInt32","Description":"Turn on SmartScreen Filter scan (0: Disabled, 1: Enabled)","Name":"IZ_Policy_Phishing_1","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Use SmartScreen Filter - Depends on IZ_Policy_Phishing_1 (0: Enable, 3: Disable)","Name":"IZ_Policy_Phishing_1_IZ_Partname2301","Option":"Write","ValueMap":[0,3],"Values":[0,3]},{"CIMType":"SInt32","Description":"Use Pop-up Blocker (0: Disabled, 1: Enabled)","Name":"IZ_PolicyBlockPopupWindows_1","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Use Pop-up Blocker - Depends on IZ_PolicyBlockPopupWindows_1 (0: Enable, 3: Disable)","Name":"IZ_PolicyBlockPopupWindows_1_IZ_Partname1809","Option":"Write","ValueMap":[0,3],"Values":[0,3]},{"CIMType":"SInt32","Description":"Userdata persistence (0: Disabled, 1: Enabled)","Name":"IZ_PolicyUserdataPersistence_1","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Userdata persistence - Depends on IZ_PolicyUserdataPersistence_1 (0: Enable, 3: Disable)","Name":"IZ_PolicyUserdataPersistence_1_IZ_Partname1606","Option":"Write","ValueMap":[0,3],"Values":[0,3]},{"CIMType":"SInt32","Description":"Web sites in less privileged Web content zones can navigate into this zone (0: Disabled, 1: Enabled)","Name":"IZ_PolicyZoneElevationURLaction_1","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Web sites in less privileged Web content zones can navigate into this zone - Depends on IZ_PolicyZoneElevationURLaction_1 (0: Enable, 3: Disable, 1: Prompt)","Name":"IZ_PolicyZoneElevationURLaction_1_IZ_Partname2101","Option":"Write","ValueMap":[0,3,1],"Values":[0,3,1]},{"CIMType":"SInt32","Description":"Intranet Sites: Include all network paths (UNCs) (0: Disabled, 1: Enabled)","Name":"IZ_UNCAsIntranet","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Don't run antimalware programs against ActiveX controls (0: Disabled, 1: Enabled)","Name":"IZ_PolicyAntiMalwareCheckingOfActiveXControls_3","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Don't run antimalware programs against ActiveX controls - Depends on IZ_PolicyAntiMalwareCheckingOfActiveXControls_3 (3: Enable, 0: Disable)","Name":"IZ_PolicyAntiMalwareCheckingOfActiveXControls_3_IZ_Partname270C","Option":"Write","ValueMap":[3,0],"Values":[3,0]},{"CIMType":"SInt32","Description":"Initialize and script ActiveX controls not marked as safe (0: Disabled, 1: Enabled)","Name":"IZ_PolicyScriptActiveXNotMarkedSafe_3","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Initialize and script ActiveX controls not marked as safe - Depends on IZ_PolicyScriptActiveXNotMarkedSafe_3 (0: Enable, 3: Disable, 1: Prompt)","Name":"IZ_PolicyScriptActiveXNotMarkedSafe_3_IZ_Partname1201","Option":"Write","ValueMap":[0,3,1],"Values":[0,3,1]},{"CIMType":"SInt32","Description":"Java permissions (0: Disabled, 1: Enabled)","Name":"IZ_PolicyJavaPermissions_3","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"String","Description":"Java permissions - Depends on IZ_PolicyJavaPermissions_3 (65536: High safety, 131072: Medium safety, 196608: Low safety, 8388608: Custom, 0: Disable Java)","Name":"IZ_PolicyJavaPermissions_3_IZ_Partname1C00","Option":"Write","ValueMap":["65536","131072","196608","8388608","0"],"Values":["65536","131072","196608","8388608","0"]},{"CIMType":"SInt32","Description":"Don't run antimalware programs against ActiveX controls (0: Disabled, 1: Enabled)","Name":"IZ_PolicyAntiMalwareCheckingOfActiveXControls_9","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Don't run antimalware programs against ActiveX controls - Depends on IZ_PolicyAntiMalwareCheckingOfActiveXControls_9 (3: Enable, 0: Disable)","Name":"IZ_PolicyAntiMalwareCheckingOfActiveXControls_9_IZ_Partname270C","Option":"Write","ValueMap":[3,0],"Values":[3,0]},{"CIMType":"SInt32","Description":"Java permissions (0: Disabled, 1: Enabled)","Name":"IZ_PolicyJavaPermissions_9","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"String","Description":"Java permissions - Depends on IZ_PolicyJavaPermissions_9 (65536: High safety, 131072: Medium safety, 196608: Low safety, 8388608: Custom, 0: Disable Java)","Name":"IZ_PolicyJavaPermissions_9_IZ_Partname1C00","Option":"Write","ValueMap":["65536","131072","196608","8388608","0"],"Values":["65536","131072","196608","8388608","0"]},{"CIMType":"SInt32","Description":"Turn on SmartScreen Filter scan (0: Disabled, 1: Enabled)","Name":"IZ_Policy_Phishing_2","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Use SmartScreen Filter - Depends on IZ_Policy_Phishing_2 (0: Enable, 3: Disable)","Name":"IZ_Policy_Phishing_2_IZ_Partname2301","Option":"Write","ValueMap":[0,3],"Values":[0,3]},{"CIMType":"SInt32","Description":"Java permissions (0: Disabled, 1: Enabled)","Name":"IZ_PolicyJavaPermissions_4","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"String","Description":"Java permissions - Depends on IZ_PolicyJavaPermissions_4 (65536: High safety, 131072: Medium safety, 196608: Low safety, 8388608: Custom, 0: Disable Java)","Name":"IZ_PolicyJavaPermissions_4_IZ_Partname1C00","Option":"Write","ValueMap":["65536","131072","196608","8388608","0"],"Values":["65536","131072","196608","8388608","0"]},{"CIMType":"SInt32","Description":"Java permissions (0: Disabled, 1: Enabled)","Name":"IZ_PolicyJavaPermissions_10","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"String","Description":"Java permissions - Depends on IZ_PolicyJavaPermissions_10 (65536: High safety, 131072: Medium safety, 196608: Low safety, 8388608: Custom, 0: Disable Java)","Name":"IZ_PolicyJavaPermissions_10_IZ_Partname1C00","Option":"Write","ValueMap":["65536","131072","196608","8388608","0"],"Values":["65536","131072","196608","8388608","0"]},{"CIMType":"SInt32","Description":"Java permissions (0: Disabled, 1: Enabled)","Name":"IZ_PolicyJavaPermissions_8","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"String","Description":"Java permissions - Depends on IZ_PolicyJavaPermissions_8 (65536: High safety, 131072: Medium safety, 196608: Low safety, 8388608: Custom, 0: Disable Java)","Name":"IZ_PolicyJavaPermissions_8_IZ_Partname1C00","Option":"Write","ValueMap":["65536","131072","196608","8388608","0"],"Values":["65536","131072","196608","8388608","0"]},{"CIMType":"SInt32","Description":"Turn on SmartScreen Filter scan (0: Disabled, 1: Enabled)","Name":"IZ_Policy_Phishing_8","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Use SmartScreen Filter - Depends on IZ_Policy_Phishing_8 (0: Enable, 3: Disable)","Name":"IZ_Policy_Phishing_8_IZ_Partname2301","Option":"Write","ValueMap":[0,3],"Values":[0,3]},{"CIMType":"SInt32","Description":"Java permissions (0: Disabled, 1: Enabled)","Name":"IZ_PolicyJavaPermissions_6","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"String","Description":"Java permissions - Depends on IZ_PolicyJavaPermissions_6 (65536: High safety, 131072: Medium safety, 196608: Low safety, 8388608: Custom, 0: Disable Java)","Name":"IZ_PolicyJavaPermissions_6_IZ_Partname1C00","Option":"Write","ValueMap":["65536","131072","196608","8388608","0"],"Values":["65536","131072","196608","8388608","0"]},{"CIMType":"SInt32","Description":"Access data sources across domains (0: Disabled, 1: Enabled)","Name":"IZ_PolicyAccessDataSourcesAcrossDomains_7","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Access data sources across domains - Depends on IZ_PolicyAccessDataSourcesAcrossDomains_7 (0: Enable, 3: Disable, 1: Prompt)","Name":"IZ_PolicyAccessDataSourcesAcrossDomains_7_IZ_Partname1406","Option":"Write","ValueMap":[0,3,1],"Values":[0,3,1]},{"CIMType":"SInt32","Description":"Allow active scripting (0: Disabled, 1: Enabled)","Name":"IZ_PolicyActiveScripting_7","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow active scripting - Depends on IZ_PolicyActiveScripting_7 (0: Enable, 3: Disable, 1: Prompt)","Name":"IZ_Partname1400","Option":"Write","ValueMap":[0,3,1],"Values":[0,3,1]},{"CIMType":"SInt32","Description":"Allow binary and script behaviors (0: Disabled, 1: Enabled)","Name":"IZ_PolicyBinaryBehaviors_7","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow Binary and Script Behaviors - Depends on IZ_PolicyBinaryBehaviors_7 (0: Enable, 65536: Administrator approved, 3: Disable)","Name":"IZ_Partname2000","Option":"Write","ValueMap":[0,65536,3],"Values":[0,65536,3]},{"CIMType":"SInt32","Description":"Allow cut, copy or paste operations from the clipboard via script (0: Disabled, 1: Enabled)","Name":"IZ_PolicyAllowPasteViaScript_7","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow paste operations via script - Depends on IZ_PolicyAllowPasteViaScript_7 (0: Enable, 3: Disable, 1: Prompt)","Name":"IZ_PolicyAllowPasteViaScript_7_IZ_Partname1407","Option":"Write","ValueMap":[0,3,1],"Values":[0,3,1]},{"CIMType":"SInt32","Description":"Allow drag and drop or copy and paste files (0: Disabled, 1: Enabled)","Name":"IZ_PolicyDropOrPasteFiles_7","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow drag and drop or copy and paste files - Depends on IZ_PolicyDropOrPasteFiles_7 (0: Enable, 3: Disable, 1: Prompt)","Name":"IZ_PolicyDropOrPasteFiles_7_IZ_Partname1802","Option":"Write","ValueMap":[0,3,1],"Values":[0,3,1]},{"CIMType":"SInt32","Description":"Allow file downloads (0: Disabled, 1: Enabled)","Name":"IZ_PolicyFileDownload_7","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow file downloads - Depends on IZ_PolicyFileDownload_7 (0: Enable, 3: Disable)","Name":"IZ_Partname1803","Option":"Write","ValueMap":[0,3],"Values":[0,3]},{"CIMType":"SInt32","Description":"Allow loading of XAML files (0: Disabled, 1: Enabled)","Name":"IZ_Policy_XAML_7","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"XAML Files - Depends on IZ_Policy_XAML_7 (0: Enable, 3: Disable, 1: Prompt)","Name":"IZ_Policy_XAML_7_IZ_Partname2402","Option":"Write","ValueMap":[0,3,1],"Values":[0,3,1]},{"CIMType":"SInt32","Description":"Allow META REFRESH (0: Disabled, 1: Enabled)","Name":"IZ_PolicyAllowMETAREFRESH_7","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow META REFRESH - Depends on IZ_PolicyAllowMETAREFRESH_7 (0: Enable, 3: Disable)","Name":"IZ_Partname1608","Option":"Write","ValueMap":[0,3],"Values":[0,3]},{"CIMType":"SInt32","Description":"Allow only approved domains to use ActiveX controls without prompt (0: Disabled, 1: Enabled)","Name":"IZ_PolicyOnlyAllowApprovedDomainsToUseActiveXWithoutPrompt_Both_Restricted","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Only allow approved domains to use ActiveX controls without prompt - Depends on IZ_PolicyOnlyAllowApprovedDomainsToUseActiveXWithoutPrompt_Both_Restricted (3: Enable, 0: Disable)","Name":"IZ_PolicyOnlyAllowApprovedDomainsToUseActiveXWithoutPrompt_Both_Restricted_IZ_Partname120b","Option":"Write","ValueMap":[3,0],"Values":[3,0]},{"CIMType":"SInt32","Description":"Allow only approved domains to use the TDC ActiveX control (0: Disabled, 1: Enabled)","Name":"IZ_PolicyAllowTDCControl_Both_Restricted","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Only allow approved domains to use the TDC ActiveX control - Depends on IZ_PolicyAllowTDCControl_Both_Restricted (3: Enable, 0: Disable)","Name":"IZ_PolicyAllowTDCControl_Both_Restricted_IZ_Partname120c","Option":"Write","ValueMap":[3,0],"Values":[3,0]},{"CIMType":"SInt32","Description":"Allow script-initiated windows without size or position constraints (0: Disabled, 1: Enabled)","Name":"IZ_PolicyWindowsRestrictionsURLaction_7","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow script-initiated windows without size or position constraints - Depends on IZ_PolicyWindowsRestrictionsURLaction_7 (0: Enable, 3: Disable)","Name":"IZ_PolicyWindowsRestrictionsURLaction_7_IZ_Partname2102","Option":"Write","ValueMap":[0,3],"Values":[0,3]},{"CIMType":"SInt32","Description":"Allow scripting of Internet Explorer WebBrowser controls (0: Disabled, 1: Enabled)","Name":"IZ_Policy_WebBrowserControl_7","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Internet Explorer web browser control - Depends on IZ_Policy_WebBrowserControl_7 (0: Enable, 3: Disable)","Name":"IZ_Policy_WebBrowserControl_7_IZ_Partname1206","Option":"Write","ValueMap":[0,3],"Values":[0,3]},{"CIMType":"SInt32","Description":"Allow scriptlets (0: Disabled, 1: Enabled)","Name":"IZ_Policy_AllowScriptlets_7","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Scriptlets - Depends on IZ_Policy_AllowScriptlets_7 (0: Enable, 3: Disable)","Name":"IZ_Policy_AllowScriptlets_7_IZ_Partname1209","Option":"Write","ValueMap":[0,3],"Values":[0,3]},{"CIMType":"SInt32","Description":"Allow updates to status bar via script (0: Disabled, 1: Enabled)","Name":"IZ_Policy_ScriptStatusBar_7","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Status bar updates via script - Depends on IZ_Policy_ScriptStatusBar_7 (0: Enable, 3: Disable)","Name":"IZ_Policy_ScriptStatusBar_7_IZ_Partname2103","Option":"Write","ValueMap":[0,3],"Values":[0,3]},{"CIMType":"SInt32","Description":"Allow VBScript to run in Internet Explorer (0: Disabled, 1: Enabled)","Name":"IZ_PolicyAllowVBScript_7","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow VBScript to run in Internet Explorer - Depends on IZ_PolicyAllowVBScript_7 (0: Enable, 3: Disable, 1: Prompt)","Name":"IZ_PolicyAllowVBScript_7_IZ_Partname140C","Option":"Write","ValueMap":[0,3,1],"Values":[0,3,1]},{"CIMType":"SInt32","Description":"Automatic prompting for file downloads (0: Disabled, 1: Enabled)","Name":"IZ_PolicyNotificationBarDownloadURLaction_7","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Automatic prompting for file downloads - Depends on IZ_PolicyNotificationBarDownloadURLaction_7 (0: Enable, 3: Disable)","Name":"IZ_PolicyNotificationBarDownloadURLaction_7_IZ_Partname2200","Option":"Write","ValueMap":[0,3],"Values":[0,3]},{"CIMType":"SInt32","Description":"Don't run antimalware programs against ActiveX controls (0: Disabled, 1: Enabled)","Name":"IZ_PolicyAntiMalwareCheckingOfActiveXControls_7","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Don't run antimalware programs against ActiveX controls - Depends on IZ_PolicyAntiMalwareCheckingOfActiveXControls_7 (3: Enable, 0: Disable)","Name":"IZ_PolicyAntiMalwareCheckingOfActiveXControls_7_IZ_Partname270C","Option":"Write","ValueMap":[3,0],"Values":[3,0]},{"CIMType":"SInt32","Description":"Download signed ActiveX controls (0: Disabled, 1: Enabled)","Name":"IZ_PolicyDownloadSignedActiveX_7","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Download signed ActiveX controls - Depends on IZ_PolicyDownloadSignedActiveX_7 (0: Enable, 3: Disable, 1: Prompt)","Name":"IZ_PolicyDownloadSignedActiveX_7_IZ_Partname1001","Option":"Write","ValueMap":[0,3,1],"Values":[0,3,1]},{"CIMType":"SInt32","Description":"Download unsigned ActiveX controls (0: Disabled, 1: Enabled)","Name":"IZ_PolicyDownloadUnsignedActiveX_7","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Download unsigned ActiveX controls - Depends on IZ_PolicyDownloadUnsignedActiveX_7 (0: Enable, 3: Disable, 1: Prompt)","Name":"IZ_PolicyDownloadUnsignedActiveX_7_IZ_Partname1004","Option":"Write","ValueMap":[0,3,1],"Values":[0,3,1]},{"CIMType":"SInt32","Description":"Enable dragging of content from different domains across windows (0: Disabled, 1: Enabled)","Name":"IZ_PolicyDragDropAcrossDomainsAcrossWindows_Both_Restricted","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Enable dragging of content from different domains across windows - Depends on IZ_PolicyDragDropAcrossDomainsAcrossWindows_Both_Restricted (0: Enable, 3: Disable)","Name":"IZ_PolicyDragDropAcrossDomainsAcrossWindows_Both_Restricted_IZ_Partname2709","Option":"Write","ValueMap":[0,3],"Values":[0,3]},{"CIMType":"SInt32","Description":"Enable dragging of content from different domains within a window (0: Disabled, 1: Enabled)","Name":"IZ_PolicyDragDropAcrossDomainsWithinWindow_Both_Restricted","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Enable dragging of content from different domains within a window - Depends on IZ_PolicyDragDropAcrossDomainsWithinWindow_Both_Restricted (0: Enable, 3: Disable)","Name":"IZ_PolicyDragDropAcrossDomainsWithinWindow_Both_Restricted_IZ_Partname2708","Option":"Write","ValueMap":[0,3],"Values":[0,3]},{"CIMType":"SInt32","Description":"Include local path when user is uploading files to a server (0: Disabled, 1: Enabled)","Name":"IZ_Policy_LocalPathForUpload_7","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Include local directory path when uploading files to a server - Depends on IZ_Policy_LocalPathForUpload_7 (0: Enable, 3: Disable)","Name":"IZ_Policy_LocalPathForUpload_7_IZ_Partname160A","Option":"Write","ValueMap":[0,3],"Values":[0,3]},{"CIMType":"SInt32","Description":"Initialize and script ActiveX controls not marked as safe (0: Disabled, 1: Enabled)","Name":"IZ_PolicyScriptActiveXNotMarkedSafe_7","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Initialize and script ActiveX controls not marked as safe - Depends on IZ_PolicyScriptActiveXNotMarkedSafe_7 (0: Enable, 3: Disable, 1: Prompt)","Name":"IZ_PolicyScriptActiveXNotMarkedSafe_7_IZ_Partname1201","Option":"Write","ValueMap":[0,3,1],"Values":[0,3,1]},{"CIMType":"SInt32","Description":"Java permissions (0: Disabled, 1: Enabled)","Name":"IZ_PolicyJavaPermissions_7","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"String","Description":"Java permissions - Depends on IZ_PolicyJavaPermissions_7 (65536: High safety, 131072: Medium safety, 196608: Low safety, 8388608: Custom, 0: Disable Java)","Name":"IZ_PolicyJavaPermissions_7_IZ_Partname1C00","Option":"Write","ValueMap":["65536","131072","196608","8388608","0"],"Values":["65536","131072","196608","8388608","0"]},{"CIMType":"SInt32","Description":"Launching applications and files in an IFRAME (0: Disabled, 1: Enabled)","Name":"IZ_PolicyLaunchAppsAndFilesInIFRAME_7","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Launching applications and files in an IFRAME - Depends on IZ_PolicyLaunchAppsAndFilesInIFRAME_7 (0: Enable, 3: Disable, 1: Prompt)","Name":"IZ_PolicyLaunchAppsAndFilesInIFRAME_7_IZ_Partname1804","Option":"Write","ValueMap":[0,3,1],"Values":[0,3,1]},{"CIMType":"SInt32","Description":"Logon options (0: Disabled, 1: Enabled)","Name":"IZ_PolicyLogon_7","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"String","Description":"Logon options - Depends on IZ_PolicyLogon_7 (196608: Anonymous logon, 131072: Automatic logon only in Intranet zone, 0: Automatic logon with current username and password, 65536: Prompt for user name and password)","Name":"IZ_PolicyLogon_7_IZ_Partname1A00","Option":"Write","ValueMap":["196608","131072","0","65536"],"Values":["196608","131072","0","65536"]},{"CIMType":"SInt32","Description":"Navigate windows and frames across different domains (0: Disabled, 1: Enabled)","Name":"IZ_PolicyNavigateSubframesAcrossDomains_7","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Navigate windows and frames across different domains - Depends on IZ_PolicyNavigateSubframesAcrossDomains_7 (0: Enable, 3: Disable, 1: Prompt)","Name":"IZ_PolicyNavigateSubframesAcrossDomains_7_IZ_Partname1607","Option":"Write","ValueMap":[0,3,1],"Values":[0,3,1]},{"CIMType":"SInt32","Description":"Run .NET Framework-reliant components not signed with Authenticode (0: Disabled, 1: Enabled)","Name":"IZ_PolicyUnsignedFrameworkComponentsURLaction_7","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Run .NET Framework-reliant components not signed with Authenticode - Depends on IZ_PolicyUnsignedFrameworkComponentsURLaction_7 (0: Enable, 3: Disable, 1: Prompt)","Name":"IZ_PolicyUnsignedFrameworkComponentsURLaction_7_IZ_Partname2004","Option":"Write","ValueMap":[0,3,1],"Values":[0,3,1]},{"CIMType":"SInt32","Description":"Run .NET Framework-reliant components signed with Authenticode (0: Disabled, 1: Enabled)","Name":"IZ_PolicySignedFrameworkComponentsURLaction_7","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Run .NET Framework-reliant components signed with Authenticode - Depends on IZ_PolicySignedFrameworkComponentsURLaction_7 (0: Enable, 3: Disable, 1: Prompt)","Name":"IZ_PolicySignedFrameworkComponentsURLaction_7_IZ_Partname2001","Option":"Write","ValueMap":[0,3,1],"Values":[0,3,1]},{"CIMType":"SInt32","Description":"Run ActiveX controls and plugins (0: Disabled, 1: Enabled)","Name":"IZ_PolicyRunActiveXControls_7","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Run ActiveX controls and plugins - Depends on IZ_PolicyRunActiveXControls_7 (65536: Administrator approved, 0: Enable, 3: Disable, 1: Prompt)","Name":"IZ_Partname1200","Option":"Write","ValueMap":[65536,0,3,1],"Values":[65536,0,3,1]},{"CIMType":"SInt32","Description":"Script ActiveX controls marked safe for scripting (0: Disabled, 1: Enabled)","Name":"IZ_PolicyScriptActiveXMarkedSafe_7","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Script ActiveX controls marked safe for scripting - Depends on IZ_PolicyScriptActiveXMarkedSafe_7 (0: Enable, 3: Disable, 1: Prompt)","Name":"IZ_Partname1405","Option":"Write","ValueMap":[0,3,1],"Values":[0,3,1]},{"CIMType":"SInt32","Description":"Scripting of Java applets (0: Disabled, 1: Enabled)","Name":"IZ_PolicyScriptingOfJavaApplets_7","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Scripting of Java applets - Depends on IZ_PolicyScriptingOfJavaApplets_7 (0: Enable, 3: Disable, 1: Prompt)","Name":"IZ_Partname1402","Option":"Write","ValueMap":[0,3,1],"Values":[0,3,1]},{"CIMType":"SInt32","Description":"Show security warning for potentially unsafe files (0: Disabled, 1: Enabled)","Name":"IZ_Policy_UnsafeFiles_7","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Launching programs and unsafe files - Depends on IZ_Policy_UnsafeFiles_7 (0: Enable, 3: Disable, 1: Prompt)","Name":"IZ_Policy_UnsafeFiles_7_IZ_Partname1806","Option":"Write","ValueMap":[0,3,1],"Values":[0,3,1]},{"CIMType":"SInt32","Description":"Turn on Cross-Site Scripting Filter (0: Disabled, 1: Enabled)","Name":"IZ_PolicyTurnOnXSSFilter_Both_Restricted","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Turn on Cross-Site Scripting (XSS) Filter - Depends on IZ_PolicyTurnOnXSSFilter_Both_Restricted (0: Enable, 3: Disable)","Name":"IZ_PolicyTurnOnXSSFilter_Both_Restricted_IZ_Partname1409","Option":"Write","ValueMap":[0,3],"Values":[0,3]},{"CIMType":"SInt32","Description":"Turn on Protected Mode (0: Disabled, 1: Enabled)","Name":"IZ_Policy_TurnOnProtectedMode_7","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Protected Mode - Depends on IZ_Policy_TurnOnProtectedMode_7 (0: Enable, 3: Disable)","Name":"IZ_Policy_TurnOnProtectedMode_7_IZ_Partname2500","Option":"Write","ValueMap":[0,3],"Values":[0,3]},{"CIMType":"SInt32","Description":"Turn on SmartScreen Filter scan (0: Disabled, 1: Enabled)","Name":"IZ_Policy_Phishing_7","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Use SmartScreen Filter - Depends on IZ_Policy_Phishing_7 (0: Enable, 3: Disable)","Name":"IZ_Policy_Phishing_7_IZ_Partname2301","Option":"Write","ValueMap":[0,3],"Values":[0,3]},{"CIMType":"SInt32","Description":"Use Pop-up Blocker (0: Disabled, 1: Enabled)","Name":"IZ_PolicyBlockPopupWindows_7","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Use Pop-up Blocker - Depends on IZ_PolicyBlockPopupWindows_7 (0: Enable, 3: Disable)","Name":"IZ_PolicyBlockPopupWindows_7_IZ_Partname1809","Option":"Write","ValueMap":[0,3],"Values":[0,3]},{"CIMType":"SInt32","Description":"Userdata persistence (0: Disabled, 1: Enabled)","Name":"IZ_PolicyUserdataPersistence_7","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Userdata persistence - Depends on IZ_PolicyUserdataPersistence_7 (0: Enable, 3: Disable)","Name":"IZ_PolicyUserdataPersistence_7_IZ_Partname1606","Option":"Write","ValueMap":[0,3],"Values":[0,3]},{"CIMType":"SInt32","Description":"Web sites in less privileged Web content zones can navigate into this zone (0: Disabled, 1: Enabled)","Name":"IZ_PolicyZoneElevationURLaction_7","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Web sites in less privileged Web content zones can navigate into this zone - Depends on IZ_PolicyZoneElevationURLaction_7 (0: Enable, 3: Disable, 1: Prompt)","Name":"IZ_PolicyZoneElevationURLaction_7_IZ_Partname2101","Option":"Write","ValueMap":[0,3,1],"Values":[0,3,1]},{"CIMType":"SInt32","Description":"Don't run antimalware programs against ActiveX controls (0: Disabled, 1: Enabled)","Name":"IZ_PolicyAntiMalwareCheckingOfActiveXControls_5","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Don't run antimalware programs against ActiveX controls - Depends on IZ_PolicyAntiMalwareCheckingOfActiveXControls_5 (3: Enable, 0: Disable)","Name":"IZ_PolicyAntiMalwareCheckingOfActiveXControls_5_IZ_Partname270C","Option":"Write","ValueMap":[3,0],"Values":[3,0]},{"CIMType":"SInt32","Description":"Initialize and script ActiveX controls not marked as safe (0: Disabled, 1: Enabled)","Name":"IZ_PolicyScriptActiveXNotMarkedSafe_5","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Initialize and script ActiveX controls not marked as safe - Depends on IZ_PolicyScriptActiveXNotMarkedSafe_5 (0: Enable, 3: Disable, 1: Prompt)","Name":"IZ_PolicyScriptActiveXNotMarkedSafe_5_IZ_Partname1201","Option":"Write","ValueMap":[0,3,1],"Values":[0,3,1]},{"CIMType":"SInt32","Description":"Java permissions (0: Disabled, 1: Enabled)","Name":"IZ_PolicyJavaPermissions_5","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"String","Description":"Java permissions - Depends on IZ_PolicyJavaPermissions_5 (65536: High safety, 131072: Medium safety, 196608: Low safety, 8388608: Custom, 0: Disable Java)","Name":"IZ_PolicyJavaPermissions_5_IZ_Partname1C00","Option":"Write","ValueMap":["65536","131072","196608","8388608","0"],"Values":["65536","131072","196608","8388608","0"]},{"CIMType":"SInt32","Description":"Turn on certificate address mismatch warning (0: Disabled, 1: Enabled)","Name":"IZ_PolicyWarnCertMismatch","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Prevent bypassing SmartScreen Filter warnings (0: Disabled, 1: Enabled)","Name":"DisableSafetyFilterOverride","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Prevent bypassing SmartScreen Filter warnings about files that are not commonly downloaded from the Internet (0: Disabled, 1: Enabled)","Name":"DisableSafetyFilterOverrideForAppRepUnknown","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Prevent managing SmartScreen Filter (0: Disabled, 1: Enabled)","Name":"Disable_Managing_Safety_Filter_IE9","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Select SmartScreen Filter mode - Depends on Disable_Managing_Safety_Filter_IE9 (0: Off, 1: On)","Name":"IE9SafetyFilterOptions","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Prevent per-user installation of ActiveX controls (0: Disabled, 1: Enabled)","Name":"DisablePerUserActiveXInstall","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Remove 'Run this time' button for outdated ActiveX controls in Internet Explorer (0: Disabled, 1: Enabled)","Name":"VerMgmtDisableRunThisTime","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Turn off blocking of outdated ActiveX controls for Internet Explorer (0: Disabled, 1: Enabled)","Name":"VerMgmtDisable","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow fallback to SSL 3.0 (Internet Explorer) (0: Disabled, 1: Enabled)","Name":"Advanced_EnableSSL3Fallback","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow insecure fallback for: - Depends on Advanced_EnableSSL3Fallback (0: No Sites, 1: Non-Protected Mode Sites, 3: All Sites)","Name":"Advanced_EnableSSL3FallbackOptions","Option":"Write","ValueMap":[0,1,3],"Values":[0,1,3]},{"CIMType":"SInt32","Description":"Internet Explorer Processes (0: Disabled, 1: Enabled)","Name":"IESF_PolicyExplorerProcesses_5","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Internet Explorer Processes (0: Disabled, 1: Enabled)","Name":"IESF_PolicyExplorerProcesses_6","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Internet Explorer Processes (0: Disabled, 1: Enabled)","Name":"IESF_PolicyExplorerProcesses_3","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Internet Explorer Processes (0: Disabled, 1: Enabled)","Name":"IESF_PolicyExplorerProcesses_10","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Internet Explorer Processes (0: Disabled, 1: Enabled)","Name":"IESF_PolicyExplorerProcesses_9","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Internet Explorer Processes (0: Disabled, 1: Enabled)","Name":"IESF_PolicyExplorerProcesses_11","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Internet Explorer Processes (0: Disabled, 1: Enabled)","Name":"IESF_PolicyExplorerProcesses_12","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Internet Explorer Processes (0: Disabled, 1: Enabled)","Name":"IESF_PolicyExplorerProcesses_8","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Security Zones: Do not allow users to add/delete sites (0: Disabled, 1: Enabled)","Name":"Security_zones_map_edit","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Security Zones: Do not allow users to change policies (0: Disabled, 1: Enabled)","Name":"Security_options_edit","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Security Zones: Use only machine settings (0: Disabled, 1: Enabled)","Name":"Security_HKLM_only","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Specify use of ActiveX Installer Service for installation of ActiveX controls (0: Disabled, 1: Enabled)","Name":"OnlyUseAXISForActiveXInstall","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Turn off Crash Detection (0: Disabled, 1: Enabled)","Name":"AddonManagement_RestrictCrashDetection","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Turn off the Security Settings Check feature (0: Disabled, 1: Enabled)","Name":"Disable_Security_Settings_Check","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Configure the 'Block at First Sight' feature (0: Disabled, 1: Enabled)","Name":"DisableBlockAtFirstSeen","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Turn on process scanning whenever real-time protection is enabled (0: Disabled, 1: Enabled)","Name":"RealtimeProtection_DisableScanOnRealtimeEnable","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Scan packed executables (0: Disabled, 1: Enabled)","Name":"Scan_DisablePackedExeScanning","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Turn off routine remediation (0: Disabled, 1: Enabled)","Name":"DisableRoutinelyTakingAction","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Do not allow passwords to be saved (0: Disabled, 1: Enabled)","Name":"TS_CLIENT_DISABLE_PASSWORD_SAVING_2","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Do not allow drive redirection (0: Disabled, 1: Enabled)","Name":"TS_CLIENT_DRIVE_M","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Always prompt for password upon connection (0: Disabled, 1: Enabled)","Name":"TS_PASSWORD","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Require secure RPC communication (0: Disabled, 1: Enabled)","Name":"TS_RPC_ENCRYPTION","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Set client connection encryption level (0: Disabled, 1: Enabled)","Name":"TS_ENCRYPTION_POLICY","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Encryption Level - Depends on TS_ENCRYPTION_POLICY (1: Low Level, 2: Client Compatible, 3: High Level)","Name":"TS_ENCRYPTION_LEVEL","Option":"Write","ValueMap":[1,2,3],"Values":[1,2,3]},{"CIMType":"SInt32","Description":"Prevent downloading of enclosures (0: Disabled, 1: Enabled)","Name":"Disable_Downloading_of_Enclosures","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Enable MPR notifications for the system (0: Disabled, 1: Enabled)","Name":"EnableMPRNotifications","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Sign-in and lock last interactive user automatically after a restart (0: Disabled, 1: Enabled)","Name":"AutomaticRestartSignOn","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Turn on PowerShell Script Block Logging (0: Disabled, 1: Enabled)","Name":"EnableScriptBlockLogging","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Log script block invocation start / stop events: - Depends on EnableScriptBlockLogging (0: False, 1: True)","Name":"EnableScriptBlockInvocationLogging","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow Basic authentication (0: Disabled, 1: Enabled)","Name":"AllowBasic_2","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow unencrypted traffic (0: Disabled, 1: Enabled)","Name":"AllowUnencrypted_2","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Disallow Digest authentication (0: Disabled, 1: Enabled)","Name":"DisallowDigest","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow Basic authentication (0: Disabled, 1: Enabled)","Name":"AllowBasic_1","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow unencrypted traffic (0: Disabled, 1: Enabled)","Name":"AllowUnencrypted_1","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Disallow WinRM from storing RunAs credentials (0: Disabled, 1: Enabled)","Name":"DisableRunAs","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Account Logon Audit Credential Validation (0: Off/None, 1: Success, 2: Failure, 3: Success+Failure)","Name":"AccountLogon_AuditCredentialValidation","Option":"Write","ValueMap":[0,1,2,3],"Values":[0,1,2,3]},{"CIMType":"SInt32","Description":"Account Logon Logoff Audit Account Lockout (0: Off/None, 1: Success, 2: Failure, 3: Success+Failure)","Name":"AccountLogonLogoff_AuditAccountLockout","Option":"Write","ValueMap":[0,1,2,3],"Values":[0,1,2,3]},{"CIMType":"SInt32","Description":"Account Logon Logoff Audit Group Membership (0: Off/None, 1: Success, 2: Failure, 3: Success+Failure)","Name":"AccountLogonLogoff_AuditGroupMembership","Option":"Write","ValueMap":[0,1,2,3],"Values":[0,1,2,3]},{"CIMType":"SInt32","Description":"Account Logon Logoff Audit Logon (0: Off/None, 1: Success, 2: Failure, 3: Success+Failure)","Name":"AccountLogonLogoff_AuditLogon","Option":"Write","ValueMap":[0,1,2,3],"Values":[0,1,2,3]},{"CIMType":"SInt32","Description":"Audit Authentication Policy Change (0: Off/None, 1: Success, 2: Failure, 3: Success+Failure)","Name":"PolicyChange_AuditAuthenticationPolicyChange","Option":"Write","ValueMap":[0,1,2,3],"Values":[0,1,2,3]},{"CIMType":"SInt32","Description":"Audit Changes to Audit Policy (0: Off/None, 1: Success, 2: Failure, 3: Success+Failure)","Name":"PolicyChange_AuditPolicyChange","Option":"Write","ValueMap":[0,1,2,3],"Values":[0,1,2,3]},{"CIMType":"SInt32","Description":"Audit File Share Access (0: Off/None, 1: Success, 2: Failure, 3: Success+Failure)","Name":"ObjectAccess_AuditFileShare","Option":"Write","ValueMap":[0,1,2,3],"Values":[0,1,2,3]},{"CIMType":"SInt32","Description":"Audit Other Logon Logoff Events (0: Off/None, 1: Success, 2: Failure, 3: Success+Failure)","Name":"AccountLogonLogoff_AuditOtherLogonLogoffEvents","Option":"Write","ValueMap":[0,1,2,3],"Values":[0,1,2,3]},{"CIMType":"SInt32","Description":"Audit Security Group Management (0: Off/None, 1: Success, 2: Failure, 3: Success+Failure)","Name":"AccountManagement_AuditSecurityGroupManagement","Option":"Write","ValueMap":[0,1,2,3],"Values":[0,1,2,3]},{"CIMType":"SInt32","Description":"Audit Security System Extension (0: Off/None, 1: Success, 2: Failure, 3: Success+Failure)","Name":"System_AuditSecuritySystemExtension","Option":"Write","ValueMap":[0,1,2,3],"Values":[0,1,2,3]},{"CIMType":"SInt32","Description":"Audit Special Logon (0: Off/None, 1: Success, 2: Failure, 3: Success+Failure)","Name":"AccountLogonLogoff_AuditSpecialLogon","Option":"Write","ValueMap":[0,1,2,3],"Values":[0,1,2,3]},{"CIMType":"SInt32","Description":"Audit User Account Management (0: Off/None, 1: Success, 2: Failure, 3: Success+Failure)","Name":"AccountManagement_AuditUserAccountManagement","Option":"Write","ValueMap":[0,1,2,3],"Values":[0,1,2,3]},{"CIMType":"SInt32","Description":"Detailed Tracking Audit PNP Activity (0: Off/None, 1: Success, 2: Failure, 3: Success+Failure)","Name":"DetailedTracking_AuditPNPActivity","Option":"Write","ValueMap":[0,1,2,3],"Values":[0,1,2,3]},{"CIMType":"SInt32","Description":"Detailed Tracking Audit Process Creation (0: Off/None, 1: Success, 2: Failure, 3: Success+Failure)","Name":"DetailedTracking_AuditProcessCreation","Option":"Write","ValueMap":[0,1,2,3],"Values":[0,1,2,3]},{"CIMType":"SInt32","Description":"Object Access Audit Detailed File Share (0: Off/None, 1: Success, 2: Failure, 3: Success+Failure)","Name":"ObjectAccess_AuditDetailedFileShare","Option":"Write","ValueMap":[0,1,2,3],"Values":[0,1,2,3]},{"CIMType":"SInt32","Description":"Object Access Audit Other Object Access Events (0: Off/None, 1: Success, 2: Failure, 3: Success+Failure)","Name":"ObjectAccess_AuditOtherObjectAccessEvents","Option":"Write","ValueMap":[0,1,2,3],"Values":[0,1,2,3]},{"CIMType":"SInt32","Description":"Object Access Audit Removable Storage (0: Off/None, 1: Success, 2: Failure, 3: Success+Failure)","Name":"ObjectAccess_AuditRemovableStorage","Option":"Write","ValueMap":[0,1,2,3],"Values":[0,1,2,3]},{"CIMType":"SInt32","Description":"Policy Change Audit MPSSVC Rule Level Policy Change (0: Off/None, 1: Success, 2: Failure, 3: Success+Failure)","Name":"PolicyChange_AuditMPSSVCRuleLevelPolicyChange","Option":"Write","ValueMap":[0,1,2,3],"Values":[0,1,2,3]},{"CIMType":"SInt32","Description":"Policy Change Audit Other Policy Change Events (0: Off/None, 1: Success, 2: Failure, 3: Success+Failure)","Name":"PolicyChange_AuditOtherPolicyChangeEvents","Option":"Write","ValueMap":[0,1,2,3],"Values":[0,1,2,3]},{"CIMType":"SInt32","Description":"Privilege Use Audit Sensitive Privilege Use (0: Off/None, 1: Success, 2: Failure, 3: Success+Failure)","Name":"PrivilegeUse_AuditSensitivePrivilegeUse","Option":"Write","ValueMap":[0,1,2,3],"Values":[0,1,2,3]},{"CIMType":"SInt32","Description":"System Audit Other System Events (0: Off/None, 1: Success, 2: Failure, 3: Success+Failure)","Name":"System_AuditOtherSystemEvents","Option":"Write","ValueMap":[0,1,2,3],"Values":[0,1,2,3]},{"CIMType":"SInt32","Description":"System Audit Security State Change (0: Off/None, 1: Success, 2: Failure, 3: Success+Failure)","Name":"System_AuditSecurityStateChange","Option":"Write","ValueMap":[0,1,2,3],"Values":[0,1,2,3]},{"CIMType":"SInt32","Description":"System Audit System Integrity (0: Off/None, 1: Success, 2: Failure, 3: Success+Failure)","Name":"System_AuditSystemIntegrity","Option":"Write","ValueMap":[0,1,2,3],"Values":[0,1,2,3]},{"CIMType":"SInt32","Description":"Allow Password Manager (0: Not allowed., 1: Allowed.)","Name":"AllowPasswordManager","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow Smart Screen (0: Turned off. Do not protect users from potential threats and prevent users from turning it on., 1: Turned on. Protect users from potential threats and prevent users from turning it off.)","Name":"AllowSmartScreen","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Prevent Cert Error Overrides (0: Allowed/turned on. Override the security warning to sites that have SSL errors., 1: Prevented/turned on.)","Name":"PreventCertErrorOverrides","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Prevent Smart Screen Prompt Override (0: Allowed/turned off. Users can ignore the warning and continue to the site., 1: Prevented/turned on.)","Name":"Browser_PreventSmartScreenPromptOverride","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Prevent Smart Screen Prompt Override For Files (0: Allowed/turned off. Users can ignore the warning and continue to download the unverified file(s)., 1: Prevented/turned on.)","Name":"PreventSmartScreenPromptOverrideForFiles","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow Direct Memory Access (0: Not allowed., 1: Allowed.)","Name":"AllowDirectMemoryAccess","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow Archive Scanning (0: Not allowed. Turns off scanning on archived files., 1: Allowed. Scans the archive files.)","Name":"AllowArchiveScanning","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow Behavior Monitoring (0: Not allowed. Turns off behavior monitoring., 1: Allowed. Turns on real-time behavior monitoring.)","Name":"AllowBehaviorMonitoring","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow Cloud Protection (0: Not allowed. Turns off the Microsoft Active Protection Service., 1: Allowed. Turns on the Microsoft Active Protection Service.)","Name":"AllowCloudProtection","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow Full Scan Removable Drive Scanning (0: Not allowed. Turns off scanning on removable drives., 1: Allowed. Scans removable drives.)","Name":"AllowFullScanRemovableDriveScanning","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow On Access Protection (0: Not allowed., 1: Allowed.)","Name":"AllowOnAccessProtection","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow Realtime Monitoring (0: Not allowed. Turns off the real-time monitoring service., 1: Allowed. Turns on and runs the real-time monitoring service.)","Name":"AllowRealtimeMonitoring","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow scanning of all downloaded files and attachments (0: Not allowed., 1: Allowed.)","Name":"AllowIOAVProtection","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow Script Scanning (0: Not allowed., 1: Allowed.)","Name":"AllowScriptScanning","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"String","Description":"Block execution of potentially obfuscated scripts - Depends on AttackSurfaceReductionRules (off: Off, block: Block, audit: Audit, warn: Warn)","Name":"BlockExecutionOfPotentiallyObfuscatedScripts","Option":"Write","ValueMap":["off","block","audit","warn"],"Values":["off","block","audit","warn"]},{"CIMType":"String[]","Description":"ASR Only Per Rule Exclusions","Name":"BlockExecutionOfPotentiallyObfuscatedScripts_ASROnlyPerRuleExclusions","Option":"Write"},{"CIMType":"String","Description":"Block Win32 API calls from Office macros - Depends on AttackSurfaceReductionRules (off: Off, block: Block, audit: Audit, warn: Warn)","Name":"BlockWin32APICallsFromOfficeMacros","Option":"Write","ValueMap":["off","block","audit","warn"],"Values":["off","block","audit","warn"]},{"CIMType":"String[]","Description":"ASR Only Per Rule Exclusions","Name":"BlockWin32APICallsFromOfficeMacros_ASROnlyPerRuleExclusions","Option":"Write"},{"CIMType":"String","Description":"Block executable files from running unless they meet a prevalence, age, or trusted list criterion - Depends on AttackSurfaceReductionRules (off: Off, block: Block, audit: Audit, warn: Warn)","Name":"BlockExecutableFilesRunningUnlessTheyMeetPrevalenceAgeTrustedListCriterion","Option":"Write","ValueMap":["off","block","audit","warn"],"Values":["off","block","audit","warn"]},{"CIMType":"String[]","Description":"ASR Only Per Rule Exclusions","Name":"BlockExecutableFilesRunningUnlessTheyMeetPrevalenceAgeTrustedListCriterion_ASROnlyPerRuleExclusions","Option":"Write"},{"CIMType":"String","Description":"Block Office communication application from creating child processes - Depends on AttackSurfaceReductionRules (off: Off, block: Block, audit: Audit, warn: Warn)","Name":"BlockOfficeCommunicationAppFromCreatingChildProcesses","Option":"Write","ValueMap":["off","block","audit","warn"],"Values":["off","block","audit","warn"]},{"CIMType":"String[]","Description":"ASR Only Per Rule Exclusions","Name":"BlockOfficeCommunicationAppFromCreatingChildProcesses_ASROnlyPerRuleExclusions","Option":"Write"},{"CIMType":"String","Description":"Block all Office applications from creating child processes - Depends on AttackSurfaceReductionRules (off: Off, block: Block, audit: Audit, warn: Warn)","Name":"BlockAllOfficeApplicationsFromCreatingChildProcesses","Option":"Write","ValueMap":["off","block","audit","warn"],"Values":["off","block","audit","warn"]},{"CIMType":"String[]","Description":"ASR Only Per Rule Exclusions","Name":"BlockAllOfficeApplicationsFromCreatingChildProcesses_ASROnlyPerRuleExclusions","Option":"Write"},{"CIMType":"String","Description":"Block Adobe Reader from creating child processes - Depends on AttackSurfaceReductionRules (off: Off, block: Block, audit: Audit, warn: Warn)","Name":"BlockAdobeReaderFromCreatingChildProcesses","Option":"Write","ValueMap":["off","block","audit","warn"],"Values":["off","block","audit","warn"]},{"CIMType":"String[]","Description":"ASR Only Per Rule Exclusions","Name":"BlockAdobeReaderFromCreatingChildProcesses_ASROnlyPerRuleExclusions","Option":"Write"},{"CIMType":"String","Description":"Block credential stealing from the Windows local security authority subsystem - Depends on AttackSurfaceReductionRules (off: Off, block: Block, audit: Audit, warn: Warn)","Name":"BlockCredentialStealingFromWindowsLocalSecurityAuthoritySubsystem","Option":"Write","ValueMap":["off","block","audit","warn"],"Values":["off","block","audit","warn"]},{"CIMType":"String[]","Description":"ASR Only Per Rule Exclusions","Name":"BlockCredentialStealingFromWindowsLocalSecurityAuthoritySubsystem_ASROnlyPerRuleExclusions","Option":"Write"},{"CIMType":"String","Description":"Block JavaScript or VBScript from launching downloaded executable content - Depends on AttackSurfaceReductionRules (off: Off, block: Block, audit: Audit, warn: Warn)","Name":"BlockJavaScriptOrVBScriptFromLaunchingDownloadedExecutableContent","Option":"Write","ValueMap":["off","block","audit","warn"],"Values":["off","block","audit","warn"]},{"CIMType":"String[]","Description":"ASR Only Per Rule Exclusions","Name":"BlockJavaScriptOrVBScriptFromLaunchingDownloadedExecutableContent_ASROnlyPerRuleExclusions","Option":"Write"},{"CIMType":"String","Description":"Block Webshell creation for Servers - Depends on AttackSurfaceReductionRules (off: Off, block: Block, audit: Audit, warn: Warn)","Name":"BlockWebshellCreationForServers","Option":"Write","ValueMap":["off","block","audit","warn"],"Values":["off","block","audit","warn"]},{"CIMType":"String[]","Description":"ASR Only Per Rule Exclusions","Name":"BlockWebshellCreationForServers_ASROnlyPerRuleExclusions","Option":"Write"},{"CIMType":"String","Description":"Block untrusted and unsigned processes that run from USB - Depends on AttackSurfaceReductionRules (off: Off, block: Block, audit: Audit, warn: Warn)","Name":"BlockUntrustedUnsignedProcessesThatRunFromUSB","Option":"Write","ValueMap":["off","block","audit","warn"],"Values":["off","block","audit","warn"]},{"CIMType":"String[]","Description":"ASR Only Per Rule Exclusions","Name":"BlockUntrustedUnsignedProcessesThatRunFromUSB_ASROnlyPerRuleExclusions","Option":"Write"},{"CIMType":"String","Description":"Block persistence through WMI event subscription - Depends on AttackSurfaceReductionRules (off: Off, block: Block, audit: Audit, warn: Warn)","Name":"BlockPersistenceThroughWMIEventSubscription","Option":"Write","ValueMap":["off","block","audit","warn"],"Values":["off","block","audit","warn"]},{"CIMType":"String","Description":"Block use of copied or impersonated system tools - Depends on AttackSurfaceReductionRules (off: Off, block: Block, audit: Audit, warn: Warn)","Name":"BlockUseOfCopiedOrImpersonatedSystemTools","Option":"Write","ValueMap":["off","block","audit","warn"],"Values":["off","block","audit","warn"]},{"CIMType":"String[]","Description":"ASR Only Per Rule Exclusions","Name":"BlockUseOfCopiedOrImpersonatedSystemTools_ASROnlyPerRuleExclusions","Option":"Write"},{"CIMType":"String","Description":"Block abuse of exploited vulnerable signed drivers (Device) - Depends on AttackSurfaceReductionRules (off: Off, block: Block, audit: Audit, warn: Warn)","Name":"BlockAbuseOfExploitedVulnerableSignedDrivers","Option":"Write","ValueMap":["off","block","audit","warn"],"Values":["off","block","audit","warn"]},{"CIMType":"String[]","Description":"ASR Only Per Rule Exclusions","Name":"BlockAbuseOfExploitedVulnerableSignedDrivers_ASROnlyPerRuleExclusions","Option":"Write"},{"CIMType":"String","Description":"Block process creations originating from PSExec and WMI commands - Depends on AttackSurfaceReductionRules (off: Off, block: Block, audit: Audit, warn: Warn)","Name":"BlockProcessCreationsFromPSExecAndWMICommands","Option":"Write","ValueMap":["off","block","audit","warn"],"Values":["off","block","audit","warn"]},{"CIMType":"String[]","Description":"ASR Only Per Rule Exclusions","Name":"BlockProcessCreationsFromPSExecAndWMICommands_ASROnlyPerRuleExclusions","Option":"Write"},{"CIMType":"String","Description":"Block Office applications from creating executable content - Depends on AttackSurfaceReductionRules (off: Off, block: Block, audit: Audit, warn: Warn)","Name":"BlockOfficeApplicationsFromCreatingExecutableContent","Option":"Write","ValueMap":["off","block","audit","warn"],"Values":["off","block","audit","warn"]},{"CIMType":"String[]","Description":"ASR Only Per Rule Exclusions","Name":"BlockOfficeApplicationsFromCreatingExecutableContent_ASROnlyPerRuleExclusions","Option":"Write"},{"CIMType":"String","Description":"Block Office applications from injecting code into other processes - Depends on AttackSurfaceReductionRules (off: Off, block: Block, audit: Audit, warn: Warn)","Name":"BlockOfficeApplicationsFromInjectingCodeIntoOtherProcesses","Option":"Write","ValueMap":["off","block","audit","warn"],"Values":["off","block","audit","warn"]},{"CIMType":"String[]","Description":"ASR Only Per Rule Exclusions","Name":"BlockOfficeApplicationsFromInjectingCodeIntoOtherProcesses_ASROnlyPerRuleExclusions","Option":"Write"},{"CIMType":"String","Description":"Block rebooting machine in Safe Mode - Depends on AttackSurfaceReductionRules (off: Off, block: Block, audit: Audit, warn: Warn)","Name":"BlockRebootingMachineInSafeMode","Option":"Write","ValueMap":["off","block","audit","warn"],"Values":["off","block","audit","warn"]},{"CIMType":"String[]","Description":"ASR Only Per Rule Exclusions","Name":"BlockRebootingMachineInSafeMode_ASROnlyPerRuleExclusions","Option":"Write"},{"CIMType":"String","Description":"Use advanced protection against ransomware - Depends on AttackSurfaceReductionRules (off: Off, block: Block, audit: Audit, warn: Warn)","Name":"UseAdvancedProtectionAgainstRansomware","Option":"Write","ValueMap":["off","block","audit","warn"],"Values":["off","block","audit","warn"]},{"CIMType":"String[]","Description":"ASR Only Per Rule Exclusions","Name":"UseAdvancedProtectionAgainstRansomware_ASROnlyPerRuleExclusions","Option":"Write"},{"CIMType":"String","Description":"Block executable content from email client and webmail - Depends on AttackSurfaceReductionRules (off: Off, block: Block, audit: Audit, warn: Warn)","Name":"BlockExecutableContentFromEmailClientAndWebmail","Option":"Write","ValueMap":["off","block","audit","warn"],"Values":["off","block","audit","warn"]},{"CIMType":"String[]","Description":"ASR Only Per Rule Exclusions","Name":"BlockExecutableContentFromEmailClientAndWebmail_ASROnlyPerRuleExclusions","Option":"Write"},{"CIMType":"SInt32","Description":"Cloud Block Level (0: NotConfigured, 2: High, 4: HighPlus, 6: ZeroTolerance)","Name":"CloudBlockLevel","Option":"Write","ValueMap":[0,2,4,6],"Values":[0,2,4,6]},{"CIMType":"SInt32","Description":"Cloud Extended Timeout","Name":"CloudExtendedTimeout","Option":"Write"},{"CIMType":"SInt32","Description":"Disable Local Admin Merge (0: Enable Local Admin Merge, 1: Disable Local Admin Merge)","Name":"DisableLocalAdminMerge","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Enable File Hash Computation (0: Disable, 1: Enable)","Name":"EnableFileHashComputation","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Enable Network Protection (0: Disabled, 1: Enabled (block mode), 2: Enabled (audit mode))","Name":"EnableNetworkProtection","Option":"Write","ValueMap":[0,1,2],"Values":[0,1,2]},{"CIMType":"SInt32","Description":"Hide Exclusions From Local Admins (1: If you enable this setting, local admins will no longer be able to see the exclusion list in Windows Security App or via PowerShell., 0: If you disable or do not configure this setting, local admins will be able to see exclusions in the Windows Security App and via PowerShell.)","Name":"HideExclusionsFromLocalAdmins","Option":"Write","ValueMap":[1,0],"Values":[1,0]},{"CIMType":"SInt32","Description":"PUA Protection (0: PUA Protection off. Windows Defender will not protect against potentially unwanted applications., 1: PUA Protection on. Detected items are blocked. They will show in history along with other threats., 2: Audit mode. Windows Defender will detect potentially unwanted applications, but take no action. You can review information about the applications Windows Defender would have taken action against by searching for events created by Windows Defender in the Event Viewer.)","Name":"PUAProtection","Option":"Write","ValueMap":[0,1,2],"Values":[0,1,2]},{"CIMType":"SInt32","Description":"Real Time Scan Direction (0: Monitor all files (bi-directional)., 1: Monitor incoming files., 2: Monitor outgoing files.)","Name":"RealTimeScanDirection","Option":"Write","ValueMap":[0,1,2],"Values":[0,1,2]},{"CIMType":"SInt32","Description":"Submit Samples Consent (0: Always prompt., 1: Send safe samples automatically., 2: Never send., 3: Send all samples automatically.)","Name":"SubmitSamplesConsent","Option":"Write","ValueMap":[0,1,2,3],"Values":[0,1,2,3]},{"CIMType":"SInt32","Description":"Configure System Guard Launch (0: Unmanaged Configurable by Administrative user, 1: Unmanaged Enables Secure Launch if supported by hardware, 2: Unmanaged Disables Secure Launch)","Name":"ConfigureSystemGuardLaunch","Option":"Write","ValueMap":[0,1,2],"Values":[0,1,2]},{"CIMType":"SInt32","Description":"Credential Guard (0: (Disabled) Turns off Credential Guard remotely if configured previously without UEFI Lock., 1: (Enabled with UEFI lock) Turns on Credential Guard with UEFI lock., 2: (Enabled without lock) Turns on Credential Guard without UEFI lock.)","Name":"LsaCfgFlags","Option":"Write","ValueMap":[0,1,2],"Values":[0,1,2]},{"CIMType":"SInt32","Description":"Enable Virtualization Based Security (0: disable virtualization based security., 1: enable virtualization based security.)","Name":"EnableVirtualizationBasedSecurity","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Require Platform Security Features (1: Turns on VBS with Secure Boot., 3: Turns on VBS with Secure Boot and direct memory access (DMA). DMA requires hardware support.)","Name":"RequirePlatformSecurityFeatures","Option":"Write","ValueMap":[1,3],"Values":[1,3]},{"CIMType":"SInt32","Description":"Device Password Enabled (0: Enabled, 1: Disabled)","Name":"DevicePasswordEnabled","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Device Password Expiration - Depends on DevicePasswordEnabled","Name":"DevicePasswordExpiration","Option":"Write"},{"CIMType":"SInt32","Description":"Min Device Password Length - Depends on DevicePasswordEnabled","Name":"MinDevicePasswordLength","Option":"Write"},{"CIMType":"SInt32","Description":"Alphanumeric Device Password Required - Depends on DevicePasswordEnabled (0: Password or Alphanumeric PIN required., 1: Password or Numeric PIN required., 2: Password, Numeric PIN, or Alphanumeric PIN required.)","Name":"AlphanumericDevicePasswordRequired","Option":"Write","ValueMap":[0,1,2],"Values":[0,1,2]},{"CIMType":"SInt32","Description":"Max Device Password Failed Attempts - Depends on DevicePasswordEnabled","Name":"MaxDevicePasswordFailedAttempts","Option":"Write"},{"CIMType":"SInt32","Description":"Min Device Password Complex Characters - Depends on DevicePasswordEnabled (1: Digits only, 2: Digits and lowercase letters are required, 3: Digits lowercase letters and uppercase letters are required. Not supported in desktop Microsoft accounts and domain accounts, 4: Digits lowercase letters uppercase letters and special characters are required. Not supported in desktop)","Name":"MinDevicePasswordComplexCharacters","Option":"Write","ValueMap":[1,2,3,4],"Values":[1,2,3,4]},{"CIMType":"SInt32","Description":"Max Inactivity Time Device Lock - Depends on DevicePasswordEnabled","Name":"MaxInactivityTimeDeviceLock","Option":"Write"},{"CIMType":"SInt32","Description":"Device Password History - Depends on DevicePasswordEnabled","Name":"DevicePasswordHistory","Option":"Write"},{"CIMType":"SInt32","Description":"Allow Simple Device Password - Depends on DevicePasswordEnabled (0: Not allowed., 1: Allowed.)","Name":"AllowSimpleDevicePassword","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Device Enumeration Policy (0: Block all (Most restrictive), 1: Only after log in/screen unlock, 2: Allow all (Least restrictive))","Name":"DeviceEnumerationPolicy","Option":"Write","ValueMap":[0,1,2],"Values":[0,1,2]},{"CIMType":"SInt32","Description":"Enable Insecure Guest Logons (0: Disabled, 1: Enabled)","Name":"EnableInsecureGuestLogons","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Accounts Limit Local Account Use Of Blank Passwords To Console Logon Only (0: Disabled, 1: Enabled)","Name":"Accounts_LimitLocalAccountUseOfBlankPasswordsToConsoleLogonOnly","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Interactive Logon Machine Inactivity Limit","Name":"InteractiveLogon_MachineInactivityLimit","Option":"Write"},{"CIMType":"SInt32","Description":"Interactive Logon Smart Card Removal Behavior (0: No Action, 1: Lock Workstation, 2: Force Logoff, 3: Disconnect if a Remote Desktop Services session)","Name":"InteractiveLogon_SmartCardRemovalBehavior","Option":"Write","ValueMap":[0,1,2,3],"Values":[0,1,2,3]},{"CIMType":"SInt32","Description":"Microsoft Network Client Digitally Sign Communications Always (1: Enable, 0: Disable)","Name":"MicrosoftNetworkClient_DigitallySignCommunicationsAlways","Option":"Write","ValueMap":[1,0],"Values":[1,0]},{"CIMType":"SInt32","Description":"Microsoft Network Client Send Unencrypted Password To Third Party SMB Servers (1: Enable, 0: Disable)","Name":"MicrosoftNetworkClient_SendUnencryptedPasswordToThirdPartySMBServers","Option":"Write","ValueMap":[1,0],"Values":[1,0]},{"CIMType":"SInt32","Description":"Microsoft Network Server Digitally Sign Communications Always (1: Enable, 0: Disable)","Name":"MicrosoftNetworkServer_DigitallySignCommunicationsAlways","Option":"Write","ValueMap":[1,0],"Values":[1,0]},{"CIMType":"SInt32","Description":"Network Access Do Not Allow Anonymous Enumeration Of SAM Accounts (1: Enabled, 0: Disabled)","Name":"NetworkAccess_DoNotAllowAnonymousEnumerationOfSAMAccounts","Option":"Write","ValueMap":[1,0],"Values":[1,0]},{"CIMType":"SInt32","Description":"Network Access Do Not Allow Anonymous Enumeration Of Sam Accounts And Shares (1: Enabled, 0: Disabled)","Name":"NetworkAccess_DoNotAllowAnonymousEnumerationOfSamAccountsAndShares","Option":"Write","ValueMap":[1,0],"Values":[1,0]},{"CIMType":"SInt32","Description":"Network Access Restrict Anonymous Access To Named Pipes And Shares (1: Enable, 0: Disable)","Name":"NetworkAccess_RestrictAnonymousAccessToNamedPipesAndShares","Option":"Write","ValueMap":[1,0],"Values":[1,0]},{"CIMType":"String","Description":"Network Access Restrict Clients Allowed To Make Remote Calls To SAM","Name":"NetworkAccess_RestrictClientsAllowedToMakeRemoteCallsToSAM","Option":"Write"},{"CIMType":"SInt32","Description":"Network Security Do Not Store LAN Manager Hash Value On Next Password Change (1: Enable, 0: Disable)","Name":"NetworkSecurity_DoNotStoreLANManagerHashValueOnNextPasswordChange","Option":"Write","ValueMap":[1,0],"Values":[1,0]},{"CIMType":"SInt32","Description":"Network Security LAN Manager Authentication Level (0: Send LM and NTLM responses, 1: Send LM and NTLM-use NTLMv2 session security if negotiated, 2: Send LM and NTLM responses only, 3: Send LM and NTLMv2 responses only, 4: Send LM and NTLMv2 responses only. Refuse LM, 5: Send LM and NTLMv2 responses only. Refuse LM and NTLM)","Name":"NetworkSecurity_LANManagerAuthenticationLevel","Option":"Write","ValueMap":[0,1,2,3,4,5],"Values":[0,1,2,3,4,5]},{"CIMType":"String","Description":"Network Security Minimum Session Security For NTLMSSP Based Clients (0: None, 524288: Require NTLMv2 session security, 536870912: Require 128-bit encryption, 537395200: Require NTLM and 128-bit encryption)","Name":"NetworkSecurity_MinimumSessionSecurityForNTLMSSPBasedClients","Option":"Write","ValueMap":["0","524288","536870912","537395200"],"Values":["0","524288","536870912","537395200"]},{"CIMType":"String","Description":"Network Security Minimum Session Security For NTLMSSP Based Servers (0: None, 524288: Require NTLMv2 session security, 536870912: Require 128-bit encryption, 537395200: Require NTLM and 128-bit encryption)","Name":"NetworkSecurity_MinimumSessionSecurityForNTLMSSPBasedServers","Option":"Write","ValueMap":["0","524288","536870912","537395200"],"Values":["0","524288","536870912","537395200"]},{"CIMType":"SInt32","Description":"User Account Control Behavior Of The Elevation Prompt For Administrators (0: Elevate without prompting, 1: Prompt for credentials on the secure desktop, 2: Prompt for consent on the secure desktop, 3: Prompt for credentials, 4: Prompt for consent, 5: Prompt for consent for non-Windows binaries)","Name":"UserAccountControl_BehaviorOfTheElevationPromptForAdministrators","Option":"Write","ValueMap":[0,1,2,3,4,5],"Values":[0,1,2,3,4,5]},{"CIMType":"SInt32","Description":"User Account Control Behavior Of The Elevation Prompt For Standard Users (0: Automatically deny elevation requests, 1: Prompt for credentials on the secure desktop, 3: Prompt for credentials)","Name":"UserAccountControl_BehaviorOfTheElevationPromptForStandardUsers","Option":"Write","ValueMap":[0,1,3],"Values":[0,1,3]},{"CIMType":"SInt32","Description":"User Account Control Detect Application Installations And Prompt For Elevation (1: Enable, 0: Disable)","Name":"UserAccountControl_DetectApplicationInstallationsAndPromptForElevation","Option":"Write","ValueMap":[1,0],"Values":[1,0]},{"CIMType":"SInt32","Description":"User Account Control Only Elevate UI Access Applications That Are Installed In Secure Locations (0: Disabled: Application runs with UIAccess integrity even if it does not reside in a secure location., 1: Enabled: Application runs with UIAccess integrity only if it resides in secure location.)","Name":"UserAccountControl_OnlyElevateUIAccessApplicationsThatAreInstalledInSecureLocations","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"User Account Control Run All Administrators In Admin Approval Mode (0: Disabled, 1: Enabled)","Name":"UserAccountControl_RunAllAdministratorsInAdminApprovalMode","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"User Account Control Use Admin Approval Mode (1: Enable, 0: Disable)","Name":"UserAccountControl_UseAdminApprovalMode","Option":"Write","ValueMap":[1,0],"Values":[1,0]},{"CIMType":"SInt32","Description":"User Account Control Virtualize File And Registry Write Failures To Per User Locations (0: Disabled, 1: Enabled)","Name":"UserAccountControl_VirtualizeFileAndRegistryWriteFailuresToPerUserLocations","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Configure Lsa Protected Process (0: Disabled. Default value. LSA will not run as protected process., 1: Enabled with UEFI lock. LSA will run as protected process and this configuration is UEFI locked., 2: Enabled without UEFI lock. LSA will run as protected process and this configuration is not UEFI locked.)","Name":"ConfigureLsaProtectedProcess","Option":"Write","ValueMap":[0,1,2],"Values":[0,1,2]},{"CIMType":"SInt32","Description":"Allow Game DVR (0: Not allowed., 1: Allowed.)","Name":"AllowGameDVR","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"MSI Allow User Control Over Install (0: Disabled, 1: Enabled)","Name":"MSIAllowUserControlOverInstall","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"MSI Always Install With Elevated Privileges (0: Disabled, 1: Enabled)","Name":"MSIAlwaysInstallWithElevatedPrivileges","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Configure Microsoft Defender SmartScreen (0: Disabled, 1: Enabled)","Name":"SmartScreenEnabled","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Prevent bypassing Microsoft Defender SmartScreen prompts for sites (0: Disabled, 1: Enabled)","Name":"MicrosoftEdge_SmartScreen_PreventSmartScreenPromptOverride","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Let Apps Activate With Voice Above Lock (0: User in control. Users can decide if Windows apps can be activated by voice while the screen is locked using Settings > Privacy options on the device., 1: Force allow. Windows apps can be activated by voice while the screen is locked, and users cannot change it., 2: Force deny. Windows apps cannot be activated by voice while the screen is locked, and users cannot change it.)","Name":"LetAppsActivateWithVoiceAboveLock","Option":"Write","ValueMap":[0,1,2],"Values":[0,1,2]},{"CIMType":"SInt32","Description":"Allow Indexing Encrypted Stores Or Items (0: Not allowed., 1: Allowed.)","Name":"AllowIndexingEncryptedStoresOrItems","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Enable Smart Screen In Shell (0: Disabled., 1: Enabled.)","Name":"EnableSmartScreenInShell","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Notify Malicious (0: Disabled, 1: Enabled)","Name":"NotifyMalicious","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Notify Password Reuse (0: Disabled, 1: Enabled)","Name":"NotifyPasswordReuse","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Notify Unsafe App (0: Disabled, 1: Enabled)","Name":"NotifyUnsafeApp","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Service Enabled (0: Disabled, 1: Enabled)","Name":"ServiceEnabled","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Prevent Override For Files In Shell (0: Do not prevent override., 1: Prevent override.)","Name":"PreventOverrideForFilesInShell","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Configure Xbox Accessory Management Service Startup Mode (2: Automatic, 3: Manual, 4: Disabled)","Name":"ConfigureXboxAccessoryManagementServiceStartupMode","Option":"Write","ValueMap":[2,3,4],"Values":[2,3,4]},{"CIMType":"SInt32","Description":"Configure Xbox Live Auth Manager Service Startup Mode (2: Automatic, 3: Manual, 4: Disabled)","Name":"ConfigureXboxLiveAuthManagerServiceStartupMode","Option":"Write","ValueMap":[2,3,4],"Values":[2,3,4]},{"CIMType":"SInt32","Description":"Configure Xbox Live Game Save Service Startup Mode (2: Automatic, 3: Manual, 4: Disabled)","Name":"ConfigureXboxLiveGameSaveServiceStartupMode","Option":"Write","ValueMap":[2,3,4],"Values":[2,3,4]},{"CIMType":"SInt32","Description":"Configure Xbox Live Networking Service Startup Mode (2: Automatic, 3: Manual, 4: Disabled)","Name":"ConfigureXboxLiveNetworkingServiceStartupMode","Option":"Write","ValueMap":[2,3,4],"Values":[2,3,4]},{"CIMType":"SInt32","Description":"Enable Xbox Game Save Task (0: Disabled, 1: Enabled)","Name":"EnableXboxGameSaveTask","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"String[]","Description":"Access From Network","Name":"AccessFromNetwork","Option":"Write"},{"CIMType":"String[]","Description":"Allow Local Log On","Name":"AllowLocalLogOn","Option":"Write"},{"CIMType":"String[]","Description":"Backup Files And Directories","Name":"BackupFilesAndDirectories","Option":"Write"},{"CIMType":"String[]","Description":"Create Global Objects","Name":"CreateGlobalObjects","Option":"Write"},{"CIMType":"String[]","Description":"Create Page File","Name":"CreatePageFile","Option":"Write"},{"CIMType":"String[]","Description":"Debug Programs","Name":"DebugPrograms","Option":"Write"},{"CIMType":"String[]","Description":"Deny Access From Network","Name":"DenyAccessFromNetwork","Option":"Write"},{"CIMType":"String[]","Description":"Deny Remote Desktop Services Log On","Name":"DenyRemoteDesktopServicesLogOn","Option":"Write"},{"CIMType":"String[]","Description":"Impersonate Client","Name":"ImpersonateClient","Option":"Write"},{"CIMType":"String[]","Description":"Load Unload Device Drivers","Name":"LoadUnloadDeviceDrivers","Option":"Write"},{"CIMType":"String[]","Description":"Manage Auditing And Security Log","Name":"ManageAuditingAndSecurityLog","Option":"Write"},{"CIMType":"String[]","Description":"Manage Volume","Name":"ManageVolume","Option":"Write"},{"CIMType":"String[]","Description":"Modify Firmware Environment","Name":"ModifyFirmwareEnvironment","Option":"Write"},{"CIMType":"String[]","Description":"Profile Single Process","Name":"ProfileSingleProcess","Option":"Write"},{"CIMType":"String[]","Description":"Remote Shutdown","Name":"RemoteShutdown","Option":"Write"},{"CIMType":"String[]","Description":"Restore Files And Directories","Name":"RestoreFilesAndDirectories","Option":"Write"},{"CIMType":"String[]","Description":"Take Ownership","Name":"TakeOwnership","Option":"Write"},{"CIMType":"SInt32","Description":"Hypervisor Enforced Code Integrity (0: (Disabled) Turns off Hypervisor-Protected Code Integrity remotely if configured previously without UEFI Lock., 1: (Enabled with UEFI lock) Turns on Hypervisor-Protected Code Integrity with UEFI lock., 2: (Enabled without lock) Turns on Hypervisor-Protected Code Integrity without UEFI lock.)","Name":"HypervisorEnforcedCodeIntegrity","Option":"Write","ValueMap":[0,1,2],"Values":[0,1,2]},{"CIMType":"SInt32","Description":"Allow Auto Connect To Wi Fi Sense Hotspots (0: Not allowed., 1: Allowed.)","Name":"AllowAutoConnectToWiFiSenseHotspots","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow Internet Sharing (0: Not allowed., 1: Allowed.)","Name":"AllowInternetSharing","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"String","Description":"Facial Features Use Enhanced Anti Spoofing (false: Disabled, true: Enabled)","Name":"FacialFeaturesUseEnhancedAntiSpoofing","Option":"Write","ValueMap":["false","true"],"Values":["false","true"]},{"CIMType":"SInt32","Description":"Allow Windows Ink Workspace (0: access to ink workspace is disabled. The feature is turned off., 1: ink workspace is enabled (feature is turned on), but the user cannot access it above the lock screen., 2: ink workspace is enabled (feature is turned on), and the user is allowed to use it above the lock screen.)","Name":"AllowWindowsInkWorkspace","Option":"Write","ValueMap":[0,1,2],"Values":[0,1,2]},{"CIMType":"SInt32","Description":"Backup Directory (0: Disabled (password will not be backed up), 1: Backup the password to Azure AD only, 2: Backup the password to Active Directory only)","Name":"BackupDirectory","Option":"Write","ValueMap":[0,1,2],"Values":[0,1,2]},{"CIMType":"SInt32","Description":"AD Encrypted Password History Size - Depends on BackupDirectory","Name":"ADEncryptedPasswordHistorySize","Option":"Write"},{"CIMType":"SInt32","Description":"Password Age Days - Depends on BackupDirectory","Name":"passwordagedays","Option":"Write"},{"CIMType":"String","Description":"AD Password Encryption Enabled - Depends on BackupDirectory (false: Store the password in clear-text form in Active Directory, true: Store the password in encrypted form in Active Directory)","Name":"ADPasswordEncryptionEnabled","Option":"Write","ValueMap":["false","true"],"Values":["false","true"]},{"CIMType":"SInt32","Description":"Password Age Days - Depends on BackupDirectory","Name":"passwordagedays_aad","Option":"Write"},{"CIMType":"String","Description":"AD Password Encryption Principal - Depends on BackupDirectory","Name":"ADPasswordEncryptionPrincipal","Option":"Write"},{"CIMType":"String","Description":"Password Expiration Protection Enabled - Depends on BackupDirectory (false: Allow configured password expiriration timestamp to exceed maximum password age, true: Do not allow configured password expiriration timestamp to exceed maximum password age)","Name":"PasswordExpirationProtectionEnabled","Option":"Write","ValueMap":["false","true"],"Values":["false","true"]},{"CIMType":"SInt32","Description":"Enable Convert Warn To Block (1: Warn verdicts are converted to block, 0: Warn verdicts are not converted to block)","Name":"EnableConvertWarnToBlock","Option":"Write","ValueMap":[1,0],"Values":[1,0]},{"CIMType":"SInt32","Description":"Hide Exclusions From Local Users (1: If you enable this setting, local users will no longer be able to see the exclusion list in Windows Security App or via PowerShell., 0: If you disable or do not configure this setting, local users will be able to see exclusions in the Windows Security App and via PowerShell.)","Name":"HideExclusionsFromLocalUsers","Option":"Write","ValueMap":[1,0],"Values":[1,0]},{"CIMType":"SInt32","Description":"Oobe Enable Rtp And Sig Update (1: If you enable this setting, real-time protection and Security Intelligence Updates are enabled during OOBE., 0: If you either disable or do not configure this setting, real-time protection and Security Intelligence Updates during OOBE is not enabled.)","Name":"OobeEnableRtpAndSigUpdate","Option":"Write","ValueMap":[1,0],"Values":[1,0]},{"CIMType":"SInt32[]","Description":"Passive Remediation (0: Passive Remediation is turned off (default), 1: PASSIVE_REMEDIATION_FLAG_SENSE_AUTO_REMEDIATION: Passive Remediation Sense AutoRemediation, 2: PASSIVE_REMEDIATION_FLAG_RTP_AUDIT: Passive Remediation Realtime Protection Audit, 4: PASSIVE_REMEDIATION_FLAG_RTP_REMEDIATION: Passive Remediation Realtime Protection Remediation)","Name":"PassiveRemediation","Option":"Write","ValueMap":[0,1,2,4],"Values":[0,1,2,4]},{"CIMType":"SInt32","Description":"Quick Scan Include Exclusions (0: If you set this setting to 0 or do not configure it, exclusions are not scanned during quick scans., 1: If you set this setting to 1, all files and directories that are excluded from real-time protection using contextual exclusions are scanned during a quick scan.)","Name":"QuickScanIncludeExclusions","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"PK Init Hash Algorithm Configuration (0: Disabled / Not Configured, 1: Enabled)","Name":"PKInitHashAlgorithmConfiguration","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"PK Init Hash Algorithm SHA256 - Depends on PKInitHashAlgorithmConfiguration (0: Not Supported, 1: Default, 2: Audited, 3: Supported)","Name":"PKInitHashAlgorithmSHA256","Option":"Write","ValueMap":[0,1,2,3],"Values":[0,1,2,3]},{"CIMType":"SInt32","Description":"PK Init Hash Algorithm SHA512 - Depends on PKInitHashAlgorithmConfiguration (0: Not Supported, 1: Default, 2: Audited, 3: Supported)","Name":"PKInitHashAlgorithmSHA512","Option":"Write","ValueMap":[0,1,2,3],"Values":[0,1,2,3]},{"CIMType":"SInt32","Description":"PK Init Hash Algorithm SHA384 - Depends on PKInitHashAlgorithmConfiguration (0: Not Supported, 1: Default, 2: Audited, 3: Supported)","Name":"PKInitHashAlgorithmSHA384","Option":"Write","ValueMap":[0,1,2,3],"Values":[0,1,2,3]},{"CIMType":"SInt32","Description":"PK Init Hash Algorithm SHA1 - Depends on PKInitHashAlgorithmConfiguration (0: Not Supported, 1: Default, 2: Audited, 3: Supported)","Name":"PKInitHashAlgorithmSHA1","Option":"Write","ValueMap":[0,1,2,3],"Values":[0,1,2,3]},{"CIMType":"SInt32","Description":"Enable Sudo (0: Sudo is disabled., 1: Sudo is allowed in 'force new window' mode., 2: Sudo is allowed in 'disable input' mode., 3: Sudo is allowed in 'inline' mode.)","Name":"EnableSudo","Option":"Write","ValueMap":[0,1,2,3],"Values":[0,1,2,3]},{"CIMType":"SInt32","Description":"Machine Identity Isolation (0: (Disabled) Machine password is only LSASS-bound and stored in $MACHINE.ACC registry key., 1: (Enabled in audit mode) Machine password both LSASS-bound and IUM-bound. It is stored in $MACHINE.ACC and $MACHINE.ACC.IUM registry keys., 2: (Enabled in enforcement mode) Machine password is only IUM-bound and stored in $MACHINE.ACC.IUM registry key.)","Name":"MachineIdentityIsolation","Option":"Write","ValueMap":[0,1,2],"Values":[0,1,2]},{"CIMType":"SInt32","Description":"Audit Client Does Not Support Encryption (0: Disabled, 1: Enabled)","Name":"AuditClientDoesNotSupportEncryption","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Audit Client Does Not Support Signing (0: Disabled, 1: Enabled)","Name":"AuditClientDoesNotSupportSigning","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Audit Insecure Guest Logon (0: Disabled, 1: Enabled)","Name":"LanmanServer_AuditInsecureGuestLogon","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Auth Rate Limiter Delay In Ms","Name":"AuthRateLimiterDelayInMs","Option":"Write"},{"CIMType":"SInt32","Description":"Enable Auth Rate Limiter (0: Disabled, 1: Enabled)","Name":"EnableAuthRateLimiter","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Enable Mailslots (0: Disabled, 1: Enabled)","Name":"LanmanServer_EnableMailslots","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Max Smb2 Dialect (514: SMB 2.0.2, 528: SMB 2.1.0, 768: SMB 3.0.0, 770: SMB 3.0.2, 785: SMB 3.1.1)","Name":"LanmanServer_MaxSmb2Dialect","Option":"Write","ValueMap":[514,528,768,770,785],"Values":[514,528,768,770,785]},{"CIMType":"SInt32","Description":"Min Smb2 Dialect (514: SMB 2.0.2, 528: SMB 2.1.0, 768: SMB 3.0.0, 770: SMB 3.0.2, 785: SMB 3.1.1)","Name":"LanmanServer_MinSmb2Dialect","Option":"Write","ValueMap":[514,528,768,770,785],"Values":[514,528,768,770,785]},{"CIMType":"SInt32","Description":"Audit Insecure Guest Logon (0: Disabled, 1: Enabled)","Name":"LanmanWorkstation_AuditInsecureGuestLogon","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Audit Server Does Not Support Encryption (0: Disabled, 1: Enabled)","Name":"AuditServerDoesNotSupportEncryption","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Audit Server Does Not Support Signing (0: Disabled, 1: Enabled)","Name":"AuditServerDoesNotSupportSigning","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Enable Mailslots (0: Disabled, 1: Enabled)","Name":"LanmanWorkstation_EnableMailslots","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Max Smb2 Dialect (514: SMB 2.0.2, 528: SMB 2.1.0, 768: SMB 3.0.0, 770: SMB 3.0.2, 785: SMB 3.1.1)","Name":"LanmanWorkstation_MaxSmb2Dialect","Option":"Write","ValueMap":[514,528,768,770,785],"Values":[514,528,768,770,785]},{"CIMType":"SInt32","Description":"Min Smb2 Dialect (514: SMB 2.0.2, 528: SMB 2.1.0, 768: SMB 3.0.0, 770: SMB 3.0.2, 785: SMB 3.1.1)","Name":"LanmanWorkstation_MinSmb2Dialect","Option":"Write","ValueMap":[514,528,768,770,785],"Values":[514,528,768,770,785]},{"CIMType":"SInt32","Description":"Require Encryption (0: Disabled, 1: Enabled)","Name":"RequireEncryption","Option":"Write","ValueMap":[0,1],"Values":[0,1]}],"Description":"Intune Security Baseline for Windows10"},{"ClassName":"MSFT_MicrosoftGraphIntuneSettingsCatalogUserSettings_IntuneSecurityBaselineWindows10","Parameters":[{"CIMType":"SInt32","Description":"Turn off toast notifications on the lock screen (User) (0: Disabled, 1: Enabled)","Name":"NoLockScreenToastNotification","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Turn on the auto-complete feature for user names and passwords on forms (User) (0: Disabled, 1: Enabled)","Name":"RestrictFormSuggestPW","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Prompt me to save passwords (User) - Depends on RestrictFormSuggestPW (0: False, 1: True)","Name":"ChkBox_PasswordAsk","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow Windows Spotlight (User) (0: Not allowed., 1: Allowed.)","Name":"AllowWindowsSpotlight","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow Windows Tips - Depends on AllowWindowsSpotlight (0: Disabled., 1: Enabled.)","Name":"AllowWindowsTips","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow Tailored Experiences With Diagnostic Data (User) - Depends on AllowWindowsSpotlight (0: Not allowed., 1: Allowed.)","Name":"AllowTailoredExperiencesWithDiagnosticData","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow Windows Spotlight On Action Center (User) - Depends on AllowWindowsSpotlight (0: Not allowed., 1: Allowed.)","Name":"AllowWindowsSpotlightOnActionCenter","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow Windows Consumer Features - Depends on AllowWindowsSpotlight (0: Not allowed., 1: Allowed.)","Name":"AllowWindowsConsumerFeatures","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Configure Windows Spotlight On Lock Screen (User) - Depends on AllowWindowsSpotlight (0: Windows spotlight disabled., 1: Windows spotlight enabled., 2: Windows spotlight is always enabled, the user cannot disable it, 3: Windows spotlight is always enabled, the user cannot disable it. For special configurations only)","Name":"ConfigureWindowsSpotlightOnLockScreen","Option":"Write","ValueMap":[0,1,2,3],"Values":[0,1,2,3]},{"CIMType":"SInt32","Description":"Allow Windows Spotlight Windows Welcome Experience (User) - Depends on AllowWindowsSpotlight (0: Not allowed., 1: Allowed.)","Name":"AllowWindowsSpotlightWindowsWelcomeExperience","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow Third Party Suggestions In Windows Spotlight (User) - Depends on AllowWindowsSpotlight (0: Third-party suggestions not allowed., 1: Third-party suggestions allowed.)","Name":"AllowThirdPartySuggestionsInWindowsSpotlight","Option":"Write","ValueMap":[0,1],"Values":[0,1]}],"Description":"Intune Security Baseline for Windows10"},{"ClassName":"MSFT_IntuneSecurityBaselineWindows10","Parameters":[{"CIMType":"String","Description":"Policy description","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Policy name","Name":"DisplayName","Option":"Key"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphIntuneSettingsCatalogDeviceSettings_IntuneSecurityBaselineWindows10","Description":"The policy settings for the device scope.","Name":"DeviceSettings","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphIntuneSettingsCatalogUserSettings_IntuneSecurityBaselineWindows10","Description":"The policy settings for the user scope.","Name":"UserSettings","Option":"Write"},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Security Baseline for Windows10"},{"ClassName":"MSFT_MicrosoftGraphIntuneSettingsCatalogDeviceSettings_IntuneSecurityBaselineWindows365","Parameters":[{"CIMType":"SInt32","Description":"Prevent enabling lock screen camera (0: Disabled, 1: Enabled)","Name":"CPL_Personalization_NoLockScreenCamera","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Prevent enabling lock screen slide show (0: Disabled, 1: Enabled)","Name":"CPL_Personalization_NoLockScreenSlideshow","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Apply UAC restrictions to local accounts on network logons (0: Disabled, 1: Enabled)","Name":"Pol_SecGuide_0201_LATFP","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Configure SMB v1 client driver (0: Disabled, 1: Enabled)","Name":"Pol_SecGuide_0002_SMBv1_ClientDriver","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Configure MrxSmb10 driver - Depends on Pol_SecGuide_0002_SMBv1_ClientDriver (4: Disable driver (recommended), 3: Manual start (default for Win7/2008/2008R2/2012), 2: Automatic start (default for Win8.1/2012R2/newer))","Name":"Pol_SecGuide_SMB1ClientDriver","Option":"Write","ValueMap":[4,3,2],"Values":[4,3,2]},{"CIMType":"SInt32","Description":"Configure SMB v1 server (0: Disabled, 1: Enabled)","Name":"Pol_SecGuide_0001_SMBv1_Server","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Enable Structured Exception Handling Overwrite Protection (SEHOP) (0: Disabled, 1: Enabled)","Name":"Pol_SecGuide_0102_SEHOP","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"WDigest Authentication (disabling may require KB2871997) (0: Disabled, 1: Enabled)","Name":"Pol_SecGuide_0202_WDigestAuthn","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"MSS: (DisableIPSourceRouting IPv6) IP source routing protection level (protects against packet spoofing) (0: Disabled, 1: Enabled)","Name":"Pol_MSS_DisableIPSourceRoutingIPv6","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"DisableIPSourceRoutingIPv6 (Device) - Depends on Pol_MSS_DisableIPSourceRoutingIPv6 (0: No additional protection, source routed packets are allowed, 1: Medium, source routed packets ignored when IP forwarding is enabled, 2: Highest protection, source routing is completely disabled)","Name":"DisableIPSourceRoutingIPv6","Option":"Write","ValueMap":[0,1,2],"Values":[0,1,2]},{"CIMType":"SInt32","Description":"MSS: (DisableIPSourceRouting) IP source routing protection level (protects against packet spoofing) (0: Disabled, 1: Enabled)","Name":"Pol_MSS_DisableIPSourceRouting","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"DisableIPSourceRouting (Device) - Depends on Pol_MSS_DisableIPSourceRouting (0: No additional protection, source routed packets are allowed, 1: Medium, source routed packets ignored when IP forwarding is enabled, 2: Highest protection, source routing is completely disabled)","Name":"DisableIPSourceRouting","Option":"Write","ValueMap":[0,1,2],"Values":[0,1,2]},{"CIMType":"SInt32","Description":"MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes (0: Disabled, 1: Enabled)","Name":"Pol_MSS_EnableICMPRedirect","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"MSS: (NoNameReleaseOnDemand) Allow the computer to ignore NetBIOS name release requests except from WINS servers (0: Disabled, 1: Enabled)","Name":"Pol_MSS_NoNameReleaseOnDemand","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Turn off multicast name resolution (0: Disabled, 1: Enabled)","Name":"Turn_Off_Multicast","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Prohibit use of Internet Connection Sharing on your DNS domain network (0: Disabled, 1: Enabled)","Name":"NC_ShowSharedAccessUI","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Hardened UNC Paths (0: Disabled, 1: Enabled)","Name":"hardeneduncpaths_Pol_HardenedPaths","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"MSFT_MicrosoftGraphIntuneSettingsCatalogpol_hardenedpaths[]","Description":"Hardened UNC Paths: (Device) - Depends on hardeneduncpaths_Pol_HardenedPaths","Name":"pol_hardenedpaths","Option":"Write"},{"CIMType":"SInt32","Description":"Prohibit connection to non-domain networks when connected to domain authenticated network (0: Disabled, 1: Enabled)","Name":"WCM_BlockNonDomain","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Encryption Oracle Remediation (0: Disabled, 1: Enabled)","Name":"AllowEncryptionOracle","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Protection Level: (Device) - Depends on AllowEncryptionOracle (0: Force Updated Clients, 1: Mitigated, 2: Vulnerable)","Name":"AllowEncryptionOracleDrop","Option":"Write","ValueMap":[0,1,2],"Values":[0,1,2]},{"CIMType":"SInt32","Description":"Remote host allows delegation of non-exportable credentials (0: Disabled, 1: Enabled)","Name":"AllowProtectedCreds","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Prevent installation of devices using drivers that match these device setup classes (0: Disabled, 1: Enabled)","Name":"DeviceInstall_Classes_Deny","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"String[]","Description":"Prevented Classes - Depends on DeviceInstall_Classes_Deny","Name":"DeviceInstall_Classes_Deny_List","Option":"Write"},{"CIMType":"SInt32","Description":"Also apply to matching devices that are already installed. - Depends on DeviceInstall_Classes_Deny (0: False, 1: True)","Name":"DeviceInstall_Classes_Deny_Retroactive","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Boot-Start Driver Initialization Policy (0: Disabled, 1: Enabled)","Name":"POL_DriverLoadPolicy_Name","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Choose the boot-start drivers that can be initialized: - Depends on POL_DriverLoadPolicy_Name (8: Good only, 1: Good and unknown, 3: Good, unknown and bad but critical, 7: All)","Name":"SelectDriverLoadPolicy","Option":"Write","ValueMap":[8,1,3,7],"Values":[8,1,3,7]},{"CIMType":"SInt32","Description":"Configure registry policy processing (0: Disabled, 1: Enabled)","Name":"CSE_Registry","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Do not apply during periodic background processing (Device) - Depends on CSE_Registry (0: False, 1: True)","Name":"CSE_NOBACKGROUND10","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Process even if the Group Policy objects have not changed (Device) - Depends on CSE_Registry (0: False, 1: True)","Name":"CSE_NOCHANGES10","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Turn off downloading of print drivers over HTTP (0: Disabled, 1: Enabled)","Name":"DisableWebPnPDownload_2","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Turn off Internet download for Web publishing and online ordering wizards (0: Disabled, 1: Enabled)","Name":"ShellPreventWPWDownload_2","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Configure Solicited Remote Assistance (0: Disabled, 1: Enabled)","Name":"RA_Solicit","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Maximum ticket time (units): - Depends on RA_Solicit (0: Minutes, 1: Hours, 2: Days)","Name":"RA_Solicit_ExpireUnits_List","Option":"Write","ValueMap":[0,1,2],"Values":[0,1,2]},{"CIMType":"SInt32","Description":"Maximum ticket time (value): - Depends on RA_Solicit","Name":"RA_Solicit_ExpireValue_Edt","Option":"Write"},{"CIMType":"SInt32","Description":"Permit remote control of this computer: - Depends on RA_Solicit (1: Allow helpers to remotely control the computer, 0: Allow helpers to only view the computer)","Name":"RA_Solicit_Control_List","Option":"Write","ValueMap":[1,0],"Values":[1,0]},{"CIMType":"SInt32","Description":"Method for sending email invitations: - Depends on RA_Solicit (0: Simple MAPI, 1: Mailto)","Name":"RA_Solicit_Mailto_List","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Restrict Unauthenticated RPC clients (0: Disabled, 1: Enabled)","Name":"RpcRestrictRemoteClients","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"RPC Runtime Unauthenticated Client Restriction to Apply: - Depends on RpcRestrictRemoteClients (0: None, 1: Authenticated, 2: Authenticated without exceptions)","Name":"RpcRestrictRemoteClientsList","Option":"Write","ValueMap":[0,1,2],"Values":[0,1,2]},{"CIMType":"SInt32","Description":"Allow Microsoft accounts to be optional (0: Disabled, 1: Enabled)","Name":"AppxRuntimeMicrosoftAccountsOptional","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Disallow Autoplay for non-volume devices (0: Disabled, 1: Enabled)","Name":"NoAutoplayfornonVolume","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Set the default behavior for AutoRun (0: Disabled, 1: Enabled)","Name":"NoAutorun","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Default AutoRun Behavior - Depends on NoAutorun (1: Do not execute any autorun commands, 2: Automatically execute autorun commands)","Name":"NoAutorun_Dropdown","Option":"Write","ValueMap":[1,2],"Values":[1,2]},{"CIMType":"SInt32","Description":"Turn off Autoplay (0: Disabled, 1: Enabled)","Name":"Autorun","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Turn off Autoplay on: - Depends on Autorun (181: CD-ROM and removable media drives, 255: All drives)","Name":"Autorun_Box","Option":"Write","ValueMap":[181,255],"Values":[181,255]},{"CIMType":"SInt32","Description":"Enumerate administrator accounts on elevation (0: Disabled, 1: Enabled)","Name":"EnumerateAdministrators","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Specify the maximum log file size (KB) (0: Disabled, 1: Enabled)","Name":"Channel_LogMaxSize_1","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Maximum Log Size (KB) - Depends on Channel_LogMaxSize_1","Name":"Channel_LogMaxSize_1_Channel_LogMaxSize","Option":"Write"},{"CIMType":"SInt32","Description":"Specify the maximum log file size (KB) (0: Disabled, 1: Enabled)","Name":"Channel_LogMaxSize_2","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Maximum Log Size (KB) - Depends on Channel_LogMaxSize_2","Name":"Channel_LogMaxSize_2_Channel_LogMaxSize","Option":"Write"},{"CIMType":"SInt32","Description":"Specify the maximum log file size (KB) (0: Disabled, 1: Enabled)","Name":"Channel_LogMaxSize_4","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Maximum Log Size (KB) - Depends on Channel_LogMaxSize_4","Name":"Channel_LogMaxSize_4_Channel_LogMaxSize","Option":"Write"},{"CIMType":"SInt32","Description":"Configure Windows Defender SmartScreen (0: Disabled, 1: Enabled)","Name":"EnableSmartScreen","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"String","Description":"Pick one of the following settings: (Device) - Depends on EnableSmartScreen (block: Warn and prevent bypass, warn: Warn)","Name":"EnableSmartScreenDropdown","Option":"Write","ValueMap":["block","warn"],"Values":["block","warn"]},{"CIMType":"SInt32","Description":"Turn off Data Execution Prevention for Explorer (0: Disabled, 1: Enabled)","Name":"NoDataExecutionPrevention","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Turn off heap termination on corruption (0: Disabled, 1: Enabled)","Name":"NoHeapTerminationOnCorruption","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow software to run or install even if the signature is invalid (0: Disabled, 1: Enabled)","Name":"Advanced_InvalidSignatureBlock","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Check for server certificate revocation (0: Disabled, 1: Enabled)","Name":"Advanced_CertificateRevocation","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Check for signatures on downloaded programs (0: Disabled, 1: Enabled)","Name":"Advanced_DownloadSignatures","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Do not allow ActiveX controls to run in Protected Mode when Enhanced Protected Mode is enabled (0: Disabled, 1: Enabled)","Name":"Advanced_DisableEPMCompat","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Turn off encryption support (0: Disabled, 1: Enabled)","Name":"Advanced_SetWinInetProtocols","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"String","Description":"Secure Protocol combinations - Depends on Advanced_SetWinInetProtocols (0: Use no secure protocols, 8: Only use SSL 2.0, 32: Only use SSL 3.0, 40: Use SSL 2.0 and SSL 3.0, 128: Only use TLS 1.0, 136: Use SSL 2.0 and TLS 1.0, 160: Use SSL 3.0 and TLS 1.0, 168: Use SSL 2.0, SSL 3.0, and TLS 1.0, 512: Only use TLS 1.1, 520: Use SSL 2.0 and TLS 1.1, 544: Use SSL 3.0 and TLS 1.1, 552: Use SSL 2.0, SSL 3.0, and TLS 1.1, 640: Use TLS 1.0 and TLS 1.1, 648: Use SSL 2.0, TLS 1.0, and TLS 1.1, 672: Use SSL 3.0, TLS 1.0, and TLS 1.1, 680: Use SSL 2.0, SSL 3.0, TLS 1.0, and TLS 1.1, 2048: Only use TLS 1.2, 2056: Use SSL 2.0 and TLS 1.2, 2080: Use SSL 3.0 and TLS 1.2, 2088: Use SSL 2.0, SSL 3.0, and TLS 1.2, 2176: Use TLS 1.0 and TLS 1.2, 2184: Use SSL 2.0, TLS 1.0, and TLS 1.2, 2208: Use SSL 3.0, TLS 1.0, and TLS 1.2, 2216: Use SSL 2.0, SSL 3.0, TLS 1.0, and TLS 1.2, 2560: Use TLS 1.1 and TLS 1.2, 2568: Use SSL 2.0, TLS 1.1, and TLS 1.2, 2592: Use SSL 3.0, TLS 1.1, and TLS 1.2, 2600: Use SSL 2.0, SSL 3.0, TLS 1.1, and TLS 1.2, 2688: Use TLS 1.0, TLS 1.1, and TLS 1.2, 2696: Use SSL 2.0, TLS 1.0, TLS 1.1, and TLS 1.2, 2720: Use SSL 3.0, TLS 1.0, TLS 1.1, and TLS 1.2, 2728: Use SSL 2.0, SSL 3.0, TLS 1.0, TLS 1.1, and TLS 1.2, 8192: Only use TLS 1.3, 10240: Use TLS 1.2 and TLS 1.3, 10752: Use TLS 1.1, TLS 1.2, and TLS 1.3, 10880: Use TLS 1.0, TLS 1.1, TLS 1.2, and TLS 1.3, 10912: Use SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2, and TLS 1.3)","Name":"Advanced_WinInetProtocolOptions","Option":"Write","ValueMap":["0","8","32","40","128","136","160","168","512","520","544","552","640","648","672","680","2048","2056","2080","2088","2176","2184","2208","2216","2560","2568","2592","2600","2688","2696","2720","2728","8192","10240","10752","10880","10912"],"Values":["0","8","32","40","128","136","160","168","512","520","544","552","640","648","672","680","2048","2056","2080","2088","2176","2184","2208","2216","2560","2568","2592","2600","2688","2696","2720","2728","8192","10240","10752","10880","10912"]},{"CIMType":"SInt32","Description":"Turn on 64-bit tab processes when running in Enhanced Protected Mode on 64-bit versions of Windows (0: Disabled, 1: Enabled)","Name":"Advanced_EnableEnhancedProtectedMode64Bit","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Turn on Enhanced Protected Mode (0: Disabled, 1: Enabled)","Name":"Advanced_EnableEnhancedProtectedMode","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Prevent ignoring certificate errors (0: Disabled, 1: Enabled)","Name":"NoCertError","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Access data sources across domains (0: Disabled, 1: Enabled)","Name":"IZ_PolicyAccessDataSourcesAcrossDomains_1","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Access data sources across domains - Depends on IZ_PolicyAccessDataSourcesAcrossDomains_1 (0: Enable, 3: Disable, 1: Prompt)","Name":"IZ_PolicyAccessDataSourcesAcrossDomains_1_IZ_Partname1406","Option":"Write","ValueMap":[0,3,1],"Values":[0,3,1]},{"CIMType":"SInt32","Description":"Allow cut, copy or paste operations from the clipboard via script (0: Disabled, 1: Enabled)","Name":"IZ_PolicyAllowPasteViaScript_1","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow paste operations via script - Depends on IZ_PolicyAllowPasteViaScript_1 (0: Enable, 3: Disable, 1: Prompt)","Name":"IZ_PolicyAllowPasteViaScript_1_IZ_Partname1407","Option":"Write","ValueMap":[0,3,1],"Values":[0,3,1]},{"CIMType":"SInt32","Description":"Allow drag and drop or copy and paste files (0: Disabled, 1: Enabled)","Name":"IZ_PolicyDropOrPasteFiles_1","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow drag and drop or copy and paste files - Depends on IZ_PolicyDropOrPasteFiles_1 (0: Enable, 3: Disable, 1: Prompt)","Name":"IZ_PolicyDropOrPasteFiles_1_IZ_Partname1802","Option":"Write","ValueMap":[0,3,1],"Values":[0,3,1]},{"CIMType":"SInt32","Description":"Allow loading of XAML files (0: Disabled, 1: Enabled)","Name":"IZ_Policy_XAML_1","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"XAML Files - Depends on IZ_Policy_XAML_1 (0: Enable, 3: Disable, 1: Prompt)","Name":"IZ_Policy_XAML_1_IZ_Partname2402","Option":"Write","ValueMap":[0,3,1],"Values":[0,3,1]},{"CIMType":"SInt32","Description":"Allow only approved domains to use ActiveX controls without prompt (0: Disabled, 1: Enabled)","Name":"IZ_PolicyOnlyAllowApprovedDomainsToUseActiveXWithoutPrompt_Both_Internet","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Only allow approved domains to use ActiveX controls without prompt - Depends on IZ_PolicyOnlyAllowApprovedDomainsToUseActiveXWithoutPrompt_Both_Internet (3: Enable, 0: Disable)","Name":"IZ_PolicyOnlyAllowApprovedDomainsToUseActiveXWithoutPrompt_Both_Internet_IZ_Partname120b","Option":"Write","ValueMap":[3,0],"Values":[3,0]},{"CIMType":"SInt32","Description":"Allow only approved domains to use the TDC ActiveX control (0: Disabled, 1: Enabled)","Name":"IZ_PolicyAllowTDCControl_Both_Internet","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Only allow approved domains to use the TDC ActiveX control - Depends on IZ_PolicyAllowTDCControl_Both_Internet (3: Enable, 0: Disable)","Name":"IZ_PolicyAllowTDCControl_Both_Internet_IZ_Partname120c","Option":"Write","ValueMap":[3,0],"Values":[3,0]},{"CIMType":"SInt32","Description":"Allow script-initiated windows without size or position constraints (0: Disabled, 1: Enabled)","Name":"IZ_PolicyWindowsRestrictionsURLaction_1","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow script-initiated windows without size or position constraints - Depends on IZ_PolicyWindowsRestrictionsURLaction_1 (0: Enable, 3: Disable)","Name":"IZ_PolicyWindowsRestrictionsURLaction_1_IZ_Partname2102","Option":"Write","ValueMap":[0,3],"Values":[0,3]},{"CIMType":"SInt32","Description":"Allow scripting of Internet Explorer WebBrowser controls (0: Disabled, 1: Enabled)","Name":"IZ_Policy_WebBrowserControl_1","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Internet Explorer web browser control - Depends on IZ_Policy_WebBrowserControl_1 (0: Enable, 3: Disable)","Name":"IZ_Policy_WebBrowserControl_1_IZ_Partname1206","Option":"Write","ValueMap":[0,3],"Values":[0,3]},{"CIMType":"SInt32","Description":"Allow scriptlets (0: Disabled, 1: Enabled)","Name":"IZ_Policy_AllowScriptlets_1","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Scriptlets - Depends on IZ_Policy_AllowScriptlets_1 (0: Enable, 3: Disable)","Name":"IZ_Policy_AllowScriptlets_1_IZ_Partname1209","Option":"Write","ValueMap":[0,3],"Values":[0,3]},{"CIMType":"SInt32","Description":"Allow updates to status bar via script (0: Disabled, 1: Enabled)","Name":"IZ_Policy_ScriptStatusBar_1","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Status bar updates via script - Depends on IZ_Policy_ScriptStatusBar_1 (0: Enable, 3: Disable)","Name":"IZ_Policy_ScriptStatusBar_1_IZ_Partname2103","Option":"Write","ValueMap":[0,3],"Values":[0,3]},{"CIMType":"SInt32","Description":"Allow VBScript to run in Internet Explorer (0: Disabled, 1: Enabled)","Name":"IZ_PolicyAllowVBScript_1","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow VBScript to run in Internet Explorer - Depends on IZ_PolicyAllowVBScript_1 (0: Enable, 3: Disable, 1: Prompt)","Name":"IZ_PolicyAllowVBScript_1_IZ_Partname140C","Option":"Write","ValueMap":[0,3,1],"Values":[0,3,1]},{"CIMType":"SInt32","Description":"Automatic prompting for file downloads (0: Disabled, 1: Enabled)","Name":"IZ_PolicyNotificationBarDownloadURLaction_1","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Automatic prompting for file downloads - Depends on IZ_PolicyNotificationBarDownloadURLaction_1 (0: Enable, 3: Disable)","Name":"IZ_PolicyNotificationBarDownloadURLaction_1_IZ_Partname2200","Option":"Write","ValueMap":[0,3],"Values":[0,3]},{"CIMType":"SInt32","Description":"Don't run antimalware programs against ActiveX controls (0: Disabled, 1: Enabled)","Name":"IZ_PolicyAntiMalwareCheckingOfActiveXControls_1","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Don't run antimalware programs against ActiveX controls - Depends on IZ_PolicyAntiMalwareCheckingOfActiveXControls_1 (3: Enable, 0: Disable)","Name":"IZ_PolicyAntiMalwareCheckingOfActiveXControls_1_IZ_Partname270C","Option":"Write","ValueMap":[3,0],"Values":[3,0]},{"CIMType":"SInt32","Description":"Download signed ActiveX controls (0: Disabled, 1: Enabled)","Name":"IZ_PolicyDownloadSignedActiveX_1","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Download signed ActiveX controls - Depends on IZ_PolicyDownloadSignedActiveX_1 (0: Enable, 3: Disable, 1: Prompt)","Name":"IZ_PolicyDownloadSignedActiveX_1_IZ_Partname1001","Option":"Write","ValueMap":[0,3,1],"Values":[0,3,1]},{"CIMType":"SInt32","Description":"Download unsigned ActiveX controls (0: Disabled, 1: Enabled)","Name":"IZ_PolicyDownloadUnsignedActiveX_1","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Download unsigned ActiveX controls - Depends on IZ_PolicyDownloadUnsignedActiveX_1 (0: Enable, 3: Disable, 1: Prompt)","Name":"IZ_PolicyDownloadUnsignedActiveX_1_IZ_Partname1004","Option":"Write","ValueMap":[0,3,1],"Values":[0,3,1]},{"CIMType":"SInt32","Description":"Enable dragging of content from different domains across windows (0: Disabled, 1: Enabled)","Name":"IZ_PolicyDragDropAcrossDomainsAcrossWindows_Both_Internet","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Enable dragging of content from different domains across windows - Depends on IZ_PolicyDragDropAcrossDomainsAcrossWindows_Both_Internet (0: Enable, 3: Disable)","Name":"IZ_PolicyDragDropAcrossDomainsAcrossWindows_Both_Internet_IZ_Partname2709","Option":"Write","ValueMap":[0,3],"Values":[0,3]},{"CIMType":"SInt32","Description":"Enable dragging of content from different domains within a window (0: Disabled, 1: Enabled)","Name":"IZ_PolicyDragDropAcrossDomainsWithinWindow_Both_Internet","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Enable dragging of content from different domains within a window - Depends on IZ_PolicyDragDropAcrossDomainsWithinWindow_Both_Internet (0: Enable, 3: Disable)","Name":"IZ_PolicyDragDropAcrossDomainsWithinWindow_Both_Internet_IZ_Partname2708","Option":"Write","ValueMap":[0,3],"Values":[0,3]},{"CIMType":"SInt32","Description":"Include local path when user is uploading files to a server (0: Disabled, 1: Enabled)","Name":"IZ_Policy_LocalPathForUpload_1","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Include local directory path when uploading files to a server - Depends on IZ_Policy_LocalPathForUpload_1 (0: Enable, 3: Disable)","Name":"IZ_Policy_LocalPathForUpload_1_IZ_Partname160A","Option":"Write","ValueMap":[0,3],"Values":[0,3]},{"CIMType":"SInt32","Description":"Initialize and script ActiveX controls not marked as safe (0: Disabled, 1: Enabled)","Name":"IZ_PolicyScriptActiveXNotMarkedSafe_1","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Initialize and script ActiveX controls not marked as safe - Depends on IZ_PolicyScriptActiveXNotMarkedSafe_1 (0: Enable, 3: Disable, 1: Prompt)","Name":"IZ_PolicyScriptActiveXNotMarkedSafe_1_IZ_Partname1201","Option":"Write","ValueMap":[0,3,1],"Values":[0,3,1]},{"CIMType":"SInt32","Description":"Java permissions (0: Disabled, 1: Enabled)","Name":"IZ_PolicyJavaPermissions_1","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"String","Description":"Java permissions - Depends on IZ_PolicyJavaPermissions_1 (65536: High safety, 131072: Medium safety, 196608: Low safety, 8388608: Custom, 0: Disable Java)","Name":"IZ_PolicyJavaPermissions_1_IZ_Partname1C00","Option":"Write","ValueMap":["65536","131072","196608","8388608","0"],"Values":["65536","131072","196608","8388608","0"]},{"CIMType":"SInt32","Description":"Launching applications and files in an IFRAME (0: Disabled, 1: Enabled)","Name":"IZ_PolicyLaunchAppsAndFilesInIFRAME_1","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Launching applications and files in an IFRAME - Depends on IZ_PolicyLaunchAppsAndFilesInIFRAME_1 (0: Enable, 3: Disable, 1: Prompt)","Name":"IZ_PolicyLaunchAppsAndFilesInIFRAME_1_IZ_Partname1804","Option":"Write","ValueMap":[0,3,1],"Values":[0,3,1]},{"CIMType":"SInt32","Description":"Logon options (0: Disabled, 1: Enabled)","Name":"IZ_PolicyLogon_1","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Logon options - Depends on IZ_PolicyLogon_1 (196608: Anonymous logon, 131072: Automatic logon only in Intranet zone, 0: Automatic logon with current username and password, 65536: Prompt for user name and password)","Name":"IZ_PolicyLogon_1_IZ_Partname1A00","Option":"Write","ValueMap":[196608,131072,0,65536],"Values":[196608,131072,0,65536]},{"CIMType":"SInt32","Description":"Navigate windows and frames across different domains (0: Disabled, 1: Enabled)","Name":"IZ_PolicyNavigateSubframesAcrossDomains_1","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Navigate windows and frames across different domains - Depends on IZ_PolicyNavigateSubframesAcrossDomains_1 (0: Enable, 3: Disable, 1: Prompt)","Name":"IZ_PolicyNavigateSubframesAcrossDomains_1_IZ_Partname1607","Option":"Write","ValueMap":[0,3,1],"Values":[0,3,1]},{"CIMType":"SInt32","Description":"Run .NET Framework-reliant components not signed with Authenticode (0: Disabled, 1: Enabled)","Name":"IZ_PolicyUnsignedFrameworkComponentsURLaction_1","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Run .NET Framework-reliant components not signed with Authenticode - Depends on IZ_PolicyUnsignedFrameworkComponentsURLaction_1 (0: Enable, 3: Disable, 1: Prompt)","Name":"IZ_PolicyUnsignedFrameworkComponentsURLaction_1_IZ_Partname2004","Option":"Write","ValueMap":[0,3,1],"Values":[0,3,1]},{"CIMType":"SInt32","Description":"Run .NET Framework-reliant components signed with Authenticode (0: Disabled, 1: Enabled)","Name":"IZ_PolicySignedFrameworkComponentsURLaction_1","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Run .NET Framework-reliant components signed with Authenticode - Depends on IZ_PolicySignedFrameworkComponentsURLaction_1 (0: Enable, 3: Disable, 1: Prompt)","Name":"IZ_PolicySignedFrameworkComponentsURLaction_1_IZ_Partname2001","Option":"Write","ValueMap":[0,3,1],"Values":[0,3,1]},{"CIMType":"SInt32","Description":"Show security warning for potentially unsafe files (0: Disabled, 1: Enabled)","Name":"IZ_Policy_UnsafeFiles_1","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Launching programs and unsafe files - Depends on IZ_Policy_UnsafeFiles_1 (0: Enable, 3: Disable, 1: Prompt)","Name":"IZ_Policy_UnsafeFiles_1_IZ_Partname1806","Option":"Write","ValueMap":[0,3,1],"Values":[0,3,1]},{"CIMType":"SInt32","Description":"Turn on Cross-Site Scripting Filter (0: Disabled, 1: Enabled)","Name":"IZ_PolicyTurnOnXSSFilter_Both_Internet","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Turn on Cross-Site Scripting (XSS) Filter - Depends on IZ_PolicyTurnOnXSSFilter_Both_Internet (0: Enable, 3: Disable)","Name":"IZ_PolicyTurnOnXSSFilter_Both_Internet_IZ_Partname1409","Option":"Write","ValueMap":[0,3],"Values":[0,3]},{"CIMType":"SInt32","Description":"Turn on Protected Mode (0: Disabled, 1: Enabled)","Name":"IZ_Policy_TurnOnProtectedMode_1","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Protected Mode - Depends on IZ_Policy_TurnOnProtectedMode_1 (0: Enable, 3: Disable)","Name":"IZ_Policy_TurnOnProtectedMode_1_IZ_Partname2500","Option":"Write","ValueMap":[0,3],"Values":[0,3]},{"CIMType":"SInt32","Description":"Turn on SmartScreen Filter scan (0: Disabled, 1: Enabled)","Name":"IZ_Policy_Phishing_1","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Use SmartScreen Filter - Depends on IZ_Policy_Phishing_1 (0: Enable, 3: Disable)","Name":"IZ_Policy_Phishing_1_IZ_Partname2301","Option":"Write","ValueMap":[0,3],"Values":[0,3]},{"CIMType":"SInt32","Description":"Use Pop-up Blocker (0: Disabled, 1: Enabled)","Name":"IZ_PolicyBlockPopupWindows_1","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Use Pop-up Blocker - Depends on IZ_PolicyBlockPopupWindows_1 (0: Enable, 3: Disable)","Name":"IZ_PolicyBlockPopupWindows_1_IZ_Partname1809","Option":"Write","ValueMap":[0,3],"Values":[0,3]},{"CIMType":"SInt32","Description":"Userdata persistence (0: Disabled, 1: Enabled)","Name":"IZ_PolicyUserdataPersistence_1","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Userdata persistence - Depends on IZ_PolicyUserdataPersistence_1 (0: Enable, 3: Disable)","Name":"IZ_PolicyUserdataPersistence_1_IZ_Partname1606","Option":"Write","ValueMap":[0,3],"Values":[0,3]},{"CIMType":"SInt32","Description":"Web sites in less privileged Web content zones can navigate into this zone (0: Disabled, 1: Enabled)","Name":"IZ_PolicyZoneElevationURLaction_1","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Web sites in less privileged Web content zones can navigate into this zone - Depends on IZ_PolicyZoneElevationURLaction_1 (0: Enable, 3: Disable, 1: Prompt)","Name":"IZ_PolicyZoneElevationURLaction_1_IZ_Partname2101","Option":"Write","ValueMap":[0,3,1],"Values":[0,3,1]},{"CIMType":"SInt32","Description":"Intranet Sites: Include all network paths (UNCs) (0: Disabled, 1: Enabled)","Name":"IZ_UNCAsIntranet","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Don't run antimalware programs against ActiveX controls (0: Disabled, 1: Enabled)","Name":"IZ_PolicyAntiMalwareCheckingOfActiveXControls_3","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Don't run antimalware programs against ActiveX controls - Depends on IZ_PolicyAntiMalwareCheckingOfActiveXControls_3 (3: Enable, 0: Disable)","Name":"IZ_PolicyAntiMalwareCheckingOfActiveXControls_3_IZ_Partname270C","Option":"Write","ValueMap":[3,0],"Values":[3,0]},{"CIMType":"SInt32","Description":"Initialize and script ActiveX controls not marked as safe (0: Disabled, 1: Enabled)","Name":"IZ_PolicyScriptActiveXNotMarkedSafe_3","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Initialize and script ActiveX controls not marked as safe - Depends on IZ_PolicyScriptActiveXNotMarkedSafe_3 (0: Enable, 3: Disable, 1: Prompt)","Name":"IZ_PolicyScriptActiveXNotMarkedSafe_3_IZ_Partname1201","Option":"Write","ValueMap":[0,3,1],"Values":[0,3,1]},{"CIMType":"SInt32","Description":"Java permissions (0: Disabled, 1: Enabled)","Name":"IZ_PolicyJavaPermissions_3","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"String","Description":"Java permissions - Depends on IZ_PolicyJavaPermissions_3 (65536: High safety, 131072: Medium safety, 196608: Low safety, 8388608: Custom, 0: Disable Java)","Name":"IZ_PolicyJavaPermissions_3_IZ_Partname1C00","Option":"Write","ValueMap":["65536","131072","196608","8388608","0"],"Values":["65536","131072","196608","8388608","0"]},{"CIMType":"SInt32","Description":"Don't run antimalware programs against ActiveX controls (0: Disabled, 1: Enabled)","Name":"IZ_PolicyAntiMalwareCheckingOfActiveXControls_9","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Don't run antimalware programs against ActiveX controls - Depends on IZ_PolicyAntiMalwareCheckingOfActiveXControls_9 (3: Enable, 0: Disable)","Name":"IZ_PolicyAntiMalwareCheckingOfActiveXControls_9_IZ_Partname270C","Option":"Write","ValueMap":[3,0],"Values":[3,0]},{"CIMType":"SInt32","Description":"Java permissions (0: Disabled, 1: Enabled)","Name":"IZ_PolicyJavaPermissions_9","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"String","Description":"Java permissions - Depends on IZ_PolicyJavaPermissions_9 (65536: High safety, 131072: Medium safety, 196608: Low safety, 8388608: Custom, 0: Disable Java)","Name":"IZ_PolicyJavaPermissions_9_IZ_Partname1C00","Option":"Write","ValueMap":["65536","131072","196608","8388608","0"],"Values":["65536","131072","196608","8388608","0"]},{"CIMType":"SInt32","Description":"Turn on SmartScreen Filter scan (0: Disabled, 1: Enabled)","Name":"IZ_Policy_Phishing_2","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Use SmartScreen Filter - Depends on IZ_Policy_Phishing_2 (0: Enable, 3: Disable)","Name":"IZ_Policy_Phishing_2_IZ_Partname2301","Option":"Write","ValueMap":[0,3],"Values":[0,3]},{"CIMType":"SInt32","Description":"Java permissions (0: Disabled, 1: Enabled)","Name":"IZ_PolicyJavaPermissions_4","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"String","Description":"Java permissions - Depends on IZ_PolicyJavaPermissions_4 (65536: High safety, 131072: Medium safety, 196608: Low safety, 8388608: Custom, 0: Disable Java)","Name":"IZ_PolicyJavaPermissions_4_IZ_Partname1C00","Option":"Write","ValueMap":["65536","131072","196608","8388608","0"],"Values":["65536","131072","196608","8388608","0"]},{"CIMType":"SInt32","Description":"Java permissions (0: Disabled, 1: Enabled)","Name":"IZ_PolicyJavaPermissions_10","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"String","Description":"Java permissions - Depends on IZ_PolicyJavaPermissions_10 (65536: High safety, 131072: Medium safety, 196608: Low safety, 8388608: Custom, 0: Disable Java)","Name":"IZ_PolicyJavaPermissions_10_IZ_Partname1C00","Option":"Write","ValueMap":["65536","131072","196608","8388608","0"],"Values":["65536","131072","196608","8388608","0"]},{"CIMType":"SInt32","Description":"Java permissions (0: Disabled, 1: Enabled)","Name":"IZ_PolicyJavaPermissions_8","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"String","Description":"Java permissions - Depends on IZ_PolicyJavaPermissions_8 (65536: High safety, 131072: Medium safety, 196608: Low safety, 8388608: Custom, 0: Disable Java)","Name":"IZ_PolicyJavaPermissions_8_IZ_Partname1C00","Option":"Write","ValueMap":["65536","131072","196608","8388608","0"],"Values":["65536","131072","196608","8388608","0"]},{"CIMType":"SInt32","Description":"Turn on SmartScreen Filter scan (0: Disabled, 1: Enabled)","Name":"IZ_Policy_Phishing_8","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Use SmartScreen Filter - Depends on IZ_Policy_Phishing_8 (0: Enable, 3: Disable)","Name":"IZ_Policy_Phishing_8_IZ_Partname2301","Option":"Write","ValueMap":[0,3],"Values":[0,3]},{"CIMType":"SInt32","Description":"Java permissions (0: Disabled, 1: Enabled)","Name":"IZ_PolicyJavaPermissions_6","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"String","Description":"Java permissions - Depends on IZ_PolicyJavaPermissions_6 (65536: High safety, 131072: Medium safety, 196608: Low safety, 8388608: Custom, 0: Disable Java)","Name":"IZ_PolicyJavaPermissions_6_IZ_Partname1C00","Option":"Write","ValueMap":["65536","131072","196608","8388608","0"],"Values":["65536","131072","196608","8388608","0"]},{"CIMType":"SInt32","Description":"Access data sources across domains (0: Disabled, 1: Enabled)","Name":"IZ_PolicyAccessDataSourcesAcrossDomains_7","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Access data sources across domains - Depends on IZ_PolicyAccessDataSourcesAcrossDomains_7 (0: Enable, 3: Disable, 1: Prompt)","Name":"IZ_PolicyAccessDataSourcesAcrossDomains_7_IZ_Partname1406","Option":"Write","ValueMap":[0,3,1],"Values":[0,3,1]},{"CIMType":"SInt32","Description":"Allow active scripting (0: Disabled, 1: Enabled)","Name":"IZ_PolicyActiveScripting_7","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow active scripting - Depends on IZ_PolicyActiveScripting_7 (0: Enable, 3: Disable, 1: Prompt)","Name":"IZ_Partname1400","Option":"Write","ValueMap":[0,3,1],"Values":[0,3,1]},{"CIMType":"SInt32","Description":"Allow binary and script behaviors (0: Disabled, 1: Enabled)","Name":"IZ_PolicyBinaryBehaviors_7","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow Binary and Script Behaviors - Depends on IZ_PolicyBinaryBehaviors_7 (0: Enable, 65536: Administrator approved, 3: Disable)","Name":"IZ_Partname2000","Option":"Write","ValueMap":[0,65536,3],"Values":[0,65536,3]},{"CIMType":"SInt32","Description":"Allow cut, copy or paste operations from the clipboard via script (0: Disabled, 1: Enabled)","Name":"IZ_PolicyAllowPasteViaScript_7","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow paste operations via script - Depends on IZ_PolicyAllowPasteViaScript_7 (0: Enable, 3: Disable, 1: Prompt)","Name":"IZ_PolicyAllowPasteViaScript_7_IZ_Partname1407","Option":"Write","ValueMap":[0,3,1],"Values":[0,3,1]},{"CIMType":"SInt32","Description":"Allow drag and drop or copy and paste files (0: Disabled, 1: Enabled)","Name":"IZ_PolicyDropOrPasteFiles_7","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow drag and drop or copy and paste files - Depends on IZ_PolicyDropOrPasteFiles_7 (0: Enable, 3: Disable, 1: Prompt)","Name":"IZ_PolicyDropOrPasteFiles_7_IZ_Partname1802","Option":"Write","ValueMap":[0,3,1],"Values":[0,3,1]},{"CIMType":"SInt32","Description":"Allow file downloads (0: Disabled, 1: Enabled)","Name":"IZ_PolicyFileDownload_7","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow file downloads - Depends on IZ_PolicyFileDownload_7 (0: Enable, 3: Disable)","Name":"IZ_Partname1803","Option":"Write","ValueMap":[0,3],"Values":[0,3]},{"CIMType":"SInt32","Description":"Allow loading of XAML files (0: Disabled, 1: Enabled)","Name":"IZ_Policy_XAML_7","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"XAML Files - Depends on IZ_Policy_XAML_7 (0: Enable, 3: Disable, 1: Prompt)","Name":"IZ_Policy_XAML_7_IZ_Partname2402","Option":"Write","ValueMap":[0,3,1],"Values":[0,3,1]},{"CIMType":"SInt32","Description":"Allow META REFRESH (0: Disabled, 1: Enabled)","Name":"IZ_PolicyAllowMETAREFRESH_7","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow META REFRESH - Depends on IZ_PolicyAllowMETAREFRESH_7 (0: Enable, 3: Disable)","Name":"IZ_Partname1608","Option":"Write","ValueMap":[0,3],"Values":[0,3]},{"CIMType":"SInt32","Description":"Allow only approved domains to use ActiveX controls without prompt (0: Disabled, 1: Enabled)","Name":"IZ_PolicyOnlyAllowApprovedDomainsToUseActiveXWithoutPrompt_Both_Restricted","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Only allow approved domains to use ActiveX controls without prompt - Depends on IZ_PolicyOnlyAllowApprovedDomainsToUseActiveXWithoutPrompt_Both_Restricted (3: Enable, 0: Disable)","Name":"IZ_PolicyOnlyAllowApprovedDomainsToUseActiveXWithoutPrompt_Both_Restricted_IZ_Partname120b","Option":"Write","ValueMap":[3,0],"Values":[3,0]},{"CIMType":"SInt32","Description":"Allow only approved domains to use the TDC ActiveX control (0: Disabled, 1: Enabled)","Name":"IZ_PolicyAllowTDCControl_Both_Restricted","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Only allow approved domains to use the TDC ActiveX control - Depends on IZ_PolicyAllowTDCControl_Both_Restricted (3: Enable, 0: Disable)","Name":"IZ_PolicyAllowTDCControl_Both_Restricted_IZ_Partname120c","Option":"Write","ValueMap":[3,0],"Values":[3,0]},{"CIMType":"SInt32","Description":"Allow script-initiated windows without size or position constraints (0: Disabled, 1: Enabled)","Name":"IZ_PolicyWindowsRestrictionsURLaction_7","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow script-initiated windows without size or position constraints - Depends on IZ_PolicyWindowsRestrictionsURLaction_7 (0: Enable, 3: Disable)","Name":"IZ_PolicyWindowsRestrictionsURLaction_7_IZ_Partname2102","Option":"Write","ValueMap":[0,3],"Values":[0,3]},{"CIMType":"SInt32","Description":"Allow scripting of Internet Explorer WebBrowser controls (0: Disabled, 1: Enabled)","Name":"IZ_Policy_WebBrowserControl_7","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Internet Explorer web browser control - Depends on IZ_Policy_WebBrowserControl_7 (0: Enable, 3: Disable)","Name":"IZ_Policy_WebBrowserControl_7_IZ_Partname1206","Option":"Write","ValueMap":[0,3],"Values":[0,3]},{"CIMType":"SInt32","Description":"Allow scriptlets (0: Disabled, 1: Enabled)","Name":"IZ_Policy_AllowScriptlets_7","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Scriptlets - Depends on IZ_Policy_AllowScriptlets_7 (0: Enable, 3: Disable)","Name":"IZ_Policy_AllowScriptlets_7_IZ_Partname1209","Option":"Write","ValueMap":[0,3],"Values":[0,3]},{"CIMType":"SInt32","Description":"Allow updates to status bar via script (0: Disabled, 1: Enabled)","Name":"IZ_Policy_ScriptStatusBar_7","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Status bar updates via script - Depends on IZ_Policy_ScriptStatusBar_7 (0: Enable, 3: Disable)","Name":"IZ_Policy_ScriptStatusBar_7_IZ_Partname2103","Option":"Write","ValueMap":[0,3],"Values":[0,3]},{"CIMType":"SInt32","Description":"Allow VBScript to run in Internet Explorer (0: Disabled, 1: Enabled)","Name":"IZ_PolicyAllowVBScript_7","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow VBScript to run in Internet Explorer - Depends on IZ_PolicyAllowVBScript_7 (0: Enable, 3: Disable, 1: Prompt)","Name":"IZ_PolicyAllowVBScript_7_IZ_Partname140C","Option":"Write","ValueMap":[0,3,1],"Values":[0,3,1]},{"CIMType":"SInt32","Description":"Automatic prompting for file downloads (0: Disabled, 1: Enabled)","Name":"IZ_PolicyNotificationBarDownloadURLaction_7","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Automatic prompting for file downloads - Depends on IZ_PolicyNotificationBarDownloadURLaction_7 (0: Enable, 3: Disable)","Name":"IZ_PolicyNotificationBarDownloadURLaction_7_IZ_Partname2200","Option":"Write","ValueMap":[0,3],"Values":[0,3]},{"CIMType":"SInt32","Description":"Don't run antimalware programs against ActiveX controls (0: Disabled, 1: Enabled)","Name":"IZ_PolicyAntiMalwareCheckingOfActiveXControls_7","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Don't run antimalware programs against ActiveX controls - Depends on IZ_PolicyAntiMalwareCheckingOfActiveXControls_7 (3: Enable, 0: Disable)","Name":"IZ_PolicyAntiMalwareCheckingOfActiveXControls_7_IZ_Partname270C","Option":"Write","ValueMap":[3,0],"Values":[3,0]},{"CIMType":"SInt32","Description":"Download signed ActiveX controls (0: Disabled, 1: Enabled)","Name":"IZ_PolicyDownloadSignedActiveX_7","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Download signed ActiveX controls - Depends on IZ_PolicyDownloadSignedActiveX_7 (0: Enable, 3: Disable, 1: Prompt)","Name":"IZ_PolicyDownloadSignedActiveX_7_IZ_Partname1001","Option":"Write","ValueMap":[0,3,1],"Values":[0,3,1]},{"CIMType":"SInt32","Description":"Download unsigned ActiveX controls (0: Disabled, 1: Enabled)","Name":"IZ_PolicyDownloadUnsignedActiveX_7","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Download unsigned ActiveX controls - Depends on IZ_PolicyDownloadUnsignedActiveX_7 (0: Enable, 3: Disable, 1: Prompt)","Name":"IZ_PolicyDownloadUnsignedActiveX_7_IZ_Partname1004","Option":"Write","ValueMap":[0,3,1],"Values":[0,3,1]},{"CIMType":"SInt32","Description":"Enable dragging of content from different domains across windows (0: Disabled, 1: Enabled)","Name":"IZ_PolicyDragDropAcrossDomainsAcrossWindows_Both_Restricted","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Enable dragging of content from different domains across windows - Depends on IZ_PolicyDragDropAcrossDomainsAcrossWindows_Both_Restricted (0: Enable, 3: Disable)","Name":"IZ_PolicyDragDropAcrossDomainsAcrossWindows_Both_Restricted_IZ_Partname2709","Option":"Write","ValueMap":[0,3],"Values":[0,3]},{"CIMType":"SInt32","Description":"Enable dragging of content from different domains within a window (0: Disabled, 1: Enabled)","Name":"IZ_PolicyDragDropAcrossDomainsWithinWindow_Both_Restricted","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Enable dragging of content from different domains within a window - Depends on IZ_PolicyDragDropAcrossDomainsWithinWindow_Both_Restricted (0: Enable, 3: Disable)","Name":"IZ_PolicyDragDropAcrossDomainsWithinWindow_Both_Restricted_IZ_Partname2708","Option":"Write","ValueMap":[0,3],"Values":[0,3]},{"CIMType":"SInt32","Description":"Include local path when user is uploading files to a server (0: Disabled, 1: Enabled)","Name":"IZ_Policy_LocalPathForUpload_7","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Include local directory path when uploading files to a server - Depends on IZ_Policy_LocalPathForUpload_7 (0: Enable, 3: Disable)","Name":"IZ_Policy_LocalPathForUpload_7_IZ_Partname160A","Option":"Write","ValueMap":[0,3],"Values":[0,3]},{"CIMType":"SInt32","Description":"Initialize and script ActiveX controls not marked as safe (0: Disabled, 1: Enabled)","Name":"IZ_PolicyScriptActiveXNotMarkedSafe_7","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Initialize and script ActiveX controls not marked as safe - Depends on IZ_PolicyScriptActiveXNotMarkedSafe_7 (0: Enable, 3: Disable, 1: Prompt)","Name":"IZ_PolicyScriptActiveXNotMarkedSafe_7_IZ_Partname1201","Option":"Write","ValueMap":[0,3,1],"Values":[0,3,1]},{"CIMType":"SInt32","Description":"Java permissions (0: Disabled, 1: Enabled)","Name":"IZ_PolicyJavaPermissions_7","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"String","Description":"Java permissions - Depends on IZ_PolicyJavaPermissions_7 (65536: High safety, 131072: Medium safety, 196608: Low safety, 8388608: Custom, 0: Disable Java)","Name":"IZ_PolicyJavaPermissions_7_IZ_Partname1C00","Option":"Write","ValueMap":["65536","131072","196608","8388608","0"],"Values":["65536","131072","196608","8388608","0"]},{"CIMType":"SInt32","Description":"Launching applications and files in an IFRAME (0: Disabled, 1: Enabled)","Name":"IZ_PolicyLaunchAppsAndFilesInIFRAME_7","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Launching applications and files in an IFRAME - Depends on IZ_PolicyLaunchAppsAndFilesInIFRAME_7 (0: Enable, 3: Disable, 1: Prompt)","Name":"IZ_PolicyLaunchAppsAndFilesInIFRAME_7_IZ_Partname1804","Option":"Write","ValueMap":[0,3,1],"Values":[0,3,1]},{"CIMType":"SInt32","Description":"Logon options (0: Disabled, 1: Enabled)","Name":"IZ_PolicyLogon_7","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Logon options - Depends on IZ_PolicyLogon_7 (196608: Anonymous logon, 131072: Automatic logon only in Intranet zone, 0: Automatic logon with current username and password, 65536: Prompt for user name and password)","Name":"IZ_PolicyLogon_7_IZ_Partname1A00","Option":"Write","ValueMap":[196608,131072,0,65536],"Values":[196608,131072,0,65536]},{"CIMType":"SInt32","Description":"Navigate windows and frames across different domains (0: Disabled, 1: Enabled)","Name":"IZ_PolicyNavigateSubframesAcrossDomains_7","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Navigate windows and frames across different domains - Depends on IZ_PolicyNavigateSubframesAcrossDomains_7 (0: Enable, 3: Disable, 1: Prompt)","Name":"IZ_PolicyNavigateSubframesAcrossDomains_7_IZ_Partname1607","Option":"Write","ValueMap":[0,3,1],"Values":[0,3,1]},{"CIMType":"SInt32","Description":"Run .NET Framework-reliant components not signed with Authenticode (0: Disabled, 1: Enabled)","Name":"IZ_PolicyUnsignedFrameworkComponentsURLaction_7","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Run .NET Framework-reliant components not signed with Authenticode - Depends on IZ_PolicyUnsignedFrameworkComponentsURLaction_7 (0: Enable, 3: Disable, 1: Prompt)","Name":"IZ_PolicyUnsignedFrameworkComponentsURLaction_7_IZ_Partname2004","Option":"Write","ValueMap":[0,3,1],"Values":[0,3,1]},{"CIMType":"SInt32","Description":"Run .NET Framework-reliant components signed with Authenticode (0: Disabled, 1: Enabled)","Name":"IZ_PolicySignedFrameworkComponentsURLaction_7","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Run .NET Framework-reliant components signed with Authenticode - Depends on IZ_PolicySignedFrameworkComponentsURLaction_7 (0: Enable, 3: Disable, 1: Prompt)","Name":"IZ_PolicySignedFrameworkComponentsURLaction_7_IZ_Partname2001","Option":"Write","ValueMap":[0,3,1],"Values":[0,3,1]},{"CIMType":"SInt32","Description":"Run ActiveX controls and plugins (0: Disabled, 1: Enabled)","Name":"IZ_PolicyRunActiveXControls_7","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Run ActiveX controls and plugins - Depends on IZ_PolicyRunActiveXControls_7 (65536: Administrator approved, 0: Enable, 3: Disable, 1: Prompt)","Name":"IZ_Partname1200","Option":"Write","ValueMap":[65536,0,3,1],"Values":[65536,0,3,1]},{"CIMType":"SInt32","Description":"Script ActiveX controls marked safe for scripting (0: Disabled, 1: Enabled)","Name":"IZ_PolicyScriptActiveXMarkedSafe_7","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Script ActiveX controls marked safe for scripting - Depends on IZ_PolicyScriptActiveXMarkedSafe_7 (0: Enable, 3: Disable, 1: Prompt)","Name":"IZ_Partname1405","Option":"Write","ValueMap":[0,3,1],"Values":[0,3,1]},{"CIMType":"SInt32","Description":"Scripting of Java applets (0: Disabled, 1: Enabled)","Name":"IZ_PolicyScriptingOfJavaApplets_7","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Scripting of Java applets - Depends on IZ_PolicyScriptingOfJavaApplets_7 (0: Enable, 3: Disable, 1: Prompt)","Name":"IZ_Partname1402","Option":"Write","ValueMap":[0,3,1],"Values":[0,3,1]},{"CIMType":"SInt32","Description":"Show security warning for potentially unsafe files (0: Disabled, 1: Enabled)","Name":"IZ_Policy_UnsafeFiles_7","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Launching programs and unsafe files - Depends on IZ_Policy_UnsafeFiles_7 (0: Enable, 3: Disable, 1: Prompt)","Name":"IZ_Policy_UnsafeFiles_7_IZ_Partname1806","Option":"Write","ValueMap":[0,3,1],"Values":[0,3,1]},{"CIMType":"SInt32","Description":"Turn on Cross-Site Scripting Filter (0: Disabled, 1: Enabled)","Name":"IZ_PolicyTurnOnXSSFilter_Both_Restricted","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Turn on Cross-Site Scripting (XSS) Filter - Depends on IZ_PolicyTurnOnXSSFilter_Both_Restricted (0: Enable, 3: Disable)","Name":"IZ_PolicyTurnOnXSSFilter_Both_Restricted_IZ_Partname1409","Option":"Write","ValueMap":[0,3],"Values":[0,3]},{"CIMType":"SInt32","Description":"Turn on Protected Mode (0: Disabled, 1: Enabled)","Name":"IZ_Policy_TurnOnProtectedMode_7","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Protected Mode - Depends on IZ_Policy_TurnOnProtectedMode_7 (0: Enable, 3: Disable)","Name":"IZ_Policy_TurnOnProtectedMode_7_IZ_Partname2500","Option":"Write","ValueMap":[0,3],"Values":[0,3]},{"CIMType":"SInt32","Description":"Turn on SmartScreen Filter scan (0: Disabled, 1: Enabled)","Name":"IZ_Policy_Phishing_7","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Use SmartScreen Filter - Depends on IZ_Policy_Phishing_7 (0: Enable, 3: Disable)","Name":"IZ_Policy_Phishing_7_IZ_Partname2301","Option":"Write","ValueMap":[0,3],"Values":[0,3]},{"CIMType":"SInt32","Description":"Use Pop-up Blocker (0: Disabled, 1: Enabled)","Name":"IZ_PolicyBlockPopupWindows_7","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Use Pop-up Blocker - Depends on IZ_PolicyBlockPopupWindows_7 (0: Enable, 3: Disable)","Name":"IZ_PolicyBlockPopupWindows_7_IZ_Partname1809","Option":"Write","ValueMap":[0,3],"Values":[0,3]},{"CIMType":"SInt32","Description":"Userdata persistence (0: Disabled, 1: Enabled)","Name":"IZ_PolicyUserdataPersistence_7","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Userdata persistence - Depends on IZ_PolicyUserdataPersistence_7 (0: Enable, 3: Disable)","Name":"IZ_PolicyUserdataPersistence_7_IZ_Partname1606","Option":"Write","ValueMap":[0,3],"Values":[0,3]},{"CIMType":"SInt32","Description":"Web sites in less privileged Web content zones can navigate into this zone (0: Disabled, 1: Enabled)","Name":"IZ_PolicyZoneElevationURLaction_7","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"String","Description":"Web sites in less privileged Web content zones can navigate into this zone - Depends on IZ_PolicyZoneElevationURLaction_7 (0: Enable, 3: Disable, 1: Prompt)","Name":"IZ_PolicyZoneElevationURLaction_7_IZ_Partname2101","Option":"Write","ValueMap":["0","3","1"],"Values":["0","3","1"]},{"CIMType":"SInt32","Description":"Don't run antimalware programs against ActiveX controls (0: Disabled, 1: Enabled)","Name":"IZ_PolicyAntiMalwareCheckingOfActiveXControls_5","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Don't run antimalware programs against ActiveX controls - Depends on IZ_PolicyAntiMalwareCheckingOfActiveXControls_5 (3: Enable, 0: Disable)","Name":"IZ_PolicyAntiMalwareCheckingOfActiveXControls_5_IZ_Partname270C","Option":"Write","ValueMap":[3,0],"Values":[3,0]},{"CIMType":"SInt32","Description":"Initialize and script ActiveX controls not marked as safe (0: Disabled, 1: Enabled)","Name":"IZ_PolicyScriptActiveXNotMarkedSafe_5","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Initialize and script ActiveX controls not marked as safe - Depends on IZ_PolicyScriptActiveXNotMarkedSafe_5 (0: Enable, 3: Disable, 1: Prompt)","Name":"IZ_PolicyScriptActiveXNotMarkedSafe_5_IZ_Partname1201","Option":"Write","ValueMap":[0,3,1],"Values":[0,3,1]},{"CIMType":"SInt32","Description":"Java permissions (0: Disabled, 1: Enabled)","Name":"IZ_PolicyJavaPermissions_5","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"String","Description":"Java permissions - Depends on IZ_PolicyJavaPermissions_5 (65536: High safety, 131072: Medium safety, 196608: Low safety, 8388608: Custom, 0: Disable Java)","Name":"IZ_PolicyJavaPermissions_5_IZ_Partname1C00","Option":"Write","ValueMap":["65536","131072","196608","8388608","0"],"Values":["65536","131072","196608","8388608","0"]},{"CIMType":"SInt32","Description":"Turn on certificate address mismatch warning (0: Disabled, 1: Enabled)","Name":"IZ_PolicyWarnCertMismatch","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Prevent bypassing SmartScreen Filter warnings (0: Disabled, 1: Enabled)","Name":"DisableSafetyFilterOverride","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Prevent bypassing SmartScreen Filter warnings about files that are not commonly downloaded from the Internet (0: Disabled, 1: Enabled)","Name":"DisableSafetyFilterOverrideForAppRepUnknown","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Prevent managing SmartScreen Filter (0: Disabled, 1: Enabled)","Name":"Disable_Managing_Safety_Filter_IE9","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Select SmartScreen Filter mode - Depends on Disable_Managing_Safety_Filter_IE9 (0: Off, 1: On)","Name":"IE9SafetyFilterOptions","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Prevent per-user installation of ActiveX controls (0: Disabled, 1: Enabled)","Name":"DisablePerUserActiveXInstall","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Remove 'Run this time' button for outdated ActiveX controls in Internet Explorer (0: Disabled, 1: Enabled)","Name":"VerMgmtDisableRunThisTime","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Turn off blocking of outdated ActiveX controls for Internet Explorer (0: Disabled, 1: Enabled)","Name":"VerMgmtDisable","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow fallback to SSL 3.0 (Internet Explorer) (0: Disabled, 1: Enabled)","Name":"Advanced_EnableSSL3Fallback","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow insecure fallback for: - Depends on Advanced_EnableSSL3Fallback (0: No Sites, 1: Non-Protected Mode Sites, 3: All Sites)","Name":"Advanced_EnableSSL3FallbackOptions","Option":"Write","ValueMap":[0,1,3],"Values":[0,1,3]},{"CIMType":"SInt32","Description":"Internet Explorer Processes (0: Disabled, 1: Enabled)","Name":"IESF_PolicyExplorerProcesses_5","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Internet Explorer Processes (0: Disabled, 1: Enabled)","Name":"IESF_PolicyExplorerProcesses_6","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Internet Explorer Processes (0: Disabled, 1: Enabled)","Name":"IESF_PolicyExplorerProcesses_3","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Internet Explorer Processes (0: Disabled, 1: Enabled)","Name":"IESF_PolicyExplorerProcesses_10","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Internet Explorer Processes (0: Disabled, 1: Enabled)","Name":"IESF_PolicyExplorerProcesses_9","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Internet Explorer Processes (0: Disabled, 1: Enabled)","Name":"IESF_PolicyExplorerProcesses_11","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Internet Explorer Processes (0: Disabled, 1: Enabled)","Name":"IESF_PolicyExplorerProcesses_12","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Internet Explorer Processes (0: Disabled, 1: Enabled)","Name":"IESF_PolicyExplorerProcesses_8","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Security Zones: Do not allow users to add/delete sites (0: Disabled, 1: Enabled)","Name":"Security_zones_map_edit","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Security Zones: Do not allow users to change policies (0: Disabled, 1: Enabled)","Name":"Security_options_edit","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Security Zones: Use only machine settings (0: Disabled, 1: Enabled)","Name":"Security_HKLM_only","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Specify use of ActiveX Installer Service for installation of ActiveX controls (0: Disabled, 1: Enabled)","Name":"OnlyUseAXISForActiveXInstall","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Turn off Crash Detection (0: Disabled, 1: Enabled)","Name":"AddonManagement_RestrictCrashDetection","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Turn off the Security Settings Check feature (0: Disabled, 1: Enabled)","Name":"Disable_Security_Settings_Check","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Configure the 'Block at First Sight' feature (0: Disabled, 1: Enabled)","Name":"DisableBlockAtFirstSeen","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Turn on process scanning whenever real-time protection is enabled (0: Disabled, 1: Enabled)","Name":"RealtimeProtection_DisableScanOnRealtimeEnable","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Scan packed executables (0: Disabled, 1: Enabled)","Name":"Scan_DisablePackedExeScanning","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Turn off routine remediation (0: Disabled, 1: Enabled)","Name":"DisableRoutinelyTakingAction","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Do not allow passwords to be saved (0: Disabled, 1: Enabled)","Name":"TS_CLIENT_DISABLE_PASSWORD_SAVING_2","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Do not allow drive redirection (0: Disabled, 1: Enabled)","Name":"TS_CLIENT_DRIVE_M","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Always prompt for password upon connection (0: Disabled, 1: Enabled)","Name":"TS_PASSWORD","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Require secure RPC communication (0: Disabled, 1: Enabled)","Name":"TS_RPC_ENCRYPTION","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Set client connection encryption level (0: Disabled, 1: Enabled)","Name":"TS_ENCRYPTION_POLICY","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Encryption Level - Depends on TS_ENCRYPTION_POLICY (1: Low Level, 2: Client Compatible, 3: High Level)","Name":"TS_ENCRYPTION_LEVEL","Option":"Write","ValueMap":[1,2,3],"Values":[1,2,3]},{"CIMType":"SInt32","Description":"Prevent downloading of enclosures (0: Disabled, 1: Enabled)","Name":"Disable_Downloading_of_Enclosures","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Sign-in and lock last interactive user automatically after a restart (0: Disabled, 1: Enabled)","Name":"AutomaticRestartSignOn","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Turn on PowerShell Script Block Logging (0: Disabled, 1: Enabled)","Name":"EnableScriptBlockLogging","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Log script block invocation start / stop events: - Depends on EnableScriptBlockLogging (0: False, 1: True)","Name":"EnableScriptBlockInvocationLogging","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow Basic authentication (0: Disabled, 1: Enabled)","Name":"AllowBasic_2","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow unencrypted traffic (0: Disabled, 1: Enabled)","Name":"AllowUnencrypted_2","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Disallow Digest authentication (0: Disabled, 1: Enabled)","Name":"DisallowDigest","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow Basic authentication (0: Disabled, 1: Enabled)","Name":"AllowBasic_1","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow unencrypted traffic (0: Disabled, 1: Enabled)","Name":"AllowUnencrypted_1","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Disallow WinRM from storing RunAs credentials (0: Disabled, 1: Enabled)","Name":"DisableRunAs","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Account Logon Audit Credential Validation (0: Off/None, 1: Success, 2: Failure, 3: Success+Failure)","Name":"AccountLogon_AuditCredentialValidation","Option":"Write","ValueMap":[0,1,2,3],"Values":[0,1,2,3]},{"CIMType":"SInt32","Description":"Account Logon Logoff Audit Account Lockout (0: Off/None, 1: Success, 2: Failure, 3: Success+Failure)","Name":"AccountLogonLogoff_AuditAccountLockout","Option":"Write","ValueMap":[0,1,2,3],"Values":[0,1,2,3]},{"CIMType":"SInt32","Description":"Account Logon Logoff Audit Group Membership (0: Off/None, 1: Success, 2: Failure, 3: Success+Failure)","Name":"AccountLogonLogoff_AuditGroupMembership","Option":"Write","ValueMap":[0,1,2,3],"Values":[0,1,2,3]},{"CIMType":"SInt32","Description":"Account Logon Logoff Audit Logon (0: Off/None, 1: Success, 2: Failure, 3: Success+Failure)","Name":"AccountLogonLogoff_AuditLogon","Option":"Write","ValueMap":[0,1,2,3],"Values":[0,1,2,3]},{"CIMType":"SInt32","Description":"Audit Authentication Policy Change (0: Off/None, 1: Success, 2: Failure, 3: Success+Failure)","Name":"PolicyChange_AuditAuthenticationPolicyChange","Option":"Write","ValueMap":[0,1,2,3],"Values":[0,1,2,3]},{"CIMType":"SInt32","Description":"Audit Changes to Audit Policy (0: Off/None, 1: Success, 2: Failure, 3: Success+Failure)","Name":"PolicyChange_AuditPolicyChange","Option":"Write","ValueMap":[0,1,2,3],"Values":[0,1,2,3]},{"CIMType":"SInt32","Description":"Audit File Share Access (0: Off/None, 1: Success, 2: Failure, 3: Success+Failure)","Name":"ObjectAccess_AuditFileShare","Option":"Write","ValueMap":[0,1,2,3],"Values":[0,1,2,3]},{"CIMType":"SInt32","Description":"Audit Other Logon Logoff Events (0: Off/None, 1: Success, 2: Failure, 3: Success+Failure)","Name":"AccountLogonLogoff_AuditOtherLogonLogoffEvents","Option":"Write","ValueMap":[0,1,2,3],"Values":[0,1,2,3]},{"CIMType":"SInt32","Description":"Audit Security Group Management (0: Off/None, 1: Success, 2: Failure, 3: Success+Failure)","Name":"AccountManagement_AuditSecurityGroupManagement","Option":"Write","ValueMap":[0,1,2,3],"Values":[0,1,2,3]},{"CIMType":"SInt32","Description":"Audit Security System Extension (0: Off/None, 1: Success, 2: Failure, 3: Success+Failure)","Name":"System_AuditSecuritySystemExtension","Option":"Write","ValueMap":[0,1,2,3],"Values":[0,1,2,3]},{"CIMType":"SInt32","Description":"Audit Special Logon (0: Off/None, 1: Success, 2: Failure, 3: Success+Failure)","Name":"AccountLogonLogoff_AuditSpecialLogon","Option":"Write","ValueMap":[0,1,2,3],"Values":[0,1,2,3]},{"CIMType":"SInt32","Description":"Audit User Account Management (0: Off/None, 1: Success, 2: Failure, 3: Success+Failure)","Name":"AccountManagement_AuditUserAccountManagement","Option":"Write","ValueMap":[0,1,2,3],"Values":[0,1,2,3]},{"CIMType":"SInt32","Description":"Detailed Tracking Audit PNP Activity (0: Off/None, 1: Success, 2: Failure, 3: Success+Failure)","Name":"DetailedTracking_AuditPNPActivity","Option":"Write","ValueMap":[0,1,2,3],"Values":[0,1,2,3]},{"CIMType":"SInt32","Description":"Detailed Tracking Audit Process Creation (0: Off/None, 1: Success, 2: Failure, 3: Success+Failure)","Name":"DetailedTracking_AuditProcessCreation","Option":"Write","ValueMap":[0,1,2,3],"Values":[0,1,2,3]},{"CIMType":"SInt32","Description":"Object Access Audit Detailed File Share (0: Off/None, 1: Success, 2: Failure, 3: Success+Failure)","Name":"ObjectAccess_AuditDetailedFileShare","Option":"Write","ValueMap":[0,1,2,3],"Values":[0,1,2,3]},{"CIMType":"SInt32","Description":"Object Access Audit Other Object Access Events (0: Off/None, 1: Success, 2: Failure, 3: Success+Failure)","Name":"ObjectAccess_AuditOtherObjectAccessEvents","Option":"Write","ValueMap":[0,1,2,3],"Values":[0,1,2,3]},{"CIMType":"SInt32","Description":"Object Access Audit Removable Storage (0: Off/None, 1: Success, 2: Failure, 3: Success+Failure)","Name":"ObjectAccess_AuditRemovableStorage","Option":"Write","ValueMap":[0,1,2,3],"Values":[0,1,2,3]},{"CIMType":"SInt32","Description":"Policy Change Audit MPSSVC Rule Level Policy Change (0: Off/None, 1: Success, 2: Failure, 3: Success+Failure)","Name":"PolicyChange_AuditMPSSVCRuleLevelPolicyChange","Option":"Write","ValueMap":[0,1,2,3],"Values":[0,1,2,3]},{"CIMType":"SInt32","Description":"Policy Change Audit Other Policy Change Events (0: Off/None, 1: Success, 2: Failure, 3: Success+Failure)","Name":"PolicyChange_AuditOtherPolicyChangeEvents","Option":"Write","ValueMap":[0,1,2,3],"Values":[0,1,2,3]},{"CIMType":"SInt32","Description":"Privilege Use Audit Sensitive Privilege Use (0: Off/None, 1: Success, 2: Failure, 3: Success+Failure)","Name":"PrivilegeUse_AuditSensitivePrivilegeUse","Option":"Write","ValueMap":[0,1,2,3],"Values":[0,1,2,3]},{"CIMType":"SInt32","Description":"System Audit Other System Events (0: Off/None, 1: Success, 2: Failure, 3: Success+Failure)","Name":"System_AuditOtherSystemEvents","Option":"Write","ValueMap":[0,1,2,3],"Values":[0,1,2,3]},{"CIMType":"SInt32","Description":"System Audit Security State Change (0: Off/None, 1: Success, 2: Failure, 3: Success+Failure)","Name":"System_AuditSecurityStateChange","Option":"Write","ValueMap":[0,1,2,3],"Values":[0,1,2,3]},{"CIMType":"SInt32","Description":"System Audit System Integrity (0: Off/None, 1: Success, 2: Failure, 3: Success+Failure)","Name":"System_AuditSystemIntegrity","Option":"Write","ValueMap":[0,1,2,3],"Values":[0,1,2,3]},{"CIMType":"SInt32","Description":"Allow Direct Memory Access (0: Not allowed., 1: Allowed.)","Name":"AllowDirectMemoryAccess","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow Archive Scanning (0: Not allowed. Turns off scanning on archived files., 1: Allowed. Scans the archive files.)","Name":"AllowArchiveScanning","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow Behavior Monitoring (0: Not allowed. Turns off behavior monitoring., 1: Allowed. Turns on real-time behavior monitoring.)","Name":"AllowBehaviorMonitoring","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow Cloud Protection (0: Not allowed. Turns off the Microsoft Active Protection Service., 1: Allowed. Turns on the Microsoft Active Protection Service.)","Name":"AllowCloudProtection","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow Full Scan Removable Drive Scanning (0: Not allowed. Turns off scanning on removable drives., 1: Allowed. Scans removable drives.)","Name":"AllowFullScanRemovableDriveScanning","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow On Access Protection (0: Not allowed., 1: Allowed.)","Name":"AllowOnAccessProtection","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow Realtime Monitoring (0: Not allowed. Turns off the real-time monitoring service., 1: Allowed. Turns on and runs the real-time monitoring service.)","Name":"AllowRealtimeMonitoring","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow scanning of all downloaded files and attachments (0: Not allowed., 1: Allowed.)","Name":"AllowIOAVProtection","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow Script Scanning (0: Not allowed., 1: Allowed.)","Name":"AllowScriptScanning","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"String","Description":"Block execution of potentially obfuscated scripts - Depends on AttackSurfaceReductionRules (off: Off, block: Block, audit: Audit, warn: Warn)","Name":"BlockExecutionOfPotentiallyObfuscatedScripts","Option":"Write","ValueMap":["off","block","audit","warn"],"Values":["off","block","audit","warn"]},{"CIMType":"String[]","Description":"ASR Only Per Rule Exclusions","Name":"BlockExecutionOfPotentiallyObfuscatedScripts_ASROnlyPerRuleExclusions","Option":"Write"},{"CIMType":"String","Description":"Block Win32 API calls from Office macros - Depends on AttackSurfaceReductionRules (off: Off, block: Block, audit: Audit, warn: Warn)","Name":"BlockWin32APICallsFromOfficeMacros","Option":"Write","ValueMap":["off","block","audit","warn"],"Values":["off","block","audit","warn"]},{"CIMType":"String[]","Description":"ASR Only Per Rule Exclusions","Name":"BlockWin32APICallsFromOfficeMacros_ASROnlyPerRuleExclusions","Option":"Write"},{"CIMType":"String","Description":"Block executable files from running unless they meet a prevalence, age, or trusted list criterion - Depends on AttackSurfaceReductionRules (off: Off, block: Block, audit: Audit, warn: Warn)","Name":"BlockExecutableFilesRunningUnlessTheyMeetPrevalenceAgeTrustedListCriterion","Option":"Write","ValueMap":["off","block","audit","warn"],"Values":["off","block","audit","warn"]},{"CIMType":"String[]","Description":"ASR Only Per Rule Exclusions","Name":"BlockExecutableFilesRunningUnlessTheyMeetPrevalenceAgeTrustedListCriterion_ASROnlyPerRuleExclusions","Option":"Write"},{"CIMType":"String","Description":"Block Office communication application from creating child processes - Depends on AttackSurfaceReductionRules (off: Off, block: Block, audit: Audit, warn: Warn)","Name":"BlockOfficeCommunicationAppFromCreatingChildProcesses","Option":"Write","ValueMap":["off","block","audit","warn"],"Values":["off","block","audit","warn"]},{"CIMType":"String[]","Description":"ASR Only Per Rule Exclusions","Name":"BlockOfficeCommunicationAppFromCreatingChildProcesses_ASROnlyPerRuleExclusions","Option":"Write"},{"CIMType":"String","Description":"Block all Office applications from creating child processes - Depends on AttackSurfaceReductionRules (off: Off, block: Block, audit: Audit, warn: Warn)","Name":"BlockAllOfficeApplicationsFromCreatingChildProcesses","Option":"Write","ValueMap":["off","block","audit","warn"],"Values":["off","block","audit","warn"]},{"CIMType":"String[]","Description":"ASR Only Per Rule Exclusions","Name":"BlockAllOfficeApplicationsFromCreatingChildProcesses_ASROnlyPerRuleExclusions","Option":"Write"},{"CIMType":"String","Description":"Block Adobe Reader from creating child processes - Depends on AttackSurfaceReductionRules (off: Off, block: Block, audit: Audit, warn: Warn)","Name":"BlockAdobeReaderFromCreatingChildProcesses","Option":"Write","ValueMap":["off","block","audit","warn"],"Values":["off","block","audit","warn"]},{"CIMType":"String[]","Description":"ASR Only Per Rule Exclusions","Name":"BlockAdobeReaderFromCreatingChildProcesses_ASROnlyPerRuleExclusions","Option":"Write"},{"CIMType":"String","Description":"Block credential stealing from the Windows local security authority subsystem - Depends on AttackSurfaceReductionRules (off: Off, block: Block, audit: Audit, warn: Warn)","Name":"BlockCredentialStealingFromWindowsLocalSecurityAuthoritySubsystem","Option":"Write","ValueMap":["off","block","audit","warn"],"Values":["off","block","audit","warn"]},{"CIMType":"String[]","Description":"ASR Only Per Rule Exclusions","Name":"BlockCredentialStealingFromWindowsLocalSecurityAuthoritySubsystem_ASROnlyPerRuleExclusions","Option":"Write"},{"CIMType":"String","Description":"Block JavaScript or VBScript from launching downloaded executable content - Depends on AttackSurfaceReductionRules (off: Off, block: Block, audit: Audit, warn: Warn)","Name":"BlockJavaScriptOrVBScriptFromLaunchingDownloadedExecutableContent","Option":"Write","ValueMap":["off","block","audit","warn"],"Values":["off","block","audit","warn"]},{"CIMType":"String[]","Description":"ASR Only Per Rule Exclusions","Name":"BlockJavaScriptOrVBScriptFromLaunchingDownloadedExecutableContent_ASROnlyPerRuleExclusions","Option":"Write"},{"CIMType":"String","Description":"Block Webshell creation for Servers - Depends on AttackSurfaceReductionRules (off: Off, block: Block, audit: Audit, warn: Warn)","Name":"BlockWebshellCreationForServers","Option":"Write","ValueMap":["off","block","audit","warn"],"Values":["off","block","audit","warn"]},{"CIMType":"String[]","Description":"ASR Only Per Rule Exclusions","Name":"BlockWebshellCreationForServers_ASROnlyPerRuleExclusions","Option":"Write"},{"CIMType":"String","Description":"Block untrusted and unsigned processes that run from USB - Depends on AttackSurfaceReductionRules (off: Off, block: Block, audit: Audit, warn: Warn)","Name":"BlockUntrustedUnsignedProcessesThatRunFromUSB","Option":"Write","ValueMap":["off","block","audit","warn"],"Values":["off","block","audit","warn"]},{"CIMType":"String[]","Description":"ASR Only Per Rule Exclusions","Name":"BlockUntrustedUnsignedProcessesThatRunFromUSB_ASROnlyPerRuleExclusions","Option":"Write"},{"CIMType":"String","Description":"Block persistence through WMI event subscription - Depends on AttackSurfaceReductionRules (off: Off, block: Block, audit: Audit, warn: Warn)","Name":"BlockPersistenceThroughWMIEventSubscription","Option":"Write","ValueMap":["off","block","audit","warn"],"Values":["off","block","audit","warn"]},{"CIMType":"String","Description":"[PREVIEW] Block use of copied or impersonated system tools - Depends on AttackSurfaceReductionRules (off: Off, block: Block, audit: Audit, warn: Warn)","Name":"BlockUseOfCopiedOrImpersonatedSystemTools","Option":"Write","ValueMap":["off","block","audit","warn"],"Values":["off","block","audit","warn"]},{"CIMType":"String[]","Description":"ASR Only Per Rule Exclusions","Name":"BlockUseOfCopiedOrImpersonatedSystemTools_ASROnlyPerRuleExclusions","Option":"Write"},{"CIMType":"String","Description":"Block abuse of exploited vulnerable signed drivers (Device) - Depends on AttackSurfaceReductionRules (off: Off, block: Block, audit: Audit, warn: Warn)","Name":"BlockAbuseOfExploitedVulnerableSignedDrivers","Option":"Write","ValueMap":["off","block","audit","warn"],"Values":["off","block","audit","warn"]},{"CIMType":"String[]","Description":"ASR Only Per Rule Exclusions","Name":"BlockAbuseOfExploitedVulnerableSignedDrivers_ASROnlyPerRuleExclusions","Option":"Write"},{"CIMType":"String","Description":"Block process creations originating from PSExec and WMI commands - Depends on AttackSurfaceReductionRules (off: Off, block: Block, audit: Audit, warn: Warn)","Name":"BlockProcessCreationsFromPSExecAndWMICommands","Option":"Write","ValueMap":["off","block","audit","warn"],"Values":["off","block","audit","warn"]},{"CIMType":"String[]","Description":"ASR Only Per Rule Exclusions","Name":"BlockProcessCreationsFromPSExecAndWMICommands_ASROnlyPerRuleExclusions","Option":"Write"},{"CIMType":"String","Description":"Block Office applications from creating executable content - Depends on AttackSurfaceReductionRules (off: Off, block: Block, audit: Audit, warn: Warn)","Name":"BlockOfficeApplicationsFromCreatingExecutableContent","Option":"Write","ValueMap":["off","block","audit","warn"],"Values":["off","block","audit","warn"]},{"CIMType":"String[]","Description":"ASR Only Per Rule Exclusions","Name":"BlockOfficeApplicationsFromCreatingExecutableContent_ASROnlyPerRuleExclusions","Option":"Write"},{"CIMType":"String","Description":"Block Office applications from injecting code into other processes - Depends on AttackSurfaceReductionRules (off: Off, block: Block, audit: Audit, warn: Warn)","Name":"BlockOfficeApplicationsFromInjectingCodeIntoOtherProcesses","Option":"Write","ValueMap":["off","block","audit","warn"],"Values":["off","block","audit","warn"]},{"CIMType":"String[]","Description":"ASR Only Per Rule Exclusions","Name":"BlockOfficeApplicationsFromInjectingCodeIntoOtherProcesses_ASROnlyPerRuleExclusions","Option":"Write"},{"CIMType":"String","Description":"[PREVIEW] Block rebooting machine in Safe Mode - Depends on AttackSurfaceReductionRules (off: Off, block: Block, audit: Audit, warn: Warn)","Name":"BlockRebootingMachineInSafeMode","Option":"Write","ValueMap":["off","block","audit","warn"],"Values":["off","block","audit","warn"]},{"CIMType":"String[]","Description":"ASR Only Per Rule Exclusions","Name":"BlockRebootingMachineInSafeMode_ASROnlyPerRuleExclusions","Option":"Write"},{"CIMType":"String","Description":"Use advanced protection against ransomware - Depends on AttackSurfaceReductionRules (off: Off, block: Block, audit: Audit, warn: Warn)","Name":"UseAdvancedProtectionAgainstRansomware","Option":"Write","ValueMap":["off","block","audit","warn"],"Values":["off","block","audit","warn"]},{"CIMType":"String[]","Description":"ASR Only Per Rule Exclusions","Name":"UseAdvancedProtectionAgainstRansomware_ASROnlyPerRuleExclusions","Option":"Write"},{"CIMType":"String","Description":"Block executable content from email client and webmail - Depends on AttackSurfaceReductionRules (off: Off, block: Block, audit: Audit, warn: Warn)","Name":"BlockExecutableContentFromEmailClientAndWebmail","Option":"Write","ValueMap":["off","block","audit","warn"],"Values":["off","block","audit","warn"]},{"CIMType":"String[]","Description":"ASR Only Per Rule Exclusions","Name":"BlockExecutableContentFromEmailClientAndWebmail_ASROnlyPerRuleExclusions","Option":"Write"},{"CIMType":"SInt32","Description":"Cloud Block Level (0: NotConfigured, 2: High, 4: HighPlus, 6: ZeroTolerance)","Name":"CloudBlockLevel","Option":"Write","ValueMap":[0,2,4,6],"Values":[0,2,4,6]},{"CIMType":"SInt32","Description":"Cloud Extended Timeout","Name":"CloudExtendedTimeout","Option":"Write"},{"CIMType":"SInt32","Description":"Disable Local Admin Merge (0: Enable Local Admin Merge, 1: Disable Local Admin Merge)","Name":"DisableLocalAdminMerge","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Enable File Hash Computation (0: Disable, 1: Enable)","Name":"EnableFileHashComputation","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Enable Network Protection (0: Disabled, 1: Enabled (block mode), 2: Enabled (audit mode))","Name":"EnableNetworkProtection","Option":"Write","ValueMap":[0,1,2],"Values":[0,1,2]},{"CIMType":"SInt32","Description":"Hide Exclusions From Local Admins (1: If you enable this setting, local admins will no longer be able to see the exclusion list in Windows Security App or via PowerShell., 0: If you disable or do not configure this setting, local admins will be able to see exclusions in the Windows Security App and via PowerShell.)","Name":"HideExclusionsFromLocalAdmins","Option":"Write","ValueMap":[1,0],"Values":[1,0]},{"CIMType":"SInt32","Description":"PUA Protection (0: PUA Protection off. Windows Defender will not protect against potentially unwanted applications., 1: PUA Protection on. Detected items are blocked. They will show in history along with other threats., 2: Audit mode. Windows Defender will detect potentially unwanted applications, but take no action. You can review information about the applications Windows Defender would have taken action against by searching for events created by Windows Defender in the Event Viewer.)","Name":"PUAProtection","Option":"Write","ValueMap":[0,1,2],"Values":[0,1,2]},{"CIMType":"SInt32","Description":"Real Time Scan Direction (0: Monitor all files (bi-directional)., 1: Monitor incoming files., 2: Monitor outgoing files.)","Name":"RealTimeScanDirection","Option":"Write","ValueMap":[0,1,2],"Values":[0,1,2]},{"CIMType":"SInt32","Description":"Submit Samples Consent (0: Always prompt., 1: Send safe samples automatically., 2: Never send., 3: Send all samples automatically.)","Name":"SubmitSamplesConsent","Option":"Write","ValueMap":[0,1,2,3],"Values":[0,1,2,3]},{"CIMType":"SInt32","Description":"Configure System Guard Launch (0: Unmanaged Configurable by Administrative user, 1: Unmanaged Enables Secure Launch if supported by hardware, 2: Unmanaged Disables Secure Launch)","Name":"ConfigureSystemGuardLaunch","Option":"Write","ValueMap":[0,1,2],"Values":[0,1,2]},{"CIMType":"SInt32","Description":"Credential Guard (0: (Disabled) Turns off Credential Guard remotely if configured previously without UEFI Lock., 1: (Enabled with UEFI lock) Turns on Credential Guard with UEFI lock., 2: (Enabled without lock) Turns on Credential Guard without UEFI lock.)","Name":"LsaCfgFlags","Option":"Write","ValueMap":[0,1,2],"Values":[0,1,2]},{"CIMType":"SInt32","Description":"Enable Virtualization Based Security (0: disable virtualization based security., 1: enable virtualization based security.)","Name":"EnableVirtualizationBasedSecurity","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Require Platform Security Features (1: Turns on VBS with Secure Boot., 3: Turns on VBS with Secure Boot and direct memory access (DMA). DMA requires hardware support.)","Name":"RequirePlatformSecurityFeatures","Option":"Write","ValueMap":[1,3],"Values":[1,3]},{"CIMType":"SInt32","Description":"Device Password Enabled (0: Enabled, 1: Disabled)","Name":"DevicePasswordEnabled","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Device Password Expiration - Depends on DevicePasswordEnabled","Name":"DevicePasswordExpiration","Option":"Write"},{"CIMType":"SInt32","Description":"Min Device Password Length - Depends on DevicePasswordEnabled","Name":"MinDevicePasswordLength","Option":"Write"},{"CIMType":"SInt32","Description":"Alphanumeric Device Password Required - Depends on DevicePasswordEnabled (0: Password or Alphanumeric PIN required., 1: Password or Numeric PIN required., 2: Password, Numeric PIN, or Alphanumeric PIN required.)","Name":"AlphanumericDevicePasswordRequired","Option":"Write","ValueMap":[0,1,2],"Values":[0,1,2]},{"CIMType":"SInt32","Description":"Max Device Password Failed Attempts - Depends on DevicePasswordEnabled","Name":"MaxDevicePasswordFailedAttempts","Option":"Write"},{"CIMType":"SInt32","Description":"Min Device Password Complex Characters - Depends on DevicePasswordEnabled. (1: Digits only, 2: Digits and lowercase letters are required, 3: Digits lowercase letters and uppercase letters are required. Not supported in desktop Microsoft accounts and domain accounts, 4: Digits lowercase letters uppercase letters and special characters are required. Not supported in desktop)","Name":"MinDevicePasswordComplexCharacters","Option":"Write","ValueMap":[1,2,3,4],"Values":[1,2,3,4]},{"CIMType":"SInt32","Description":"Max Inactivity Time Device Lock - Depends on DevicePasswordEnabled","Name":"MaxInactivityTimeDeviceLock","Option":"Write"},{"CIMType":"SInt32","Description":"Device Password History - Depends on DevicePasswordEnabled","Name":"DevicePasswordHistory","Option":"Write"},{"CIMType":"SInt32","Description":"Allow Simple Device Password - Depends on DevicePasswordEnabled (0: Not allowed., 1: Allowed.)","Name":"AllowSimpleDevicePassword","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Device Enumeration Policy (0: Block all (Most restrictive), 1: Only after log in/screen unlock, 2: Allow all (Least restrictive))","Name":"DeviceEnumerationPolicy","Option":"Write","ValueMap":[0,1,2],"Values":[0,1,2]},{"CIMType":"SInt32","Description":"Enable Insecure Guest Logons (0: Disabled, 1: Enabled)","Name":"EnableInsecureGuestLogons","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Configure Lsa Protected Process (0: Disabled. Default value. LSA will not run as protected process., 1: Enabled with UEFI lock. LSA will run as protected process and this configuration is UEFI locked., 2: Enabled without UEFI lock. LSA will run as protected process and this configuration is not UEFI locked.)","Name":"ConfigureLsaProtectedProcess","Option":"Write","ValueMap":[0,1,2],"Values":[0,1,2]},{"CIMType":"SInt32","Description":"Allow Game DVR (0: Not allowed., 1: Allowed.)","Name":"AllowGameDVR","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"MSI Allow User Control Over Install (0: Disabled, 1: Enabled)","Name":"MSIAllowUserControlOverInstall","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"MSI Always Install With Elevated Privileges (0: Disabled, 1: Enabled)","Name":"MSIAlwaysInstallWithElevatedPrivileges","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Default Adobe Flash setting (0: Disabled, 1: Enabled)","Name":"MicrosoftEdge_ContentSettings_DefaultPluginsSetting","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Default Adobe Flash setting (Device) - Depends on MicrosoftEdge_ContentSettings_DefaultPluginsSetting (2: Block the Adobe Flash plugin, 3: Click to play)","Name":"DefaultPluginsSetting_DefaultPluginsSetting","Option":"Write","ValueMap":[2,3],"Values":[2,3]},{"CIMType":"SInt32","Description":"Minimum TLS version enabled (0: Disabled, 1: Enabled)","Name":"edge_SSLVersionMin","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"String","Description":"Minimum SSL version enabled (Device) - Depends on edge_SSLVersionMin (tls1: TLS 1.0, tls1.1: TLS 1.1, tls1.2: TLS 1.2)","Name":"SSLVersionMin_SSLVersionMin","Option":"Write","ValueMap":["tls1","tls1.1","tls1.2"],"Values":["tls1","tls1.1","tls1.2"]},{"CIMType":"SInt32","Description":"Configure Microsoft Defender SmartScreen (0: Disabled, 1: Enabled)","Name":"SmartScreenEnabled","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Prevent bypassing Microsoft Defender SmartScreen prompts for sites (0: Disabled, 1: Enabled)","Name":"PreventSmartScreenPromptOverride","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Let Apps Activate With Voice Above Lock (0: User in control. Users can decide if Windows apps can be activated by voice while the screen is locked using Settings > Privacy options on the device., 1: Force allow. Windows apps can be activated by voice while the screen is locked, and users cannot change it., 2: Force deny. Windows apps cannot be activated by voice while the screen is locked, and users cannot change it.)","Name":"LetAppsActivateWithVoiceAboveLock","Option":"Write","ValueMap":[0,1,2],"Values":[0,1,2]},{"CIMType":"SInt32","Description":"Allow Indexing Encrypted Stores Or Items (0: Not allowed., 1: Allowed.)","Name":"AllowIndexingEncryptedStoresOrItems","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Enable Smart Screen In Shell (0: Disabled., 1: Enabled.)","Name":"EnableSmartScreenInShell","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Notify Malicious (0: Disabled, 1: Enabled)","Name":"NotifyMalicious","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Notify Password Reuse (0: Disabled, 1: Enabled)","Name":"NotifyPasswordReuse","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Notify Unsafe App (0: Disabled, 1: Enabled)","Name":"NotifyUnsafeApp","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Service Enabled (0: Disabled, 1: Enabled)","Name":"ServiceEnabled","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Prevent Override For Files In Shell (0: Do not prevent override., 1: Prevent override.)","Name":"PreventOverrideForFilesInShell","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"String[]","Description":"Access From Network","Name":"AccessFromNetwork","Option":"Write"},{"CIMType":"String[]","Description":"Allow Local Log On","Name":"AllowLocalLogOn","Option":"Write"},{"CIMType":"String[]","Description":"Backup Files And Directories","Name":"BackupFilesAndDirectories","Option":"Write"},{"CIMType":"String[]","Description":"Create Global Objects","Name":"CreateGlobalObjects","Option":"Write"},{"CIMType":"String[]","Description":"Create Page File","Name":"CreatePageFile","Option":"Write"},{"CIMType":"String[]","Description":"Debug Programs","Name":"DebugPrograms","Option":"Write"},{"CIMType":"String[]","Description":"Deny Access From Network","Name":"DenyAccessFromNetwork","Option":"Write"},{"CIMType":"String[]","Description":"Deny Remote Desktop Services Log On","Name":"DenyRemoteDesktopServicesLogOn","Option":"Write"},{"CIMType":"String[]","Description":"Impersonate Client","Name":"ImpersonateClient","Option":"Write"},{"CIMType":"String[]","Description":"Load Unload Device Drivers","Name":"LoadUnloadDeviceDrivers","Option":"Write"},{"CIMType":"String[]","Description":"Manage Auditing And Security Log","Name":"ManageAuditingAndSecurityLog","Option":"Write"},{"CIMType":"String[]","Description":"Manage Volume","Name":"ManageVolume","Option":"Write"},{"CIMType":"String[]","Description":"Modify Firmware Environment","Name":"ModifyFirmwareEnvironment","Option":"Write"},{"CIMType":"String[]","Description":"Profile Single Process","Name":"ProfileSingleProcess","Option":"Write"},{"CIMType":"String[]","Description":"Remote Shutdown","Name":"RemoteShutdown","Option":"Write"},{"CIMType":"String[]","Description":"Restore Files And Directories","Name":"RestoreFilesAndDirectories","Option":"Write"},{"CIMType":"String[]","Description":"Take Ownership","Name":"TakeOwnership","Option":"Write"},{"CIMType":"SInt32","Description":"Hypervisor Enforced Code Integrity (0: (Disabled) Turns off Hypervisor-Protected Code Integrity remotely if configured previously without UEFI Lock., 1: (Enabled with UEFI lock) Turns on Hypervisor-Protected Code Integrity with UEFI lock., 2: (Enabled without lock) Turns on Hypervisor-Protected Code Integrity without UEFI lock.)","Name":"HypervisorEnforcedCodeIntegrity","Option":"Write","ValueMap":[0,1,2],"Values":[0,1,2]},{"CIMType":"SInt32","Description":"Allow Windows Ink Workspace (0: access to ink workspace is disabled. The feature is turned off., 1: ink workspace is enabled (feature is turned on), but the user cannot access it above the lock screen., 2: ink workspace is enabled (feature is turned on), and the user is allowed to use it above the lock screen.)","Name":"AllowWindowsInkWorkspace","Option":"Write","ValueMap":[0,1,2],"Values":[0,1,2]},{"CIMType":"SInt32","Description":"Accounts Limit Local Account Use Of Blank Passwords To Console Logon Only (0: Disabled, 1: Enabled)","Name":"Accounts_LimitLocalAccountUseOfBlankPasswordsToConsoleLogonOnly","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Interactive Logon Machine Inactivity Limit","Name":"InteractiveLogon_MachineInactivityLimit","Option":"Write"},{"CIMType":"SInt32","Description":"Interactive Logon Smart Card Removal Behavior (0: No Action, 1: Lock Workstation, 2: Force Logoff, 3: Disconnect if a Remote Desktop Services session)","Name":"InteractiveLogon_SmartCardRemovalBehavior","Option":"Write","ValueMap":[0,1,2,3],"Values":[0,1,2,3]},{"CIMType":"SInt32","Description":"Microsoft Network Client Digitally Sign Communications Always (1: Enable, 0: Disable)","Name":"MicrosoftNetworkClient_DigitallySignCommunicationsAlways","Option":"Write","ValueMap":[1,0],"Values":[1,0]},{"CIMType":"SInt32","Description":"Microsoft Network Client Send Unencrypted Password To Third Party SMB Servers (1: Enable, 0: Disable)","Name":"MicrosoftNetworkClient_SendUnencryptedPasswordToThirdPartySMBServers","Option":"Write","ValueMap":[1,0],"Values":[1,0]},{"CIMType":"SInt32","Description":"Microsoft Network Server Digitally Sign Communications Always (1: Enable, 0: Disable)","Name":"MicrosoftNetworkServer_DigitallySignCommunicationsAlways","Option":"Write","ValueMap":[1,0],"Values":[1,0]},{"CIMType":"SInt32","Description":"Network Access Do Not Allow Anonymous Enumeration Of SAM Accounts (1: Enabled, 0: Disabled)","Name":"NetworkAccess_DoNotAllowAnonymousEnumerationOfSAMAccounts","Option":"Write","ValueMap":[1,0],"Values":[1,0]},{"CIMType":"SInt32","Description":"Network Access Do Not Allow Anonymous Enumeration Of Sam Accounts And Shares (1: Enabled, 0: Disabled)","Name":"NetworkAccess_DoNotAllowAnonymousEnumerationOfSamAccountsAndShares","Option":"Write","ValueMap":[1,0],"Values":[1,0]},{"CIMType":"SInt32","Description":"Network Access Restrict Anonymous Access To Named Pipes And Shares (1: Enable, 0: Disable)","Name":"NetworkAccess_RestrictAnonymousAccessToNamedPipesAndShares","Option":"Write","ValueMap":[1,0],"Values":[1,0]},{"CIMType":"String","Description":"Network Access Restrict Clients Allowed To Make Remote Calls To SAM","Name":"NetworkAccess_RestrictClientsAllowedToMakeRemoteCallsToSAM","Option":"Write"},{"CIMType":"SInt32","Description":"Network Security Do Not Store LAN Manager Hash Value On Next Password Change (1: Enable, 0: Disable)","Name":"NetworkSecurity_DoNotStoreLANManagerHashValueOnNextPasswordChange","Option":"Write","ValueMap":[1,0],"Values":[1,0]},{"CIMType":"SInt32","Description":"Network Security LAN Manager Authentication Level (0: Send LM and NTLM responses, 1: Send LM and NTLM-use NTLMv2 session security if negotiated, 2: Send LM and NTLM responses only, 3: Send LM and NTLMv2 responses only, 4: Send LM and NTLMv2 responses only. Refuse LM, 5: Send LM and NTLMv2 responses only. Refuse LM and NTLM)","Name":"NetworkSecurity_LANManagerAuthenticationLevel","Option":"Write","ValueMap":[0,1,2,3,4,5],"Values":[0,1,2,3,4,5]},{"CIMType":"String","Description":"Network Security Minimum Session Security For NTLMSSP Based Clients (0: None, 524288: Require NTLMv2 session security, 536870912: Require 128-bit encryption, 537395200: Require NTLM and 128-bit encryption)","Name":"NetworkSecurity_MinimumSessionSecurityForNTLMSSPBasedClients","Option":"Write","ValueMap":["0","524288","536870912","537395200"],"Values":["0","524288","536870912","537395200"]},{"CIMType":"String","Description":"Network Security Minimum Session Security For NTLMSSP Based Servers (0: None, 524288: Require NTLMv2 session security, 536870912: Require 128-bit encryption, 537395200: Require NTLM and 128-bit encryption)","Name":"NetworkSecurity_MinimumSessionSecurityForNTLMSSPBasedServers","Option":"Write","ValueMap":["0","524288","536870912","537395200"],"Values":["0","524288","536870912","537395200"]},{"CIMType":"SInt32","Description":"User Account Control Behavior Of The Elevation Prompt For Administrators (0: Elevate without prompting, 1: Prompt for credentials on the secure desktop, 2: Prompt for consent on the secure desktop, 3: Prompt for credentials, 4: Prompt for consent, 5: Prompt for consent for non-Windows binaries)","Name":"UserAccountControl_BehaviorOfTheElevationPromptForAdministrators","Option":"Write","ValueMap":[0,1,2,3,4,5],"Values":[0,1,2,3,4,5]},{"CIMType":"SInt32","Description":"User Account Control Behavior Of The Elevation Prompt For Standard Users (0: Automatically deny elevation requests, 1: Prompt for credentials on the secure desktop, 3: Prompt for credentials)","Name":"UserAccountControl_BehaviorOfTheElevationPromptForStandardUsers","Option":"Write","ValueMap":[0,1,3],"Values":[0,1,3]},{"CIMType":"SInt32","Description":"User Account Control Detect Application Installations And Prompt For Elevation (1: Enable, 0: Disable)","Name":"UserAccountControl_DetectApplicationInstallationsAndPromptForElevation","Option":"Write","ValueMap":[1,0],"Values":[1,0]},{"CIMType":"SInt32","Description":"User Account Control Only Elevate UI Access Applications That Are Installed In Secure Locations (0: Disabled: Application runs with UIAccess integrity even if it does not reside in a secure location., 1: Enabled: Application runs with UIAccess integrity only if it resides in secure location.)","Name":"UserAccountControl_OnlyElevateUIAccessApplicationsThatAreInstalledInSecureLocations","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"User Account Control Run All Administrators In Admin Approval Mode (0: Disabled, 1: Enabled)","Name":"UserAccountControl_RunAllAdministratorsInAdminApprovalMode","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"User Account Control Use Admin Approval Mode (1: Enable, 0: Disable)","Name":"UserAccountControl_UseAdminApprovalMode","Option":"Write","ValueMap":[1,0],"Values":[1,0]},{"CIMType":"SInt32","Description":"User Account Control Virtualize File And Registry Write Failures To Per User Locations (0: Disabled, 1: Enabled)","Name":"UserAccountControl_VirtualizeFileAndRegistryWriteFailuresToPerUserLocations","Option":"Write","ValueMap":[0,1],"Values":[0,1]}],"Description":"Intune Security Baseline Windows365"},{"ClassName":"MSFT_MicrosoftGraphIntuneSettingsCatalogUserSettings_IntuneSecurityBaselineWindows365","Parameters":[{"CIMType":"SInt32","Description":"Turn off toast notifications on the lock screen (User) (0: Disabled, 1: Enabled)","Name":"NoLockScreenToastNotification","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Turn on the auto-complete feature for user names and passwords on forms (User) (0: Disabled, 1: Enabled)","Name":"RestrictFormSuggestPW","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Prompt me to save passwords (User) - Depends on RestrictFormSuggestPW (0: False, 1: True)","Name":"ChkBox_PasswordAsk","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow Windows Spotlight (User) (0: Not allowed., 1: Allowed.)","Name":"AllowWindowsSpotlight","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow Windows Tips - Depends on AllowWindowsSpotlight (0: Disabled., 1: Enabled.)","Name":"AllowWindowsTips","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow Tailored Experiences With Diagnostic Data (User) - Depends on AllowWindowsSpotlight (0: Not allowed., 1: Allowed.)","Name":"AllowTailoredExperiencesWithDiagnosticData","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow Windows Spotlight On Action Center (User) - Depends on AllowWindowsSpotlight (0: Not allowed., 1: Allowed.)","Name":"AllowWindowsSpotlightOnActionCenter","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow Windows Consumer Features - Depends on AllowWindowsSpotlight (0: Not allowed., 1: Allowed.)","Name":"AllowWindowsConsumerFeatures","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Configure Windows Spotlight On Lock Screen (User) - Depends on AllowWindowsSpotlight (0: Windows spotlight disabled., 1: Windows spotlight enabled., 2: Windows spotlight is always enabled, the user cannot disable it, 3: Windows spotlight is always enabled, the user cannot disable it. For special configurations only)","Name":"ConfigureWindowsSpotlightOnLockScreen","Option":"Write","ValueMap":[0,1,2,3],"Values":[0,1,2,3]},{"CIMType":"SInt32","Description":"Allow Windows Spotlight Windows Welcome Experience (User) - Depends on AllowWindowsSpotlight (0: Not allowed., 1: Allowed.)","Name":"AllowWindowsSpotlightWindowsWelcomeExperience","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow Third Party Suggestions In Windows Spotlight (User) - Depends on AllowWindowsSpotlight (0: Third-party suggestions not allowed., 1: Third-party suggestions allowed.)","Name":"AllowThirdPartySuggestionsInWindowsSpotlight","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Default Adobe Flash setting (User) (0: Disabled, 1: Enabled)","Name":"MicrosoftEdge_ContentSettings_DefaultPluginsSetting","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Default Adobe Flash setting (User) - Depends on MicrosoftEdge_ContentSettings_DefaultPluginsSetting (2: Block the Adobe Flash plugin, 3: Click to play)","Name":"DefaultPluginsSetting_DefaultPluginsSetting","Option":"Write","ValueMap":[2,3],"Values":[2,3]},{"CIMType":"SInt32","Description":"Minimum TLS version enabled (User) (0: Disabled, 1: Enabled)","Name":"edge_SSLVersionMin","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"String","Description":"Minimum SSL version enabled (User) - Depends on edge_SSLVersionMin (tls1: TLS 1.0, tls1.1: TLS 1.1, tls1.2: TLS 1.2)","Name":"SSLVersionMin_SSLVersionMin","Option":"Write","ValueMap":["tls1","tls1.1","tls1.2"],"Values":["tls1","tls1.1","tls1.2"]}],"Description":"Intune Security Baseline Windows365"},{"ClassName":"MSFT_IntuneSecurityBaselineWindows365","Parameters":[{"CIMType":"String","Description":"Policy description","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Policy name","Name":"DisplayName","Option":"Key"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphIntuneSettingsCatalogDeviceSettings_IntuneSecurityBaselineWindows365","Description":"The device scope settings for the policy.","Name":"DeviceSettings","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphIntuneSettingsCatalogUserSettings_IntuneSecurityBaselineWindows365","Description":"The user scope settings for the policy.","Name":"UserSettings","Option":"Write"},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Security Baseline Windows365"},{"ClassName":"MSFT_IntuneSettingCatalogASRRulesPolicyWindows10","Parameters":[{"CIMType":"String","Description":"Identity of the endpoint protection attack surface protection rules policy for Windows 10.","Name":"Identity","Option":"Write"},{"CIMType":"String","Description":"Display name of the endpoint protection attack surface protection rules policy for Windows 10.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"Description of the endpoint protection attack surface protection rules policy for Windows 10.","Name":"Description","Option":"Write"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Assignments of the endpoint protection.","Name":"Assignments","Option":"Write"},{"CIMType":"String[]","Description":"Exclude files and paths from attack surface reduction rules","Name":"AttackSurfaceReductionOnlyExclusions","Option":"Write"},{"CIMType":"String","Description":"This rule prevents an application from writing a vulnerable signed driver to disk.","Name":"BlockAbuseOfExploitedVulnerableSignedDrivers","Option":"Write","ValueMap":["off","block","audit","warn"],"Values":["off","block","audit","warn"]},{"CIMType":"String[]","Description":"ASR Only Per Rule Exclusions","Name":"BlockAbuseOfExploitedVulnerableSignedDrivers_ASROnlyPerRuleExclusions","Option":"Write"},{"CIMType":"String","Description":"This rule prevents attacks by blocking Adobe Reader from creating processes.","Name":"BlockAdobeReaderFromCreatingChildProcesses","Option":"Write","ValueMap":["off","block","audit","warn"],"Values":["off","block","audit","warn"]},{"CIMType":"String[]","Description":"ASR Only Per Rule Exclusions","Name":"BlockAdobeReaderFromCreatingChildProcesses_ASROnlyPerRuleExclusions","Option":"Write"},{"CIMType":"String","Description":"This rule blocks Office apps from creating child processes. Office apps include Word, Excel, PowerPoint, OneNote, and Access.","Name":"BlockAllOfficeApplicationsFromCreatingChildProcesses","Option":"Write","ValueMap":["off","block","audit","warn"],"Values":["off","block","audit","warn"]},{"CIMType":"String[]","Description":"ASR Only Per Rule Exclusions (off: Off, block: Block, audit: Audit, warn: Warn)","Name":"BlockAllOfficeApplicationsFromCreatingChildProcesses_ASROnlyPerRuleExclusions","Option":"Write"},{"CIMType":"String","Description":"This rule helps prevent credential stealing by locking down Local Security Authority Subsystem Service (LSASS).","Name":"BlockCredentialStealingFromWindowsLocalSecurityAuthoritySubsystem","Option":"Write","ValueMap":["off","block","audit","warn"],"Values":["off","block","audit","warn"]},{"CIMType":"String[]","Description":"ASR Only Per Rule Exclusions","Name":"BlockCredentialStealingFromWindowsLocalSecurityAuthoritySubsystem_ASROnlyPerRuleExclusions","Option":"Write"},{"CIMType":"String","Description":"This rule blocks the following file types from launching from email opened within the Microsoft Outlook application, or Outlook.com and other popular webmail providers.","Name":"BlockExecutableContentFromEmailClientAndWebmail","Option":"Write","ValueMap":["off","block","audit","warn"],"Values":["off","block","audit","warn"]},{"CIMType":"String[]","Description":"ASR Only Per Rule Exclusions","Name":"BlockExecutableContentFromEmailClientAndWebmail_ASROnlyPerRuleExclusions","Option":"Write"},{"CIMType":"String","Description":"This rule blocks executable files that don't meet a prevalence, age, or trusted list criteria, such as .exe, .dll, or .scr, from launching.","Name":"BlockExecutableFilesRunningUnlessTheyMeetPrevalenceAgeTrustedListCriterion","Option":"Write","ValueMap":["off","block","audit","warn"],"Values":["off","block","audit","warn"]},{"CIMType":"String[]","Description":"ASR Only Per Rule Exclusions","Name":"BlockExecutableFilesRunningUnlessTheyMeetPrevalenceAgeTrustedListCriterion_ASROnlyPerRuleExclusions","Option":"Write"},{"CIMType":"String","Description":"This rule detects suspicious properties within an obfuscated script.","Name":"BlockExecutionOfPotentiallyObfuscatedScripts","Option":"Write","ValueMap":["off","block","audit","warn"],"Values":["off","block","audit","warn"]},{"CIMType":"String[]","Description":"ASR Only Per Rule Exclusions","Name":"BlockExecutionOfPotentiallyObfuscatedScripts_ASROnlyPerRuleExclusions","Option":"Write"},{"CIMType":"String","Description":"This rule prevents scripts from launching potentially malicious downloaded content.","Name":"BlockJavaScriptOrVBScriptFromLaunchingDownloadedExecutableContent","Option":"Write","ValueMap":["off","block","audit","warn"],"Values":["off","block","audit","warn"]},{"CIMType":"String[]","Description":"ASR Only Per Rule Exclusions","Name":"BlockJavaScriptOrVBScriptFromLaunchingDownloadedExecutableContent_ASROnlyPerRuleExclusions","Option":"Write"},{"CIMType":"String","Description":"This rule prevents Office apps, including Word, Excel, and PowerPoint, from creating potentially malicious executable content, by blocking malicious code from being written to disk.","Name":"BlockOfficeApplicationsFromCreatingExecutableContent","Option":"Write","ValueMap":["off","block","audit","warn"],"Values":["off","block","audit","warn"]},{"CIMType":"String[]","Description":"ASR Only Per Rule Exclusions","Name":"BlockOfficeApplicationsFromCreatingExecutableContent_ASROnlyPerRuleExclusions","Option":"Write"},{"CIMType":"String","Description":"This rule blocks code injection attempts from Office apps into other processes.","Name":"BlockOfficeApplicationsFromInjectingCodeIntoOtherProcesses","Option":"Write","ValueMap":["off","block","audit","warn"],"Values":["off","block","audit","warn"]},{"CIMType":"String[]","Description":"ASR Only Per Rule Exclusions","Name":"BlockOfficeApplicationsFromInjectingCodeIntoOtherProcesses_ASROnlyPerRuleExclusions","Option":"Write"},{"CIMType":"String","Description":"This rule prevents Outlook from creating child processes, while still allowing legitimate Outlook functions.","Name":"BlockOfficeCommunicationAppFromCreatingChildProcesses","Option":"Write","ValueMap":["off","block","audit","warn"],"Values":["off","block","audit","warn"]},{"CIMType":"String[]","Description":"ASR Only Per Rule Exclusions","Name":"BlockOfficeCommunicationAppFromCreatingChildProcesses_ASROnlyPerRuleExclusions","Option":"Write"},{"CIMType":"String","Description":"This rule prevents malware from abusing WMI to attain persistence on a device.","Name":"BlockPersistenceThroughWMIEventSubscription","Option":"Write","ValueMap":["off","block","audit","warn"],"Values":["off","block","audit","warn"]},{"CIMType":"String","Description":"This rule blocks processes created through PsExec and WMI from running.","Name":"BlockProcessCreationsFromPSExecAndWMICommands","Option":"Write","ValueMap":["off","block","audit","warn"],"Values":["off","block","audit","warn"]},{"CIMType":"String[]","Description":"ASR Only Per Rule Exclusions","Name":"BlockProcessCreationsFromPSExecAndWMICommands_ASROnlyPerRuleExclusions","Option":"Write"},{"CIMType":"String","Description":"This rule prevents the execution of commands to restart machines in Safe Mode.","Name":"BlockRebootingMachineInSafeMode","Option":"Write","ValueMap":["off","block","audit","warn"],"Values":["off","block","audit","warn"]},{"CIMType":"String[]","Description":"ASR Only Per Rule Exclusions","Name":"BlockRebootingMachineInSafeMode_ASROnlyPerRuleExclusions","Option":"Write"},{"CIMType":"String","Description":"With this rule, admins can prevent unsigned or untrusted executable files from running from USB removable drives, including SD cards.","Name":"BlockUntrustedUnsignedProcessesThatRunFromUSB","Option":"Write","ValueMap":["off","block","audit","warn"],"Values":["off","block","audit","warn"]},{"CIMType":"String[]","Description":"ASR Only Per Rule Exclusions","Name":"BlockUntrustedUnsignedProcessesThatRunFromUSB_ASROnlyPerRuleExclusions","Option":"Write"},{"CIMType":"String","Description":"This rule blocks the use of executable files that are identified as copies of Windows system tools. These files are either duplicates or impostors of the original system tools.","Name":"BlockUseOfCopiedOrImpersonatedSystemTools","Option":"Write","ValueMap":["off","block","audit","warn"],"Values":["off","block","audit","warn"]},{"CIMType":"String[]","Description":"ASR Only Per Rule Exclusions","Name":"BlockUseOfCopiedOrImpersonatedSystemTools_ASROnlyPerRuleExclusions","Option":"Write"},{"CIMType":"String","Description":"This rule blocks webshell creation for servers.","Name":"BlockWebShellCreationForServers","Option":"Write","ValueMap":["off","block","audit","warn"],"Values":["off","block","audit","warn"]},{"CIMType":"String[]","Description":"ASR Only Per Rule Exclusions","Name":"BlockWebshellCreationForServers_ASROnlyPerRuleExclusions","Option":"Write"},{"CIMType":"String","Description":"This rule prevents VBA macros from calling Win32 APIs.","Name":"BlockWin32APICallsFromOfficeMacros","Option":"Write","ValueMap":["off","block","audit","warn"],"Values":["off","block","audit","warn"]},{"CIMType":"String[]","Description":"ASR Only Per Rule Exclusions","Name":"BlockWin32APICallsFromOfficeMacros_ASROnlyPerRuleExclusions","Option":"Write"},{"CIMType":"String","Description":"This rule provides an extra layer of protection against ransomware.","Name":"UseAdvancedProtectionAgainstRansomware","Option":"Write","ValueMap":["off","block","audit","warn"],"Values":["off","block","audit","warn"]},{"CIMType":"String[]","Description":"ASR Only Per Rule Exclusions","Name":"UseAdvancedProtectionAgainstRansomware_ASROnlyPerRuleExclusions","Option":"Write"},{"CIMType":"String[]","Description":"List of additional folders that need to be protected","Name":"ControlledFolderAccessProtectedFolders","Option":"Write"},{"CIMType":"String[]","Description":"List of apps that have access to protected folders.","Name":"ControlledFolderAccessAllowedApplications","Option":"Write"},{"CIMType":"String","Description":"This rule enables Controlled folder access which protects your data by checking apps against a list of known, trusted apps. Possible values: 0=disable, 1=enable, 2=audit, 3=block disk modification only, 4=audit disk modification only","Name":"EnableControlledFolderAccess","Option":"Write","ValueMap":["0","1","2","3","4"],"Values":["0","1","2","3","4"]},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Intune Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Name of the Azure Active Directory tenant used for authentication. Format contoso.onmicrosoft.com","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures a Intune Endpoint Protection Attack Surface Reduction rules policy for a Windows 10 Device.\nThis resource returns ASR rules created using settings catalog settings."},{"ClassName":"MSFT_MicrosoftGraphDeviceManagementConfigurationPolicyTemplateReference","Parameters":[{"CIMType":"String","Description":"Template Display Name of the referenced template. This property is read-only.","Name":"TemplateDisplayName","Option":"Write"},{"CIMType":"String","Description":"Template Display Version of the referenced Template. This property is read-only.","Name":"TemplateDisplayVersion","Option":"Write"},{"CIMType":"String","Description":"Template Family of the referenced Template. This property is read-only. Possible values are: none, endpointSecurityAntivirus, endpointSecurityDiskEncryption, endpointSecurityFirewall, endpointSecurityEndpointDetectionAndResponse, endpointSecurityAttackSurfaceReduction, endpointSecurityAccountProtection, endpointSecurityApplicationControl, endpointSecurityEndpointPrivilegeManagement, enrollmentConfiguration, appQuietTime, baseline, unknownFutureValue, deviceConfigurationScripts.","Name":"TemplateFamily","Option":"Write","ValueMap":["none","endpointSecurityAntivirus","endpointSecurityDiskEncryption","endpointSecurityFirewall","endpointSecurityEndpointDetectionAndResponse","endpointSecurityAttackSurfaceReduction","endpointSecurityAccountProtection","endpointSecurityApplicationControl","endpointSecurityEndpointPrivilegeManagement","enrollmentConfiguration","appQuietTime","baseline","unknownFutureValue","deviceConfigurationScripts"],"Values":["none","endpointSecurityAntivirus","endpointSecurityDiskEncryption","endpointSecurityFirewall","endpointSecurityEndpointDetectionAndResponse","endpointSecurityAttackSurfaceReduction","endpointSecurityAccountProtection","endpointSecurityApplicationControl","endpointSecurityEndpointPrivilegeManagement","enrollmentConfiguration","appQuietTime","baseline","unknownFutureValue","deviceConfigurationScripts"]},{"CIMType":"String","Description":"Template id","Name":"TemplateId","Option":"Write"}],"Description":"Intune Setting Catalog Custom Policy for Windows10"},{"ClassName":"MSFT_MicrosoftGraphDeviceManagementConfigurationSetting","Parameters":[{"CIMType":"MSFT_MicrosoftGraphDeviceManagementConfigurationSettingInstance","Description":"Setting Instance","Name":"SettingInstance","Option":"Write"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"}],"Description":"Intune Setting Catalog Custom Policy for Windows10"},{"ClassName":"MSFT_MicrosoftGraphDeviceManagementConfigurationSettingInstance","Parameters":[{"CIMType":"String","Description":"Setting Definition Id","Name":"SettingDefinitionId","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphDeviceManagementConfigurationSettingInstanceTemplateReference","Description":"Setting Instance Template Reference","Name":"SettingInstanceTemplateReference","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphDeviceManagementConfigurationChoiceSettingValue[]","Description":"Choice setting collection value","Name":"ChoiceSettingCollectionValue","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphDeviceManagementConfigurationChoiceSettingValue","Description":"Choice setting value","Name":"ChoiceSettingValue","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphDeviceManagementConfigurationGroupSettingValue[]","Description":"A collection of GroupSetting values","Name":"GroupSettingCollectionValue","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphDeviceManagementConfigurationGroupSettingValue","Description":"GroupSetting value","Name":"GroupSettingValue","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphDeviceManagementConfigurationSimpleSettingValue[]","Description":"Simple setting collection instance value","Name":"SimpleSettingCollectionValue","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphDeviceManagementConfigurationSimpleSettingValue","Description":"Simple setting instance value","Name":"SimpleSettingValue","Option":"Write"},{"CIMType":"String","Description":"The type of the entity.","Name":"odataType","Option":"Write","ValueMap":["#microsoft.graph.deviceManagementConfigurationChoiceSettingCollectionInstance","#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance","#microsoft.graph.deviceManagementConfigurationGroupSettingCollectionInstance","#microsoft.graph.deviceManagementConfigurationGroupSettingInstance","#microsoft.graph.deviceManagementConfigurationSettingGroupCollectionInstance","#microsoft.graph.deviceManagementConfigurationSettingGroupInstance","#microsoft.graph.deviceManagementConfigurationSimpleSettingCollectionInstance","#microsoft.graph.deviceManagementConfigurationSimpleSettingInstance"],"Values":["#microsoft.graph.deviceManagementConfigurationChoiceSettingCollectionInstance","#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance","#microsoft.graph.deviceManagementConfigurationGroupSettingCollectionInstance","#microsoft.graph.deviceManagementConfigurationGroupSettingInstance","#microsoft.graph.deviceManagementConfigurationSettingGroupCollectionInstance","#microsoft.graph.deviceManagementConfigurationSettingGroupInstance","#microsoft.graph.deviceManagementConfigurationSimpleSettingCollectionInstance","#microsoft.graph.deviceManagementConfigurationSimpleSettingInstance"]}],"Description":"Intune Setting Catalog Custom Policy for Windows10"},{"ClassName":"MSFT_MicrosoftGraphDeviceManagementConfigurationSettingInstanceTemplateReference","Parameters":[{"CIMType":"String","Description":"Setting instance template id","Name":"SettingInstanceTemplateId","Option":"Write"}],"Description":"Intune Setting Catalog Custom Policy for Windows10"},{"ClassName":"MSFT_MicrosoftGraphDeviceManagementConfigurationChoiceSettingValue","Parameters":[{"CIMType":"MSFT_MicrosoftGraphDeviceManagementConfigurationSettingInstance[]","Description":"Child settings.","Name":"Children","Option":"Write"},{"CIMType":"String","Description":"Choice setting value: an OptionDefinition ItemId.","Name":"Value","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphDeviceManagementConfigurationSettingValueTemplateReference","Description":"Setting value template reference","Name":"SettingValueTemplateReference","Option":"Write"},{"CIMType":"String","Description":"The type of the entity.","Name":"odataType","Option":"Write","ValueMap":["#microsoft.graph.deviceManagementConfigurationChoiceSettingValue","#microsoft.graph.deviceManagementConfigurationGroupSettingValue","#microsoft.graph.deviceManagementConfigurationSimpleSettingValue"],"Values":["#microsoft.graph.deviceManagementConfigurationChoiceSettingValue","#microsoft.graph.deviceManagementConfigurationGroupSettingValue","#microsoft.graph.deviceManagementConfigurationSimpleSettingValue"]}],"Description":"Intune Setting Catalog Custom Policy for Windows10"},{"ClassName":"MSFT_MicrosoftGraphDeviceManagementConfigurationSettingValueTemplateReference","Parameters":[{"CIMType":"String","Description":"Setting value template id","Name":"settingValueTemplateId","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether to update policy setting value to match template setting default value","Name":"useTemplateDefault","Option":"Write"}],"Description":"Intune Setting Catalog Custom Policy for Windows10"},{"ClassName":"MSFT_MicrosoftGraphDeviceManagementConfigurationGroupSettingValue","Parameters":[{"CIMType":"MSFT_MicrosoftGraphDeviceManagementConfigurationSettingInstance[]","Description":"Collection of child setting instances contained within this GroupSetting","Name":"Children","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphDeviceManagementConfigurationSettingValueTemplateReference","Description":"Setting value template reference","Name":"SettingValueTemplateReference","Option":"Write"},{"CIMType":"String","Description":"Choice setting value: an OptionDefinition ItemId.","Name":"Value","Option":"Write"},{"CIMType":"String","Description":"The type of the entity.","Name":"odataType","Option":"Write","ValueMap":["#microsoft.graph.deviceManagementConfigurationChoiceSettingValue","#microsoft.graph.deviceManagementConfigurationGroupSettingValue","#microsoft.graph.deviceManagementConfigurationSimpleSettingValue"],"Values":["#microsoft.graph.deviceManagementConfigurationChoiceSettingValue","#microsoft.graph.deviceManagementConfigurationGroupSettingValue","#microsoft.graph.deviceManagementConfigurationSimpleSettingValue"]}],"Description":"Intune Setting Catalog Custom Policy for Windows10"},{"ClassName":"MSFT_MicrosoftGraphDeviceManagementConfigurationSimpleSettingValue","Parameters":[{"CIMType":"UInt32","Description":"Value of the integer setting.","Name":"IntValue","Option":"Write"},{"CIMType":"String","Description":"Value of the string setting.","Name":"StringValue","Option":"Write"},{"CIMType":"String","Description":"Gets or sets a value indicating the encryption state of the Value property. Possible values are: invalid, notEncrypted, encryptedValueToken.","Name":"ValueState","Option":"Write","ValueMap":["invalid","notEncrypted","encryptedValueToken"],"Values":["invalid","notEncrypted","encryptedValueToken"]},{"CIMType":"String","Description":"The type of the entity.","Name":"odataType","Option":"Write","ValueMap":["#microsoft.graph.deviceManagementConfigurationIntegerSettingValue","#microsoft.graph.deviceManagementConfigurationStringSettingValue","#microsoft.graph.deviceManagementConfigurationSecretSettingValue"],"Values":["#microsoft.graph.deviceManagementConfigurationIntegerSettingValue","#microsoft.graph.deviceManagementConfigurationStringSettingValue","#microsoft.graph.deviceManagementConfigurationSecretSettingValue"]},{"CIMType":"MSFT_MicrosoftGraphDeviceManagementConfigurationSettingValueTemplateReference","Description":"Setting value template reference","Name":"SettingValueTemplateReference","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphDeviceManagementConfigurationSettingInstance[]","Description":"Child settings.","Name":"Children","Option":"Write"}],"Description":"Intune Setting Catalog Custom Policy for Windows10"},{"ClassName":"MSFT_IntuneSettingCatalogCustomPolicyWindows10","Parameters":[{"CIMType":"String","Description":"Policy description","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Policy name","Name":"Name","Option":"Key"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"String","Description":"Platforms for this policy. Possible values are: none, android, iOS, macOS, windows10X, windows10, linux, unknownFutureValue.","Name":"Platforms","Option":"Write","ValueMap":["none","android","iOS","macOS","windows10X","windows10","linux","unknownFutureValue"],"Values":["none","android","iOS","macOS","windows10X","windows10","linux","unknownFutureValue"]},{"CIMType":"String","Description":"Technologies for this policy. Possible values are: none, mdm, windows10XManagement, configManager, appleRemoteManagement, microsoftSense, exchangeOnline, edgeMAM, linuxMdm, enrollment, endpointPrivilegeManagement, unknownFutureValue.","Name":"Technologies","Option":"Write","ValueMap":["none","mdm","windows10XManagement","configManager","appleRemoteManagement","microsoftSense","exchangeOnline","linuxMdm","enrollment","endpointPrivilegeManagement","unknownFutureValue"],"Values":["none","mdm","windows10XManagement","configManager","appleRemoteManagement","microsoftSense","exchangeOnline","linuxMdm","enrollment","endpointPrivilegeManagement","unknownFutureValue"]},{"CIMType":"MSFT_MicrosoftGraphdeviceManagementConfigurationPolicyTemplateReference","Description":"Template reference information","Name":"TemplateReference","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphdeviceManagementConfigurationSetting[]","Description":"Policy settings","Name":"Settings","Option":"Write"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Setting Catalog Custom Policy for Windows10"},{"ClassName":"MSFT_IntuneTermsAndConditions","Parameters":[{"CIMType":"String","Description":"Administrator-supplied explanation of the terms and conditions, typically describing what it means to accept the terms and conditions set out in the T&C policy. This is shown to the user on prompts to accept the T&C policy.","Name":"AcceptanceStatement","Option":"Write"},{"CIMType":"String","Description":"Administrator-supplied body text of the terms and conditions, typically the terms themselves. This is shown to the user on prompts to accept the T&C policy.","Name":"BodyText","Option":"Write"},{"CIMType":"String","Description":"Administrator-supplied description of the T&C policy.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Administrator-supplied name for the T&C policy.","Name":"DisplayName","Option":"Key"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"String","Description":"Administrator-supplied title of the terms and conditions. This is shown to the user on prompts to accept the T&C policy.","Name":"Title","Option":"Write"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Terms And Conditions"},{"ClassName":"MSFT_IntuneTrustedRootCertificateAndroidDeviceOwner","Parameters":[{"CIMType":"String","Description":"Id of the Intune policy.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"Display name of the Intune policy.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"Admin provided description of the Device Configuration. Inherited from managedDeviceMobileAppConfiguration","Name":"Description","Option":"Write"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"String","Description":"File name to display in UI.","Name":"certFileName","Option":"Write"},{"CIMType":"String","Description":"Trusted Root Certificate.","Name":"trustedRootCertificate","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Credentials of the Intune Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures an Intune Android Device Owner Trusted Root Certificate Policy."},{"ClassName":"MSFT_IntuneTrustedRootCertificateAndroidWork","Parameters":[{"CIMType":"String","Description":"Id of the Intune policy.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"Display name of the Intune policy.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"Admin provided description of the Device Configuration. Inherited from managedDeviceMobileAppConfiguration","Name":"Description","Option":"Write"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"String","Description":"File name to display in UI.","Name":"certFileName","Option":"Write"},{"CIMType":"String","Description":"Trusted Root Certificate.","Name":"trustedRootCertificate","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Credentials of the Intune Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures an Intune Android Work Trusted Root Certificate Policy."},{"ClassName":"MSFT_IntuneTrustedRootCertificateIOS","Parameters":[{"CIMType":"String","Description":"Id of the Intune policy.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"Display name of the Intune policy.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"Admin provided description of the Device Configuration. Inherited from managedDeviceMobileAppConfiguration","Name":"Description","Option":"Write"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"String","Description":"File name to display in UI.","Name":"certFileName","Option":"Write"},{"CIMType":"String","Description":"Trusted Root Certificate.","Name":"trustedRootCertificate","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Credentials of the Intune Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures an Intune iOS Trusted Root Certificate Policy."},{"ClassName":"MSFT_MicrosoftGraphCloudPcCrossRegionDisasterRecoverySetting","Parameters":[{"CIMType":"MSFT_MicrosoftGraphCloudPcDisasterRecoveryNetworkSetting","Description":"Indicates the network settings of the Cloud PC during a cross-region disaster recovery operation.","Name":"DisasterRecoveryNetworkSetting","Option":"Write"},{"CIMType":"String","Description":"Indicates the type of disaster recovery to perform when a disaster occurs on the user's Cloud PC. The possible values are: notConfigured, crossRegion, premium, unknownFutureValue. The default value is notConfigured.","Name":"DisasterRecoveryType","Option":"Write","ValueMap":["notConfigured","crossRegion","premium","unknownFutureValue"],"Values":["notConfigured","crossRegion","premium","unknownFutureValue"]},{"CIMType":"Boolean","Description":"Indicates whether Windows 365 maintain the cross-region disaster recovery function generated restore points. If true, the Windows 365 stored restore points false indicates that Windows 365 doesn't generate or keep the restore point from the original Cloud PC. If a disaster occurs, the new Cloud PC can only be provisioned using the initial image. This limitation can result in the loss of some user data on the original Cloud PC. The default value is false.","Name":"MaintainCrossRegionRestorePointEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether the client allows the end user to initiate a disaster recovery activation. True indicates that the client includes the option for the end user to activate Backup Cloud PC. When false, the end user doesn't have the option to activate disaster recovery. The default value is false. Currently, only premium disaster recovery is supported.","Name":"UserInitiatedDisasterRecoveryAllowed","Option":"Write"}],"Description":"Intune User Settings Policy for Windows365"},{"ClassName":"MSFT_MicrosoftGraphCloudPcDisasterRecoveryNetworkSetting","Parameters":[{"CIMType":"String","Description":"Indicates the display name of the virtual network that the new Cloud PC joins.  Only applicable for the '#microsoft.graph.cloudPcDisasterRecoveryAzureConnectionSetting' odata type.","Name":"OnPremisesConnectionId","Option":"Write"},{"CIMType":"String","Description":"Indicates the logic geographic group this region belongs to. Multiple regions can belong to one region group. When a region group is configured for disaster recovery, the new Cloud PC is assigned to one of the regions within the group based on resource availability. For example, the europeUnion region group contains the North Europe and West Europe regions.  Only applicable for the '#microsoft.graph.cloudPcDisasterRecoveryMicrosoftHostedNetworkSetting' odata type. Possible values are: default, australia, canada, usCentral, usEast, usWest, france, germany, europeUnion, unitedKingdom, japan, asia, india, southAmerica, euap, usGovernment, usGovernmentDOD, unknownFutureValue, norway, switzerland, southKorea, middleEast, mexico, australasia, europe. Use the Prefer: include-unknown-enum-members request header to get the following values in this evolvable enum: norway, switzerland, southKorea, middleEast, mexico, australasia, europe.","Name":"RegionGroup","Option":"Write","ValueMap":["default","australia","canada","usCentral","usEast","usWest","france","germany","europeUnion","unitedKingdom","japan","asia","india","southAmerica","euap","usGovernment","usGovernmentDOD","unknownFutureValue","norway","switzerland","southKorea","middleEast","mexico","australasia","europe"],"Values":["default","australia","canada","usCentral","usEast","usWest","france","germany","europeUnion","unitedKingdom","japan","asia","india","southAmerica","euap","usGovernment","usGovernmentDOD","unknownFutureValue","norway","switzerland","southKorea","middleEast","mexico","australasia","europe"]},{"CIMType":"String","Description":"Indicates the Azure region that the new Cloud PC is assigned to. The Windows 365 service creates and manages the underlying virtual network. Only applicable for the '#microsoft.graph.cloudPcDisasterRecoveryMicrosoftHostedNetworkSetting' odata type.","Name":"RegionName","Option":"Write"},{"CIMType":"String","Description":"The type of the entity.","Name":"odataType","Option":"Write","ValueMap":["#microsoft.graph.cloudPcDisasterRecoveryAzureConnectionSetting","#microsoft.graph.cloudPcDisasterRecoveryMicrosoftHostedNetworkSetting"],"Values":["#microsoft.graph.cloudPcDisasterRecoveryAzureConnectionSetting","#microsoft.graph.cloudPcDisasterRecoveryMicrosoftHostedNetworkSetting"]}],"Description":"Intune User Settings Policy for Windows365"},{"ClassName":"MSFT_MicrosoftGraphCloudPcNotificationSetting","Parameters":[{"CIMType":"Boolean","Description":"If true, doesn't prompt the user to restart the Cloud PC. If false, prompts the user to restart Cloud PC. The default value is false.","Name":"RestartPromptsDisabled","Option":"Write"}],"Description":"Intune User Settings Policy for Windows365"},{"ClassName":"MSFT_MicrosoftGraphCloudPcRestorePointSetting","Parameters":[{"CIMType":"String","Description":"The time interval in hours to take snapshots (restore points) of a Cloud PC automatically. Possible values are: default, fourHours, sixHours, twelveHours, sixteenHours, twentyFourHours. The default value is default that indicates that the time interval for automatic capturing of restore point snapshots is set to 12 hours.","Name":"FrequencyType","Option":"Write","ValueMap":["default","fourHours","sixHours","twelveHours","sixteenHours","twentyFourHours"],"Values":["default","fourHours","sixHours","twelveHours","sixteenHours","twentyFourHours"]},{"CIMType":"Boolean","Description":"If true, the user has the ability to use snapshots to restore Cloud PCs. If false, non-admin users can't use snapshots to restore the Cloud PC.","Name":"UserRestoreEnabled","Option":"Write"}],"Description":"Intune User Settings Policy for Windows365"},{"ClassName":"MSFT_IntuneUserSettingsPolicyWindows365","Parameters":[{"CIMType":"MSFT_MicrosoftGraphcloudPcCrossRegionDisasterRecoverySetting","Description":"Defines whether the user's Cloud PC enables cross-region disaster recovery and specifies the network for the disaster recovery.","Name":"CrossRegionDisasterRecoverySetting","Option":"Write"},{"CIMType":"String","Description":"The setting name displayed in the user interface.","Name":"DisplayName","Option":"Key"},{"CIMType":"Boolean","Description":"Indicates whether the local admin option is enabled. Default value is false. To enable the local admin option, change the setting to true. If the local admin option is enabled, the end user can be an admin of the Cloud PC device.","Name":"LocalAdminEnabled","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphcloudPcNotificationSetting","Description":"Defines the setting of the Cloud PC notification prompts for the Cloud PC user.","Name":"NotificationSetting","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether an end user is allowed to reset their Cloud PC. When true, the user is allowed to reset their Cloud PC. When false, end-user initiated reset isn't allowed. The default value is false.","Name":"ResetEnabled","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphcloudPcRestorePointSetting","Description":"Defines how frequently a restore point is created (that is, a snapshot is taken) for users' provisioned Cloud PCs (default is 12 hours), and whether the user is allowed to restore their own Cloud PCs to a backup made at a specific point in time.","Name":"RestorePointSetting","Option":"Write"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune User Settings Policy for Windows365"},{"ClassName":"MSFT_MicrosoftvpnProxyServer","Parameters":[{"CIMType":"String","Description":"Proxy's automatic configuration script url.","Name":"automaticConfigurationScriptUrl","Option":"Write"},{"CIMType":"String","Description":"Address.","Name":"address","Option":"Key"},{"CIMType":"uint32","Description":"Port. Valid values 0 to 65535.","Name":"port","Option":"Key"}],"Description":"This resource configures an Intune VPN Configuration Policy for Android Device Owner Devices."},{"ClassName":"MSFT_targetedMobileApps","Parameters":[{"CIMType":"String","Description":"The application name.","Name":"name","Option":"Write"},{"CIMType":"String","Description":"The publisher of the application.","Name":"publisher","Option":"Write"},{"CIMType":"String","Description":"The Store URL of the application.","Name":"appStoreUrl","Option":"Write"},{"CIMType":"String","Description":"The application or bundle identifier of the application.","Name":"appId","Option":"Key"}],"Description":"This resource configures an Intune VPN Configuration Policy for Android Device Owner Devices."},{"ClassName":"MSFT_CustomData","Parameters":[{"CIMType":"String","Description":"Key for the custom data entry.","Name":"key","Option":"Key"},{"CIMType":"String","Description":"Value for the custom data entry.","Name":"value","Option":"Write"}],"Description":"This resource configures an Intune VPN Configuration Policy for Android Device Owner Devices."},{"ClassName":"MSFT_customKeyValueData","Parameters":[{"CIMType":"String","Description":"Name for the custom data entry.","Name":"name","Option":"Key"},{"CIMType":"String","Description":"Value for the custom data entry.","Name":"value","Option":"Write"}],"Description":"This resource configures an Intune VPN Configuration Policy for Android Device Owner Devices."},{"ClassName":"MSFT_IntuneVPNConfigurationPolicyAndroidDeviceOwner","Parameters":[{"CIMType":"String","Description":"Id of the Intune policy.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"Display name of the Intune policy.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"Description of the Intune policy.","Name":"Description","Option":"Write"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"String","Description":"Authentication method. Inherited from vpnConfiguration. Possible values are: certificate, usernameAndPassword, sharedSecret, derivedCredential, azureAD.","Name":"authenticationMethod","Option":"Write","ValueMap":["certificate","usernameAndPassword","sharedSecret","derivedCredential","azureAD"],"Values":["certificate","usernameAndPassword","sharedSecret","derivedCredential","azureAD"]},{"CIMType":"String","Description":"Connection name displayed to the user.","Name":"connectionName","Option":"Write"},{"CIMType":"String","Description":"Role when connection type is set to Pulse Secure. Inherited from vpnConfiguration.","Name":"role","Option":"Write"},{"CIMType":"String","Description":"Realm when connection type is set to Pulse Secure. Inherited from vpnConfiguration.","Name":"realm","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphvpnServer[]","Description":"VPN Server on the network. Make sure end users can access this network location.","Name":"servers","Option":"Write"},{"CIMType":"String","Description":"Connection type. Possible values are: ciscoAnyConnect, pulseSecure, f5EdgeClient, dellSonicWallMobileConnect, checkPointCapsuleVpn, citrix, microsoftTunnel, netMotionMobility, microsoftProtect.","Name":"connectionType","Option":"Write","ValueMap":["ciscoAnyConnect","pulseSecure","f5EdgeClient","dellSonicWallMobileConnect","checkPointCapsuleVpn","citrix","microsoftTunnel","netMotionMobility","microsoftProtect"],"Values":["ciscoAnyConnect","pulseSecure","f5EdgeClient","dellSonicWallMobileConnect","checkPointCapsuleVpn","citrix","microsoftTunnel","netMotionMobility","microsoftProtect"]},{"CIMType":"MSFT_MicrosoftvpnProxyServer[]","Description":"Proxy Server.","Name":"proxyServer","Option":"Write"},{"CIMType":"String[]","Description":"Targeted App package IDs.","Name":"targetedPackageIds","Option":"Write"},{"CIMType":"MSFT_targetedMobileApps[]","Description":"Targeted mobile apps. This collection can contain a maximum of 500 elements.","Name":"targetedMobileApps","Option":"Write"},{"CIMType":"Boolean","Description":"Whether or not to enable always-on VPN connection.","Name":"alwaysOn","Option":"Write"},{"CIMType":"Boolean","Description":"If always-on VPN connection is enabled, whether or not to lock network traffic when that VPN is disconnected.","Name":"alwaysOnLockdown","Option":"Write"},{"CIMType":"String","Description":"Microsoft Tunnel site ID.","Name":"microsoftTunnelSiteId","Option":"Write"},{"CIMType":"String[]","Description":"List of hosts to exclude using the proxy on connections for. These hosts can use wildcards such as *.example.com.","Name":"proxyExclusionList","Option":"Write"},{"CIMType":"MSFT_customData[]","Description":"Custom data to define key/value pairs specific to a VPN provider. This collection can contain a maximum of 25 elements.","Name":"customData","Option":"Write"},{"CIMType":"MSFT_customKeyValueData[]","Description":"Custom data to define key/value pairs specific to a VPN provider. This collection can contain a maximum of 25 elements.","Name":"customKeyValueData","Option":"Write"},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Intune Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures an Intune VPN Configuration Policy for Android Device Owner Devices."},{"ClassName":"MSFT_IntuneVPNConfigurationPolicyAndroidWork","Parameters":[{"CIMType":"String","Description":"Id of the Intune policy.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"Display name of the Intune policy.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"Description of the Intune policy.","Name":"Description","Option":"Write"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"String","Description":"Authentication method. Inherited from vpnConfiguration. Possible values are: certificate, usernameAndPassword, sharedSecret, derivedCredential, azureAD.","Name":"authenticationMethod","Option":"Write","ValueMap":["certificate","usernameAndPassword","sharedSecret","derivedCredential","azureAD"],"Values":["certificate","usernameAndPassword","sharedSecret","derivedCredential","azureAD"]},{"CIMType":"String","Description":"Connection name displayed to the user.","Name":"connectionName","Option":"Write"},{"CIMType":"String","Description":"Role when connection type is set to Pulse Secure. Inherited from vpnConfiguration.","Name":"role","Option":"Write"},{"CIMType":"String","Description":"Realm when connection type is set to Pulse Secure. Inherited from vpnConfiguration.","Name":"realm","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphvpnServer[]","Description":"VPN Server on the network. Make sure end users can access this network location.","Name":"servers","Option":"Write"},{"CIMType":"String","Description":"Connection type. Possible values are: ciscoAnyConnect, pulseSecure, f5EdgeClient, dellSonicWallMobileConnect, checkPointCapsuleVpn, citrix, microsoftTunnel, netMotionMobility, microsoftProtect.","Name":"connectionType","Option":"Write","ValueMap":["ciscoAnyConnect","pulseSecure","f5EdgeClient","dellSonicWallMobileConnect","checkPointCapsuleVpn","citrix","microsoftTunnel","netMotionMobility","microsoftProtect"],"Values":["ciscoAnyConnect","pulseSecure","f5EdgeClient","dellSonicWallMobileConnect","checkPointCapsuleVpn","citrix","microsoftTunnel","netMotionMobility","microsoftProtect"]},{"CIMType":"MSFT_MicrosoftvpnProxyServer[]","Description":"Proxy Server.","Name":"proxyServer","Option":"Write"},{"CIMType":"String[]","Description":"Targeted App package IDs.","Name":"targetedPackageIds","Option":"Write"},{"CIMType":"MSFT_targetedMobileApps[]","Description":"Targeted mobile apps. This collection can contain a maximum of 500 elements.","Name":"targetedMobileApps","Option":"Write"},{"CIMType":"Boolean","Description":"Whether or not to enable always-on VPN connection.","Name":"alwaysOn","Option":"Write"},{"CIMType":"Boolean","Description":"If always-on VPN connection is enabled, whether or not to lock network traffic when that VPN is disconnected.","Name":"alwaysOnLockdown","Option":"Write"},{"CIMType":"String","Description":"Microsoft Tunnel site ID.","Name":"microsoftTunnelSiteId","Option":"Write"},{"CIMType":"String[]","Description":"List of hosts to exclude using the proxy on connections for. These hosts can use wildcards such as *.example.com.","Name":"proxyExclusionList","Option":"Write"},{"CIMType":"MSFT_customData[]","Description":"Custom data to define key/value pairs specific to a VPN provider. This collection can contain a maximum of 25 elements.","Name":"customData","Option":"Write"},{"CIMType":"MSFT_customKeyValueData[]","Description":"Custom data to define key/value pairs specific to a VPN provider. This collection can contain a maximum of 25 elements.","Name":"customKeyValueData","Option":"Write"},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Intune Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures an Intune VPN Configuration Policy for Android Work Devices."},{"ClassName":"MSFT_DeviceManagementConfigurationPolicyVpnOnDemandRule","Parameters":[{"CIMType":"String[]","Description":"Network Service Set Identifiers (SSIDs).","Name":"ssids","Option":"Write"},{"CIMType":"String[]","Description":"DNS Search Domains.","Name":"dnsSearchDomains","Option":"Write"},{"CIMType":"String","Description":"A URL to probe. If this URL is successfully fetched, returning a 200 HTTP status code, without redirection, this rule matches.","Name":"probeUrl","Option":"Write"},{"CIMType":"String","Description":"Action. Possible values are: connect, evaluateConnection, ignore, disconnect.","Name":"action","Option":"Write","ValueMap":["connect","evaluateConnection","ignore","disconnect"],"Values":["connect","evaluateConnection","ignore","disconnect"]},{"CIMType":"String","Description":"Domain Action, Only applicable when Action is evaluate connection. Possible values are: connectIfNeeded, neverConnect.","Name":"domainAction","Option":"Write","ValueMap":["connectIfNeeded","neverConnect"],"Values":["connectIfNeeded","neverConnect"]},{"CIMType":"String[]","Description":"Domains, Only applicable when Action is evaluate connection.","Name":"domains","Option":"Write"},{"CIMType":"String","Description":"Probe Required URL. Only applicable when Action is evaluate connection and DomainAction is connectIfNeeded.","Name":"probeRequiredUrl","Option":"Write"},{"CIMType":"String","Description":"Network interface to trigger VPN. Possible values are: notConfigured, ethernet, wiFi, cellular.","Name":"interfaceTypeMatch","Option":"Write","ValueMap":["notConfigured","ethernet","wiFi","cellular"],"Values":["notConfigured","ethernet","wiFi","cellular"]},{"CIMType":"String[]","Description":"DNS Search Server Address.","Name":"dnsServerAddressMatch","Option":"Write"}],"Description":"This resource configures an Intune VPN Configuration Policy for iOS Device."},{"ClassName":"MSFT_IntuneVPNConfigurationPolicyIOS","Parameters":[{"CIMType":"String","Description":"Id of the Intune policy.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"Display name of the Intune policy.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"Description of the Intune policy.","Name":"Description","Option":"Write"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"String","Description":"Connection name displayed to the user.","Name":"connectionName","Option":"Write"},{"CIMType":"String","Description":"Connection type. Possible values are: ciscoAnyConnect, pulseSecure, f5EdgeClient, dellSonicWallMobileConnect, checkPointCapsuleVpn, customVpn, ciscoIPSec, citrix, ciscoAnyConnectV2, paloAltoGlobalProtect, zscalerPrivateAccess, f5Access2018, citrixSso, paloAltoGlobalProtectV2, ikEv2, alwaysOn, microsoftTunnel, netMotionMobility, microsoftProtect.","Name":"connectionType","Option":"Write","ValueMap":["ciscoAnyConnect","pulseSecure","f5EdgeClient","dellSonicWallMobileConnect","checkPointCapsuleVpn","customVpn","ciscoIPSec","citrix","ciscoAnyConnectV2","paloAltoGlobalProtect","zscalerPrivateAccess","f5Access2018","citrixSso","paloAltoGlobalProtectV2","ikEv2","alwaysOn","microsoftTunnel","netMotionMobility","microsoftProtect"],"Values":["ciscoAnyConnect","pulseSecure","f5EdgeClient","dellSonicWallMobileConnect","checkPointCapsuleVpn","customVpn","ciscoIPSec","citrix","ciscoAnyConnectV2","paloAltoGlobalProtect","zscalerPrivateAccess","f5Access2018","citrixSso","paloAltoGlobalProtectV2","ikEv2","alwaysOn","microsoftTunnel","netMotionMobility","microsoftProtect"]},{"CIMType":"Boolean","Description":"Send all network traffic through VPN.","Name":"enableSplitTunneling","Option":"Write"},{"CIMType":"String","Description":"Authentication method for this VPN connection.","Name":"authenticationMethod","Option":"Write","ValueMap":["certificate","usernameAndPassword","sharedSecret","derivedCredential","azureAD"],"Values":["certificate","usernameAndPassword","sharedSecret","derivedCredential","azureAD"]},{"CIMType":"String[]","Description":"Safari domains when this VPN per App setting is enabled. In addition to the apps associated with this VPN, Safari domains specified here will also be able to trigger this VPN connection.","Name":"safariDomains","Option":"Write"},{"CIMType":"String[]","Description":"Associated Domains. These domains will be linked with the VPN configuration.","Name":"associatedDomains","Option":"Write"},{"CIMType":"String[]","Description":"Domains that are accessed through the public internet instead of through VPN, even when per-app VPN is activated.","Name":"excludedDomains","Option":"Write"},{"CIMType":"MSFT_MicrosoftvpnProxyServer[]","Description":"Represents the assignment to the Intune policy.","Name":"proxyServer","Option":"Write"},{"CIMType":"Boolean","Description":"Opt-In to sharing the device's Id to third-party vpn clients for use during network access control validation.","Name":"optInToDeviceIdSharing","Option":"Write"},{"CIMType":"String[]","Description":"Not documented on https://learn.microsoft.com/en-us/graph/api/resources/intune-deviceconfig-applevpnconfiguration?view=graph-rest-beta.","Name":"excludeList","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphvpnServer[]","Description":"VPN Server on the network. Make sure end users can access this network location.","Name":"server","Option":"Write"},{"CIMType":"MSFT_customData[]","Description":"Use this field to enable functionality not supported by Intune, but available in your VPN solution. Contact your VPN vendor to learn how to add these key/value pairs. This collection can contain a maximum of 25 elements","Name":"customData","Option":"Write"},{"CIMType":"MSFT_customKeyValueData[]","Description":"Use this field to enable functionality not supported by Intune, but available in your VPN solution. Contact your VPN vendor to learn how to add these key/value pairs. This collection can contain a maximum of 25 elements","Name":"customKeyValueData","Option":"Write"},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyVpnOnDemandRule[]","Description":"On-Demand Rules. This collection can contain a maximum of 500 elements.","Name":"onDemandRules","Option":"Write"},{"CIMType":"String[]","Description":"Not documented on https://learn.microsoft.com/en-us/graph/api/resources/intune-deviceconfig-applevpnconfiguration?view=graph-rest-beta.","Name":"targetedMobileApps","Option":"Write"},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Intune Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"},{"CIMType":"uint32","Description":"Version of the device configuration. Inherited from deviceConfiguration.","Name":"version","Option":"Write"},{"CIMType":"String","Description":"Login group or domain when connection type is set to Dell SonicWALL Mobile Connection. Inherited from appleVpnConfiguration.","Name":"loginGroupOrDomain","Option":"Write"},{"CIMType":"String","Description":"Role when connection type is set to Pulse Secure. Inherited from appleVpnConfiguration.","Name":"role","Option":"Write"},{"CIMType":"String","Description":"Realm when connection type is set to Pulse Secure. Inherited from appleVpnConfiguration.","Name":"realm","Option":"Write"},{"CIMType":"String","Description":"Identifier provided by VPN vendor when connection type is set to Custom VPN. For example: Cisco AnyConnect uses an identifier of the form com.cisco.anyconnect.applevpn.plugin Inherited from appleVpnConfiguration.","Name":"identifier","Option":"Write"},{"CIMType":"Boolean","Description":"Setting this to true creates Per-App VPN payload which can later be associated with Apps that can trigger this VPN conneciton on the end user's iOS device. Inherited from appleVpnConfiguration.","Name":"enablePerApp","Option":"Write"},{"CIMType":"String","Description":"Provider type for per-app VPN. Inherited from appleVpnConfiguration. Possible values are: notConfigured, appProxy, packetTunnel.","Name":"providerType","Option":"Write","ValueMap":["notConfigured","appProxy","packetTunnel"],"Values":["notConfigured","appProxy","packetTunnel"]},{"CIMType":"Boolean","Description":"Toggle to prevent user from disabling automatic VPN in the Settings app Inherited from appleVpnConfiguration.","Name":"disableOnDemandUserOverride","Option":"Write"},{"CIMType":"Boolean","Description":"Whether to disconnect after on-demand connection idles Inherited from appleVpnConfiguration","Name":"disconnectOnIdle","Option":"Write"},{"CIMType":"uint32","Description":"The length of time in seconds to wait before disconnecting an on-demand connection. Valid values 0 to 65535 Inherited from appleVpnConfiguration.","Name":"disconnectOnIdleTimerInSeconds","Option":"Write"},{"CIMType":"String","Description":"Microsoft Tunnel site ID.","Name":"microsoftTunnelSiteId","Option":"Write"},{"CIMType":"String","Description":"Zscaler only. Zscaler cloud which the user is assigned to.","Name":"cloudName","Option":"Write"},{"CIMType":"Boolean","Description":"Zscaler only. Blocks network traffic until the user signs into Zscaler app. True means traffic is blocked.","Name":"strictEnforcement","Option":"Write"},{"CIMType":"String","Description":"Zscaler only. Enter a static domain to pre-populate the login field with in the Zscaler app. If this is left empty, the user's Azure Active Directory domain will be used instead.","Name":"userDomain","Option":"Write"}],"Description":"This resource configures an Intune VPN Configuration Policy for iOS Device."},{"ClassName":"MSFT_IntuneWifiConfigurationPolicyAndroidEnterpriseDeviceOwner","Parameters":[{"CIMType":"String","Description":"Id of the Intune policy","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"Disaply name of the Intune policy","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"Description of the Intune policy","Name":"Description","Option":"Write"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"Boolean","Description":"If the network is in range, automatically connect.","Name":"ConnectAutomatically","Option":"Write"},{"CIMType":"Boolean","Description":"Don't show this Wi-Fi network on an end-user's device in the list of available networks. The SSID will not be broadcasted.","Name":"ConnectWhenNetworkNameIsHidden","Option":"Write"},{"CIMType":"String","Description":"Network name.","Name":"NetworkName","Option":"Write"},{"CIMType":"String","Description":"Pre shared key.","Name":"PreSharedKey","Option":"Write"},{"CIMType":"Boolean","Description":"Pre shared key is set.","Name":"PreSharedKeyIsSet","Option":"Write"},{"CIMType":"String","Description":"URL of the automatic proxy.","Name":"ProxyAutomaticConfigurationUrl","Option":"Write"},{"CIMType":"String","Description":"Exclusion list of the proxy.","Name":"ProxyExclusionList","Option":"Write"},{"CIMType":"String","Description":"Address of the proxy.","Name":"ProxyManualAddress","Option":"Write"},{"CIMType":"UInt32","Description":"Port of the proxy.","Name":"ProxyManualPort","Option":"Write"},{"CIMType":"String","Description":"Proxy setting type.","Name":"ProxySettings","Option":"Write","ValueMap":["none","manual","automatic"],"Values":["none","manual","automatic"]},{"CIMType":"String","Description":"Service Set Identifier. The name of the Wi-Fi connection.","Name":"Ssid","Option":"Write"},{"CIMType":"String","Description":"Type of Wi-Fi profile.","Name":"WiFiSecurityType","Option":"Write","ValueMap":["open","wep","wpaPersonal","wpaEnterprise"],"Values":["open","wep","wpaPersonal","wpaEnterprise"]},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Intune Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures an Intune Wifi Configuration Policy for Android Enterprise, Full Managed Work Profile of Enterprise Wi-Fi type."},{"ClassName":"MSFT_IntuneWifiConfigurationPolicyAndroidEnterpriseWorkProfile","Parameters":[{"CIMType":"String","Description":"Id of the Intune policy.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"Display name of the Intune policy.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"Description of the Intune policy.","Name":"Description","Option":"Write"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"Boolean","Description":"Connect automatically.","Name":"ConnectAutomatically","Option":"Write"},{"CIMType":"Boolean","Description":"Connect when network name is hidden.","Name":"ConnectWhenNetworkNameIsHidden","Option":"Write"},{"CIMType":"String","Description":"Network name.","Name":"NetworkName","Option":"Write"},{"CIMType":"String","Description":"SSID.","Name":"Ssid","Option":"Write"},{"CIMType":"String","Description":"Wi-Fi security.","Name":"WiFiSecurityType","Option":"Write","ValueMap":["open","wpaEnterprise","wpa2Enterprise"],"Values":["open","wpaEnterprise","wpa2Enterprise"]},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Intune Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures an Intune Wifi Configuration Policy for Android Enterprise, Personally Owned Work Profile of Basic Wi-Fi type."},{"ClassName":"MSFT_IntuneWifiConfigurationPolicyAndroidForWork","Parameters":[{"CIMType":"String","Description":"Id of the Intune policy.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"Display name of the Intune policy.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"Description of the Intune policy.","Name":"Description","Option":"Write"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"Boolean","Description":"Connect automatically","Name":"ConnectAutomatically","Option":"Write"},{"CIMType":"Boolean","Description":"Connect when network name is hidden","Name":"ConnectWhenNetworkNameIsHidden","Option":"Write"},{"CIMType":"String","Description":"Network name","Name":"NetworkName","Option":"Write"},{"CIMType":"String","Description":"SSID","Name":"Ssid","Option":"Write"},{"CIMType":"String","Description":"Wi-Fi security","Name":"WiFiSecurityType","Option":"Write","ValueMap":["open","wpaEnterprise","wpa2Enterprise"],"Values":["open","wpaEnterprise","wpa2Enterprise"]},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Intune Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures an Intune Wifi Configuration Policy Android For Work Device."},{"ClassName":"MSFT_IntuneWifiConfigurationPolicyAndroidOpenSourceProject","Parameters":[{"CIMType":"String","Description":"Id of the Intune policy.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"Display name of the Intune policy.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"Description of the Intune policy.","Name":"Description","Option":"Write"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"Boolean","Description":"Connect automatically to the network.","Name":"ConnectAutomatically","Option":"Write"},{"CIMType":"Boolean","Description":"Define if the network should be connected if hidden.","Name":"ConnectWhenNetworkNameIsHidden","Option":"Write"},{"CIMType":"String","Description":"Define the network name.","Name":"NetworkName","Option":"Write"},{"CIMType":"String","Description":"Define the pre-shared key.","Name":"PreSharedKey","Option":"Write"},{"CIMType":"Boolean","Description":"Define if the pre-shared key is set.","Name":"PreSharedKeyIsSet","Option":"Write"},{"CIMType":"String","Description":"Define the SSID.","Name":"Ssid","Option":"Write"},{"CIMType":"String","Description":"Define the Wifi security type.","Name":"WiFiSecurityType","Option":"Write","ValueMap":["open","wep","wpaPersonal","wpaEnterprise"],"Values":["open","wep","wpaPersonal","wpaEnterprise"]},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Intune Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures an Intune Wifi Configuration Policy for Android Open Source Project, Basic Wi-Fi type."},{"ClassName":"MSFT_IntuneWifiConfigurationPolicyIOS","Parameters":[{"CIMType":"String","Description":"Id of the Intune policy.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"Display name of the Intune policy.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"Description of the Intune policy.","Name":"Description","Option":"Write"},{"CIMType":"Boolean","Description":"Connect automatically","Name":"ConnectAutomatically","Option":"Write"},{"CIMType":"Boolean","Description":"Connect when network name is hidden","Name":"ConnectWhenNetworkNameIsHidden","Option":"Write"},{"CIMType":"Boolean","Description":"Disable the MAC address randomization.","Name":"DisableMacAddressRandomization","Option":"Write"},{"CIMType":"Boolean","Description":"If the pre shared key should be updated, even if the policy is already equal.","Name":"ForcePreSharedKeyUpdate","Option":"Write"},{"CIMType":"String","Description":"Network name","Name":"NetworkName","Option":"Write"},{"CIMType":"String","Description":"Pre shared key","Name":"PreSharedKey","Option":"Write"},{"CIMType":"String","Description":"Proxy automatic configuration url","Name":"ProxyAutomaticConfigurationUrl","Option":"Write"},{"CIMType":"String","Description":"Proxy manual address","Name":"ProxyManualAddress","Option":"Write"},{"CIMType":"UInt32","Description":"Proxy manual port","Name":"ProxyManualPort","Option":"Write"},{"CIMType":"String","Description":"Proxy settings","Name":"ProxySettings","Option":"Write","ValueMap":["none","manual","automatic"],"Values":["none","manual","automatic"]},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"String","Description":"SSID","Name":"Ssid","Option":"Write"},{"CIMType":"String","Description":"Wi-Fi security","Name":"WiFiSecurityType","Option":"Write","ValueMap":["open","wpaPersonal","wpaEnterprise","wep","wpa2Personal","wpa2Enterprise"],"Values":["open","wpaPersonal","wpaEnterprise","wep","wpa2Personal","wpa2Enterprise"]},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Intune Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures an Intune Wifi Configuration Policy for iOS with Basic Wi-Fi type."},{"ClassName":"MSFT_IntuneWifiConfigurationPolicyMacOS","Parameters":[{"CIMType":"String","Description":"Id of the Intune policy.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"Display name of the Intune policy.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"Description of the Intune policy.","Name":"Description","Option":"Write"},{"CIMType":"Boolean","Description":"Connect automatically","Name":"ConnectAutomatically","Option":"Write"},{"CIMType":"Boolean","Description":"Connect when network name is hidden","Name":"ConnectWhenNetworkNameIsHidden","Option":"Write"},{"CIMType":"String","Description":"Indicates the deployment channel type used to deploy the configuration profile.","Name":"DeploymentChannel","Option":"Write","ValueMap":["deviceChannel","userChannel"],"Values":["deviceChannel","userChannel"]},{"CIMType":"Boolean","Description":"If the pre shared key should be updated, even if the policy is already equal.","Name":"ForcePreSharedKeyUpdate","Option":"Write"},{"CIMType":"String","Description":"Network name","Name":"NetworkName","Option":"Write"},{"CIMType":"String","Description":"Pre shared key","Name":"PreSharedKey","Option":"Write"},{"CIMType":"String","Description":"Proxy automatic configuration url","Name":"ProxyAutomaticConfigurationUrl","Option":"Write"},{"CIMType":"String","Description":"Proxy manual address","Name":"ProxyManualAddress","Option":"Write"},{"CIMType":"UInt32","Description":"Proxy manual port","Name":"ProxyManualPort","Option":"Write"},{"CIMType":"String","Description":"Proxy settings","Name":"ProxySettings","Option":"Write","ValueMap":["none","manual","automatic"],"Values":["none","manual","automatic"]},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"String","Description":"SSID","Name":"Ssid","Option":"Write"},{"CIMType":"String","Description":"Wi-Fi security","Name":"WiFiSecurityType","Option":"Write","ValueMap":["open","wpaPersonal","wpaEnterprise","wep","wpa2Personal","wpa2Enterprise"],"Values":["open","wpaPersonal","wpaEnterprise","wep","wpa2Personal","wpa2Enterprise"]},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Intune Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures an Intune Wifi Configuration Policy for MacOS with Basic Wi-Fi type."},{"ClassName":"MSFT_DeviceManagementApplicabilityRuleOsEdition","Parameters":[{"CIMType":"String","Description":"Name for object","Name":"Name","Option":"Write"},{"CIMType":"String[]","Description":"Applicability rule OS edition type","Name":"OsEditionTypes","Option":"Write"},{"CIMType":"String","Description":"Applicability Rule type","Name":"RuleType","Option":"Write","ValueMap":["include","exclude"],"Values":["include","exclude"]}],"Description":"This resource configures an Intune Wifi Configuration Policy for Windows10 with Basic Wi-Fi type."},{"ClassName":"MSFT_DeviceManagementApplicabilityRuleOsVersion","Parameters":[{"CIMType":"String","Description":"Name for object","Name":"Name","Option":"Write"},{"CIMType":"String","Description":"Min OS version for Applicability Rule","Name":"MinOSVersion","Option":"Write"},{"CIMType":"String","Description":"Max OS version for Applicability Rule","Name":"MaxOSVersion","Option":"Write"},{"CIMType":"String","Description":"Applicability Rule type","Name":"RuleType","Option":"Write","ValueMap":["include","exclude"],"Values":["include","exclude"]}],"Description":"This resource configures an Intune Wifi Configuration Policy for Windows10 with Basic Wi-Fi type."},{"ClassName":"MSFT_IntuneWifiConfigurationPolicyWindows10","Parameters":[{"CIMType":"String","Description":"Id of the Intune policy.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"Display name of the Intune policy.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"Description of the Intune policy.","Name":"Description","Option":"Write"},{"CIMType":"Boolean","Description":"Connect automatically","Name":"ConnectAutomatically","Option":"Write"},{"CIMType":"Boolean","Description":"Connect to preferred network","Name":"ConnectToPreferredNetwork","Option":"Write"},{"CIMType":"Boolean","Description":"Connect when network name is hidden","Name":"ConnectWhenNetworkNameIsHidden","Option":"Write"},{"CIMType":"MSFT_DeviceManagementApplicabilityRuleOsEdition","Description":"The OS edition applicability for this Policy. ","Name":"DeviceManagementApplicabilityRuleOsEdition","Option":"Write"},{"CIMType":"MSFT_DeviceManagementApplicabilityRuleOsVersion","Description":"The OS version applicability rule for this Policy.","Name":"DeviceManagementApplicabilityRuleOsVersion","Option":"Write"},{"CIMType":"Boolean","Description":"Force FIPS compliance","Name":"ForceFIPSCompliance","Option":"Write"},{"CIMType":"Boolean","Description":"If the pre shared key should be updated, even if the policy is already equal.","Name":"ForcePreSharedKeyUpdate","Option":"Write"},{"CIMType":"String","Description":"Metered connection limit","Name":"MeteredConnectionLimit","Option":"Write","ValueMap":["unrestricted","fixed","variable"],"Values":["unrestricted","fixed","variable"]},{"CIMType":"String","Description":"Network name","Name":"NetworkName","Option":"Write"},{"CIMType":"String","Description":"Pre shared key","Name":"PreSharedKey","Option":"Write"},{"CIMType":"String","Description":"Proxy automatic configuration url","Name":"ProxyAutomaticConfigurationUrl","Option":"Write"},{"CIMType":"String","Description":"Proxy manual address","Name":"ProxyManualAddress","Option":"Write"},{"CIMType":"UInt32","Description":"Proxy manual port","Name":"ProxyManualPort","Option":"Write"},{"CIMType":"String","Description":"Proxy setting","Name":"ProxySetting","Option":"Write","ValueMap":["none","manual","automatic"],"Values":["none","manual","automatic"]},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"String","Description":"SSID","Name":"Ssid","Option":"Write"},{"CIMType":"String","Description":"Wi-Fi security","Name":"WifiSecurityType","Option":"Write","ValueMap":["open","wpaPersonal","wpaEnterprise","wep","wpa2Personal","wpa2Enterprise"],"Values":["open","wpaPersonal","wpaEnterprise","wep","wpa2Personal","wpa2Enterprise"]},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Intune Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures an Intune Wifi Configuration Policy for Windows10 with Basic Wi-Fi type."},{"ClassName":"MSFT_MicrosoftGraphWindowsEnrollmentStatusScreenSettings","Parameters":[{"CIMType":"Boolean","Description":"Allow or block user to use device before profile and app installation complete","Name":"AllowDeviceUseBeforeProfileAndAppInstallComplete","Option":"Write"},{"CIMType":"Boolean","Description":"Allow the user to continue using the device on installation failure","Name":"AllowDeviceUseOnInstallFailure","Option":"Write"},{"CIMType":"Boolean","Description":"Allow or block log collection on installation failure","Name":"AllowLogCollectionOnInstallFailure","Option":"Write"},{"CIMType":"Boolean","Description":"Allow the user to retry the setup on installation failure","Name":"BlockDeviceSetupRetryByUser","Option":"Write"},{"CIMType":"String","Description":"Set custom error message to show upon installation failure","Name":"CustomErrorMessage","Option":"Write"},{"CIMType":"Boolean","Description":"Show or hide installation progress to user","Name":"HideInstallationProgress","Option":"Write"},{"CIMType":"UInt32","Description":"Set installation progress timeout in minutes","Name":"InstallProgressTimeoutInMinutes","Option":"Write"}],"Description":"Intune Windows Autopilot Deployment Profile Azure AD Hybrid Joined"},{"ClassName":"MSFT_MicrosoftGraphOutOfBoxExperienceSettings","Parameters":[{"CIMType":"String","Description":"AAD join authentication type. Possible values are: singleUser, shared.","Name":"DeviceUsageType","Option":"Write","ValueMap":["singleUser","shared"],"Values":["singleUser","shared"]},{"CIMType":"Boolean","Description":"If set to true, then the user can't start over with different account, on company sign-in","Name":"HideEscapeLink","Option":"Write"},{"CIMType":"Boolean","Description":"Show or hide EULA to user","Name":"HideEULA","Option":"Write"},{"CIMType":"Boolean","Description":"Show or hide privacy settings to user","Name":"HidePrivacySettings","Option":"Write"},{"CIMType":"Boolean","Description":"If set, then skip the keyboard selection page if Language and Region are set","Name":"SkipKeyboardSelectionPage","Option":"Write"},{"CIMType":"String","Description":"Type of user. Possible values are: administrator, standard.","Name":"UserType","Option":"Write","ValueMap":["administrator","standard"],"Values":["administrator","standard"]}],"Description":"Intune Windows Autopilot Deployment Profile Azure AD Hybrid Joined"},{"ClassName":"MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined","Parameters":[{"CIMType":"Boolean","Description":"The Autopilot Hybrid Azure AD join flow will continue even if it does not establish domain controller connectivity during OOBE.","Name":"HybridAzureADJoinSkipConnectivityCheck","Option":"Write"},{"CIMType":"String","Description":"Description of the profile","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"The template used to name the AutoPilot Device. This can be a custom text and can also contain either the serial number of the device, or a randomly generated number. The total length of the text generated by the template can be no more than 15 characters.","Name":"DeviceNameTemplate","Option":"Write"},{"CIMType":"String","Description":"The AutoPilot device type that this profile is applicable to. Possible values are: windowsPc, surfaceHub2.","Name":"DeviceType","Option":"Write","ValueMap":["windowsPc","surfaceHub2","holoLens","surfaceHub2S","virtualMachine","unknownFutureValue"],"Values":["windowsPc","surfaceHub2","holoLens","surfaceHub2S","virtualMachine","unknownFutureValue"]},{"CIMType":"String","Description":"Name of the profile","Name":"DisplayName","Option":"Key"},{"CIMType":"Boolean","Description":"Enable Autopilot White Glove for the profile.","Name":"EnableWhiteGlove","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphwindowsEnrollmentStatusScreenSettings","Description":"Enrollment status screen setting","Name":"EnrollmentStatusScreenSettings","Option":"Write"},{"CIMType":"Boolean","Description":"HardwareHash Extraction for the profile","Name":"ExtractHardwareHash","Option":"Write"},{"CIMType":"String","Description":"Language configured on the device","Name":"Language","Option":"Write"},{"CIMType":"String","Description":"AzureAD management app ID used during client device-based enrollment discovery","Name":"ManagementServiceAppId","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphoutOfBoxExperienceSettings","Description":"Out of box experience setting","Name":"OutOfBoxExperienceSettings","Option":"Write"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Windows Autopilot Deployment Profile Azure AD Hybrid Joined"},{"ClassName":"MSFT_MicrosoftGraphWindowsEnrollmentStatusScreenSettings1","Parameters":[{"CIMType":"Boolean","Description":"Allow or block user to use device before profile and app installation complete","Name":"AllowDeviceUseBeforeProfileAndAppInstallComplete","Option":"Write"},{"CIMType":"Boolean","Description":"Allow the user to continue using the device on installation failure","Name":"AllowDeviceUseOnInstallFailure","Option":"Write"},{"CIMType":"Boolean","Description":"Allow or block log collection on installation failure","Name":"AllowLogCollectionOnInstallFailure","Option":"Write"},{"CIMType":"Boolean","Description":"Allow the user to retry the setup on installation failure","Name":"BlockDeviceSetupRetryByUser","Option":"Write"},{"CIMType":"String","Description":"Set custom error message to show upon installation failure","Name":"CustomErrorMessage","Option":"Write"},{"CIMType":"Boolean","Description":"Show or hide installation progress to user","Name":"HideInstallationProgress","Option":"Write"},{"CIMType":"UInt32","Description":"Set installation progress timeout in minutes","Name":"InstallProgressTimeoutInMinutes","Option":"Write"}],"Description":"Intune Windows Autopilot Deployment Profile Azure AD Joined"},{"ClassName":"MSFT_MicrosoftGraphOutOfBoxExperienceSettings1","Parameters":[{"CIMType":"String","Description":"AAD join authentication type. Possible values are: singleUser, shared.","Name":"DeviceUsageType","Option":"Write","ValueMap":["singleUser","shared"],"Values":["singleUser","shared"]},{"CIMType":"Boolean","Description":"If set to true, then the user can't start over with different account, on company sign-in","Name":"HideEscapeLink","Option":"Write"},{"CIMType":"Boolean","Description":"Show or hide EULA to user","Name":"HideEULA","Option":"Write"},{"CIMType":"Boolean","Description":"Show or hide privacy settings to user","Name":"HidePrivacySettings","Option":"Write"},{"CIMType":"Boolean","Description":"If set, then skip the keyboard selection page if Language and Region are set","Name":"SkipKeyboardSelectionPage","Option":"Write"},{"CIMType":"String","Description":"Type of user. Possible values are: administrator, standard.","Name":"UserType","Option":"Write","ValueMap":["administrator","standard"],"Values":["administrator","standard"]}],"Description":"Intune Windows Autopilot Deployment Profile Azure AD Joined"},{"ClassName":"MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADJoined","Parameters":[{"CIMType":"String","Description":"Description of the profile","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"The template used to name the AutoPilot Device. This can be a custom text and can also contain either the serial number of the device, or a randomly generated number. The total length of the text generated by the template can be no more than 15 characters.","Name":"DeviceNameTemplate","Option":"Write"},{"CIMType":"String","Description":"The AutoPilot device type that this profile is applicable to. Possible values are: windowsPc, surfaceHub2.","Name":"DeviceType","Option":"Write","ValueMap":["windowsPc","surfaceHub2","holoLens","surfaceHub2S","virtualMachine","unknownFutureValue"],"Values":["windowsPc","surfaceHub2","holoLens","surfaceHub2S","virtualMachine","unknownFutureValue"]},{"CIMType":"String","Description":"Name of the profile","Name":"DisplayName","Option":"Key"},{"CIMType":"Boolean","Description":"Enable Autopilot White Glove for the profile.","Name":"EnableWhiteGlove","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphwindowsEnrollmentStatusScreenSettings1","Description":"Enrollment status screen setting","Name":"EnrollmentStatusScreenSettings","Option":"Write"},{"CIMType":"Boolean","Description":"HardwareHash Extraction for the profile","Name":"ExtractHardwareHash","Option":"Write"},{"CIMType":"String","Description":"Language configured on the device","Name":"Language","Option":"Write"},{"CIMType":"String","Description":"AzureAD management app ID used during client device-based enrollment discovery","Name":"ManagementServiceAppId","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphoutOfBoxExperienceSettings1","Description":"Out of box experience setting","Name":"OutOfBoxExperienceSettings","Option":"Write"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Windows Autopilot Deployment Profile Azure AD Joined"},{"ClassName":"MSFT_IntuneWindowsBackupForOrganizationConfiguration","Parameters":[{"CIMType":"String","Description":"Only valid value is 'Yes'.","Name":"IsSingleInstance","Option":"Key","ValueMap":["Yes"],"Values":["Yes"]},{"CIMType":"String","Description":"Indicates the configuration state of the Windows Restore setting. Possible values are 'notConfigured', 'enabled', and 'disabled'. Default is: notConfigured. This is a tenant level default setting that is not targetable. This property's value is applied during Enrollment. Possible values are: notConfigured, enabled, disabled.","Name":"State","Option":"Write","ValueMap":["notConfigured","enabled","disabled"],"Values":["notConfigured","enabled","disabled"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Windows Backup For Organization Configuration\n\n**Attention**: Can only be updated using the delegated `Credentials` authentication method."},{"ClassName":"MSFT_IntuneWindowsHelloForBusinessGlobalPolicy","Parameters":[{"CIMType":"String","Description":"Only valid value is 'Yes'.","Name":"IsSingleInstance","Option":"Key","ValueMap":["Yes"],"Values":["Yes"]},{"CIMType":"String","Description":"Controls the ability to use the anti-spoofing features for facial recognition on devices which support it. If set to disabled, anti-spoofing features are not allowed. If set to Not Configured, the user can choose whether they want to use anti-spoofing. Possible values are: notConfigured, enabled, disabled.","Name":"EnhancedBiometricsState","Option":"Write","ValueMap":["notConfigured","enabled","disabled"],"Values":["notConfigured","enabled","disabled"]},{"CIMType":"UInt32","Description":"Setting to configure Enhanced sign-in security. Default is Not Configured","Name":"EnhancedSignInSecurity","Option":"Write"},{"CIMType":"UInt32","Description":"Controls the period of time (in days) that a PIN can be used before the system requires the user to change it. This must be set between 0 and 730, inclusive. If set to 0, the user's PIN will never expire","Name":"PinExpirationInDays","Option":"Write"},{"CIMType":"String","Description":"Controls the ability to use lowercase letters in the Windows Hello for Business PIN.  Allowed permits the use of lowercase letter(s), whereas Required ensures they are present. If set to Not Allowed, lowercase letters will not be permitted. Possible values are: allowed, required, disallowed.","Name":"PinLowercaseCharactersUsage","Option":"Write","ValueMap":["allowed","required","disallowed"],"Values":["allowed","required","disallowed"]},{"CIMType":"UInt32","Description":"Controls the maximum number of characters allowed for the Windows Hello for Business PIN. This value must be between 4 and 127, inclusive. This value must be greater than or equal to the value set for the minimum PIN.","Name":"PinMaximumLength","Option":"Write"},{"CIMType":"UInt32","Description":"Controls the minimum number of characters required for the Windows Hello for Business PIN.  This value must be between 4 and 127, inclusive, and less than or equal to the value set for the maximum PIN.","Name":"PinMinimumLength","Option":"Write"},{"CIMType":"UInt32","Description":"Controls the ability to prevent users from using past PINs. This must be set between 0 and 50, inclusive, and the current PIN of the user is included in that count. If set to 0, previous PINs are not stored. PIN history is not preserved through a PIN reset.","Name":"PinPreviousBlockCount","Option":"Write"},{"CIMType":"String","Description":"Controls the ability to use special characters in the Windows Hello for Business PIN.  Allowed permits the use of special character(s), whereas Required ensures they are present. If set to Not Allowed, special character(s) will not be permitted. Possible values are: allowed, required, disallowed.","Name":"PinSpecialCharactersUsage","Option":"Write","ValueMap":["allowed","required","disallowed"],"Values":["allowed","required","disallowed"]},{"CIMType":"String","Description":"Controls the ability to use uppercase letters in the Windows Hello for Business PIN.  Allowed permits the use of uppercase letter(s), whereas Required ensures they are present. If set to Not Allowed, uppercase letters will not be permitted. Possible values are: allowed, required, disallowed.","Name":"PinUppercaseCharactersUsage","Option":"Write","ValueMap":["allowed","required","disallowed"],"Values":["allowed","required","disallowed"]},{"CIMType":"Boolean","Description":"Controls the use of Remote Windows Hello for Business. Remote Windows Hello for Business provides the ability for a portable, registered device to be usable as a companion for desktop authentication. The desktop must be Azure AD joined and the companion device must have a Windows Hello for Business PIN.","Name":"RemotePassportEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"Controls whether to require a Trusted Platform Module (TPM) for provisioning Windows Hello for Business. A TPM provides an additional security benefit in that data stored on it cannot be used on other devices. If set to False, all devices can provision Windows Hello for Business even if there is not a usable TPM.","Name":"SecurityDeviceRequired","Option":"Write"},{"CIMType":"String","Description":"Security key for Sign In provides the capacity for remotely turning ON/OFF Windows Hello Sercurity Keyl Not configured will honor configurations done on the clinet. Possible values are: notConfigured, enabled, disabled.","Name":"SecurityKeyForSignIn","Option":"Write","ValueMap":["notConfigured","enabled","disabled"],"Values":["notConfigured","enabled","disabled"]},{"CIMType":"String","Description":"Controls whether to allow the device to be configured for Windows Hello for Business. If set to disabled, the user cannot provision Windows Hello for Business except on Azure Active Directory joined mobile phones if otherwise required. If set to Not Configured, Intune will not override client defaults. Possible values are: notConfigured, enabled, disabled.","Name":"State","Option":"Write","ValueMap":["notConfigured","enabled","disabled"],"Values":["notConfigured","enabled","disabled"]},{"CIMType":"Boolean","Description":"Controls the use of biometric gestures, such as face and fingerprint, as an alternative to the Windows Hello for Business PIN.  If set to False, biometric gestures are not allowed. Users must still configure a PIN as a backup in case of failures.","Name":"UnlockWithBiometricsEnabled","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Windows Hello For Business Global Policy.\n\n**Attention:** Only the export works with app-only authentication. To update the settings, credential authentication is required."},{"ClassName":"MSFT_IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolledPolicyAssignments","Parameters":[{"CIMType":"String","Description":"The type of the target assignment.","Name":"dataType","Option":"Write","ValueMap":["#microsoft.graph.groupAssignmentTarget","#microsoft.graph.allLicensedUsersAssignmentTarget","#microsoft.graph.allDevicesAssignmentTarget","#microsoft.graph.exclusionGroupAssignmentTarget","#microsoft.graph.configurationManagerCollectionAssignmentTarget"],"Values":["#microsoft.graph.groupAssignmentTarget","#microsoft.graph.allLicensedUsersAssignmentTarget","#microsoft.graph.allDevicesAssignmentTarget","#microsoft.graph.exclusionGroupAssignmentTarget","#microsoft.graph.configurationManagerCollectionAssignmentTarget"]},{"CIMType":"String","Description":"The type of filter of the target assignment i.e. Exclude or Include. Possible values are:none, include, exclude.","Name":"deviceAndAppManagementAssignmentFilterType","Option":"Write","ValueMap":["none","include","exclude"],"Values":["none","include","exclude"]},{"CIMType":"String","Description":"The Id of the filter for the target assignment.","Name":"deviceAndAppManagementAssignmentFilterId","Option":"Write"},{"CIMType":"String","Description":"The display name of the filter for the target assignment.","Name":"deviceAndAppManagementAssignmentFilterDisplayName","Option":"Write"},{"CIMType":"String","Description":"The group Id that is the target of the assignment.","Name":"groupId","Option":"Write"},{"CIMType":"String","Description":"The group Display Name that is the target of the assignment.","Name":"groupDisplayName","Option":"Write"},{"CIMType":"String","Description":"The collection Id that is the target of the assignment.(ConfigMgr)","Name":"collectionId","Option":"Write"}],"Description":"Intune Windows Information Protection Policy for Windows10 Mdm Enrolled"},{"ClassName":"MSFT_MicrosoftGraphWindowsInformationProtectionDataRecoveryCertificate","Parameters":[{"CIMType":"String","Description":"Data recovery Certificate","Name":"Certificate","Option":"Write"},{"CIMType":"String","Description":"Data recovery Certificate description","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Data recovery Certificate expiration datetime","Name":"ExpirationDateTime","Option":"Write"},{"CIMType":"String","Description":"Data recovery Certificate subject name","Name":"SubjectName","Option":"Write"}],"Description":"Intune Windows Information Protection Policy for Windows10 Mdm Enrolled"},{"ClassName":"MSFT_MicrosoftGraphWindowsInformationProtectionResourceCollection","Parameters":[{"CIMType":"String","Description":"Display name","Name":"DisplayName","Option":"Key"},{"CIMType":"String[]","Description":"Collection of resources","Name":"Resources","Option":"Write"}],"Description":"Intune Windows Information Protection Policy for Windows10 Mdm Enrolled"},{"ClassName":"MSFT_MicrosoftGraphWindowsInformationProtectionIPRangeCollection","Parameters":[{"CIMType":"String","Description":"Display name","Name":"DisplayName","Option":"Key"},{"CIMType":"MSFT_MicrosoftGraphIpRange[]","Description":"Collection of ip ranges","Name":"Ranges","Option":"Write"}],"Description":"Intune Windows Information Protection Policy for Windows10 Mdm Enrolled"},{"ClassName":"MSFT_MicrosoftGraphIpRange","Parameters":[{"CIMType":"String","Description":"Lower address.","Name":"LowerAddress","Option":"Key"},{"CIMType":"String","Description":"Upper address.","Name":"UpperAddress","Option":"Key"},{"CIMType":"String","Description":"The type of the entity.","Name":"odataType","Option":"Key","ValueMap":["#microsoft.graph.iPv4Range","#microsoft.graph.iPv6Range"],"Values":["#microsoft.graph.iPv4Range","#microsoft.graph.iPv6Range"]}],"Description":"Intune Windows Information Protection Policy for Windows10 Mdm Enrolled"},{"ClassName":"MSFT_MicrosoftGraphWindowsInformationProtectionProxiedDomainCollection","Parameters":[{"CIMType":"String","Description":"Display name","Name":"DisplayName","Option":"Key"},{"CIMType":"MSFT_MicrosoftGraphProxiedDomain[]","Description":"Collection of proxied domains","Name":"ProxiedDomains","Option":"Write"}],"Description":"Intune Windows Information Protection Policy for Windows10 Mdm Enrolled"},{"ClassName":"MSFT_MicrosoftGraphProxiedDomain","Parameters":[{"CIMType":"String","Description":"The IP address or FQDN","Name":"IpAddressOrFQDN","Option":"Key"},{"CIMType":"String","Description":"Proxy IP or FQDN","Name":"Proxy","Option":"Write"}],"Description":"Intune Windows Information Protection Policy for Windows10 Mdm Enrolled"},{"ClassName":"MSFT_MicrosoftGraphWindowsInformationProtectionApp","Parameters":[{"CIMType":"Boolean","Description":"If true, app is denied protection or exemption.","Name":"Denied","Option":"Write"},{"CIMType":"String","Description":"The app's description.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"App display name.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"The product name.","Name":"ProductName","Option":"Write"},{"CIMType":"String","Description":"The publisher name","Name":"PublisherName","Option":"Write"},{"CIMType":"String","Description":"The binary name.","Name":"BinaryName","Option":"Write"},{"CIMType":"String","Description":"The high binary version.","Name":"BinaryVersionHigh","Option":"Write"},{"CIMType":"String","Description":"The lower binary version.","Name":"BinaryVersionLow","Option":"Write"},{"CIMType":"String","Description":"The type of the entity.","Name":"odataType","Option":"Write","ValueMap":["#microsoft.graph.windowsInformationProtectionDesktopApp","#microsoft.graph.windowsInformationProtectionStoreApp"],"Values":["#microsoft.graph.windowsInformationProtectionDesktopApp","#microsoft.graph.windowsInformationProtectionStoreApp"]}],"Description":"Intune Windows Information Protection Policy for Windows10 Mdm Enrolled"},{"ClassName":"MSFT_IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled","Parameters":[{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"Policy display name.","Name":"DisplayName","Option":"Key"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies whether to allow Azure RMS encryption for WIP","Name":"AzureRightsManagementServicesAllowed","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphwindowsInformationProtectionDataRecoveryCertificate","Description":"Specifies a recovery certificate that can be used for data recovery of encrypted files. This is the same as the data recovery agent(DRA) certificate for encrypting file system(EFS)","Name":"DataRecoveryCertificate","Option":"Write"},{"CIMType":"String","Description":"WIP enforcement level.See the Enum definition for supported values. Possible values are: noProtection, encryptAndAuditOnly, encryptAuditAndPrompt, encryptAuditAndBlock.","Name":"EnforcementLevel","Option":"Write","ValueMap":["noProtection","encryptAndAuditOnly","encryptAuditAndPrompt","encryptAuditAndBlock"],"Values":["noProtection","encryptAndAuditOnly","encryptAuditAndPrompt","encryptAuditAndBlock"]},{"CIMType":"String","Description":"Primary enterprise domain","Name":"EnterpriseDomain","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphwindowsInformationProtectionResourceCollection[]","Description":"This is the comma-separated list of internal proxy servers. For example, '157.54.14.28, 157.54.11.118, 10.202.14.167, 157.53.14.163, 157.69.210.59'. These proxies have been configured by the admin to connect to specific resources on the Internet. They are considered to be enterprise network locations. The proxies are only leveraged in configuring the EnterpriseProxiedDomains policy to force traffic to the matched domains through these proxies","Name":"EnterpriseInternalProxyServers","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphwindowsInformationProtectionIPRangeCollection[]","Description":"Sets the enterprise IP ranges that define the computers in the enterprise network. Data that comes from those computers will be considered part of the enterprise and protected. These locations will be considered a safe destination for enterprise data to be shared to","Name":"EnterpriseIPRanges","Option":"Write"},{"CIMType":"Boolean","Description":"Boolean value that tells the client to accept the configured list and not to use heuristics to attempt to find other subnets. Default is false","Name":"EnterpriseIPRangesAreAuthoritative","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphwindowsInformationProtectionResourceCollection[]","Description":"This is the list of domains that comprise the boundaries of the enterprise. Data from one of these domains that is sent to a device will be considered enterprise data and protected These locations will be considered a safe destination for enterprise data to be shared to","Name":"EnterpriseNetworkDomainNames","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphwindowsInformationProtectionResourceCollection[]","Description":"List of enterprise domains to be protected","Name":"EnterpriseProtectedDomainNames","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphwindowsInformationProtectionProxiedDomainCollection[]","Description":"Contains a list of Enterprise resource domains hosted in the cloud that need to be protected. Connections to these resources are considered enterprise data. If a proxy is paired with a cloud resource, traffic to the cloud resource will be routed through the enterprise network via the denoted proxy server (on Port 80). A proxy server used for this purpose must also be configured using the EnterpriseInternalProxyServers policy","Name":"EnterpriseProxiedDomains","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphwindowsInformationProtectionResourceCollection[]","Description":"This is a list of proxy servers. Any server not on this list is considered non-enterprise","Name":"EnterpriseProxyServers","Option":"Write"},{"CIMType":"Boolean","Description":"Boolean value that tells the client to accept the configured list of proxies and not try to detect other work proxies. Default is false","Name":"EnterpriseProxyServersAreAuthoritative","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphwindowsInformationProtectionApp[]","Description":"Exempt applications can also access enterprise data, but the data handled by those applications are not protected. This is because some critical enterprise applications may have compatibility problems with encrypted data.","Name":"ExemptApps","Option":"Write"},{"CIMType":"Boolean","Description":"Determines whether overlays are added to icons for WIP protected files in Explorer and enterprise only app tiles in the Start menu. Starting in Windows 10, version 1703 this setting also configures the visibility of the WIP icon in the title bar of a WIP-protected app","Name":"IconsVisible","Option":"Write"},{"CIMType":"Boolean","Description":"This switch is for the Windows Search Indexer, to allow or disallow indexing of items","Name":"IndexingEncryptedStoresOrItemsBlocked","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphwindowsInformationProtectionResourceCollection[]","Description":"List of domain names that can used for work or personal resource","Name":"NeutralDomainResources","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphwindowsInformationProtectionApp[]","Description":"Protected applications can access enterprise data and the data handled by those applications are protected with encryption","Name":"ProtectedApps","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies whether the protection under lock feature (also known as encrypt under pin) should be configured","Name":"ProtectionUnderLockConfigRequired","Option":"Write"},{"CIMType":"Boolean","Description":"This policy controls whether to revoke the WIP keys when a device unenrolls from the management service. If set to 1 (Don't revoke keys), the keys will not be revoked and the user will continue to have access to protected files after unenrollment. If the keys are not revoked, there will be no revoked file cleanup subsequently.","Name":"RevokeOnUnenrollDisabled","Option":"Write"},{"CIMType":"String","Description":"TemplateID GUID to use for RMS encryption. The RMS template allows the IT admin to configure the details about who has access to RMS-protected file and how long they have access","Name":"RightsManagementServicesTemplateId","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphwindowsInformationProtectionResourceCollection[]","Description":"Specifies a list of file extensions, so that files with these extensions are encrypted when copying from an SMB share within the corporate boundary","Name":"SmbAutoEncryptedFileExtensions","Option":"Write"},{"CIMType":"String","Description":"The policy's description.","Name":"Description","Option":"Write"},{"CIMType":"MSFT_IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolledPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Windows Information Protection Policy for Windows10 Mdm Enrolled"},{"ClassName":"MSFT_IntuneWindowsUpdateForBusinessDriverUpdateProfileWindows10","Parameters":[{"CIMType":"String","Description":"Id of the Intune policy.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"Display name of the Intune policy.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"Description of the Intune policy.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Driver update profile approval type. For example, manual or automatic approval. Possible values are: manual, automatic.","Name":"ApprovalType","Option":"Write","ValueMap":["manual","automatic"],"Values":["manual","automatic"]},{"CIMType":"UInt32","Description":"Deployment deferral settings in days, only applicable when ApprovalType is set to automatic approval.","Name":"DeploymentDeferralInDays","Option":"Write"},{"CIMType":"String[]","Description":"List of Scope Tag IDs for the Driver Update entity.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Windows Update For Business Driver Update Profile for Windows 10\n\nPlease note: Once a policy is created, the `ApprovalType` cannot be changed. A new policy must be created."},{"ClassName":"MSFT_MicrosoftGraphWindowsUpdateRolloutSettings","Parameters":[{"CIMType":"String","Description":"The feature update's ending  of release date and time to be set, update, and displayed for a feature Update profile for example: 2020-06-09T10:00:00Z.","Name":"OfferEndDateTimeInUTC","Option":"Write"},{"CIMType":"UInt32","Description":"The number of day(s) between each set of offers to be set, updated, and displayed for a feature update profile, for example: if OfferStartDateTimeInUTC is 2020-06-09T10:00:00Z, and OfferIntervalInDays is 1, then the next two sets of offers will be made consecutively on 2020-06-10T10:00:00Z (next day at the same specified time) and 2020-06-11T10:00:00Z (next next day at the same specified time) with 1 day in between each set of offers.","Name":"OfferIntervalInDays","Option":"Write"},{"CIMType":"String","Description":"The feature update's starting date and time to be set, update, and displayed for a feature Update profile for example: 2020-06-09T10:00:00Z.","Name":"OfferStartDateTimeInUTC","Option":"Write"}],"Description":"Intune Windows Update For Business Feature Update Profile for Windows10\n\n## RolloutSettings\n\nThe RolloutSettings for this resource have the following constraints and notes:\n\n* When creating a policy:\n  * If only a start date is specified, then the start date must be at least today.\n    * If the desired state date is before the current date, it will be adjusted to the current date.\n  * If a start and end date is specified, the start date must be the current date + 2 days, and the end date must be at least one day after the start date.\n    * If the start date is before the current date + 2 days, it will be adjusted to this date.\n* When updating a policy:\n  * If only a start date is specified, then the start date must either be the date from the current configuration or the current date (or later).\n    * If the desired state date is before the current date, it will be adjusted to the current date.\n  * If a start and end date is specified, the start date must be the current date + 2 days, and the end date must be at least one day after the start date.\n    * If the start date is before the current date + 2 days, it will be adjusted to this date.\n* When testing a policy:\n  * If the policy is missing and the start and end date are before the current date, it will return true.\n  * If the start date is different but before the current start date or time, it will return true."},{"ClassName":"MSFT_IntuneWindowsUpdateForBusinessFeatureUpdateProfileWindows10","Parameters":[{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"The display name of the profile.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"The description of the profile which is specified by the user.","Name":"Description","Option":"Write"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"String","Description":"The feature update version that will be deployed to the devices targeted by this profile. The version could be any supported version for example 1709, 1803 or 1809 and so on.","Name":"FeatureUpdateVersion","Option":"Write"},{"CIMType":"Boolean","Description":"If true, the Windows 11 update will become optional","Name":"InstallFeatureUpdatesOptional","Option":"Write"},{"CIMType":"Boolean","Description":"If true, the latest Microsoft Windows 10 update will be installed on devices ineligible for Microsoft Windows 11. Cannot be changed after creation of the policy.","Name":"InstallLatestWindows10OnWindows11IneligibleDevice","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphwindowsUpdateRolloutSettings","Description":"The windows update rollout settings, including offer start date time, offer end date time, and days between each set of offers. For 'as soon as possible' installation, set this setting to $null or do not configure it.","Name":"RolloutSettings","Option":"Write"},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Windows Update For Business Feature Update Profile for Windows10\n\n## RolloutSettings\n\nThe RolloutSettings for this resource have the following constraints and notes:\n\n* When creating a policy:\n  * If only a start date is specified, then the start date must be at least today.\n    * If the desired state date is before the current date, it will be adjusted to the current date.\n  * If a start and end date is specified, the start date must be the current date + 2 days, and the end date must be at least one day after the start date.\n    * If the start date is before the current date + 2 days, it will be adjusted to this date.\n* When updating a policy:\n  * If only a start date is specified, then the start date must either be the date from the current configuration or the current date (or later).\n    * If the desired state date is before the current date, it will be adjusted to the current date.\n  * If a start and end date is specified, the start date must be the current date + 2 days, and the end date must be at least one day after the start date.\n    * If the start date is before the current date + 2 days, it will be adjusted to this date.\n* When testing a policy:\n  * If the policy is missing and the start and end date are before the current date, it will return true.\n  * If the start date is different but before the current start date or time, it will return true."},{"ClassName":"MSFT_IntuneWindowsUpdateForBusinessHotpatchProfileWindows10","Parameters":[{"CIMType":"String","Description":"Indicates the display name of the device cleanup rule.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"Indicates the description for the device clean up rule.","Name":"Description","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates if hotpatch is enabled.","Name":"HotpatchEnabled","Option":"Write"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Windows Update For Business Hotpatch Profile for Windows10"},{"ClassName":"MSFT_MicrosoftGraphExpeditedWindowsQualityUpdateSettings","Parameters":[{"CIMType":"UInt32","Description":"The number of days after installation that forced reboot will happen. Must be in range from 0 to 2.","Name":"DaysUntilForcedReboot","Option":"Write"},{"CIMType":"String","Description":"The release date to identify a quality update. Format is yyyy-MM-ddT00:00:00Z.","Name":"QualityUpdateRelease","Option":"Write"}],"Description":"Intune Windows Update For Business Quality Update Profile for Windows10"},{"ClassName":"MSFT_IntuneWindowsUpdateForBusinessQualityUpdateProfileWindows10","Parameters":[{"CIMType":"String","Description":"The display name for the profile.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"The description of the profile.","Name":"Description","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphexpeditedWindowsQualityUpdateSettings","Description":"Expedited update settings.","Name":"ExpeditedUpdateSettings","Option":"Write"},{"CIMType":"String[]","Description":"List of Scope Tags for this Quality Update entity.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Windows Update For Business Quality Update Profile for Windows10"},{"ClassName":"MSFT_MicrosoftGraphWindowsUpdateInstallScheduleType","Parameters":[{"CIMType":"String","Description":"Active Hours End","Name":"ActiveHoursEnd","Option":"Write"},{"CIMType":"String","Description":"Active Hours Start","Name":"ActiveHoursStart","Option":"Write"},{"CIMType":"String","Description":"Scheduled Install Day in week. Possible values are: userDefined, everyday, sunday, monday, tuesday, wednesday, thursday, friday, saturday, noScheduledScan.","Name":"ScheduledInstallDay","Option":"Write","ValueMap":["userDefined","everyday","sunday","monday","tuesday","wednesday","thursday","friday","saturday","noScheduledScan"],"Values":["userDefined","everyday","sunday","monday","tuesday","wednesday","thursday","friday","saturday","noScheduledScan"]},{"CIMType":"String","Description":"Scheduled Install Time during day","Name":"ScheduledInstallTime","Option":"Write"},{"CIMType":"String","Description":"The type of the entity.","Name":"odataType","Option":"Write","ValueMap":["#microsoft.graph.windowsUpdateActiveHoursInstall","#microsoft.graph.windowsUpdateScheduledInstall"],"Values":["#microsoft.graph.windowsUpdateActiveHoursInstall","#microsoft.graph.windowsUpdateScheduledInstall"]}],"Description":"Intune Windows Update For Business Ring Update Profile for Windows 10"},{"ClassName":"MSFT_IntuneWindowsUpdateForBusinessRingUpdateProfileWindows10","Parameters":[{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"Admin provided name of the device configuration.","Name":"DisplayName","Option":"Key"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"Boolean","Description":"When TRUE, allows eligible Windows 10 devices to upgrade to Windows 11. When FALSE, implies the device stays on the existing operating system. Returned by default. Query parameters are not supported.","Name":"AllowWindows11Upgrade","Option":"Write"},{"CIMType":"String","Description":"The Automatic Update Mode. Possible values are: UserDefined, NotifyDownload, AutoInstallAtMaintenanceTime, AutoInstallAndRebootAtMaintenanceTime, AutoInstallAndRebootAtScheduledTime, AutoInstallAndRebootWithoutEndUserControl, WindowsDefault. UserDefined is the default value, no intent. Returned by default. Query parameters are not supported. Possible values are: userDefined, notifyDownload, autoInstallAtMaintenanceTime, autoInstallAndRebootAtMaintenanceTime, autoInstallAndRebootAtScheduledTime, autoInstallAndRebootWithoutEndUserControl, windowsDefault.","Name":"AutomaticUpdateMode","Option":"Write","ValueMap":["userDefined","notifyDownload","autoInstallAtMaintenanceTime","autoInstallAndRebootAtMaintenanceTime","autoInstallAndRebootAtScheduledTime","autoInstallAndRebootWithoutEndUserControl","windowsDefault"],"Values":["userDefined","notifyDownload","autoInstallAtMaintenanceTime","autoInstallAndRebootAtMaintenanceTime","autoInstallAndRebootAtScheduledTime","autoInstallAndRebootWithoutEndUserControl","windowsDefault"]},{"CIMType":"String","Description":"Specify the method by which the auto-restart required notification is dismissed. Possible values are: NotConfigured, Automatic, User. Returned by default. Query parameters are not supported. Possible values are: notConfigured, automatic, user, unknownFutureValue.","Name":"AutoRestartNotificationDismissal","Option":"Write","ValueMap":["notConfigured","automatic","user","unknownFutureValue"],"Values":["notConfigured","automatic","user","unknownFutureValue"]},{"CIMType":"String","Description":"Determines which branch devices will receive their updates from. Possible values are: UserDefined, All, BusinessReadyOnly, WindowsInsiderBuildFast, WindowsInsiderBuildSlow, WindowsInsiderBuildRelease. Returned by default. Query parameters are not supported. Possible values are: userDefined, all, businessReadyOnly, windowsInsiderBuildFast, windowsInsiderBuildSlow, windowsInsiderBuildRelease.","Name":"BusinessReadyUpdatesOnly","Option":"Write","ValueMap":["userDefined","all","businessReadyOnly","windowsInsiderBuildFast","windowsInsiderBuildSlow","windowsInsiderBuildRelease"],"Values":["userDefined","all","businessReadyOnly","windowsInsiderBuildFast","windowsInsiderBuildSlow","windowsInsiderBuildRelease"]},{"CIMType":"UInt32","Description":"Number of days before feature updates are installed automatically with valid range from 0 to 30 days. Returned by default. Query parameters are not supported.","Name":"DeadlineForFeatureUpdatesInDays","Option":"Write"},{"CIMType":"UInt32","Description":"Number of days before quality updates are installed automatically with valid range from 0 to 30 days. Returned by default. Query parameters are not supported.","Name":"DeadlineForQualityUpdatesInDays","Option":"Write"},{"CIMType":"UInt32","Description":"Number of days after deadline until restarts occur automatically with valid range from 0 to 7 days. Returned by default. Query parameters are not supported.","Name":"DeadlineGracePeriodInDays","Option":"Write"},{"CIMType":"String","Description":"The Delivery Optimization Mode. Possible values are: UserDefined, HttpOnly, HttpWithPeeringNat, HttpWithPeeringPrivateGroup, HttpWithInternetPeering, SimpleDownload, BypassMode. UserDefined allows the user to set. Returned by default. Query parameters are not supported. Possible values are: userDefined, httpOnly, httpWithPeeringNat, httpWithPeeringPrivateGroup, httpWithInternetPeering, simpleDownload, bypassMode.","Name":"DeliveryOptimizationMode","Option":"Write","ValueMap":["userDefined","httpOnly","httpWithPeeringNat","httpWithPeeringPrivateGroup","httpWithInternetPeering","simpleDownload","bypassMode"],"Values":["userDefined","httpOnly","httpWithPeeringNat","httpWithPeeringPrivateGroup","httpWithInternetPeering","simpleDownload","bypassMode"]},{"CIMType":"Boolean","Description":"When TRUE, excludes Windows update Drivers. When FALSE, does not exclude Windows update Drivers. Returned by default. Query parameters are not supported.","Name":"DriversExcluded","Option":"Write"},{"CIMType":"UInt32","Description":"Deadline in days before automatically scheduling and executing a pending restart outside of active hours, with valid range from 2 to 30 days. Returned by default. Query parameters are not supported.","Name":"EngagedRestartDeadlineInDays","Option":"Write"},{"CIMType":"UInt32","Description":"Number of days a user can snooze Engaged Restart reminder notifications with valid range from 1 to 3 days. Returned by default. Query parameters are not supported.","Name":"EngagedRestartSnoozeScheduleInDays","Option":"Write"},{"CIMType":"UInt32","Description":"Number of days before transitioning from Auto Restarts scheduled outside of active hours to Engaged Restart, which requires the user to schedule, with valid range from 0 to 30 days. Returned by default. Query parameters are not supported.","Name":"EngagedRestartTransitionScheduleInDays","Option":"Write"},{"CIMType":"UInt32","Description":"Defer Feature Updates by these many days with valid range from 0 to 30 days. Returned by default. Query parameters are not supported.","Name":"FeatureUpdatesDeferralPeriodInDays","Option":"Write"},{"CIMType":"Boolean","Description":"When TRUE, assigned devices are paused from receiving feature updates for up to 35 days from the time you pause the ring. When FALSE, does not pause Feature Updates. Returned by default. Query parameters are not supported.s","Name":"FeatureUpdatesPaused","Option":"Write"},{"CIMType":"String","Description":"The Feature Updates Pause Expiry datetime. This value is 35 days from the time admin paused or extended the pause for the ring. Returned by default. Query parameters are not supported.","Name":"FeatureUpdatesPauseExpiryDateTime","Option":"Write"},{"CIMType":"String","Description":"The Feature Updates Pause start date. This value is the time when the admin paused or extended the pause for the ring. Returned by default. Query parameters are not supported. This property is read-only.","Name":"FeatureUpdatesPauseStartDate","Option":"Write"},{"CIMType":"String","Description":"The Feature Updates Rollback Start datetime.This value is the time when the admin rolled back the Feature update for the ring.Returned by default.Query parameters are not supported.","Name":"FeatureUpdatesRollbackStartDateTime","Option":"Write"},{"CIMType":"UInt32","Description":"The number of days after a Feature Update for which a rollback is valid with valid range from 2 to 60 days. Returned by default. Query parameters are not supported.","Name":"FeatureUpdatesRollbackWindowInDays","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphwindowsUpdateInstallScheduleType","Description":"The Installation Schedule. Possible values are: ActiveHoursStart, ActiveHoursEnd, ScheduledInstallDay, ScheduledInstallTime. Returned by default. Query parameters are not supported.","Name":"InstallationSchedule","Option":"Write"},{"CIMType":"Boolean","Description":"When TRUE, allows Microsoft Update Service. When FALSE, does not allow Microsoft Update Service. Returned by default. Query parameters are not supported.","Name":"MicrosoftUpdateServiceAllowed","Option":"Write"},{"CIMType":"Boolean","Description":"When TRUE the device should wait until deadline for rebooting outside of active hours. When FALSE the device should not wait until deadline for rebooting outside of active hours. Returned by default. Query parameters are not supported.","Name":"PostponeRebootUntilAfterDeadline","Option":"Write"},{"CIMType":"String","Description":"The Pre-Release Features. Possible values are: UserDefined, SettingsOnly, SettingsAndExperimentations, NotAllowed. UserDefined is the default value, no intent. Returned by default. Query parameters are not supported. Possible values are: userDefined, settingsOnly, settingsAndExperimentations, notAllowed.","Name":"PrereleaseFeatures","Option":"Write","ValueMap":["userDefined","settingsOnly","settingsAndExperimentations","notAllowed"],"Values":["userDefined","settingsOnly","settingsAndExperimentations","notAllowed"]},{"CIMType":"UInt32","Description":"Defer Quality Updates by these many days with valid range from 0 to 30 days. Returned by default. Query parameters are not supported.","Name":"QualityUpdatesDeferralPeriodInDays","Option":"Write"},{"CIMType":"Boolean","Description":"When TRUE, assigned devices are paused from receiving quality updates for up to 35 days from the time you pause the ring. When FALSE, does not pause Quality Updates. Returned by default. Query parameters are not supported.","Name":"QualityUpdatesPaused","Option":"Write"},{"CIMType":"String","Description":"The Quality Updates Pause Expiry datetime. This value is 35 days from the time admin paused or extended the pause for the ring. Returned by default. Query parameters are not supported.","Name":"QualityUpdatesPauseExpiryDateTime","Option":"Write"},{"CIMType":"String","Description":"The Quality Updates Pause start date. This value is the time when the admin paused or extended the pause for the ring. Returned by default. Query parameters are not supported. This property is read-only.","Name":"QualityUpdatesPauseStartDate","Option":"Write"},{"CIMType":"String","Description":"The Quality Updates Rollback Start datetime. This value is the time when the admin rolled back the Quality update for the ring. Returned by default. Query parameters are not supported.","Name":"QualityUpdatesRollbackStartDateTime","Option":"Write"},{"CIMType":"UInt32","Description":"Specify the period for auto-restart imminent warning notifications. Supported values: 15, 30 or 60 (minutes). Returned by default. Query parameters are not supported.","Name":"ScheduleImminentRestartWarningInMinutes","Option":"Write"},{"CIMType":"UInt32","Description":"Specify the period for auto-restart warning reminder notifications. Supported values: 2, 4, 8, 12 or 24 (hours). Returned by default. Query parameters are not supported.","Name":"ScheduleRestartWarningInHours","Option":"Write"},{"CIMType":"Boolean","Description":"When TRUE, skips all checks before restart: Battery level = 40%, User presence, Display Needed, Presentation mode, Full screen mode, phone call state, game mode etc. When FALSE, does not skip all checks before restart. Returned by default. Query parameters are not supported.","Name":"SkipChecksBeforeRestart","Option":"Write"},{"CIMType":"String","Description":"Specifies what Windows Update notifications users see. Possible values are: NotConfigured, DefaultNotifications, RestartWarningsOnly, DisableAllNotifications. Returned by default. Query parameters are not supported. Possible values are: notConfigured, defaultNotifications, restartWarningsOnly, disableAllNotifications, unknownFutureValue.","Name":"UpdateNotificationLevel","Option":"Write","ValueMap":["notConfigured","defaultNotifications","restartWarningsOnly","disableAllNotifications","unknownFutureValue"],"Values":["notConfigured","defaultNotifications","restartWarningsOnly","disableAllNotifications","unknownFutureValue"]},{"CIMType":"String","Description":"Schedule the update installation on the weeks of the month. Possible values are: UserDefined, FirstWeek, SecondWeek, ThirdWeek, FourthWeek, EveryWeek. Returned by default. Query parameters are not supported. Possible values are: userDefined, firstWeek, secondWeek, thirdWeek, fourthWeek, everyWeek, unknownFutureValue.","Name":"UpdateWeeks","Option":"Write","ValueMap":["userDefined","firstWeek","secondWeek","thirdWeek","fourthWeek","everyWeek","unknownFutureValue"],"Values":["userDefined","firstWeek","secondWeek","thirdWeek","fourthWeek","everyWeek","unknownFutureValue"]},{"CIMType":"String","Description":"Specifies whether to enable end user's access to pause software updates. Possible values are: NotConfigured, Enabled, Disabled. Returned by default. Query parameters are not supported. Possible values are: notConfigured, enabled, disabled.","Name":"UserPauseAccess","Option":"Write","ValueMap":["notConfigured","enabled","disabled"],"Values":["notConfigured","enabled","disabled"]},{"CIMType":"String","Description":"Specifies whether to disable user's access to scan Windows Update. Possible values are: NotConfigured, Enabled, Disabled. Returned by default. Query parameters are not supported. Possible values are: notConfigured, enabled, disabled.","Name":"UserWindowsUpdateScanAccess","Option":"Write","ValueMap":["notConfigured","enabled","disabled"],"Values":["notConfigured","enabled","disabled"]},{"CIMType":"String","Description":"Admin provided description of the Device Configuration.","Name":"Description","Option":"Write"},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Windows Update For Business Ring Update Profile for Windows 10"},{"ClassName":"MSFT_M365DSCGraphAPIRuleEvaluation","Parameters":[{"CIMType":"String","Description":"Url of the REST Endpoint.","Name":"APIUrl","Option":"Key"},{"CIMType":"String","Description":"Specify the rules to evaluate.","Name":"RuleDefinition","Option":"Key"},{"CIMType":"String","Description":"Name of the parent property of the response, which contains the instances. Default is 'value'.","Name":"InstancesProperty","Option":"Write"},{"CIMType":"String","Description":"For logging purposes only. This represents the unique identifier of instances returned by the Graph API call.","Name":"InstanceIdentifier","Option":"Write"},{"CIMType":"String","Description":"Custom display name for the rule. This will show up in the logs on drift detection.","Name":"RuleName","Option":"Write"},{"CIMType":"String","Description":"Query to check how many instances exist, using PowerShell format","Name":"AfterRuleCountQuery","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Credentials of the Azure Active Directory Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory application to authenticate with.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource monitors Graph API endpoints against the defined rules."},{"ClassName":"MSFT_M365DSCRuleEvaluation","Parameters":[{"CIMType":"String","Description":"Name of the resource to monitor","Name":"ResourceTypeName","Option":"Key"},{"CIMType":"String","Description":"Specify the rules to monitor the resource for.","Name":"RuleDefinition","Option":"Key"},{"CIMType":"String","Description":"Custom display name for the rule. This will show up in the logs on drift detection.","Name":"RuleName","Option":"Write"},{"CIMType":"String","Description":"Query to check how many instances exist, using PowerShell format","Name":"AfterRuleCountQuery","Option":"Write"},{"CIMType":"String","Description":"Specifies a filter for the current resource type to be evaluated. This reduces the overall set of instances the rule will be evaluated against.","Name":"Filter","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Credentials of the Azure Active Directory Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory application to authenticate with.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource monitors Microsoft365DSC resources based on provided rules."},{"ClassName":"MSFT_O365AdminAuditLogConfig","Parameters":[{"CIMType":"String","Description":"Specifies the resource is a single instance, the value must be 'Yes'","Name":"IsSingleInstance","Option":"Key","ValueMap":["Yes"],"Values":["Yes"]},{"CIMType":"string","Description":"Determins if Unified Audit Log Ingestion is enabled","Name":"UnifiedAuditLogIngestionEnabled","Option":"Required","ValueMap":["Enabled","Disabled"],"Values":["Enabled","Disabled"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures a Purview Admin Audit Log."},{"ClassName":"MSFT_O365CopilotSettingsPeopleEnhancedPersonalization","Parameters":[{"CIMType":"String","Description":"Only valid value is 'Yes'.","Name":"IsSingleInstance","Option":"Key","ValueMap":["Yes"],"Values":["Yes"]},{"CIMType":"Boolean","Description":"If true, enables the enhanced personalization control and therefore related features as defined in control enhanced personalization privacy Required.","Name":"isEnabledInOrganization","Option":"Write"},{"CIMType":"string","Description":"The ID of a Microsoft Entra group to which the value is used to disable the control for populated users. Optional.","Name":"disabledForGroup","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Represents a setting that controls whether Microsoft 365 Copilot can use features that enhance its personalization capabilities."},{"ClassName":"MSFT_O365ExternalConnection","Parameters":[{"CIMType":"String","Description":"The name of the external connector.","Name":"Name","Option":"Key"},{"CIMType":"String","Description":"The unique identifier of the external connector.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"The description of the external connector.","Name":"Description","Option":"Write"},{"CIMType":"String[]","Description":"A collection of application IDs for registered Microsoft Entra apps that are allowed to manage the externalConnection and to index content in the externalConnection.","Name":"AuthorizedAppIds","Option":"Write"},{"CIMType":"string","Description":"Present ensures the instance exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Absent","Present"],"Values":["Absent","Present"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Configures external connectors in Microsoft 365."},{"ClassName":"MSFT_O365Group","Parameters":[{"CIMType":"string","Description":"The display name for the group.","Name":"DisplayName","Option":"Key"},{"CIMType":"string","Description":"The group's Internal Name.","Name":"MailNickName","Option":"Key"},{"CIMType":"string[]","Description":"The group's owner user principal.","Name":"ManagedBy","Option":"Write"},{"CIMType":"string","Description":"The group's description.","Name":"Description","Option":"Write"},{"CIMType":"string[]","Description":"Members of the group.","Name":"Members","Option":"Write"},{"CIMType":"string","Description":"Present ensures the group exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Name of the Azure Active Directory tenant used for authentication. Format contoso.onmicrosoft.com","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory application used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource allows users to create Office 365 Users and assign them licenses."},{"ClassName":"MSFT_O365OrgCustomizationSetting","Parameters":[{"CIMType":"String","Description":"Specifies the resource is a single instance, the value must be 'Yes'","Name":"IsSingleInstance","Option":"Key","ValueMap":["Yes"],"Values":["Yes"]},{"CIMType":"String","Description":"Since there is only one setting availble, this must be set to 'Present'","Name":"Ensure","Option":"Write","ValueMap":["Present"],"Values":["Present"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures the tenant settings so that the tenant runs in a fully\nconfigurable mode. Usually tenants are created in a mode, that limits options to\ncustomize the tenant. This setting is reflected by the Organization Config proptery\n`IsDehydrated: True`.\nRunning this resource will set the property to false.\n\nCurrently there is no setting available to undo Enable-OrganizationCustomization."},{"ClassName":"MSFT_O365OrgSettings","Parameters":[{"CIMType":"String","Description":"Specifies the resource is a single instance, the value must be 'Yes'","Name":"IsSingleInstance","Option":"Key","ValueMap":["Yes"],"Values":["Yes"]},{"CIMType":"Boolean","Description":"Allow people in your organization to start trial subscriptions for apps and services that support trials. Admins manage licenses for these trials in the same way as other licenses in your organization. Only admins can upgrade these trials to paid subscriptions, so they won't affect your billing.","Name":"AppsAndServicesIsAppAndServicesTrialEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"Allow people in your organization to access the Office Store using their work account. The Office Store provides access to apps that aren't curated or managed by Microsoft.","Name":"AppsAndServicesIsOfficeStoreEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"Allow Cortana in windows 10 (version 1909 and earlier), and the Cortana app on iOS and Android, to access Microsoft-hosted data on behalf of people in your organization.","Name":"CortanaEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"Automatically block any internal surveys that request confidential information. Admins will be notified in the Message Center when a survey is blocked.","Name":"DynamicsCustomerVoiceIsInOrgFormsPhishingScanEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"Capture the first and last names of respondents in your organization that complete a survey. You can still change this for individual surveys.","Name":"DynamicsCustomerVoiceIsRecordIdentityByDefaultEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"Capture the first and last names of respondents in your organization that complete a survey. You can still change this for individual surveys.","Name":"DynamicsCustomerVoiceIsRestrictedSurveyAccessEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"Allow YouTube and Bing.","Name":"FormsIsBingImageSearchEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"External Sharing - Send a link to the form and collect responses.","Name":"FormsIsExternalSendFormEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"External Sharing - Share to collaborate on the form layout and structure.","Name":"FormsIsExternalShareCollaborationEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"External Sharing - Share form result summary.","Name":"FormsIsExternalShareResultEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"External Sharing - Share the form as a template that can be duplicated.","Name":"FormsIsExternalShareTemplateEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"Phishing protection.","Name":"FormsIsInOrgFormsPhishingScanEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"Record names of people in your org.","Name":"FormsIsRecordIdentityByDefaultEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"Let users open files stored in third-party storage services in Microsoft 365 on the Web.","Name":"M365WebEnableUsersToOpenFilesFrom3PStorage","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies whether or not to allow users to have access to use the Viva Insights web experience.","Name":"VivaInsightsWebExperience","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies whether or not to allow users to have access to use the Viva Insights digest email feature.","Name":"VivaInsightsDigestEmail","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies whether or not to allow users to have access to use the Viva Insights Outlook add-in and inline suggestions.","Name":"VivaInsightsOutlookAddInAndInlineSuggestions","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies whether or not to allow users to have access to use the Viva Insights schedule send suggestions feature.","Name":"VivaInsightsScheduleSendSuggestions","Option":"Write"},{"CIMType":"Boolean","Description":"Allow Planner users to publish their plans and assigned tasks to Outlook or other calendars through iCalendar feeds.","Name":"PlannerAllowCalendarSharing","Option":"Write"},{"CIMType":"Boolean","Description":"Enables Copilot for Planner.","Name":"AllowPlannerCopilot","Option":"Write"},{"CIMType":"Boolean","Description":"To Do - Allow external users to join.","Name":"ToDoIsExternalJoinEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"To Do - Allow sharing with external users.","Name":"ToDoIsExternalShareEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"To Do - Allow your users to receive push notifications.","Name":"ToDoIsPushNotificationEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"Controls whether or not the Admin Center reports will conceale user, group and site names.","Name":"AdminCenterReportDisplayConcealedNames","Option":"Write"},{"CIMType":"String","Description":"Defines how often you want your users to get feature updates for Microsoft 365 apps installed on devices running Windows","Name":"InstallationOptionsUpdateChannel","Option":"Write","ValueMap":["current","monthlyEnterprise","semiAnnual"],"Values":["current","monthlyEnterprise","semiAnnual"]},{"CIMType":"String[]","Description":"Defines the apps users can install on Windows and mobile devices.","Name":"InstallationOptionsAppsForWindows","Option":"Write","ValueMap":["isVisioEnabled","isSkypeForBusinessEnabled","isProjectEnabled","isMicrosoft365AppsEnabled"],"Values":["isVisioEnabled","isSkypeForBusinessEnabled","isProjectEnabled","isMicrosoft365AppsEnabled"]},{"CIMType":"String[]","Description":"Defines the apps users can install on Mac devices.","Name":"InstallationOptionsAppsForMac","Option":"Write","ValueMap":["isSkypeForBusinessEnabled","isMicrosoft365AppsEnabled"],"Values":["isSkypeForBusinessEnabled","isMicrosoft365AppsEnabled"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures the Org settings for a Microsoft 365 tenant."},{"ClassName":"MSFT_O365SearchAndIntelligenceConfigurations","Parameters":[{"CIMType":"String","Description":"Specifies the resource is a single instance, the value must be 'Yes'","Name":"IsSingleInstance","Option":"Key","ValueMap":["Yes"],"Values":["Yes"]},{"CIMType":"Boolean","Description":"Specifies whether or not Item Insights should be available for the organization.","Name":"ItemInsightsIsEnabledInOrganization","Option":"Write"},{"CIMType":"String","Description":"Specifies a single Azure AD Group for which Item Insights needs to be disabled.","Name":"ItemInsightsDisabledForGroup","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies whether or not Meeting Insights should be available for the organization.","Name":"MeetingInsightsIsEnabledInOrganization","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies whether or not Person Insights should be available for the organization.","Name":"PersonInsightsIsEnabledInOrganization","Option":"Write"},{"CIMType":"String","Description":"Specifies a single Azure AD Group for which Person Insights needs to be disabled.","Name":"PersonInsightsDisabledForGroup","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Credentials of the Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures the Search And Intelligence configuration settings."},{"ClassName":"MSFT_ODSettings","Parameters":[{"CIMType":"string","Description":"Should be set to yes","Name":"IsSingleInstance","Option":"Key","ValueMap":["Yes"],"Values":["Yes"]},{"CIMType":"uint32","Description":"The resource quota to apply to the OneDrive sites","Name":"OneDriveStorageQuota","Option":"Write"},{"CIMType":"uint32","Description":"Number of days after a user's account is deleted that their OneDrive for Business content will be deleted.","Name":"OrphanedPersonalSitesRetentionPeriod","Option":"Write"},{"CIMType":"Boolean","Description":"Enable guest acess for OneDrive","Name":"OneDriveForGuestsEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"Turn notifications on/off OneDrive","Name":"NotificationsInOneDriveForBusinessEnabled","Option":"Write"},{"CIMType":"String","Description":"Lets administrators set policy on re-sharing behavior in OneDrive for Business","Name":"ODBMembersCanShare","Option":"Write","ValueMap":["On","Off","Unspecified"],"Values":["On","Off","Unspecified"]},{"CIMType":"String","Description":"Lets administrators set policy on access requests and requests to share in OneDrive for Business","Name":"ODBAccessRequests","Option":"Write","ValueMap":["On","Off","Unspecified"],"Values":["On","Off","Unspecified"]},{"CIMType":"Boolean","Description":"Block sync client on Mac","Name":"BlockMacSync","Option":"Write"},{"CIMType":"Boolean","Description":"Disable dialog box","Name":"DisableReportProblemDialog","Option":"Write"},{"CIMType":"Boolean","Description":"Enable/disable Safe domain List - if disabled overrides DomainGuids value","Name":"TenantRestrictionEnabled","Option":"Write"},{"CIMType":"String[]","Description":"Safe domain list","Name":"DomainGuids","Option":"Write"},{"CIMType":"String[]","Description":"Exclude files from being synced to OneDrive","Name":"ExcludedFileExtensions","Option":"Write"},{"CIMType":"String","Description":"Groove block options","Name":"GrooveBlockOption","Option":"Write","ValueMap":["OptOut","HardOptIn","SoftOptIn"],"Values":["OptOut","HardOptIn","SoftOptIn"]},{"CIMType":"Boolean","Description":"Allows configuration on Add shortcut to OneDrive feature in SharePoint document libraries. If set to $true, then this feature will be disabled on all sites in the tenant. If set to $false, it will be enabled on all sites in the tenant.","Name":"DisableAddToOneDrive","Option":"Write"},{"CIMType":"Boolean","Description":"Allows configuring whether display name of people who view the file are visible in the property pane of the site in OneDrive for business sites.","Name":"DisplayNamesOfFileViewers","Option":"Write"},{"CIMType":"String","Description":"Present ensures the user exists, absent ensures it is removed","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the account to authenticate with.","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Name of the Azure Active Directory tenant used for authentication. Format contoso.onmicrosoft.com","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for certificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource allows admins to manage blocked file types,\nblocked domains and MAC Sync."},{"ClassName":"MSFT_PlannerBucket","Parameters":[{"CIMType":"string","Description":"The Name of the Planner Bucket.","Name":"Name","Option":"Key"},{"CIMType":"string","Description":"Id of the Plan to which the bucket is associated with.","Name":"PlanId","Option":"Key"},{"CIMType":"string","Description":"Id of the Bucket, if known.","Name":"BucketId","Option":"Write"},{"CIMType":"String","Description":"Present ensures the Plan exists, absent ensures it is removed","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the account to authenticate with.","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"}],"Description":"This resource is used to configure the Planner Buckets.\n\n* This resource deals with content. Using the Monitoring feature\n  of Microsoft365DSC on content resources is not recommended."},{"ClassName":"MSFT_PlannerPlan","Parameters":[{"CIMType":"string","Description":"The Title of the Planner Plan.","Name":"Title","Option":"Key"},{"CIMType":"string","Description":"Name of Id of the Azure Active Directory Group who owns the plan","Name":"OwnerGroup","Option":"Key"},{"CIMType":"String","Description":"Present ensures the Plan exists, absent ensures it is removed","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the account to authenticate with.","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"}],"Description":"This resource is used to configure the Planner Plans.\n\n* This resource deals with content. Using the Monitoring feature\n  of Microsoft365DSC on content resources is not recommended."},{"ClassName":"MSFT_PlannerTaskAttachment","Parameters":[{"CIMType":"String","Description":"Alias of for the attachment.","Name":"Alias","Option":"Write"},{"CIMType":"String","Description":"Uri of the link to the attachment.","Name":"Uri","Option":"Write"},{"CIMType":"String","Description":"Type of attachment.","Name":"Type","Option":"Write","ValueMap":["PowerPoint","Word","Excel","Other"],"Values":["PowerPoint","Word","Excel","Other"]}],"Description":"This resource is used to configure the Planner Tasks.\n\n* This resource deals with content. Using the Monitoring feature\n  of Microsoft365DSC on content resources is not recommended."},{"ClassName":"MSFT_PlannerTaskChecklistItem","Parameters":[{"CIMType":"String","Description":"Title of the checklist item.","Name":"Title","Option":"Write"},{"CIMType":"String","Description":"True if the item is completed, false otherwise.","Name":"Completed","Option":"Write"}],"Description":"This resource is used to configure the Planner Tasks.\n\n* This resource deals with content. Using the Monitoring feature\n  of Microsoft365DSC on content resources is not recommended."},{"ClassName":"MSFT_PlannerTask","Parameters":[{"CIMType":"string","Description":"Id of the Planner Plan which contains the Task.","Name":"PlanId","Option":"Key"},{"CIMType":"string","Description":"The Title of the Planner Task.","Name":"Title","Option":"Key"},{"CIMType":"string[]","Description":"List of categories assigned to the task.","Name":"Categories","Option":"Write"},{"CIMType":"string[]","Description":"List of users assigned to the tasks (ex: @('john.smith@contoso.com', 'bob.houle@contoso.com')).","Name":"AssignedUsers","Option":"Write"},{"CIMType":"MSFT_PlannerTaskAttachment[]","Description":"List of links to attachments assigned to the task.","Name":"Attachments","Option":"Write"},{"CIMType":"MSFT_PlannerTaskChecklistItem[]","Description":"List checklist items associated with the task.","Name":"Checklist","Option":"Write"},{"CIMType":"string","Description":"Description of the Task.","Name":"Notes","Option":"Write"},{"CIMType":"string","Description":"The Id of the bucket that contains the task.","Name":"Bucket","Option":"Write"},{"CIMType":"string","Description":"Id of the Task, if known.","Name":"TaskId","Option":"Write"},{"CIMType":"string","Description":"Date and Time for the start of the Task.","Name":"StartDateTime","Option":"Write"},{"CIMType":"string","Description":"Date and Time for the task is due for completion.","Name":"DueDateTime","Option":"Write"},{"CIMType":"UInt32","Description":"Percentage completed of the Task. Value can only be between 0 and 100.","Name":"PercentComplete","Option":"Write"},{"CIMType":"UInt32","Description":"Priority of the Task. Value can only be between 1 and 10.","Name":"Priority","Option":"Write"},{"CIMType":"String","Description":"Id of the group conversation thread associated with the comments section for this task.","Name":"ConversationThreadId","Option":"Write"},{"CIMType":"String","Description":"Present ensures the Plan exists, absent ensures it is removed","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the account to authenticate with.","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"}],"Description":"This resource is used to configure the Planner Tasks.\n\n* This resource deals with content. Using the Monitoring feature\n  of Microsoft365DSC on content resources is not recommended."},{"ClassName":"MSFT_PPAdminDLPPolicy","Parameters":[{"CIMType":"String","Description":"Creates the policy with the input display name","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"Unique identifier of the policy.","Name":"PolicyName","Option":"Write"},{"CIMType":"String[]","Description":"Comma separated string list used as input environments to either include or exclude, depending on the FilterType.","Name":"Environments","Option":"Write"},{"CIMType":"String","Description":"Identifies which filter type the policy will have, none, include, or exclude.","Name":"FilterType","Option":"Write"},{"CIMType":"string","Description":"Present ensures the instance exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Absent","Present"],"Values":["Absent","Present"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Manages a policy's environment and default API group settings."},{"ClassName":"MSFT_PPDLPPolicyConnectorConfigurationsActionRules","Parameters":[{"CIMType":"String","Description":"Id of the action.","Name":"actionId","Option":"Write"},{"CIMType":"String","Description":"Associated behavior.","Name":"behavior","Option":"Write"}],"Description":"Configures connectors Data Loss Prevention policies in Power Platforms."},{"ClassName":"MSFT_PPDLPPolicyConnectorConfigurationsAction","Parameters":[{"CIMType":"String","Description":"Unique id of the connector.","Name":"connectorId","Option":"Write"},{"CIMType":"String","Description":"Default action behavior for to connector.","Name":"defaultConnectorActionRuleBehavior","Option":"Write"},{"CIMType":"MSFT_PPDLPPolicyConnectorConfigurationsActionRules[]","Description":"List of associated actions.","Name":"actionRules","Option":"Write"}],"Description":"Configures connectors Data Loss Prevention policies in Power Platforms."},{"ClassName":"MSFT_PPDLPPolicyConnectorConfigurations","Parameters":[{"CIMType":"String","Description":"The policy name identifier.","Name":"PolicyName","Option":"Key"},{"CIMType":"String","Description":"The tenant identifier.","Name":"PPTenantId","Option":"Key"},{"CIMType":"MSFT_PPDLPPolicyConnectorConfigurationsAction[]","Description":"Set of cnnector actions associated with the policy.","Name":"ConnectorActionConfigurations","Option":"Write"},{"CIMType":"string","Description":"Present ensures the instance exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Absent","Present"],"Values":["Absent","Present"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Configures connectors Data Loss Prevention policies in Power Platforms."},{"ClassName":"MSFT_PPPowerAppPolicyUrlPatternsRule","Parameters":[{"CIMType":"UInt32","Description":"Rule priority order.","Name":"order","Option":"Write"},{"CIMType":"String","Description":"Rule classification.","Name":"customConnectorRuleClassification","Option":"Write"},{"CIMType":"String","Description":"Rule pattern.","Name":"pattern","Option":"Write"}],"Description":"Configures custom connector patterns for Data Loss Prevention policies in Power Platforms."},{"ClassName":"MSFT_PPPowerAppPolicyUrlPatterns","Parameters":[{"CIMType":"String","Description":"The policy name identifier.","Name":"PolicyName","Option":"Key"},{"CIMType":"String","Description":"The tenant identifier.","Name":"PPTenantId","Option":"Key"},{"CIMType":"MSFT_PPPowerAppPolicyUrlPatternsRule[]","Description":"Set of custom connector pattern rules associated with the policy.","Name":"RuleSet","Option":"Write"},{"CIMType":"string","Description":"Present ensures the instance exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Absent","Present"],"Values":["Absent","Present"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Configures custom connector patterns for Data Loss Prevention policies in Power Platforms."},{"ClassName":"MSFT_PPPowerAppsEnvironment","Parameters":[{"CIMType":"String","Description":"Display name for the PowerApps environment","Name":"DisplayName","Option":"Key"},{"CIMType":"string","Description":"Location of the PowerApps environment.","Name":"Location","Option":"Required","ValueMap":["canada","unitedstates","europe","asia","australia","india","japan","unitedkingdom","unitedstatesfirstrelease","southamerica","france","usgov","unitedarabemirates","germany","switzerland","norway","korea","southafrica"],"Values":["canada","unitedstates","europe","asia","australia","india","japan","unitedkingdom","unitedstatesfirstrelease","southamerica","france","usgov","unitedarabemirates","germany","switzerland","norway","korea","southafrica"]},{"CIMType":"String","Description":"Type of environment.","Name":"EnvironmentType","Option":"Write"},{"CIMType":"String","Description":"SKU associated with the environment.","Name":"EnvironmentSKU","Option":"Required","ValueMap":["Production","Standard","Trial","Sandbox","SubscriptionBasedTrial","Teams","Developer","Basic","Default"],"Values":["Production","Standard","Trial","Sandbox","SubscriptionBasedTrial","Teams","Developer","Basic","Default"]},{"CIMType":"Boolean","Description":"The switch to provision a Dataverse database when creating the environment. If set, LanguageName and CurrencyName are mandatory to pass as arguments.","Name":"ProvisionDatabase","Option":"Write"},{"CIMType":"String","Description":"The default languages for the database, use Get-AdminPowerAppCdsDatabaseLanguages to get the support values.","Name":"LanguageName","Option":"Write","ValueMap":["1033","1025","1069","1026","1027","3076","2052","1028","1050","1029","1030","1043","1061","1035","1036","1110","1031","1032","1037","1081","1038","1040","1041","1087","1042","1062","1063","1044","1045","1046","2070","1048","1049","2074","1051","1060","3082","1053","1054","1055","1058","1066","3098","1086","1057"],"Values":["1033","1025","1069","1026","1027","3076","2052","1028","1050","1029","1030","1043","1061","1035","1036","1110","1031","1032","1037","1081","1038","1040","1041","1087","1042","1062","1063","1044","1045","1046","2070","1048","1049","2074","1051","1060","3082","1053","1054","1055","1058","1066","3098","1086","1057"]},{"CIMType":"String","Description":"The default currency for the database, use Get-AdminPowerAppCdsDatabaseCurrencies to get the supported values.","Name":"CurrencyName","Option":"Write","ValueMap":["KZT","ZAR","ETB","AED","BHD","DZD","EGP","IQD","JOD","KWD","LBP","LYD","MAD","OMR","QAR","SAR","SYP","TND","YER","CLP","INR","AZN","RUB","BYN","BGN","NGN","BDT","CNY","EUR","BAM","USD","CZK","GBP","DKK","CHF","MVR","BTN","XCD","AUD","BZD","CAD","HKD","IDR","JMD","MYR","NZD","PHP","SGD","TTD","XDR","ARS","BOB","COP","CRC","CUP","DOP","GTQ","HNL","MXN","NIO","PAB","PEN","PYG","UYU","VES","IRR","XOF","CDF","XAF","HTG","ILS","HUF","AMD","ISK","JPY","GEL","KHR","KRW","KGS","LAK","MKD","MNT","BND","MMK","NOK","NPR","PKR","PLN","AFN","BRL","MDL","RON","RWF","SEK","LKR","SOS","ALL","RSD","KES","TJS","THB","ERN","TMT","BWP","TRY","UAH","UZS","VND","MOP","TWD"],"Values":["KZT","ZAR","ETB","AED","BHD","DZD","EGP","IQD","JOD","KWD","LBP","LYD","MAD","OMR","QAR","SAR","SYP","TND","YER","CLP","INR","AZN","RUB","BYN","BGN","NGN","BDT","CNY","EUR","BAM","USD","CZK","GBP","DKK","CHF","MVR","BTN","XCD","AUD","BZD","CAD","HKD","IDR","JMD","MYR","NZD","PHP","SGD","TTD","XDR","ARS","BOB","COP","CRC","CUP","DOP","GTQ","HNL","MXN","NIO","PAB","PEN","PYG","UYU","VES","IRR","XOF","CDF","XAF","HTG","ILS","HUF","AMD","ISK","JPY","GEL","KHR","KRW","KGS","LAK","MKD","MNT","BND","MMK","NOK","NPR","PKR","PLN","AFN","BRL","MDL","RON","RWF","SEK","LKR","SOS","ALL","RSD","KES","TJS","THB","ERN","TMT","BWP","TRY","UAH","UZS","VND","MOP","TWD"]},{"CIMType":"String","Description":"Only accepted value is 'Present'.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Power Platform Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"}],"Description":"This resources configures the PowerApps Environment."},{"ClassName":"MSFT_PPTenantRule","Parameters":[{"CIMType":"String","Description":"Name of the trusted tenant.","Name":"TenantName","Option":"Key"},{"CIMType":"String","Description":"Direction of tenant trust.","Name":"Direction","Option":"Required","ValueMap":["Inbound","Outbound","Both"],"Values":["Inbound","Outbound","Both"]}],"Description":"This resource configures the Tenant Isolation settings for a Power Platform Tenant."},{"ClassName":"MSFT_PPTenantIsolationSettings","Parameters":[{"CIMType":"string","Description":"Should be set to yes","Name":"IsSingleInstance","Option":"Key","ValueMap":["Yes"],"Values":["Yes"]},{"CIMType":"boolean","Description":"When set to true this will enable the tenant isolation settings.","Name":"Enabled","Option":"Write"},{"CIMType":"MSFT_PPTenantRule[]","Description":"The exact list of tenant rules to be configured.","Name":"Rules","Option":"Write"},{"CIMType":"MSFT_PPTenantRule[]","Description":"A list of tenant rules that has to be added.","Name":"RulesToInclude","Option":"Write"},{"CIMType":"MSFT_PPTenantRule[]","Description":"A list of tenant rules that is now allowed to be added.","Name":"RulesToExclude","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Credentials of the Power Platform Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"}],"Description":"This resource configures the Tenant Isolation settings for a Power Platform Tenant."},{"ClassName":"MSFT_PPTenantSettings","Parameters":[{"CIMType":"string","Description":"Should be set to yes","Name":"IsSingleInstance","Option":"Key","ValueMap":["Yes"],"Values":["Yes"]},{"CIMType":"Boolean","Description":"When using Copilot in Power Apps, allow users to submit feedback to Microsoft. Default value is false.","Name":"DisableCopilotFeedback","Option":"Write"},{"CIMType":"Boolean","Description":"TBD","Name":"DisableMakerMatch","Option":"Write"},{"CIMType":"Boolean","Description":"TBD","Name":"DisableUnusedLicenseAssignment","Option":"Write"},{"CIMType":"Boolean","Description":"Allow people to use AI to generate an app based on an image. Default value is false.","Name":"DisableCreateFromImage","Option":"Write"},{"CIMType":"Boolean","Description":"Gets or sets a value indicating whether non-admin users in the tenant can share connections with everyone. Default value is false.","Name":"DisableConnectionSharingWithEveryone","Option":"Write"},{"CIMType":"Boolean","Description":"TBD","Name":"AllowNewOrgChannelDefault","Option":"Write"},{"CIMType":"Boolean","Description":"Disables cloud flows copilot in Power Automate. It doesn't control the ability to add AI-related connectors or actions in the flow designer. For example, the Skills connector or AI Builder creates text with a GPT action. Default value is false.","Name":"DisableCopilot","Option":"Write"},{"CIMType":"Boolean","Description":"Disables the copilot-enhanced help feature within Power Automate to enhance answers on product documentation through Bing Search. Default value is false.","Name":"DisableCopilotWithBing","Option":"Write"},{"CIMType":"Boolean","Description":"Disables the weekly admin digest email for Managed Environments. Default value is false.","Name":"DisableAdminDigest","Option":"Write"},{"CIMType":"Boolean","Description":"Ignore the Teams group-preferred data location when provisioning a Teams environment. Default value is false.","Name":"DisablePreferredDataLocationForTeamsEnvironment","Option":"Write"},{"CIMType":"Boolean","Description":"Restrict all developer environments to be created by tenant admins, Power Platform admins, or Dynamics 365 service admins. Default is false.","Name":"DisableDeveloperEnvironmentCreationByNonAdminUsers","Option":"Write"},{"CIMType":"Boolean","Description":"TBD","Name":"EnvironmentRoutingAllMakers","Option":"Write"},{"CIMType":"Boolean","Description":"Enables the Default Environment routing feature that creates personal, developer environments for new makers. Default value is false.","Name":"EnableDefaultEnvironmentRouting","Option":"Write"},{"CIMType":"String","Description":"When this setting is true, admins can view and manage desktop flow action groups in DLP policies in the Power Platform admin center. Default value is false.","Name":"EnableDesktopFlowDataPolicyManagement","Option":"Write"},{"CIMType":"Boolean","Description":"Allow users to collect telemetry data about their app in Azure Application Insights. Setting this to False blocks the transmission of this data.","Name":"EnableCanvasAppInsights","Option":"Write"},{"CIMType":"Boolean","Description":"Allow people to create a canvas app based on a Figma file. Default value is false.","Name":"DisableCreateFromFigma","Option":"Write"},{"CIMType":"Boolean","Description":"This is a legacy setting that is no longer used by the platform. Default value is false.","Name":"DisableBillingPolicyCreationByNonAdminUsers","Option":"Write"},{"CIMType":"UInt32","Description":"This setting isn't currently used by the platform but might be used in the future.","Name":"StorageCapacityConsumptionWarningThreshold","Option":"Write"},{"CIMType":"Boolean","Description":"Ability to allow tenant, Power Platform, or Dynamics 365 admins to grant permissions to an environment administrator to view the Capacity summary tab. Default value is false.","Name":"EnableTenantCapacityReportForEnvironmentAdmins","Option":"Write"},{"CIMType":"Boolean","Description":"Ability to allow tenant, Power Platform, or Dynamics 365 admins to grant permissions to an environment administrator to view the tenant-scoped license reports. Default value is false.","Name":"EnableTenantLicensingReportForEnvironmentAdmins","Option":"Write"},{"CIMType":"Boolean","Description":"Ability to use unallocated AI Builder credits in environments without allocated credits. Default value is true.","Name":"DisableUseOfUnassignedAIBuilderCredits","Option":"Write"},{"CIMType":"String","Description":"TBD","Name":"EnableGenerativeAIFeaturesForSiteUsers","Option":"Write"},{"CIMType":"String","Description":"TBD","Name":"EnableExternalAuthenticationProvidersInPowerPages","Option":"Write"},{"CIMType":"Boolean","Description":"This setting isn't currently used by the platform but might be used in the future.","Name":"DisableChampionsInvitationReachout","Option":"Write"},{"CIMType":"Boolean","Description":"This setting isn't currently used by the platform but might be used in the future.","Name":"DisableSkillsMatchInvitationReachout","Option":"Write"},{"CIMType":"Boolean","Description":"This setting isn't currently used by the platform but might be used in the future.","Name":"EnableOpenAiBotPublishing","Option":"Write"},{"CIMType":"Boolean","Description":"TBD","Name":"DisableAiPrompts","Option":"Write"},{"CIMType":"Boolean","Description":"When using Copilot in Power Apps, allow users to share their prompts, questions, and requests with Microsoft. Default value is true.","Name":"DisableCopilotFeedbackMetadata","Option":"Write"},{"CIMType":"Boolean","Description":"Ability to allow Microsoft to read Power Automate Copilot AI feature customer data (inputs and outputs) and provide improved models. Default value is false.","Name":"EnableModelDataSharing","Option":"Write"},{"CIMType":"Boolean","Description":"Ability to disable data logging and remove all data logged for Power Automate Copilot AI feature customer data (inputs and outputs). Default value is false.","Name":"DisableDataLogging","Option":"Write"},{"CIMType":"String","Description":"This setting is reserved for future use. No enforcement is driven by this setting at the current time.","Name":"PowerCatalogAudienceSetting","Option":"Write"},{"CIMType":"Boolean","Description":"TBD","Name":"EnableDeleteDisabledUserinAllEnvironments","Option":"Write"},{"CIMType":"Boolean","Description":"TBD","Name":"DisableHelpSupportCopilot","Option":"Write"},{"CIMType":"Boolean","Description":"TBD","Name":"DisableSurveyScreenshots","Option":"Write"},{"CIMType":"boolean","Description":"This is a legacy setting that is no longer used by the platform. Default value is false.","Name":"WalkMeOptOut","Option":"Write"},{"CIMType":"boolean","Description":"TBD","Name":"useSupportBingSearchByAllUsers","Option":"Write"},{"CIMType":"boolean","Description":"Ability to disable re-surveying users who left prior feedback via NPS prompts in Power Platform. Default value is false.","Name":"DisableNPSCommentsReachout","Option":"Write"},{"CIMType":"boolean","Description":"Ability to disable the newsletter sendout feature. Default value is false.","Name":"DisableNewsletterSendout","Option":"Write"},{"CIMType":"boolean","Description":"Restrict all environments to be created by tenant admins, Power Platform admins, or Dynamics 365 service admins. Default value is false.","Name":"DisableEnvironmentCreationByNonAdminUsers","Option":"Write"},{"CIMType":"boolean","Description":"Restrict all portals to be created by tenant admins, Power Platform admins, or Dynamics 365 service admins. Default value is false.","Name":"DisablePortalsCreationByNonAdminUsers","Option":"Write"},{"CIMType":"boolean","Description":"Ability to disable all NPS survey feedback prompts in Power Platform. Default value is false.","Name":"DisableSurveyFeedback","Option":"Write"},{"CIMType":"boolean","Description":"Restrict all trial environments to be created by tenant admins, Power Platform admins, or Dynamics 365 service admins. Default value is false.","Name":"DisableTrialEnvironmentCreationByNonAdminUsers","Option":"Write"},{"CIMType":"boolean","Description":"Ability to disable capacity allocation by environment administrators. Default value is false.","Name":"DisableCapacityAllocationByEnvironmentAdmins","Option":"Write"},{"CIMType":"boolean","Description":"Allows users, who already have access to the Help + Support page in Power Platform admin center, to see support requests created by other users in the tenant. Default value is True, which means this feature is turned off by default.","Name":"DisableSupportTicketsVisibleByAllUsers","Option":"Write"},{"CIMType":"boolean","Description":"When this setting is true, users in the environment can see a message that indicates Microsoft Learn and documentation search categories have been turned off by the administrator. Default value is false.","Name":"DisableDocsSearch","Option":"Write"},{"CIMType":"boolean","Description":"When this setting is true, users in the environment can see a message that indicates community and blog search categories have been turned off by the administrator. Default value is false.","Name":"DisableCommunitySearch","Option":"Write"},{"CIMType":"boolean","Description":"When this setting is true, users in the environment can see a message that indicates video search categories have been turned off by the administrator. Default value is false.","Name":"DisableBingVideoSearch","Option":"Write"},{"CIMType":"boolean","Description":"Ability to turn off the Share with Everyone capability for nonadmin users in all Power Apps. Default value is true.","Name":"DisableShareWithEveryone","Option":"Write"},{"CIMType":"boolean","Description":"When set to true this will enable the ability for guests in your tenant to create Power Platform resources.","Name":"EnableGuestsToMake","Option":"Write"},{"CIMType":"uint32","Description":"Maximum value setting for the number of users in a security group used to share an app built using Power Apps on Microsoft Teams. Default value is 10000 but can be increased or decreased, as required.","Name":"ShareWithColleaguesUserLimit","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Credentials of the Power Platform Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"}],"Description":"This resource configures a Power Platform Tenant."},{"ClassName":"MSFT_SCAuditConfigurationPolicy","Parameters":[{"CIMType":"String","Description":"Workload associated with the policy.","Name":"Workload","Option":"Key","ValueMap":["Exchange","SharePoint","OneDriveForBusiness"],"Values":["Exchange","SharePoint","OneDriveForBusiness"]},{"CIMType":"String","Description":"Specify if this policy should exist or not.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures an Audit ConfigurationPolicy in Purview."},{"ClassName":"MSFT_SCAutoSensitivityLabelPolicy","Parameters":[{"CIMType":"String","Description":"The Name parameter specifies the unique name for the sensitivity label. The maximum length is 64 characters. If the value contains spaces, enclose the value in quotation marks.","Name":"Name","Option":"Key"},{"CIMType":"String","Description":"Specify if this label policy should exist or not.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"String","Description":"The Comment parameter specifies an optional comment.","Name":"Comment","Option":"Write"},{"CIMType":"String","Description":"The ApplySensitivityLabel parameter specifies the label to use for the auto label policy.","Name":"ApplySensitivityLabel","Option":"Write"},{"CIMType":"String[]","Description":"The ExchangeSender parameter specifies which senders to include in the policy.","Name":"ExchangeSender","Option":"Write"},{"CIMType":"String[]","Description":"The ExchangeSenderException parameter specifies which senders to exclude in the policy.","Name":"ExchangeSenderException","Option":"Write"},{"CIMType":"String[]","Description":"The ExchangeSenderMemberOf parameter specifies the distribution groups, mail-enabled security groups, or dynamic distribution groups to include in the auto-labeling policy.","Name":"ExchangeSenderMemberOf","Option":"Write"},{"CIMType":"String[]","Description":"he ExchangeSenderMemberOf parameter specifies the distribution groups, mail-enabled security groups, or dynamic distribution groups to exclude from the auto-labeling policy.","Name":"ExchangeSenderMemberOfException","Option":"Write"},{"CIMType":"String[]","Description":"The ExchangeSender parameter specifies which senders to include in the policy.","Name":"ExchangeLocation","Option":"Write"},{"CIMType":"String[]","Description":"This AddExchangeLocation parameter specifies new Exchange locations to be added to the policy without affecting the existing ones.","Name":"AddExchangeLocation","Option":"Write"},{"CIMType":"String[]","Description":"The RemoveExchangeLocation parameter removes locations on Exchange from the policy.","Name":"RemoveExchangeLocation","Option":"Write"},{"CIMType":"String","Description":"The Mode parameter specifies the action and notification level of the auto-labeling policy.","Name":"Mode","Option":"Write","ValueMap":["Enable","Disable","TestWithNotifications","TestWithoutNotifications"],"Values":["Enable","Disable","TestWithNotifications","TestWithoutNotifications"]},{"CIMType":"String[]","Description":"The OneDriveLocation parameter specifies the OneDrive for Business sites to include. You identify the site by its URL value, or you can use the value.","Name":"OneDriveLocation","Option":"Write"},{"CIMType":"String[]","Description":"The AddOneDriveLocation parameter specifies the OneDrive for Business sites to add to the list of included sites when you aren't using the value All for the OneDriveLocation parameter.","Name":"AddOneDriveLocation","Option":"Write"},{"CIMType":"String[]","Description":"The RemoveOneDriveLocation parameter specifies the OneDrive for Business sites to remove from the list of included sites when you aren't using the value All for the OneDriveLocation parameter.","Name":"RemoveOneDriveLocation","Option":"Write"},{"CIMType":"String[]","Description":"This parameter specifies the OneDrive for Business sites to exclude when you use the value All for the OneDriveLocation parameter.","Name":"AddOneDriveLocationException","Option":"Write"},{"CIMType":"String[]","Description":"This RemoveOneDriveLocationException parameter specifies the OneDrive for Business sites to remove from the list of excluded sites when you use the value All for the OneDriveLocation parameter.","Name":"RemoveOneDriveLocationException","Option":"Write"},{"CIMType":"String[]","Description":"The AddOneDriveLocationException parameter specifies the OneDrive for Business sites to add to the list of excluded sites when you use the value All for the OneDriveLocation parameter.","Name":"OneDriveLocationException","Option":"Write"},{"CIMType":"uint32","Description":"The Priority parameter specifies the priority of the policy. The highest priority policy will take action over lower priority policies if two policies are applicable for a file.","Name":"Priority","Option":"Write"},{"CIMType":"String[]","Description":"The SharePointLocation parameter specifies the SharePoint Online sites to include. You identify the site by its URL value, or you can use the value All to include all sites.","Name":"SharePointLocation","Option":"Write"},{"CIMType":"String[]","Description":"This parameter specifies the SharePoint Online sites to exclude when you use the value All for the SharePointLocation parameter.","Name":"SharePointLocationException","Option":"Write"},{"CIMType":"String[]","Description":"The AddSharePointLocation parameter specifies the SharePoint Online sites to add to the list of included sites when you aren't using the value All for the SharePointLocation parameter.","Name":"AddSharePointLocationException","Option":"Write"},{"CIMType":"String[]","Description":"The RemoveSharePointLocationException parameter specifies the SharePoint Online sites to remove from the list of excluded sites when you use the value All for the SharePointLocation parameter.","Name":"RemoveSharePointLocationException","Option":"Write"},{"CIMType":"String[]","Description":"The AddSharePointLocation parameter specifies the SharePoint Online sites to add to the list of included sites when you aren't using the value All for the SharePointLocation parameter.","Name":"AddSharePointLocation","Option":"Write"},{"CIMType":"String[]","Description":"The RemoveSharePointLocation parameter specifies the SharePoint Online sites to remove from the list of included sites when you aren't using the value All for the SharePointLocation parameter.","Name":"RemoveSharePointLocation","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures an Auto Sensitivity label policy in Purview."},{"ClassName":"MSFT_SCHeaderPattern","Parameters":[{"CIMType":"String","Description":"Name of the header pattern","Name":"Name","Option":"Required"},{"CIMType":"String[]","Description":"Regular expressions for the pattern","Name":"Values","Option":"Required"}],"Description":"This resource configures an Auto Sensitivity Label Rule in Purview."},{"ClassName":"MSFT_SCDLPSensitiveInformation","Parameters":[{"CIMType":"String","Description":"Name of the Sensitive Information Content","Name":"name","Option":"Key"},{"CIMType":"String","Description":"Id of the Sensitive Information Content","Name":"id","Option":"Write"},{"CIMType":"String","Description":"Maximum Confidence level value for the Sensitive Information","Name":"maxconfidence","Option":"Write"},{"CIMType":"String","Description":"Minimum Confidence level value for the Sensitive Information","Name":"minconfidence","Option":"Write"},{"CIMType":"String","Description":"Type of Classifier value for the Sensitive Information","Name":"classifiertype","Option":"Write"},{"CIMType":"String","Description":"Minimum Count value for the Sensitive Information","Name":"mincount","Option":"Write"},{"CIMType":"String","Description":"Maximum Count value for the Sensitive Information","Name":"maxcount","Option":"Write"}],"Description":"This resource configures an Auto Sensitivity Label Rule in Purview."},{"ClassName":"MSFT_SCDLPLabel","Parameters":[{"CIMType":"String","Description":"Name of the Sensitive Label","Name":"name","Option":"Key"},{"CIMType":"String","Description":"Id of the Sensitive Information label","Name":"id","Option":"Write"},{"CIMType":"String","Description":"Type of the Sensitive Information label","Name":"type","Option":"Write"}],"Description":"This resource configures an Auto Sensitivity Label Rule in Purview."},{"ClassName":"MSFT_SCDLPContainsSensitiveInformationGroup","Parameters":[{"CIMType":"MSFT_SCDLPSensitiveInformation[]","Description":"Sensitive Information Content Types","Name":"SensitiveInformation","Option":"Write"},{"CIMType":"MSFT_SCDLPLabel[]","Description":"Sensitive Information Labels","Name":"Labels","Option":"Write"},{"CIMType":"String","Description":"Name of the group","Name":"Name","Option":"Key"},{"CIMType":"String","Description":"Operator","Name":"Operator","Option":"Required","ValueMap":["And","Or"],"Values":["And","Or"]}],"Description":"This resource configures an Auto Sensitivity Label Rule in Purview."},{"ClassName":"MSFT_SCDLPContainsSensitiveInformation","Parameters":[{"CIMType":"MSFT_SCDLPSensitiveInformation[]","Description":"Sensitive Information Content Types","Name":"SensitiveInformation","Option":"Write"},{"CIMType":"MSFT_SCDLPContainsSensitiveInformationGroup[]","Description":"Groups of sensitive information types.","Name":"Groups","Option":"Write"},{"CIMType":"String","Description":"Operator","Name":"Operator","Option":"Write","ValueMap":["And","Or"],"Values":["And","Or"]}],"Description":"This resource configures an Auto Sensitivity Label Rule in Purview."},{"ClassName":"MSFT_SCAutoSensitivityLabelRule","Parameters":[{"CIMType":"String","Description":"Name of the Rule.","Name":"Name","Option":"Key"},{"CIMType":"String","Description":"Name of the associated Policy.","Name":"Policy","Option":"Required"},{"CIMType":"String","Description":"The AccessScope parameter specifies a condition for the auto-labeling policy rule that's based on the access scope of the content. The rule is applied to content that matches the specified access scope. Valid values are: InOrganization, NotInOrganization, None","Name":"AccessScope","Option":"Write","ValueMap":["InOrganization","NotInOrganization","None"],"Values":["InOrganization","NotInOrganization","None"]},{"CIMType":"String","Description":"The AnyOfRecipientAddressContainsWords parameter specifies a condition for the auto-labeling policy rule that looks for words or phrases in recipient email addresses. You can specify multiple words or phrases separated by commas.","Name":"AnyOfRecipientAddressContainsWords","Option":"Write"},{"CIMType":"String","Description":"The AnyOfRecipientAddressMatchesPatterns parameter specifies a condition for the auto-labeling policy rule that looks for text patterns in recipient email addresses by using regular expressions.","Name":"AnyOfRecipientAddressMatchesPatterns","Option":"Write"},{"CIMType":"String","Description":"The Comment parameter specifies an optional comment.","Name":"Comment","Option":"Write"},{"CIMType":"MSFT_SCDLPContainsSensitiveInformation","Description":"The ContentContainsSensitiveInformation parameter specifies a condition for the rule that's based on a sensitive information type match in content. The rule is applied to content that contains the specified sensitive information type.","Name":"ContentContainsSensitiveInformation","Option":"Write"},{"CIMType":"String","Description":"The ContentExtensionMatchesWords parameter specifies a condition for the auto-labeling policy rule that looks for words in file name extensions. You can specify multiple words separated by commas.","Name":"ContentExtensionMatchesWords","Option":"Write"},{"CIMType":"Boolean","Description":"The Disabled parameter specifies whether the auto-labeling policy rule is enabled or disabled.","Name":"Disabled","Option":"Write"},{"CIMType":"Boolean","Description":"The DocumentIsPasswordProtected parameter specifies a condition for the auto-labeling policy rule that looks for password protected files (because the contents of the file can't be inspected). Password detection only works for Office documents and .zip files. ","Name":"DocumentIsPasswordProtected","Option":"Write"},{"CIMType":"Boolean","Description":"The DocumentIsUnsupported parameter specifies a condition for the auto-labeling policy rule that looks for files that can't be scanned.","Name":"DocumentIsUnsupported","Option":"Write"},{"CIMType":"String","Description":"The ExceptIfAccessScopeAccessScope parameter specifies an exception for the auto-labeling policy rule that's based on the access scope of the content. The rule isn't applied to content that matches the specified access scope. Valid values are: InOrganization, NotInOrganization, None","Name":"ExceptIfAccessScope","Option":"Write","ValueMap":["InOrganization","NotInOrganization","None"],"Values":["InOrganization","NotInOrganization","None"]},{"CIMType":"String","Description":"The ExceptIfAnyOfRecipientAddressContainsWords parameter specifies an exception for the auto-labeling policy rule that looks for words or phrases in recipient email addresses. You can specify multiple words separated by commas.","Name":"ExceptIfAnyOfRecipientAddressContainsWords","Option":"Write"},{"CIMType":"String","Description":"The ExceptIfAnyOfRecipientAddressMatchesPatterns parameter specifies an exception for the auto-labeling policy rule that looks for text patterns in recipient email addresses by using regular expressions. ","Name":"ExceptIfAnyOfRecipientAddressMatchesPatterns","Option":"Write"},{"CIMType":"MSFT_SCDLPContainsSensitiveInformation","Description":"The ExceptIfContentContainsSensitiveInformation parameter specifies an exception for the auto-labeling policy rule that's based on a sensitive information type match in content. The rule isn't applied to content that contains the specified sensitive information type.","Name":"ExceptIfContentContainsSensitiveInformation","Option":"Write"},{"CIMType":"String[]","Description":"The ExceptIfContentExtensionMatchesWords parameter specifies an exception for the auto-labeling policy rule that looks for words in file name extensions. You can specify multiple words separated by commas.","Name":"ExceptIfContentExtensionMatchesWords","Option":"Write"},{"CIMType":"Boolean","Description":"The ExceptIfDocumentIsPasswordProtected parameter specifies an exception for the auto-labeling policy rule that looks for password protected files (because the contents of the file can't be inspected). Password detection only works for Office documents and .zip files. ","Name":"ExceptIfDocumentIsPasswordProtected","Option":"Write"},{"CIMType":"Boolean","Description":"The ExceptIfDocumentIsUnsupported parameter specifies an exception for the auto-labeling policy rule that looks for files that can't be scanned.","Name":"ExceptIfDocumentIsUnsupported","Option":"Write"},{"CIMType":"String[]","Description":"The ExceptIfFrom parameter specifies an exception for the auto-labeling policy rule that looks for messages from specific senders. You can use any value that uniquely identifies the sender.","Name":"ExceptIfFrom","Option":"Write"},{"CIMType":"String","Description":"The ExceptIfFromAddressContainsWords parameter specifies an exception for the auto-labeling policy rule that looks for words or phrases in the sender's email address. You can specify multiple words or phrases separated by commas.","Name":"ExceptIfFromAddressContainsWords","Option":"Write"},{"CIMType":"String","Description":"The ExceptIfFromAddressMatchesPatterns parameter specifies an exception for the auto-labeling policy rule that looks for text patterns in the sender's email address by using regular expressions. ","Name":"ExceptIfFromAddressMatchesPatterns","Option":"Write"},{"CIMType":"String[]","Description":"The ExceptIfFromMemberOf parameter specifies an exception for the auto-labeling policy rule that looks for messages sent by group members. You identify the group members by their email addresses. You can enter multiple values separated by commas.","Name":"ExceptIfFromMemberOf","Option":"Write"},{"CIMType":"String[]","Description":"The HeaderMatchesPatterns parameter specifies an exception for the auto-labeling policy rule that looks for text patterns in a header field by using regular expressions.","Name":"ExceptIfHeaderMatchesPatterns","Option":"Write"},{"CIMType":"Boolean","Description":"The ExceptIfProcessingLimitExceeded parameter specifies an exception for the auto-labeling policy rule that looks for files where scanning couldn't complete.","Name":"ExceptIfProcessingLimitExceeded","Option":"Write"},{"CIMType":"String[]","Description":"The ExceptIfRecipientDomainIs parameter specifies an exception for the auto-labeling policy rule that looks for recipients with email address in the specified domains. You can specify multiple domains separated by commas.","Name":"ExceptIfRecipientDomainIs","Option":"Write"},{"CIMType":"String[]","Description":"The ExceptIfSenderDomainIs parameter specifies an exception for the auto-labeling policy rule that looks for messages from senders with email address in the specified domains. You can specify multiple values separated by commas.","Name":"ExceptIfSenderDomainIs","Option":"Write"},{"CIMType":"String[]","Description":"The ExceptIfSenderIpRanges parameter specifies an exception for the auto-labeling policy rule that looks for senders whose IP addresses matches the specified value, or fall within the specified ranges.","Name":"ExceptIfSenderIPRanges","Option":"Write"},{"CIMType":"String[]","Description":"The ExceptIfSentTo parameter specifies an exception for the auto-labeling policy rule that looks for recipients in messages. You can use any value that uniquely identifies the recipient. ","Name":"ExceptIfSentTo","Option":"Write"},{"CIMType":"String[]","Description":"The ExceptIfSentToMemberOf parameter specifies an exception for the auto-labeling policy rule that looks for messages sent to members of distribution groups, dynamic distribution groups, or mail-enabled security groups. You identify the groups by email address. You can specify multiple values separated by commas.","Name":"ExceptIfSentToMemberOf","Option":"Write"},{"CIMType":"String","Description":"The ExceptIfSubjectMatchesPatterns parameter specifies an exception for the auto-labeling policy rule that looks for text patterns in the Subject field of messages by using regular expressions.","Name":"ExceptIfSubjectMatchesPatterns","Option":"Write"},{"CIMType":"String","Description":"The FromAddressContainsWords parameter specifies a condition for the auto-labeling policy rule that looks for words or phrases in the sender's email address. You can specify multiple words or phrases separated by commas.","Name":"FromAddressContainsWords","Option":"Write"},{"CIMType":"String","Description":"The FromAddressMatchesPatterns parameter specifies a condition for the auto-labeling policy rule that looks for text patterns in the sender's email address by using regular expressions.","Name":"FromAddressMatchesPatterns","Option":"Write"},{"CIMType":"MSFT_SCHeaderPattern","Description":"The HeaderMatchesPatterns parameter specifies a condition for the auto-labeling policy rule that looks for text patterns in a header field by using regular expressions.","Name":"HeaderMatchesPatterns","Option":"Write"},{"CIMType":"Boolean","Description":"The ProcessingLimitExceeded parameter specifies a condition for the auto-labeling policy rule that looks for files where scanning couldn't complete. You can use this condition to create rules that work together to identify and process messages where the content couldn't be fully scanned.","Name":"ProcessingLimitExceeded","Option":"Write"},{"CIMType":"String[]","Description":"The RecipientDomainIs parameter specifies a condition for the auto-labeling policy rule that looks for recipients with email address in the specified domains. You can specify multiple domains separated by commas.","Name":"RecipientDomainIs","Option":"Write"},{"CIMType":"String","Description":"The ReportSeverityLevel parameter specifies the severity level of the incident report for content detections based on the rule. Valid values are: None, Low, Medium, High","Name":"ReportSeverityLevel","Option":"Write","ValueMap":["None","Low","Medium","High"],"Values":["None","Low","Medium","High"]},{"CIMType":"String","Description":"The RuleErrorAction parameter specifies what to do if an error is encountered during the evaluation of the rule. Valid values are: Ignore, RetryThenBlock, *blank*","Name":"RuleErrorAction","Option":"Write","ValueMap":["Ignore","RetryThenBlock",""],"Values":["Ignore","RetryThenBlock",""]},{"CIMType":"String[]","Description":"The SenderDomainIs parameter specifies a condition for the auto-labeling policy rule that looks for messages from senders with email address in the specified domains. ","Name":"SenderDomainIs","Option":"Write"},{"CIMType":"String[]","Description":"The SenderIpRanges parameter specifies a condition for the auto-sensitivity policy rule that looks for senders whose IP addresses matches the specified value, or fall within the specified ranges.","Name":"SenderIPRanges","Option":"Write"},{"CIMType":"String[]","Description":"The SentTo parameter specifies a condition for the auto-sensitivity policy rule that looks for recipients in messages. You can use any value that uniquely identifies the recipient.","Name":"SentTo","Option":"Write"},{"CIMType":"String[]","Description":"The SentToMemberOf parameter specifies a condition for the auto-labeling policy rule that looks for messages sent to members of distribution groups, dynamic distribution groups, or mail-enabled security groups. You identify the groups by email address.","Name":"SentToMemberOf","Option":"Write"},{"CIMType":"String","Description":"The SubjectMatchesPatterns parameter specifies a condition for the auto-labeling policy rule that looks for text patterns in the Subject field of messages by using regular expressions.","Name":"SubjectMatchesPatterns","Option":"Write"},{"CIMType":"String","Description":"Workload the rule is associated with. Value can be: Exchange, SharePoint, OneDriveForBusiness, Applications, Azure, AWS and PowerBI","Name":"Workload","Option":"Key","ValueMap":["Exchange","SharePoint","OneDriveForBusiness","Applications","Azure","AWS","PowerBI"],"Values":["Exchange","SharePoint","OneDriveForBusiness","Applications","Azure","AWS","PowerBI"]},{"CIMType":"String","Description":"Specify if this rule should exist or not.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures an Auto Sensitivity Label Rule in Purview."},{"ClassName":"MSFT_SCCaseHoldPolicy","Parameters":[{"CIMType":"String","Description":"The Name parameter specifies the unique name of the case hold policy.","Name":"Name","Option":"Key"},{"CIMType":"String","Description":"The Case parameter specifies the eDiscovery case that you want to associate with the case hold policy.","Name":"Case","Option":"Key"},{"CIMType":"String","Description":"The Comment parameter specifies an optional comment.","Name":"Comment","Option":"Write"},{"CIMType":"Boolean","Description":"The Enabled parameter specifies whether the policy is enabled or disabled.","Name":"Enabled","Option":"Write"},{"CIMType":"String[]","Description":"The ExchangeLocation parameter specifies the mailboxes to include in the policy.","Name":"ExchangeLocation","Option":"Write"},{"CIMType":"String[]","Description":"The PublicFolderLocation parameter specifies that you want to include all public folders in the case hold policy. You use the value All for this parameter.","Name":"PublicFolderLocation","Option":"Write"},{"CIMType":"String[]","Description":"The SharePointLocation parameter specifies the SharePoint Online and OneDrive for Business sites to include. You identify a site by its URL value.","Name":"SharePointLocation","Option":"Write"},{"CIMType":"String","Description":"Specify if this policy should exist or not.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures an eDiscovery Case Policy in Purview."},{"ClassName":"MSFT_SCCaseHoldRule","Parameters":[{"CIMType":"String","Description":"The Name parameter specifies a unique name for the case hold rule.","Name":"Name","Option":"Key"},{"CIMType":"String","Description":"The Policy parameter specifies the case hold policy that contains the rule. You can use any value that uniquely identifies the policy.","Name":"Policy","Option":"Key"},{"CIMType":"String","Description":"The Comment parameter specifies an optional comment.","Name":"Comment","Option":"Write"},{"CIMType":"String","Description":"The ContentMatchQuery parameter specifies a content search filter. Use this parameter to create a query-based hold so only the content that matches the specified search query is placed on hold. This parameter uses a text search string or a query that's formatted by using the Keyword Query Language (KQL).","Name":"ContentMatchQuery","Option":"Write"},{"CIMType":"Boolean","Description":"The Disabled parameter specifies whether the case hold rule is enabled or disabled.","Name":"Disabled","Option":"Write"},{"CIMType":"String","Description":"Present ensures the rule exists, absent ensures it is removed","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Global Admin Account","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures an eDiscovery Case Hold Rule in Purview."},{"ClassName":"MSFT_SCComplianceCase","Parameters":[{"CIMType":"String","Description":"The Name parameter specifies the unique name of the compliance case.","Name":"Name","Option":"Key"},{"CIMType":"String","Description":"The description of the case.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Specify if this case should exist or not.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"String","Description":"Status for the case. Can either be 'Active' or 'Closed'","Name":"Status","Option":"Write","ValueMap":["Active","Closed"],"Values":["Active","Closed"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Global Admin Account","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures an eDiscovery Case in Purview."},{"ClassName":"MSFT_SCComplianceSearch","Parameters":[{"CIMType":"String","Description":"The Name parameter specifies the unique name of the complaiance tag.","Name":"Name","Option":"Key"},{"CIMType":"String","Description":"Compliance Case (eDiscovery) that this Search is associated with","Name":"Case","Option":"Write"},{"CIMType":"Boolean","Description":"The AllowNotFoundExchangeLocationsEnabled parameter specifies whether to include mailboxes other than regular user mailboxes in the compliance search.","Name":"AllowNotFoundExchangeLocationsEnabled","Option":"Write"},{"CIMType":"String","Description":"The ContentMatchQuery parameter specifies a content search filter. This parameter uses a text search string or a query that's formatted by using the Keyword Query Language (KQL).","Name":"ContentMatchQuery","Option":"Write"},{"CIMType":"String","Description":"The Description parameter specifies an optional description for the compliance search. If the value contains spaces, enclose the value in quotation marks.","Name":"Description","Option":"Write"},{"CIMType":"String[]","Description":"The ExchangeLocation parameter specifies the mailboxes to include.","Name":"ExchangeLocation","Option":"Write"},{"CIMType":"String[]","Description":"This parameter specifies the mailboxes to exclude when you use the value All for the ExchangeLocation parameter.","Name":"ExchangeLocationExclusion","Option":"Write"},{"CIMType":"String[]","Description":"The HoldNames parameter specifies that the content locations that have been placed on hold in the specified eDiscovery case will be searched. You use the value All for this parameter. You also need to specify the name of an eDiscovery case by using the Case parameter.","Name":"HoldNames","Option":"Write"},{"CIMType":"Boolean","Description":"The IncludeUserAppContent parameter specifies that you want to search the cloud-based storage location for users who don't have a regular Office 365 user account in your organization. These types of users include users without an Exchange Online license who use Office applications, Office 365 guest users, and on-premises users whose identity is synchronized with your Office 365 organization.","Name":"IncludeUserAppContent","Option":"Write"},{"CIMType":"String","Description":"The Language parameter specifies the language for the compliance search. Valid input for this parameter is a supported culture code value from the Microsoft .NET Framework CultureInfo class. For example, da-DK for Danish or ja-JP for Japanese.","Name":"Language","Option":"Write"},{"CIMType":"String[]","Description":"The PublicFolderLocation parameter specifies that you want to include all public folders in the search. You use the value All for this parameter.","Name":"PublicFolderLocation","Option":"Write"},{"CIMType":"String[]","Description":"The SharePointLocation parameter specifies the SharePoint Online sites to include. You identify the site by its URL value, or you can use the value All to include all sites.","Name":"SharePointLocation","Option":"Write"},{"CIMType":"String[]","Description":"This parameter specifies the SharePoint Online sites to exclude when you use the value All for the SharePointLocation parameter. You identify the site by its URL value.","Name":"SharePointLocationExclusion","Option":"Write"},{"CIMType":"String","Description":"Specify if this search should exist or not.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Global Admin Account","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures an Compliance Search (eDiscovery) in Purview."},{"ClassName":"MSFT_SCComplianceSearchAction","Parameters":[{"CIMType":"String","Description":"The Action parameter specifies what type of action to define. Accepted values are Export, Retention and Purge.","Name":"Action","Option":"Key","ValueMap":["Export","Preview","Purge","Retention"],"Values":["Export","Preview","Purge","Retention"]},{"CIMType":"String","Description":"The SearchName parameter specifies the name of the existing content search to associate with the content search action. You can specify multiple content searches separated by commas.","Name":"SearchName","Option":"Key"},{"CIMType":"String[]","Description":"The FileTypeExclusionsForUnindexedItems specifies the file types to exclude because they can't be indexed. You can specify multiple values separated by commas.","Name":"FileTypeExclusionsForUnindexedItems","Option":"Write"},{"CIMType":"Boolean","Description":"The EnableDedupe parameter eliminates duplication of messages when you export content search results.","Name":"EnableDedupe","Option":"Write"},{"CIMType":"Boolean","Description":"The IncludeCredential switch specifies whether to include the credential in the results.","Name":"IncludeCredential","Option":"Write"},{"CIMType":"Boolean","Description":"The IncludeSharePointDocumentVersions parameter specifies whether to export previous versions of the document when you use the Export switch.","Name":"IncludeSharePointDocumentVersions","Option":"Write"},{"CIMType":"String","Description":"The PurgeType parameter specifies how to remove items when the action is Purge.","Name":"PurgeType","Option":"Write","ValueMap":["SoftDelete","HardDelete"],"Values":["SoftDelete","HardDelete"]},{"CIMType":"Boolean","Description":"The RetryOnError switch specifies whether to retry the action on any items that failed without re-running the entire action all over again.","Name":"RetryOnError","Option":"Write"},{"CIMType":"String","Description":"The ActionScope parameter specifies the items to include when the action is Export.","Name":"ActionScope","Option":"Write","ValueMap":["IndexedItemsOnly","UnindexedItemsOnly","BothIndexedAndUnindexedItems"],"Values":["IndexedItemsOnly","UnindexedItemsOnly","BothIndexedAndUnindexedItems"]},{"CIMType":"String","Description":"Specify if this action should exist or not.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures a Compliance Search Action in Purview."},{"ClassName":"MSFT_SCFilePlanProperty","Parameters":[{"CIMType":"String","Description":"File plan department. Can get list by running Get-FilePlanPropertyDepartment.","Name":"FilePlanPropertyDepartment","Option":"Write"},{"CIMType":"String","Description":"File plan Authority. Can get list by running Get-FilePlanPropertyAuthority.","Name":"FilePlanPropertyAuthority","Option":"Write"},{"CIMType":"String","Description":"File plan category. Can get a list by running Get-FilePlanPropertyCategory.","Name":"FilePlanPropertyCategory","Option":"Write"},{"CIMType":"String","Description":"File plan citation. Can get a list by running Get-FilePlanPropertyCitation.","Name":"FilePlanPropertyCitation","Option":"Write"},{"CIMType":"String","Description":"File plan reference id. Can get a list by running Get-FilePlanPropertyReferenceId.","Name":"FilePlanPropertyReferenceId","Option":"Write"},{"CIMType":"String","Description":"File plan subcategory. Can get a list by running Get-FilePlanPropertySubCategory.","Name":"FilePlanPropertySubCategory","Option":"Write"}],"Description":"This resource configures a Compliance Tag in Purview."},{"ClassName":"MSFT_SCComplianceTag","Parameters":[{"CIMType":"String","Description":"The Name parameter specifies the unique name of the complaiance tag.","Name":"Name","Option":"Key"},{"CIMType":"String","Description":"Specify if this rule should exist or not.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"String","Description":"The Comment parameter specifies an optional comment.","Name":"Comment","Option":"Write"},{"CIMType":"String","Description":"The EventType parameter specifies the retention rule that's associated with the label.","Name":"EventType","Option":"Write"},{"CIMType":"Boolean","Description":"The IsRecordLabel parameter specifies whether the label is a record label.","Name":"IsRecordLabel","Option":"Write"},{"CIMType":"String","Description":"The Notes parameter specifies an optional note. If you specify a value that contains spaces, enclose the value in quotation marks, for example: 'This is a user note'","Name":"Notes","Option":"Write"},{"CIMType":"Boolean","Description":"Regulatory description","Name":"Regulatory","Option":"Write"},{"CIMType":"MSFT_SCFilePlanProperty","Description":"The FilePlanProperty parameter specifies the file plan properties to include in the label.","Name":"FilePlanProperty","Option":"Write"},{"CIMType":"String[]","Description":"The ReviewerEmail parameter specifies the email address of a reviewer for Delete and KeepAndDelete retention actions. You can specify multiple email addresses separated by commas.","Name":"ReviewerEmail","Option":"Write"},{"CIMType":"String","Description":"The RetentionDuration parameter specifies the hold duration for the retention rule. Valid values are: An integer - The hold duration in days, Unlimited - The content is held indefinitely.","Name":"RetentionDuration","Option":"Write"},{"CIMType":"String","Description":"The RetentionAction parameter specifies the action for the label. Valid values are: Delete, Keep or KeepAndDelete.","Name":"RetentionAction","Option":"Write","ValueMap":["Delete","Keep","KeepAndDelete"],"Values":["Delete","Keep","KeepAndDelete"]},{"CIMType":"String","Description":"The RetentionType parameter specifies whether the retention duration is calculated from the content creation date, tagged date, or last modification date. Valid values are: CreationAgeInDays, EventAgeInDays,ModificationAgeInDays, or TaggedAgeInDays.","Name":"RetentionType","Option":"Write","ValueMap":["CreationAgeInDays","EventAgeInDays","ModificationAgeInDays","TaggedAgeInDays"],"Values":["CreationAgeInDays","EventAgeInDays","ModificationAgeInDays","TaggedAgeInDays"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures a Compliance Tag in Purview."},{"ClassName":"MSFT_SCDeviceConditionalAccessPolicy","Parameters":[{"CIMType":"String","Description":"The name of the Device Conditional Access Policy.","Name":"Name","Option":"Key"},{"CIMType":"String","Description":"Specify if this policy should exist or not.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"String","Description":"The Comment parameter specifies an optional comment.","Name":"Comment","Option":"Write"},{"CIMType":"Boolean","Description":"The Enabled parameter specifies whether the policy is enabled.","Name":"Enabled","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Credentials of Security and Compliance Center Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures a Device Conditional Access Policy in Purview."},{"ClassName":"MSFT_SCDeviceConditionalAccessRule","Parameters":[{"CIMType":"String","Description":"Name for the rule.","Name":"Name","Option":"Key"},{"CIMType":"String","Description":"Name of the associated policy.","Name":"Policy","Option":"Write"},{"CIMType":"String[]","Description":"The display names of the graoups targeted by the policy.","Name":"TargetGroups","Option":"Write"},{"CIMType":"String","Description":"The AccountName parameter specifies the account name.","Name":"AccountName","Option":"Write"},{"CIMType":"String","Description":"The AccountUserName parameter specifies the account user name.","Name":"AccountUserName","Option":"Write"},{"CIMType":"Boolean","Description":"The AllowAppStore parameter specifies whether to allow access to the app store on devices.","Name":"AllowAppStore","Option":"Write"},{"CIMType":"Boolean","Description":"The AllowAssistantWhileLocked parameter specifies whether to allow the use of the voice assistant while devices are locked.","Name":"AllowAssistantWhileLocked","Option":"Write"},{"CIMType":"Boolean","Description":"The AllowConvenienceLogon parameter specifies whether to allow convenience logons on devices.","Name":"AllowConvenienceLogon","Option":"Write"},{"CIMType":"Boolean","Description":"The AllowDiagnosticSubmission parameter specifies whether to allow diagnostic submissions from devices.","Name":"AllowDiagnosticSubmission","Option":"Write"},{"CIMType":"Boolean","Description":"The AllowiCloudBackup parameter specifies whether to allow Apple iCloud Backup from devices.","Name":"AllowiCloudBackup","Option":"Write"},{"CIMType":"Boolean","Description":"The AllowiCloudDocSync parameter specifies whether to allow Apple iCloud Documents & Data sync on devices.","Name":"AllowiCloudDocSync","Option":"Write"},{"CIMType":"Boolean","Description":"The AllowiCloudPhotoSync parameter specifies whether to allow Apple iCloud Photos sync on devices.","Name":"AllowiCloudPhotoSync","Option":"Write"},{"CIMType":"Boolean","Description":"The AllowJailbroken parameter specifies whether to allow access to your organization by jailbroken or rooted devices.","Name":"AllowJailbroken","Option":"Write"},{"CIMType":"Boolean","Description":"The AllowPassbookWhileLocked parameter specifies whether to allow the use of Apple Passbook while devices are locked.","Name":"AllowPassbookWhileLocked","Option":"Write"},{"CIMType":"Boolean","Description":"The AllowScreenshot parameter specifies whether to allow screenshots on devices.","Name":"AllowScreenshot","Option":"Write"},{"CIMType":"Boolean","Description":"The AllowSimplePassword parameter specifies whether to allow simple or non-complex passwords on devices.","Name":"AllowSimplePassword","Option":"Write"},{"CIMType":"Boolean","Description":"The AllowVideoConferencing parameter specifies whether to allow video conferencing on devices. ","Name":"AllowVideoConferencing","Option":"Write"},{"CIMType":"Boolean","Description":"The AllowVoiceAssistant parameter specifies whether to allow using the voice assistant on devices.","Name":"AllowVoiceAssistant","Option":"Write"},{"CIMType":"Boolean","Description":"The AllowVoiceDialing parameter specifies whether to allow voice-activated telephone dialing.","Name":"AllowVoiceDialing","Option":"Write"},{"CIMType":"UInt32","Description":"The AntiVirusSignatureStatus parameter specifies the antivirus signature status.","Name":"AntiVirusSignatureStatus","Option":"Write"},{"CIMType":"UInt32","Description":"The AntiVirusStatus parameter specifies the antivirus status.","Name":"AntiVirusStatus","Option":"Write"},{"CIMType":"String","Description":"The AppsRating parameter species the maximum or most restrictive rating of apps that are allowed on devices.","Name":"AppsRating","Option":"Write"},{"CIMType":"String","Description":"The AutoUpdateStatus parameter specifies the update settings for devices.","Name":"AutoUpdateStatus","Option":"Write"},{"CIMType":"Boolean","Description":"The BluetoothEnabled parameter specifies whether to enable or disable Bluetooth on devices.","Name":"BluetoothEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The BluetoothEnabled parameter specifies whether to enable or disable Bluetooth on devices.","Name":"CameraEnabled","Option":"Write"},{"CIMType":"String","Description":"The EmailAddress parameter specifies the email address.","Name":"EmailAddress","Option":"Write"},{"CIMType":"Boolean","Description":"The EnableRemovableStorage parameter specifies whether removable storage can be used by devices.","Name":"EnableRemovableStorage","Option":"Write"},{"CIMType":"String","Description":"The ExchangeActiveSyncHost parameter specifies the Exchange ActiveSync host.","Name":"ExchangeActiveSyncHost","Option":"Write"},{"CIMType":"Boolean","Description":"The FirewallStatus parameter specifies the acceptable firewall status values on devices.","Name":"FirewallStatus","Option":"Write"},{"CIMType":"Boolean","Description":"The ForceAppStorePassword parameter specifies whether to require a password to use the app store on devices.","Name":"ForceAppStorePassword","Option":"Write"},{"CIMType":"Boolean","Description":"The ForceEncryptedBackup parameter specifies whether to force encrypted backups for devices.","Name":"ForceEncryptedBackup","Option":"Write"},{"CIMType":"UInt32","Description":"The MaxPasswordAttemptsBeforeWipe parameter specifies the number of incorrect password attempts that cause devices to be automatically wiped.","Name":"MaxPasswordAttemptsBeforeWipe","Option":"Write"},{"CIMType":"UInt32","Description":"The MaxPasswordGracePeriod parameter specifies the length of time users are allowed to reset expired passwords on devices.","Name":"MaxPasswordGracePeriod","Option":"Write"},{"CIMType":"String","Description":"The MoviesRating parameter species the maximum or most restrictive rating of movies that are allowed on devices. You specify the country/region rating system to use with the RegionRatings parameter.","Name":"MoviesRating","Option":"Write"},{"CIMType":"UInt32","Description":"The PasswordComplexity parameter specifies the password complexity.","Name":"PasswordComplexity","Option":"Write"},{"CIMType":"UInt32","Description":"The PasswordExpirationDays parameter specifies the number of days that the same password can be used on devices before users are required to change their passwords.","Name":"PasswordExpirationDays","Option":"Write"},{"CIMType":"UInt32","Description":"The PasswordHistoryCount parameter specifies the minimum number of unique new passwords that are required on devices before an old password can be reused.","Name":"PasswordHistoryCount","Option":"Write"},{"CIMType":"UInt32","Description":"The PasswordMinComplexChars parameter specifies the minimum number of complex characters that are required for device passwords. A complex character isn't a letter.","Name":"PasswordMinComplexChars","Option":"Write"},{"CIMType":"UInt32","Description":"The PasswordMinimumLength parameter specifies the minimum number of characters that are required for device passwords.","Name":"PasswordMinimumLength","Option":"Write"},{"CIMType":"UInt32","Description":"The PasswordQuality parameter specifies the minimum password quality rating that's required for device passwords. Password quality is a numeric scale that indicates the security and complexity of the password. A higher quality value indicates a more secure password.","Name":"PasswordQuality","Option":"Write"},{"CIMType":"Boolean","Description":"The PasswordRequired parameter specifies whether a password is required to access devices.","Name":"PasswordRequired","Option":"Write"},{"CIMType":"String","Description":"The PasswordTimeout parameter specifies the length of time that devices can be inactive before a password is required to reactivate them.","Name":"PasswordTimeout","Option":"Write"},{"CIMType":"Boolean","Description":"The PhoneMemoryEncrypted parameter specifies whether to encrypt the memory on devices.","Name":"PhoneMemoryEncrypted","Option":"Write"},{"CIMType":"String","Description":"The RegionRatings parameter specifies the rating system (country/region) to use for movie and television ratings with the MoviesRating and TVShowsRating parameters.","Name":"RegionRatings","Option":"Write"},{"CIMType":"Boolean","Description":"The RequireEmailProfile parameter specifies whether an email profile is required on devices.","Name":"RequireEmailProfile","Option":"Write"},{"CIMType":"Boolean","Description":"The SmartScreenEnabled parameter specifies whether to requireWindows SmartScreen on devices.","Name":"SmartScreenEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The SystemSecurityTLS parameter specifies whether TLS encryption is used on devices.","Name":"SystemSecurityTLS","Option":"Write"},{"CIMType":"String","Description":"The TVShowsRating parameter species the maximum or most restrictive rating of television shows that are allowed on devices. You specify the country/region rating system to use with the RegionRatings parameter.","Name":"TVShowsRating","Option":"Write"},{"CIMType":"String","Description":"The UserAccountControlStatus parameter specifies how User Account Control messages are presented on devices.","Name":"UserAccountControlStatus","Option":"Write"},{"CIMType":"Boolean","Description":"The WLANEnabled parameter specifies whether Wi-Fi is enabled devices.","Name":"WLANEnabled","Option":"Write"},{"CIMType":"String","Description":"The WorkFoldersSyncUrl parameter specifies the URL that's used to synchronize company data on devices.","Name":"WorkFoldersSyncUrl","Option":"Write"},{"CIMType":"string","Description":"Present ensures the instance exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Absent","Present"],"Values":["Absent","Present"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Manages Purview Device Conditional Access rules."},{"ClassName":"MSFT_SCDeviceConfigurationPolicy","Parameters":[{"CIMType":"String","Description":"The name of the Device Configuration Policy.","Name":"Name","Option":"Key"},{"CIMType":"String","Description":"Specify if this policy should exist or not.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"String","Description":"The Comment parameter specifies an optional comment.","Name":"Comment","Option":"Write"},{"CIMType":"Boolean","Description":"The Enabled parameter specifies whether the policy is enabled.","Name":"Enabled","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Credentials of Security and Compliance Center Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures a Device Configuration Policy in Purview."},{"ClassName":"MSFT_SCDeviceConfigurationRule","Parameters":[{"CIMType":"String","Description":"Name for the rule.","Name":"Name","Option":"Key"},{"CIMType":"String","Description":"Name of the associated policy.","Name":"Policy","Option":"Write"},{"CIMType":"String[]","Description":"The display names of the graoups targeted by the policy.","Name":"TargetGroups","Option":"Write"},{"CIMType":"String","Description":"The AccountName parameter specifies the account name.","Name":"AccountName","Option":"Write"},{"CIMType":"String","Description":"The AccountUserName parameter specifies the account user name.","Name":"AccountUserName","Option":"Write"},{"CIMType":"Boolean","Description":"The AllowAppStore parameter specifies whether to allow access to the app store on devices.","Name":"AllowAppStore","Option":"Write"},{"CIMType":"Boolean","Description":"The AllowAssistantWhileLocked parameter specifies whether to allow the use of the voice assistant while devices are locked.","Name":"AllowAssistantWhileLocked","Option":"Write"},{"CIMType":"Boolean","Description":"The AllowConvenienceLogon parameter specifies whether to allow convenience logons on devices.","Name":"AllowConvenienceLogon","Option":"Write"},{"CIMType":"Boolean","Description":"The AllowDiagnosticSubmission parameter specifies whether to allow diagnostic submissions from devices.","Name":"AllowDiagnosticSubmission","Option":"Write"},{"CIMType":"Boolean","Description":"The AllowiCloudBackup parameter specifies whether to allow Apple iCloud Backup from devices.","Name":"AllowiCloudBackup","Option":"Write"},{"CIMType":"Boolean","Description":"The AllowiCloudDocSync parameter specifies whether to allow Apple iCloud Documents & Data sync on devices.","Name":"AllowiCloudDocSync","Option":"Write"},{"CIMType":"Boolean","Description":"The AllowiCloudPhotoSync parameter specifies whether to allow Apple iCloud Photos sync on devices.","Name":"AllowiCloudPhotoSync","Option":"Write"},{"CIMType":"Boolean","Description":"The AllowPassbookWhileLocked parameter specifies whether to allow the use of Apple Passbook while devices are locked.","Name":"AllowPassbookWhileLocked","Option":"Write"},{"CIMType":"Boolean","Description":"The AllowScreenshot parameter specifies whether to allow screenshots on devices.","Name":"AllowScreenshot","Option":"Write"},{"CIMType":"Boolean","Description":"The AllowSimplePassword parameter specifies whether to allow simple or non-complex passwords on devices.","Name":"AllowSimplePassword","Option":"Write"},{"CIMType":"Boolean","Description":"The AllowVideoConferencing parameter specifies whether to allow video conferencing on devices. ","Name":"AllowVideoConferencing","Option":"Write"},{"CIMType":"Boolean","Description":"The AllowVoiceAssistant parameter specifies whether to allow using the voice assistant on devices.","Name":"AllowVoiceAssistant","Option":"Write"},{"CIMType":"Boolean","Description":"The AllowVoiceDialing parameter specifies whether to allow voice-activated telephone dialing.","Name":"AllowVoiceDialing","Option":"Write"},{"CIMType":"UInt32","Description":"The AntiVirusSignatureStatus parameter specifies the antivirus signature status.","Name":"AntiVirusSignatureStatus","Option":"Write"},{"CIMType":"UInt32","Description":"The AntiVirusStatus parameter specifies the antivirus status.","Name":"AntiVirusStatus","Option":"Write"},{"CIMType":"String","Description":"The AppsRating parameter species the maximum or most restrictive rating of apps that are allowed on devices.","Name":"AppsRating","Option":"Write"},{"CIMType":"String","Description":"The AutoUpdateStatus parameter specifies the update settings for devices.","Name":"AutoUpdateStatus","Option":"Write"},{"CIMType":"Boolean","Description":"The BluetoothEnabled parameter specifies whether to enable or disable Bluetooth on devices.","Name":"BluetoothEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The BluetoothEnabled parameter specifies whether to enable or disable Bluetooth on devices.","Name":"CameraEnabled","Option":"Write"},{"CIMType":"String","Description":"The EmailAddress parameter specifies the email address.","Name":"EmailAddress","Option":"Write"},{"CIMType":"Boolean","Description":"The EnableRemovableStorage parameter specifies whether removable storage can be used by devices.","Name":"EnableRemovableStorage","Option":"Write"},{"CIMType":"String","Description":"The ExchangeActiveSyncHost parameter specifies the Exchange ActiveSync host.","Name":"ExchangeActiveSyncHost","Option":"Write"},{"CIMType":"Boolean","Description":"The FirewallStatus parameter specifies the acceptable firewall status values on devices.","Name":"FirewallStatus","Option":"Write"},{"CIMType":"Boolean","Description":"The ForceAppStorePassword parameter specifies whether to require a password to use the app store on devices.","Name":"ForceAppStorePassword","Option":"Write"},{"CIMType":"Boolean","Description":"The ForceEncryptedBackup parameter specifies whether to force encrypted backups for devices.","Name":"ForceEncryptedBackup","Option":"Write"},{"CIMType":"UInt32","Description":"The MaxPasswordAttemptsBeforeWipe parameter specifies the number of incorrect password attempts that cause devices to be automatically wiped.","Name":"MaxPasswordAttemptsBeforeWipe","Option":"Write"},{"CIMType":"UInt32","Description":"The MaxPasswordGracePeriod parameter specifies the length of time users are allowed to reset expired passwords on devices.","Name":"MaxPasswordGracePeriod","Option":"Write"},{"CIMType":"String","Description":"The MoviesRating parameter species the maximum or most restrictive rating of movies that are allowed on devices. You specify the country/region rating system to use with the RegionRatings parameter.","Name":"MoviesRating","Option":"Write"},{"CIMType":"UInt32","Description":"The PasswordComplexity parameter specifies the password complexity.","Name":"PasswordComplexity","Option":"Write"},{"CIMType":"UInt32","Description":"The PasswordExpirationDays parameter specifies the number of days that the same password can be used on devices before users are required to change their passwords.","Name":"PasswordExpirationDays","Option":"Write"},{"CIMType":"UInt32","Description":"The PasswordHistoryCount parameter specifies the minimum number of unique new passwords that are required on devices before an old password can be reused.","Name":"PasswordHistoryCount","Option":"Write"},{"CIMType":"UInt32","Description":"The PasswordMinComplexChars parameter specifies the minimum number of complex characters that are required for device passwords. A complex character isn't a letter.","Name":"PasswordMinComplexChars","Option":"Write"},{"CIMType":"UInt32","Description":"The PasswordMinimumLength parameter specifies the minimum number of characters that are required for device passwords.","Name":"PasswordMinimumLength","Option":"Write"},{"CIMType":"UInt32","Description":"The PasswordQuality parameter specifies the minimum password quality rating that's required for device passwords. Password quality is a numeric scale that indicates the security and complexity of the password. A higher quality value indicates a more secure password.","Name":"PasswordQuality","Option":"Write"},{"CIMType":"Boolean","Description":"The PasswordRequired parameter specifies whether a password is required to access devices.","Name":"PasswordRequired","Option":"Write"},{"CIMType":"String","Description":"The PasswordTimeout parameter specifies the length of time that devices can be inactive before a password is required to reactivate them.","Name":"PasswordTimeout","Option":"Write"},{"CIMType":"Boolean","Description":"The PhoneMemoryEncrypted parameter specifies whether to encrypt the memory on devices.","Name":"PhoneMemoryEncrypted","Option":"Write"},{"CIMType":"String","Description":"The RegionRatings parameter specifies the rating system (country/region) to use for movie and television ratings with the MoviesRating and TVShowsRating parameters.","Name":"RegionRatings","Option":"Write"},{"CIMType":"Boolean","Description":"The RequireEmailProfile parameter specifies whether an email profile is required on devices.","Name":"RequireEmailProfile","Option":"Write"},{"CIMType":"Boolean","Description":"The SmartScreenEnabled parameter specifies whether to requireWindows SmartScreen on devices.","Name":"SmartScreenEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The SystemSecurityTLS parameter specifies whether TLS encryption is used on devices.","Name":"SystemSecurityTLS","Option":"Write"},{"CIMType":"String","Description":"The TVShowsRating parameter species the maximum or most restrictive rating of television shows that are allowed on devices. You specify the country/region rating system to use with the RegionRatings parameter.","Name":"TVShowsRating","Option":"Write"},{"CIMType":"String","Description":"The UserAccountControlStatus parameter specifies how User Account Control messages are presented on devices.","Name":"UserAccountControlStatus","Option":"Write"},{"CIMType":"Boolean","Description":"The WLANEnabled parameter specifies whether Wi-Fi is enabled devices.","Name":"WLANEnabled","Option":"Write"},{"CIMType":"String","Description":"The WorkFoldersSyncUrl parameter specifies the URL that's used to synchronize company data on devices.","Name":"WorkFoldersSyncUrl","Option":"Write"},{"CIMType":"string","Description":"Present ensures the instance exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Absent","Present"],"Values":["Absent","Present"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures a Device Configuration Rule in Purview."},{"ClassName":"MSFT_SCDLPCompliancePolicy","Parameters":[{"CIMType":"String","Description":"The Name parameter specifies the unique name of the DLP policy. If the value contains spaces, enclose the value in quotation marks.","Name":"Name","Option":"Key"},{"CIMType":"String","Description":"The Comment parameter specifies an optional comment.","Name":"Comment","Option":"Write"},{"CIMType":"String[]","Description":"The EndpointDLPLocation parameter specifies the user accounts to include in the DLP policy for Endpoint DLP when they are logged on to an onboarded device. You identify the account by name or email address. You can use the value All to include all user accounts.","Name":"EndpointDlpLocation","Option":"Write"},{"CIMType":"String[]","Description":"The EndpointDlpLocationException parameter specifies the user accounts to exclude from Endpoint DLP when you use the value All for the EndpointDlpLocation parameter. You identify the account by name or email address.","Name":"EndpointDlpLocationException","Option":"Write"},{"CIMType":"String[]","Description":"The OnPremisesScannerDlpLocation parameter specifies the on-premises file shares and SharePoint document libraries and folders to include in the DLP policy. You can use the value All to include all on-premises file shares and SharePoint document libraries and folders.","Name":"OnPremisesScannerDlpLocation","Option":"Write"},{"CIMType":"String[]","Description":"The OnPremisesScannerDlpLocationException parameter specifies the on-premises file shares and SharePoint document libraries and folders to exclude from the DLP policy if you use the value All for the OnPremisesScannerDlpLocation parameter.","Name":"OnPremisesScannerDlpLocationException","Option":"Write"},{"CIMType":"String[]","Description":"The PowerBIDlpLocation parameter specifies the Power BI workspace IDs to include in the DLP policy. Only workspaces hosted in Premium Gen2 capacities are permitted. You can use the value All to include all supported workspaces.","Name":"PowerBIDlpLocation","Option":"Write"},{"CIMType":"String[]","Description":"The PowerBIDlpLocationException parameter specifies the Power BI workspace IDs to exclude from the DLP policy when you use the value All for the PowerBIDlpLocation parameter. Only workspaces hosted in Premium Gen2 capacities are permitted.","Name":"PowerBIDlpLocationException","Option":"Write"},{"CIMType":"String[]","Description":"The ThirdPartyAppDlpLocation parameter specifies the non-Microsoft cloud apps to include in the DLP policy. You can use the value All to include all connected apps.","Name":"ThirdPartyAppDlpLocation","Option":"Write"},{"CIMType":"String[]","Description":"The ThirdPartyAppDlpLocationException parameter specifies the non-Microsoft cloud apps to exclude from the DLP policy when you use the value All for the ThirdPartyAppDlpLocation parameter.","Name":"ThirdPartyAppDlpLocationException","Option":"Write"},{"CIMType":"String[]","Description":"The ExchangeLocation parameter specifies Exchange Online mailboxes to include in the DLP policy. You can only use the value All for this parameter to include all mailboxes.","Name":"ExchangeLocation","Option":"Write"},{"CIMType":"String[]","Description":"Exchange members to include.","Name":"ExchangeSenderMemberOf","Option":"Write"},{"CIMType":"String[]","Description":"Exchange members to exclude.","Name":"ExchangeSenderMemberOfException","Option":"Write"},{"CIMType":"String","Description":"The Mode parameter specifies the action and notification level of the DLP policy. Valid values are: Enable, TestWithNotifications, TestWithoutNotifications, Disable and PendingDeletion.","Name":"Mode","Option":"Write","ValueMap":["Enable","TestWithNotifications","TestWithoutNotifications","Disable","PendingDeletion"],"Values":["Enable","TestWithNotifications","TestWithoutNotifications","Disable","PendingDeletion"]},{"CIMType":"String[]","Description":"The OneDriveLocation parameter specifies the OneDrive for Business sites to include. You identify the site by its URL value, or you can use the value All to include all sites.","Name":"OneDriveLocation","Option":"Write"},{"CIMType":"String[]","Description":"This parameter specifies the OneDrive for Business sites to exclude when you use the value All for the OneDriveLocation parameter. You identify the site by its URL value.","Name":"OneDriveLocationException","Option":"Write"},{"CIMType":"UInt32","Description":"Priority for the Policy.","Name":"Priority","Option":"Write"},{"CIMType":"String[]","Description":"The SharePointLocation parameter specifies the SharePoint Online sites to include. You identify the site by its URL value, or you can use the value All to include all sites.","Name":"SharePointLocation","Option":"Write"},{"CIMType":"String[]","Description":"This parameter specifies the SharePoint Online sites to exclude when you use the value All for the SharePointLocation parameter. You identify the site by its URL value.","Name":"SharePointLocationException","Option":"Write"},{"CIMType":"String[]","Description":"Teams locations to include","Name":"TeamsLocation","Option":"Write"},{"CIMType":"String[]","Description":"Teams locations to exclude.","Name":"TeamsLocationException","Option":"Write"},{"CIMType":"String","Description":"Specify if this policy should exist or not.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures a Data Loss Prevention Compliance Policy in Purview."},{"ClassName":"MSFT_SCDLPComplianceRule","Parameters":[{"CIMType":"String","Description":"Name of the Rule.","Name":"Name","Option":"Key"},{"CIMType":"String","Description":"Name of the associated DLP Compliance Policy.","Name":"Policy","Option":"Required"},{"CIMType":"String","Description":"The AccessScope parameter specifies a condition for the DLP rule that's based on the access scope of the content. The rule is applied to content that matches the specified access scope.","Name":"AccessScope","Option":"Write","ValueMap":["InOrganization","NotInOrganization","None"],"Values":["InOrganization","NotInOrganization","None"]},{"CIMType":"Boolean","Description":"The BlockAccess parameter specifies an action for the DLP rule that blocks access to the source item when the conditions of the rule are met. $true: Blocks further access to the source item that matched the rule. The owner, author, and site owner can still access the item. $false: Allows access to the source item that matched the rule. This is the default value.","Name":"BlockAccess","Option":"Write"},{"CIMType":"String","Description":"The BlockAccessScope parameter specifies the scope of the block access action.","Name":"BlockAccessScope","Option":"Write","ValueMap":["All","PerUser","None"],"Values":["All","PerUser","None"]},{"CIMType":"String","Description":"The Comment parameter specifies an optional comment. If you specify a value that contains spaces, enclose the value in quotation marks.","Name":"Comment","Option":"Write"},{"CIMType":"String","Description":"The AdvancedRule parameter uses complex rule syntax that supports multiple AND, OR, and NOT operators and nested groups","Name":"AdvancedRule","Option":"Write"},{"CIMType":"MSFT_SCDLPContainsSensitiveInformation","Description":"The ContentContainsSensitiveInformation parameter specifies a condition for the rule that's based on a sensitive information type match in content. The rule is applied to content that contains the specified sensitive information type.","Name":"ContentContainsSensitiveInformation","Option":"Write"},{"CIMType":"MSFT_SCDLPContainsSensitiveInformation","Description":"The ExceptIfContentContainsSensitiveInformation parameter specifies an exception for the rule that's based on a sensitive information type match in content. The rule isn't applied to content that contains the specified sensitive information type.","Name":"ExceptIfContentContainsSensitiveInformation","Option":"Write"},{"CIMType":"String[]","Description":"The ContentPropertyContainsWords parameter specifies a condition for the DLP rule that's based on a property match in content. The rule is applied to content that contains the specified property.","Name":"ContentPropertyContainsWords","Option":"Write"},{"CIMType":"Boolean","Description":"The Disabled parameter specifies whether the DLP rule is disabled.","Name":"Disabled","Option":"Write"},{"CIMType":"String[]","Description":"The GenerateAlert parameter specifies an action for the DLP rule that notifies the specified users when the conditions of the rule are met.","Name":"GenerateAlert","Option":"Write"},{"CIMType":"String[]","Description":"The GenerateIncidentReport parameter specifies an action for the DLP rule that sends an incident report to the specified users when the conditions of the rule are met.","Name":"GenerateIncidentReport","Option":"Write"},{"CIMType":"String[]","Description":"The IncidentReportContent parameter specifies the content to include in the report when you use the GenerateIncidentReport parameter.","Name":"IncidentReportContent","Option":"Write","ValueMap":["All","Default","DetectionDetails","Detections","DocumentAuthor","DocumentLastModifier","MatchedItem","OriginalContent","RulesMatched","Service","Severity","Title","RetentionLabel","SensitivityLabel"],"Values":["All","Default","DetectionDetails","Detections","DocumentAuthor","DocumentLastModifier","MatchedItem","OriginalContent","RulesMatched","Service","Severity","Title","RetentionLabel","SensitivityLabel"]},{"CIMType":"String[]","Description":"The NotifyAllowOverride parameter specifies the notification override options when the conditions of the rule are met.","Name":"NotifyAllowOverride","Option":"Write","ValueMap":["FalsePositive","WithoutJustification","WithJustification"],"Values":["FalsePositive","WithoutJustification","WithJustification"]},{"CIMType":"String","Description":"The NotifyEmailCustomText parameter specifies the custom text in the email notification message that's sent to recipients when the conditions of the rule are met.","Name":"NotifyEmailCustomText","Option":"Write"},{"CIMType":"String","Description":"The NotifyPolicyTipCustomText parameter specifies the custom text in the Policy Tip notification message that's shown to recipients when the conditions of the rule are met. The maximum length is 256 characters. HTML tags and tokens (variables) aren't supported.","Name":"NotifyPolicyTipCustomText","Option":"Write"},{"CIMType":"String[]","Description":"The NotifyUser parameter specifies an action for the DLP rule that notifies the specified users when the conditions of the rule are met.","Name":"NotifyUser","Option":"Write"},{"CIMType":"String","Description":"The ReportSeverityLevel parameter specifies the severity level of the incident report for content detections based on the rule.","Name":"ReportSeverityLevel","Option":"Write","ValueMap":["Low","Medium","High","None"],"Values":["Low","Medium","High","None"]},{"CIMType":"String","Description":"The RuleErrorAction parameter specifies what to do if an error is encountered during the evaluation of the rule.","Name":"RuleErrorAction","Option":"Write","ValueMap":["Ignore","RetryThenBlock"],"Values":["Ignore","RetryThenBlock"]},{"CIMType":"String","Description":"Specify if this rule should exist or not.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"String[]","Description":"The AnyOfRecipientAddressContainsWords parameter specifies a condition for the DLP rule that looks for words or phrases in recipient email addresses.","Name":"AnyOfRecipientAddressContainsWords","Option":"Write"},{"CIMType":"String[]","Description":"The AnyOfRecipientAddressMatchesPatterns parameter specifies a condition for the DLP rule that looks for text patterns in recipient email addresses by using regular expressions.","Name":"AnyOfRecipientAddressMatchesPatterns","Option":"Write"},{"CIMType":"Boolean","Description":"The RemoveRMSTemplate parameter specifies an action for the DLP rule that removes Office 365 Message Encryption from messages and their attachments.","Name":"RemoveRMSTemplate","Option":"Write"},{"CIMType":"Boolean","Description":"The StopPolicyProcessing parameter specifies an action that stops processing more DLP policy rules.","Name":"StopPolicyProcessing","Option":"Write"},{"CIMType":"Boolean","Description":"The DocumentIsUnsupported parameter specifies a condition for the DLP rule that looks for files that can't be scanned.","Name":"DocumentIsUnsupported","Option":"Write"},{"CIMType":"Boolean","Description":"The ExceptIfDocumentIsUnsupported parameter specifies an exception for the DLP rule that looks for files that can't be scanned.","Name":"ExceptIfDocumentIsUnsupported","Option":"Write"},{"CIMType":"Boolean","Description":"The SenderOverride parameter specifies a condition for the rule that looks for messages where the sender chose to override a DLP policy.","Name":"HasSenderOverride","Option":"Write"},{"CIMType":"Boolean","Description":"The ExceptIfHasSenderOverride parameter specifies an exception for the rule that looks for messages where the sender chose to override a DLP policy.","Name":"ExceptIfHasSenderOverride","Option":"Write"},{"CIMType":"Boolean","Description":"The ProcessingLimitExceeded parameter specifies a condition for the DLP rule that looks for files where scanning couldn't complete.","Name":"ProcessingLimitExceeded","Option":"Write"},{"CIMType":"Boolean","Description":"The ExceptIfProcessingLimitExceeded parameter specifies an exception for the DLP rule that looks for files where scanning couldn't complete.","Name":"ExceptIfProcessingLimitExceeded","Option":"Write"},{"CIMType":"Boolean","Description":"The DocumentIsPasswordProtected parameter specifies a condition for the DLP rule that looks for password protected files (because the contents of the file can't be inspected). Password detection only works for Office documents and .zip files.","Name":"DocumentIsPasswordProtected","Option":"Write"},{"CIMType":"Boolean","Description":"The ExceptIfDocumentIsPasswordProtected parameter specifies an exception for the DLP rule that looks for password protected files (because the contents of the file can't be inspected). Password detection only works for Office documents and .zip files. ","Name":"ExceptIfDocumentIsPasswordProtected","Option":"Write"},{"CIMType":"String[]","Description":"The MessageTypeMatches parameter specifies a condition for the DLP rule that looks for types of SMIME message patterns.","Name":"MessageTypeMatches","Option":"Write"},{"CIMType":"String[]","Description":"The FromScope parameter specifies whether messages from inside or outside the organisation are in scope for the DLP rule.","Name":"FromScope","Option":"Write"},{"CIMType":"String[]","Description":"The ExceptIfFromScope parameter specifies whether messages from inside or outside the organisation are in scope for the DLP rule.","Name":"ExceptIfFromScope","Option":"Write"},{"CIMType":"String[]","Description":"The SubjectContainsWords parameter specifies a condition for the DLP rule that looks for words or phrases in the Subject field of messages. You can specify multiple words or phrases separated by commas.","Name":"SubjectContainsWords","Option":"Write"},{"CIMType":"String[]","Description":"The SubjectMatchesPatterns parameter specifies a condition for the DLP rule that looks for text patterns in the Subject field of messages by using regular expressions.","Name":"SubjectMatchesPatterns","Option":"Write"},{"CIMType":"String[]","Description":"The SubjectOrBodyContainsWords parameter specifies a condition for the rule that looks for words in the Subject field or body of messages.","Name":"SubjectOrBodyContainsWords","Option":"Write"},{"CIMType":"String[]","Description":"The SubjectOrBodyMatchesPatterns parameter specifies a condition for the rule that looks for text patterns in the Subject field or body of messages.","Name":"SubjectOrBodyMatchesPatterns","Option":"Write"},{"CIMType":"String[]","Description":"The ContentCharacterSetContainsWords parameter specifies a condition for the rule that looks for character set names in messages. You can specify multiple values separated by commas.","Name":"ContentCharacterSetContainsWords","Option":"Write"},{"CIMType":"String[]","Description":"The DocumentNameMatchesPatterns parameter specifies a condition for the DLP rule that looks for text patterns in the name of message attachments by using regular expressions.","Name":"DocumentNameMatchesPatterns","Option":"Write"},{"CIMType":"String[]","Description":"The DocumentNameMatchesWords parameter specifies a condition for the DLP rule that looks for words or phrases in the name of message attachments. ","Name":"DocumentNameMatchesWords","Option":"Write"},{"CIMType":"String[]","Description":"he ExceptIfAnyOfRecipientAddressContainsWords parameter specifies an exception for the DLP rule that looks for words or phrases in recipient email addresses.","Name":"ExceptIfAnyOfRecipientAddressContainsWords","Option":"Write"},{"CIMType":"String[]","Description":"The ExceptIfAnyOfRecipientAddressMatchesPatterns parameter specifies an exception for the DLP rule that looks for text patterns in recipient email addresses by using regular expressions.","Name":"ExceptIfAnyOfRecipientAddressMatchesPatterns","Option":"Write"},{"CIMType":"String[]","Description":"The ExceptIfContentCharacterSetContainsWords parameter specifies an exception for the rule that looks for character set names in messages.","Name":"ExceptIfContentCharacterSetContainsWords","Option":"Write"},{"CIMType":"String[]","Description":"The ExceptIfContentPropertyContainsWords parameter specifies an exception for the DLP rule that's based on a property match in content.","Name":"ExceptIfContentPropertyContainsWords","Option":"Write"},{"CIMType":"String[]","Description":"The ExceptIfDocumentNameMatchesPatterns parameter specifies an exception for the DLP rule that looks for text patterns in the name of message attachments by using regular expressions.","Name":"ExceptIfDocumentNameMatchesPatterns","Option":"Write"},{"CIMType":"String[]","Description":"The ExceptIfDocumentNameMatchesWords parameter specifies an exception for the DLP rule that looks for words or phrases in the name of message attachments.","Name":"ExceptIfDocumentNameMatchesWords","Option":"Write"},{"CIMType":"String[]","Description":"The ExceptIfFromAddressContainsWords parameter specifies an exception for the DLP rule that looks for words or phrases in the sender's email address.","Name":"ExceptIfFromAddressContainsWords","Option":"Write"},{"CIMType":"String[]","Description":"The ExceptIfFromAddressMatchesPatterns parameter specifies an exception for the DLP rule that looks for text patterns in the sender's email address by using regular expressions.","Name":"ExceptIfFromAddressMatchesPatterns","Option":"Write"},{"CIMType":"String[]","Description":"The FromAddressContainsWords parameter specifies a condition for the DLP rule that looks for words or phrases in the sender's email address.","Name":"FromAddressContainsWords","Option":"Write"},{"CIMType":"String[]","Description":"The FromAddressMatchesPatterns parameter specifies a condition for the DLP rule that looks for text patterns in the sender's email address by using regular expressions. ","Name":"FromAddressMatchesPatterns","Option":"Write"},{"CIMType":"String[]","Description":"The ExceptIfMessageTypeMatches parameter specifies an exception for the rule that looks for messages of the specified type.","Name":"ExceptIfMessageTypeMatches","Option":"Write"},{"CIMType":"String[]","Description":"The RecipientDomainIs parameter specifies a condition for the DLP rule that looks for recipients with email addresses in the specified domains.","Name":"RecipientDomainIs","Option":"Write"},{"CIMType":"String[]","Description":"The ExceptIfRecipientDomainIs parameter specifies an exception for the DLP rule that looks for recipients with email addresses in the specified domains.","Name":"ExceptIfRecipientDomainIs","Option":"Write"},{"CIMType":"String[]","Description":"The ExceptIfSenderDomainIs parameter specifies an exception for the DLP rule that looks for messages from senders with email address in the specified domains. ","Name":"ExceptIfSenderDomainIs","Option":"Write"},{"CIMType":"String[]","Description":"The ExceptIfSenderIpRanges parameter specifies an exception for the DLP rule that looks for senders whose IP addresses matches the specified value, or fall within the specified ranges.","Name":"ExceptIfSenderIPRanges","Option":"Write"},{"CIMType":"String[]","Description":"The ExceptIfSentTo parameter specifies an exception for the DLP rule that looks for recipients in messages. You identify the recipients by email address.","Name":"ExceptIfSentTo","Option":"Write"},{"CIMType":"String[]","Description":"The ExceptIfSubjectContainsWords parameter specifies an exception for the DLP rule that looks for words or phrases in the Subject field of messages.","Name":"ExceptIfSubjectContainsWords","Option":"Write"},{"CIMType":"String[]","Description":"The ExceptIfSubjectMatchesPatterns parameter specifies an exception for the DLP rule that looks for text patterns in the Subject field of messages by using regular expressions.","Name":"ExceptIfSubjectMatchesPatterns","Option":"Write"},{"CIMType":"String[]","Description":"The ExceptIfSubjectOrBodyContainsWords parameter specifies an exception for the rule that looks for words in the Subject field or body of messages.","Name":"ExceptIfSubjectOrBodyContainsWords","Option":"Write"},{"CIMType":"String[]","Description":"The ExceptIfSubjectOrBodyMatchesPatterns parameter specifies an exception for the rule that looks for text patterns in the Subject field or body of messages.","Name":"ExceptIfSubjectOrBodyMatchesPatterns","Option":"Write"},{"CIMType":"String[]","Description":"The DocumentContainsWords parameter specifies a condition for the DLP rule that looks for words in message attachments. Only supported attachment types are checked.","Name":"DocumentContainsWords","Option":"Write"},{"CIMType":"String[]","Description":"The SentToMemberOf parameter specifies a condition for the DLP rule that looks for messages sent to members of distribution groups, dynamic distribution groups, or mail-enabled security groups.","Name":"SentToMemberOf","Option":"Write"},{"CIMType":"Boolean","Description":"The ContentIsNotLabeled parameter specifies if the content is labeled. A True or False condition.","Name":"ContentIsNotLabeled","Option":"Write"},{"CIMType":"String[]","Description":"The SetHeader The SetHeader parameter specifies an action for the DLP rule that adds or modifies a header field and value in the message header. You can specify multiple header name and value pairs separated by commas","Name":"SetHeader","Option":"Write"},{"CIMType":"String[]","Description":"The ContentExtensionMatchesWords parameter specifies a condition for the DLP rule that looks for words in file name extensions. You can specify multiple words separated by commas.","Name":"ContentExtensionMatchesWords","Option":"Write"},{"CIMType":"String[]","Description":"The ExceptIfContentExtensionMatchesWords parameter specifies an exception for the DLP rule that looks for words in file name extensions. You can specify multiple words separated by commas.","Name":"ExceptIfContentExtensionMatchesWords","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures a Data Loss Prevention Compliance Rule in Purview."},{"ClassName":"MSFT_SCDLPSensitiveInformationType","Parameters":[{"CIMType":"String","Description":"The Name parameter specifies a name for the sensitive information type rule. The value must be less than 256 characters.","Name":"Name","Option":"Key"},{"CIMType":"String","Description":"Unique identifier of the Sensitive Information Type.","Name":"Identity","Option":"Write"},{"CIMType":"String","Description":"The Description parameter specifies a description for the sensitive information type rule.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"TBD","Name":"FileData","Option":"Write"},{"CIMType":"String","Description":"The Locale parameter specifies the language that's associated with the sensitive information type rule.","Name":"Locale","Option":"Write"},{"CIMType":"string","Description":"Present ensures the instance exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Absent","Present"],"Values":["Absent","Present"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Manages sensitive information types in Purview."},{"ClassName":"MSFT_SCFilePlanPropertyAuthority","Parameters":[{"CIMType":"String","Description":"The Name parameter specifies the unique name of the Authority.","Name":"Name","Option":"Key"},{"CIMType":"String","Description":"Specify if this authority should exist or not.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures an authority entry for Security and\nCompliance File Plans."},{"ClassName":"MSFT_SCFilePlanPropertyCategory","Parameters":[{"CIMType":"String","Description":"The Name parameter specifies the unique name of the category.","Name":"Name","Option":"Key"},{"CIMType":"String","Description":"Specify if this category should exist or not.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures a category entry for Security and\nCompliance File Plans."},{"ClassName":"MSFT_SCFilePlanPropertyCitation","Parameters":[{"CIMType":"String","Description":"The Name parameter specifies the unique name of the citation.","Name":"Name","Option":"Key"},{"CIMType":"String","Description":"URL of the citation.","Name":"CitationUrl","Option":"Write"},{"CIMType":"String","Description":"Jurisdiction of the citation.","Name":"CitationJurisdiction","Option":"Write"},{"CIMType":"String","Description":"Specify if this citation should exist or not.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures a citation entry for Security and\nCompliance File Plans."},{"ClassName":"MSFT_SCFilePlanPropertyDepartment","Parameters":[{"CIMType":"String","Description":"The Name parameter specifies the unique name of the department.","Name":"Name","Option":"Key"},{"CIMType":"String","Description":"Specify if this department should exist or not.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures a department entry for Security and\nCompliance File Plans."},{"ClassName":"MSFT_SCFilePlanPropertyReferenceId","Parameters":[{"CIMType":"String","Description":"The Name parameter specifies the unique name of the reference id.","Name":"Name","Option":"Key"},{"CIMType":"String","Description":"Specify if this reference id should exist or not.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures a reference ID entry for Security and\nCompliance File Plans."},{"ClassName":"MSFT_SCFilePlanPropertySubCategory","Parameters":[{"CIMType":"String","Description":"The Name parameter specifies the unique name of the sub-category.","Name":"Name","Option":"Key"},{"CIMType":"String","Description":"The Category parameter specifies the name of the parent category associated with the sub-category.","Name":"Category","Option":"Required"},{"CIMType":"String","Description":"Specify if this category should exist or not.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures a sub-category entry for Security and\nCompliance File Plans."},{"ClassName":"MSFT_SCInsiderRiskEntityListDomain","Parameters":[{"CIMType":"String","Description":"Domain name.","Name":"Dmn","Option":"Key"},{"CIMType":"Boolean","Description":"Defines if the entry should include multi-level subdomains or not.","Name":"isMLSubDmn","Option":"Write"}],"Description":"Configures settings for Insider Risk in Purview."},{"ClassName":"MSFT_SCInsiderRiskEntityListSite","Parameters":[{"CIMType":"String","Description":"Url of the site.","Name":"Url","Option":"Key"},{"CIMType":"String","Description":"Name of the site.","Name":"Name","Option":"Write"},{"CIMType":"String","Description":"Unique identifier of the site.","Name":"Guid","Option":"Write"}],"Description":"Configures settings for Insider Risk in Purview."},{"ClassName":"MSFT_SCInsiderRiskEntityList","Parameters":[{"CIMType":"String","Description":"The name of the group or setting.","Name":"Name","Option":"Key"},{"CIMType":"String","Description":"The setting type.","Name":"ListType","Option":"Required"},{"CIMType":"String","Description":"Description for the group or setting.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"The display name of the group or setting.","Name":"DisplayName","Option":"Write"},{"CIMType":"MSFT_SCInsiderRiskEntityListDomain[]","Description":"List of domains","Name":"Domains","Option":"Write"},{"CIMType":"String[]","Description":"List of file paths.","Name":"FilePaths","Option":"Write"},{"CIMType":"String[]","Description":"List of file types.","Name":"FileTypes","Option":"Write"},{"CIMType":"String[]","Description":"List of keywords.","Name":"Keywords","Option":"Write"},{"CIMType":"String[]","Description":"List of sensitive information types.","Name":"SensitiveInformationTypes","Option":"Write"},{"CIMType":"MSFT_SCInsiderRiskEntityListSite[]","Description":"List of sites.","Name":"Sites","Option":"Write"},{"CIMType":"String[]","Description":"List of trainable classifiers.","Name":"TrainableClassifiers","Option":"Write"},{"CIMType":"String[]","Description":"List of keywords for exception.","Name":"ExceptionKeyworkGroups","Option":"Write"},{"CIMType":"String[]","Description":"List of excluded trainable classifiers.","Name":"ExcludedClassifierGroups","Option":"Write"},{"CIMType":"String[]","Description":"List of excluded domains.","Name":"ExcludedDomainGroups","Option":"Write"},{"CIMType":"String[]","Description":"List of excluded file paths.","Name":"ExcludedFilePathGroups","Option":"Write"},{"CIMType":"String[]","Description":"List of excluded file types.","Name":"ExcludedFileTypeGroups","Option":"Write"},{"CIMType":"String[]","Description":"List of excluded keywords.","Name":"ExcludedKeyworkGroups","Option":"Write"},{"CIMType":"String[]","Description":"List of excluded sensitive information types.","Name":"ExcludedSensitiveInformationTypeGroups","Option":"Write"},{"CIMType":"String[]","Description":"List of excluded sites.","Name":"ExcludedSiteGroups","Option":"Write"},{"CIMType":"String","Description":"Specify if this entity should exist or not.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Configures settings for Insider Risk in Purview."},{"ClassName":"MSFT_SCInsiderRiskPolicy","Parameters":[{"CIMType":"string","Description":"Name of the insider risk policy.","Name":"Name","Option":"Key"},{"CIMType":"string","Description":"Name of the scenario supported by the policy.","Name":"InsiderRiskScenario","Option":"Key"},{"CIMType":"Boolean","Description":"When turned on, we'll scan sources in your org (such as the Microsoft 365 audit log) to detect the same activities used by insider risk policies. Scans run daily and provide real-time insights that can help you set up and refine policies to ensure you're detecting the most relevant activities.","Name":"IRASettingsEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"For users who perform activities matching your insider risk policies, decide whether to show their actual names or use pseudonymized versions to mask their identities.","Name":"Anonymization","Option":"Write"},{"CIMType":"Boolean","Description":"When turned on, admins with the correct permissions will be able to review user risk details from Insider Risk Management within other solutions such as Data Loss Prevention (DLP), Communication Compliance, and user entity pages in Microsoft Defender.","Name":"DLPUserRiskSync","Option":"Write"},{"CIMType":"Boolean","Description":"When turned on, admins with the correct permissions will be able to review user risk details from Insider Risk Management within other solutions such as Data Loss Prevention (DLP), Communication Compliance, and user entity pages in Microsoft Defender.","Name":"OptInIRMDataExport","Option":"Write"},{"CIMType":"Boolean","Description":"Insider risk management alert information is exportable to security information and event management (SIEM) services by using Office 365 Management Activity APIs. Turn this on to use these APIs to export insider risk alert details to other applications your organization might use to manage or aggregate insider risk data.","Name":"RaiseAuditAlert","Option":"Write"},{"CIMType":"Boolean","Description":"Enable inline alert customization for all alert reviewers.","Name":"InlineAlertPolicyCustomization","Option":"Write"},{"CIMType":"String","Description":"Minimum number of daily events to boost score for unusual activity.","Name":"FileVolCutoffLimits","Option":"Write"},{"CIMType":"String","Description":"Alert volume.","Name":"AlertVolume","Option":"Write"},{"CIMType":"Boolean","Description":"Risk score boosters indicator.","Name":"AnomalyDetections","Option":"Write"},{"CIMType":"Boolean","Description":"Official documentation to come.","Name":"CopyToPersonalCloud","Option":"Write"},{"CIMType":"Boolean","Description":"Device indicator.","Name":"CopyToUSB","Option":"Write"},{"CIMType":"Boolean","Description":"Cumulative exfiltration detection indicator.","Name":"CumulativeExfiltrationDetector","Option":"Write"},{"CIMType":"Boolean","Description":"Official documentation to come.","Name":"EmailExternal","Option":"Write"},{"CIMType":"Boolean","Description":"Health record access indicator.","Name":"EmployeeAccessedEmployeePatientData","Option":"Write"},{"CIMType":"Boolean","Description":"Health record access indicator.","Name":"EmployeeAccessedFamilyData","Option":"Write"},{"CIMType":"Boolean","Description":"Health record access indicator.","Name":"EmployeeAccessedHighVolumePatientData","Option":"Write"},{"CIMType":"Boolean","Description":"Health record access indicator.","Name":"EmployeeAccessedNeighbourData","Option":"Write"},{"CIMType":"Boolean","Description":"Health record access indicator.","Name":"EmployeeAccessedRestrictedData","Option":"Write"},{"CIMType":"Boolean","Description":"Risky browsing indicator.","Name":"EpoBrowseToChildAbuseSites","Option":"Write"},{"CIMType":"Boolean","Description":"Risky browsing indicator.","Name":"EpoBrowseToCriminalActivitySites","Option":"Write"},{"CIMType":"Boolean","Description":"Risky browsing indicator.","Name":"EpoBrowseToCultSites","Option":"Write"},{"CIMType":"Boolean","Description":"Risky browsing indicator.","Name":"EpoBrowseToGamblingSites","Option":"Write"},{"CIMType":"Boolean","Description":"Risky browsing indicator.","Name":"EpoBrowseToHackingSites","Option":"Write"},{"CIMType":"Boolean","Description":"Risky browsing indicator.","Name":"EpoBrowseToHateIntoleranceSites","Option":"Write"},{"CIMType":"Boolean","Description":"Risky browsing indicator.","Name":"EpoBrowseToIllegalSoftwareSites","Option":"Write"},{"CIMType":"Boolean","Description":"Risky browsing indicator.","Name":"EpoBrowseToKeyloggerSites","Option":"Write"},{"CIMType":"Boolean","Description":"Risky browsing indicator.","Name":"EpoBrowseToLlmSites","Option":"Write"},{"CIMType":"Boolean","Description":"Risky browsing indicator.","Name":"EpoBrowseToMalwareSites","Option":"Write"},{"CIMType":"Boolean","Description":"Risky browsing indicator.","Name":"EpoBrowseToPhishingSites","Option":"Write"},{"CIMType":"Boolean","Description":"Risky browsing indicator.","Name":"EpoBrowseToPornographySites","Option":"Write"},{"CIMType":"Boolean","Description":"Risky browsing indicator.","Name":"EpoBrowseToUnallowedDomain","Option":"Write"},{"CIMType":"Boolean","Description":"Risky browsing indicator.","Name":"EpoBrowseToViolenceSites","Option":"Write"},{"CIMType":"Boolean","Description":"Device indicator.","Name":"EpoCopyToClipboardFromSensitiveFile","Option":"Write"},{"CIMType":"Boolean","Description":"Device indicator.","Name":"EpoCopyToNetworkShare","Option":"Write"},{"CIMType":"Boolean","Description":"Device indicator.","Name":"EpoFileArchived","Option":"Write"},{"CIMType":"Boolean","Description":"Device indicator.","Name":"EpoFileCopiedToRemoteDesktopSession","Option":"Write"},{"CIMType":"Boolean","Description":"Device indicator.","Name":"EpoFileDeleted","Option":"Write"},{"CIMType":"Boolean","Description":"Device indicator.","Name":"EpoFileDownloadedFromBlacklistedDomain","Option":"Write"},{"CIMType":"Boolean","Description":"Device indicator.","Name":"EpoFileDownloadedFromEnterpriseDomain","Option":"Write"},{"CIMType":"Boolean","Description":"Device indicator.","Name":"EpoFileRenamed","Option":"Write"},{"CIMType":"Boolean","Description":"Device indicator.","Name":"EpoFileStagedToCentralLocation","Option":"Write"},{"CIMType":"Boolean","Description":"Device indicator.","Name":"EpoHiddenFileCreated","Option":"Write"},{"CIMType":"Boolean","Description":"Device indicator.","Name":"EpoRemovableMediaMount","Option":"Write"},{"CIMType":"Boolean","Description":"Device indicator.","Name":"EpoSensitiveFileRead","Option":"Write"},{"CIMType":"Boolean","Description":"Microsoft Defender for Cloud Apps indicator.","Name":"Mcas3rdPartyAppDownload","Option":"Write"},{"CIMType":"Boolean","Description":"Microsoft Defender for Cloud Apps indicator.","Name":"Mcas3rdPartyAppFileDelete","Option":"Write"},{"CIMType":"Boolean","Description":"Microsoft Defender for Cloud Apps indicator.","Name":"Mcas3rdPartyAppFileSharing","Option":"Write"},{"CIMType":"Boolean","Description":"Microsoft Defender for Cloud Apps indicator.","Name":"McasActivityFromInfrequentCountry","Option":"Write"},{"CIMType":"Boolean","Description":"Microsoft Defender for Cloud Apps indicator.","Name":"McasImpossibleTravel","Option":"Write"},{"CIMType":"Boolean","Description":"Microsoft Defender for Cloud Apps indicator.","Name":"McasMultipleFailedLogins","Option":"Write"},{"CIMType":"Boolean","Description":"Microsoft Defender for Cloud Apps indicator.","Name":"McasMultipleStorageDeletion","Option":"Write"},{"CIMType":"Boolean","Description":"Microsoft Defender for Cloud Apps indicator.","Name":"McasMultipleVMCreation","Option":"Write"},{"CIMType":"Boolean","Description":"Microsoft Defender for Cloud Apps indicator.","Name":"McasMultipleVMDeletion","Option":"Write"},{"CIMType":"Boolean","Description":"Microsoft Defender for Cloud Apps indicator.","Name":"McasSuspiciousAdminActivities","Option":"Write"},{"CIMType":"Boolean","Description":"Microsoft Defender for Cloud Apps indicator.","Name":"McasSuspiciousCloudCreation","Option":"Write"},{"CIMType":"Boolean","Description":"Microsoft Defender for Cloud Apps indicator.","Name":"McasSuspiciousCloudTrailLoggingChange","Option":"Write"},{"CIMType":"Boolean","Description":"Microsoft Defender for Cloud Apps indicator.","Name":"McasTerminatedEmployeeActivity","Option":"Write"},{"CIMType":"Boolean","Description":"Office Indicator.","Name":"OdbDownload","Option":"Write"},{"CIMType":"Boolean","Description":"Office Indicator.","Name":"OdbSyncDownload","Option":"Write"},{"CIMType":"Boolean","Description":"Cumulative exfiltration detection indicator.","Name":"PeerCumulativeExfiltrationDetector","Option":"Write"},{"CIMType":"Boolean","Description":"Physical access indicator.","Name":"PhysicalAccess","Option":"Write"},{"CIMType":"Boolean","Description":"Risk score boosters indicator.","Name":"PotentialHighImpactUser","Option":"Write"},{"CIMType":"Boolean","Description":"Official documentation to come.","Name":"Print","Option":"Write"},{"CIMType":"Boolean","Description":"Risk score boosters indicator.","Name":"PriorityUserGroupMember","Option":"Write"},{"CIMType":"Boolean","Description":"Microsoft Defender for Endpoint indicator.","Name":"SecurityAlertDefenseEvasion","Option":"Write"},{"CIMType":"Boolean","Description":"Microsoft Defender for Endpoint indicator.","Name":"SecurityAlertUnwantedSoftware","Option":"Write"},{"CIMType":"Boolean","Description":"Office Indicator.","Name":"SpoAccessRequest","Option":"Write"},{"CIMType":"Boolean","Description":"Office Indicator.","Name":"SpoApprovedAccess","Option":"Write"},{"CIMType":"Boolean","Description":"Office Indicator.","Name":"SpoDownload","Option":"Write"},{"CIMType":"Boolean","Description":"Office Indicator.","Name":"SpoDownloadV2","Option":"Write"},{"CIMType":"Boolean","Description":"Office Indicator.","Name":"SpoFileAccessed","Option":"Write"},{"CIMType":"Boolean","Description":"Office Indicator.","Name":"SpoFileDeleted","Option":"Write"},{"CIMType":"Boolean","Description":"Office Indicator.","Name":"SpoFileDeletedFromFirstStageRecycleBin","Option":"Write"},{"CIMType":"Boolean","Description":"Office Indicator.","Name":"SpoFileDeletedFromSecondStageRecycleBin","Option":"Write"},{"CIMType":"Boolean","Description":"Office Indicator.","Name":"SpoFileLabelDowngraded","Option":"Write"},{"CIMType":"Boolean","Description":"Office Indicator.","Name":"SpoFileLabelRemoved","Option":"Write"},{"CIMType":"Boolean","Description":"Office Indicator.","Name":"SpoFileSharing","Option":"Write"},{"CIMType":"Boolean","Description":"Office Indicator.","Name":"SpoFolderDeleted","Option":"Write"},{"CIMType":"Boolean","Description":"Office Indicator.","Name":"SpoFolderDeletedFromFirstStageRecycleBin","Option":"Write"},{"CIMType":"Boolean","Description":"Office Indicator.","Name":"SpoFolderDeletedFromSecondStageRecycleBin","Option":"Write"},{"CIMType":"Boolean","Description":"Office Indicator.","Name":"SpoFolderSharing","Option":"Write"},{"CIMType":"Boolean","Description":"Office Indicator.","Name":"SpoSiteExternalUserAdded","Option":"Write"},{"CIMType":"Boolean","Description":"Office Indicator.","Name":"SpoSiteInternalUserAdded","Option":"Write"},{"CIMType":"Boolean","Description":"Office Indicator.","Name":"SpoSiteLabelRemoved","Option":"Write"},{"CIMType":"Boolean","Description":"Office Indicator.","Name":"SpoSiteSharing","Option":"Write"},{"CIMType":"Boolean","Description":"Office Indicator.","Name":"SpoSyncDownload","Option":"Write"},{"CIMType":"Boolean","Description":"Office Indicator.","Name":"TeamsChannelFileSharedExternal","Option":"Write"},{"CIMType":"Boolean","Description":"Office Indicator.","Name":"TeamsChannelMemberAddedExternal","Option":"Write"},{"CIMType":"Boolean","Description":"Office Indicator.","Name":"TeamsChatFileSharedExternal","Option":"Write"},{"CIMType":"Boolean","Description":"Office Indicator.","Name":"TeamsFileDownload","Option":"Write"},{"CIMType":"Boolean","Description":"Office Indicator.","Name":"TeamsFolderSharedExternal","Option":"Write"},{"CIMType":"Boolean","Description":"Office Indicator.","Name":"TeamsMemberAddedExternal","Option":"Write"},{"CIMType":"Boolean","Description":"Office Indicator.","Name":"TeamsSensitiveMessage","Option":"Write"},{"CIMType":"Boolean","Description":"Risk score boosters indicator.","Name":"UserHistory","Option":"Write"},{"CIMType":"Boolean","Description":"AWS indicator.","Name":"AWSS3BlockPublicAccessDisabled","Option":"Write"},{"CIMType":"Boolean","Description":"AWS indicator.","Name":"AWSS3BucketDeleted","Option":"Write"},{"CIMType":"Boolean","Description":"AWS indicator.","Name":"AWSS3PublicAccessEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"AWS indicator.","Name":"AWSS3ServerLoggingDisabled","Option":"Write"},{"CIMType":"Boolean","Description":"Azure indicator.","Name":"AzureElevateAccessToAllSubscriptions","Option":"Write"},{"CIMType":"Boolean","Description":"Azure indicator.","Name":"AzureResourceThreatProtectionSettingsUpdated","Option":"Write"},{"CIMType":"Boolean","Description":"Azure indicator.","Name":"AzureSQLServerAuditingSettingsUpdated","Option":"Write"},{"CIMType":"Boolean","Description":"Azure indicator.","Name":"AzureSQLServerFirewallRuleDeleted","Option":"Write"},{"CIMType":"Boolean","Description":"Azure indicator.","Name":"AzureSQLServerFirewallRuleUpdated","Option":"Write"},{"CIMType":"Boolean","Description":"Azure indicator.","Name":"AzureStorageAccountOrContainerDeleted","Option":"Write"},{"CIMType":"Boolean","Description":"Box indicator.","Name":"BoxContentAccess","Option":"Write"},{"CIMType":"Boolean","Description":"Box indicator.","Name":"BoxContentDelete","Option":"Write"},{"CIMType":"Boolean","Description":"Box indicator.","Name":"BoxContentDownload","Option":"Write"},{"CIMType":"Boolean","Description":"Box indicator.","Name":"BoxContentExternallyShared","Option":"Write"},{"CIMType":"Boolean","Description":"Detect messages matching specific trainable classifiers.","Name":"CCFinancialRegulatoryRiskyTextSent","Option":"Write"},{"CIMType":"Boolean","Description":"Detect messages matching specific trainable classifiers.","Name":"CCInappropriateContentSent","Option":"Write"},{"CIMType":"Boolean","Description":"Detect messages matching specific trainable classifiers.","Name":"CCInappropriateImagesSent","Option":"Write"},{"CIMType":"Boolean","Description":"Dropbox indicator.","Name":"DropboxContentAccess","Option":"Write"},{"CIMType":"Boolean","Description":"Dropbox indicator.","Name":"DropboxContentDelete","Option":"Write"},{"CIMType":"Boolean","Description":"Dropbox indicator.","Name":"DropboxContentDownload","Option":"Write"},{"CIMType":"Boolean","Description":"Dropbox indicator.","Name":"DropboxContentExternallyShared","Option":"Write"},{"CIMType":"Boolean","Description":"Google Drive indicator.","Name":"GoogleDriveContentAccess","Option":"Write"},{"CIMType":"Boolean","Description":"Google Drive indicator.","Name":"GoogleDriveContentDelete","Option":"Write"},{"CIMType":"Boolean","Description":"Google Drive indicator.","Name":"GoogleDriveContentExternallyShared","Option":"Write"},{"CIMType":"Boolean","Description":"Power BI indicator.","Name":"PowerBIDashboardsDeleted","Option":"Write"},{"CIMType":"Boolean","Description":"Power BI indicator.","Name":"PowerBIReportsDeleted","Option":"Write"},{"CIMType":"Boolean","Description":"Power BI indicator.","Name":"PowerBIReportsDownloaded","Option":"Write"},{"CIMType":"Boolean","Description":"Power BI indicator.","Name":"PowerBIReportsExported","Option":"Write"},{"CIMType":"Boolean","Description":"Power BI indicator.","Name":"PowerBIReportsViewed","Option":"Write"},{"CIMType":"Boolean","Description":"Power BI indicator.","Name":"PowerBISemanticModelsDeleted","Option":"Write"},{"CIMType":"Boolean","Description":"Power BI indicator.","Name":"PowerBISensitivityLabelDowngradedForArtifacts","Option":"Write"},{"CIMType":"Boolean","Description":"Power BI indicator.","Name":"PowerBISensitivityLabelRemovedFromArtifacts","Option":"Write"},{"CIMType":"String","Description":"Determines how far back a policy should go to detect user activity and is triggered when a user performs the first activity matching a policy.","Name":"HistoricTimeSpan","Option":"Write"},{"CIMType":"String","Description":"Determines how long policies will actively detect activity for users and is triggered when a user performs the first activity matching a policy.","Name":"InScopeTimeSpan","Option":"Write"},{"CIMType":"Boolean","Description":"Integrate Microsoft Teams capabilities with insider risk case management to enhance collaboration with stakeholders. ","Name":"EnableTeam","Option":"Write"},{"CIMType":"Boolean","Description":"Send a monthly email summarizing new analytics scan insights.","Name":"AnalyticsNewInsightEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"Send an email when analytics is turned off for your organization.","Name":"AnalyticsTurnedOffEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"Send a daily email when new high severity alerts are generated.","Name":"HighSeverityAlertsEnabled","Option":"Write"},{"CIMType":"String[]","Description":"Specifies the groups of high severity alerts to include. Possible values are: InsiderRiskManagement, InsiderRiskManagementAnalysts, and InsiderRiskManagementInvestigators.","Name":"HighSeverityAlertsRoleGroups","Option":"Write"},{"CIMType":"Boolean","Description":"Send a weekly email summarizing policies that have unresolved warnings.","Name":"PoliciesHealthEnabled","Option":"Write"},{"CIMType":"String[]","Description":"Specifies the groups to notify with weekly email. Possible values are: InsiderRiskManagement and InsiderRiskManagementAdmins.","Name":"PoliciesHealthRoleGroups","Option":"Write"},{"CIMType":"Boolean","Description":"Send a notification email when the first alert is generated for a new policy.","Name":"NotificationDetailsEnabled","Option":"Write"},{"CIMType":"String[]","Description":"Specifies the groups to notify when the first alert is generated. Possible values are: InsiderRiskManagement, InsiderRiskManagementAnalysts, and InsiderRiskManagementInvestigators.","Name":"NotificationDetailsRoleGroups","Option":"Write"},{"CIMType":"Boolean","Description":"Official documentation to come.","Name":"ClipDeletionEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"Official documentation to come.","Name":"SessionRecordingEnabled","Option":"Write"},{"CIMType":"String","Description":"Official documentation to come.","Name":"RecordingTimeframePreEventInSec","Option":"Write"},{"CIMType":"String","Description":"Official documentation to come.","Name":"RecordingTimeframePostEventInSec","Option":"Write"},{"CIMType":"String","Description":"Official documentation to come.","Name":"BandwidthCapInMb","Option":"Write"},{"CIMType":"String","Description":"Official documentation to come.","Name":"OfflineRecordingStorageLimitInMb","Option":"Write"},{"CIMType":"Boolean","Description":"Determines if Adaptive Protection is enabled for Purview.","Name":"AdaptiveProtectionEnabled","Option":"Write"},{"CIMType":"UInt32","Description":"Official documentation to come.","Name":"AdaptiveProtectionHighProfileSourceType","Option":"Write"},{"CIMType":"UInt32","Description":"Official documentation to come.","Name":"AdaptiveProtectionHighProfileConfirmedIssueSeverity","Option":"Write"},{"CIMType":"UInt32","Description":"Official documentation to come.","Name":"AdaptiveProtectionHighProfileGeneratedIssueSeverity","Option":"Write"},{"CIMType":"UInt32","Description":"Official documentation to come.","Name":"AdaptiveProtectionHighProfileInsightSeverity","Option":"Write"},{"CIMType":"UInt32","Description":"Official documentation to come.","Name":"AdaptiveProtectionHighProfileInsightCount","Option":"Write"},{"CIMType":"String[]","Description":"Official documentation to come.","Name":"AdaptiveProtectionHighProfileInsightTypes","Option":"Write"},{"CIMType":"Boolean","Description":"Official documentation to come.","Name":"AdaptiveProtectionHighProfileConfirmedIssue","Option":"Write"},{"CIMType":"UInt32","Description":"Official documentation to come.","Name":"AdaptiveProtectionMediumProfileSourceType","Option":"Write"},{"CIMType":"UInt32","Description":"Official documentation to come.","Name":"AdaptiveProtectionMediumProfileConfirmedIssueSeverity","Option":"Write"},{"CIMType":"UInt32","Description":"Official documentation to come.","Name":"AdaptiveProtectionMediumProfileGeneratedIssueSeverity","Option":"Write"},{"CIMType":"UInt32","Description":"Official documentation to come.","Name":"AdaptiveProtectionMediumProfileInsightSeverity","Option":"Write"},{"CIMType":"UInt32","Description":"Official documentation to come.","Name":"AdaptiveProtectionMediumProfileInsightCount","Option":"Write"},{"CIMType":"String[]","Description":"Official documentation to come.","Name":"AdaptiveProtectionMediumProfileInsightTypes","Option":"Write"},{"CIMType":"Boolean","Description":"Official documentation to come.","Name":"AdaptiveProtectionMediumProfileConfirmedIssue","Option":"Write"},{"CIMType":"UInt32","Description":"Official documentation to come.","Name":"AdaptiveProtectionLowProfileSourceType","Option":"Write"},{"CIMType":"UInt32","Description":"Official documentation to come.","Name":"AdaptiveProtectionLowProfileConfirmedIssueSeverity","Option":"Write"},{"CIMType":"UInt32","Description":"Official documentation to come.","Name":"AdaptiveProtectionLowProfileGeneratedIssueSeverity","Option":"Write"},{"CIMType":"UInt32","Description":"Official documentation to come.","Name":"AdaptiveProtectionLowProfileInsightSeverity","Option":"Write"},{"CIMType":"UInt32","Description":"Official documentation to come.","Name":"AdaptiveProtectionLowProfileInsightCount","Option":"Write"},{"CIMType":"String[]","Description":"Official documentation to come.","Name":"AdaptiveProtectionLowProfileInsightTypes","Option":"Write"},{"CIMType":"Boolean","Description":"Official documentation to come.","Name":"AdaptiveProtectionLowProfileConfirmedIssue","Option":"Write"},{"CIMType":"Boolean","Description":"Official documentation to come.","Name":"RetainSeverityAfterTriage","Option":"Write"},{"CIMType":"UInt32","Description":"Official documentation to come.","Name":"LookbackTimeSpan","Option":"Write"},{"CIMType":"UInt32","Description":"Official documentation to come.","Name":"ProfileInScopeTimeSpan","Option":"Write"},{"CIMType":"UInt32","Description":"Official documentation to come.","Name":"GPUUtilizationLimit","Option":"Write"},{"CIMType":"UInt32","Description":"Official documentation to come.","Name":"CPUUtilizationLimit","Option":"Write"},{"CIMType":"String[]","Description":"Microsoft Defender for Endpoint alert statuses.","Name":"MDATPTriageStatus","Option":"Write"},{"CIMType":"string","Description":"Present ensures the instance exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Absent","Present"],"Values":["Absent","Present"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Configures Insider Risk Policies in Purview."},{"ClassName":"MSFT_SCLabelSetting","Parameters":[{"CIMType":"String","Description":"Advanced settings key.","Name":"Key","Option":"Key"},{"CIMType":"String[]","Description":"Advanced settings value.","Name":"Value","Option":"Write"}],"Description":"This resource configures a Sensitivity label policy in Purview."},{"ClassName":"MSFT_SCLabelPolicy","Parameters":[{"CIMType":"String","Description":"The Name parameter specifies the unique name for the sensitivity label. The maximum length is 64 characters. If the value contains spaces, enclose the value in quotation marks.","Name":"Name","Option":"Key"},{"CIMType":"String","Description":"Specify if this label policy should exist or not.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"String","Description":"The Comment parameter specifies an optional comment.","Name":"Comment","Option":"Write"},{"CIMType":"MSFT_SCLabelSetting[]","Description":"The AdvancedSettings parameter enables client-specific features and capabilities on the sensitivity label. The settings that you configure with this parameter only affect apps that are designed for the setting.","Name":"AdvancedSettings","Option":"Write"},{"CIMType":"String[]","Description":"The ExchangeLocation parameter specifies the mailboxes to include in the policy.","Name":"ExchangeLocation","Option":"Write"},{"CIMType":"String[]","Description":"The ExchangeLocationException parameter specifies the mailboxes to exclude when you use the value All for the ExchangeLocation parameter.","Name":"ExchangeLocationException","Option":"Write"},{"CIMType":"String[]","Description":"The ModernGroupLocation parameter specifies the Microsoft 365 Groups to include in the policy.","Name":"ModernGroupLocation","Option":"Write"},{"CIMType":"String[]","Description":"The ModernGroupLocationException parameter specifies the Microsoft 365 Groups to exclude when you're using the value All for the ModernGroupLocation parameter.","Name":"ModernGroupLocationException","Option":"Write"},{"CIMType":"String[]","Description":"The Labels parameter specifies the sensitivity labels that are associated with the policy. You can use any value that uniquely identifies the label.","Name":"Labels","Option":"Write"},{"CIMType":"String[]","Description":"The AddExchangeLocation parameter specifies the mailboxes to add in the existing policy.","Name":"AddExchangeLocation","Option":"Write"},{"CIMType":"String[]","Description":"The AddExchangeLocationException parameter specifies the mailboxes to add to exclusions when you use the value All for the ExchangeLocation parameter.","Name":"AddExchangeLocationException","Option":"Write"},{"CIMType":"String[]","Description":"The AddModernGroupLocation parameter specifies the Microsoft 365 Groups to add to include the policy.","Name":"AddModernGroupLocation","Option":"Write"},{"CIMType":"String[]","Description":"The AddModernGroupLocationException parameter specifies the Microsoft 365 Groups to add to exclusions when you're using the value All for the ModernGroupLocation parameter.","Name":"AddModernGroupLocationException","Option":"Write"},{"CIMType":"String[]","Description":"The AddLabels parameter specifies the sensitivity labels to add to the policy. You can use any value that uniquely identifies the label.","Name":"AddLabels","Option":"Write"},{"CIMType":"String[]","Description":"The RemoveExchangeLocation parameter specifies the mailboxes to remove from the policy.","Name":"RemoveExchangeLocation","Option":"Write"},{"CIMType":"String[]","Description":"The RemoveExchangeLocationException parameter specifies the mailboxes to remove when you use the value All for the ExchangeLocation parameter.","Name":"RemoveExchangeLocationException","Option":"Write"},{"CIMType":"String[]","Description":"The RemoveModernGroupLocation parameter specifies the Microsoft 365 Groups to remove from the policy.","Name":"RemoveModernGroupLocation","Option":"Write"},{"CIMType":"String[]","Description":"The RemoveModernGroupLocationException parameter specifies the Microsoft 365 Groups to remove from excluded values when you're using the value All for the ModernGroupLocation parameter.","Name":"RemoveModernGroupLocationException","Option":"Write"},{"CIMType":"String[]","Description":"The RemoveLabels parameter specifies the sensitivity labels that are removed from the policy. You can use any value that uniquely identifies the label.","Name":"RemoveLabels","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures a Sensitivity label policy in Purview."},{"ClassName":"MSFT_PolicyConfigApp","Parameters":[{"CIMType":"String","Description":"Name of the application.","Name":"Value","Option":"Key"},{"CIMType":"String","Description":"Name of the executable file.","Name":"Executable","Option":"Write"}],"Description":"Configures the Data Loss Prevention settings in Purview."},{"ClassName":"MSFT_PolicyConfigStorageAccount","Parameters":[{"CIMType":"String","Description":"TBD","Name":"Name","Option":"Key"},{"CIMType":"String","Description":"TBD","Name":"BlobUri","Option":"Write"}],"Description":"Configures the Data Loss Prevention settings in Purview."},{"ClassName":"MSFT_PolicyConfigSiteGroupAddress","Parameters":[{"CIMType":"String","Description":"The match type to perform. If UrlMatch is selected, then the Url property must be configured. If IPv4 or IPv6RangeMatch are selected, then AddressLower and AddressUpper must be configured.","Name":"MatchType","Option":"Required","ValueMap":["UrlMatch","IPv4RangeMatch","IPv6RangeMatch"],"Values":["UrlMatch","IPv4RangeMatch","IPv6RangeMatch"]},{"CIMType":"String","Description":"TBD","Name":"Url","Option":"Write"},{"CIMType":"String","Description":"TBD","Name":"AddressLower","Option":"Write"},{"CIMType":"String","Description":"TBD","Name":"AddressUpper","Option":"Write"}],"Description":"Configures the Data Loss Prevention settings in Purview."},{"ClassName":"MSFT_PolicyConfigDLPSiteGroups","Parameters":[{"CIMType":"String","Description":"TBD","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"TBD","Name":"Name","Option":"Key"},{"CIMType":"MSFT_PolicyConfigSiteGroupAddress[]","Description":"TBD","Name":"addresses","Option":"Write"}],"Description":"Configures the Data Loss Prevention settings in Purview."},{"ClassName":"MSFT_PolicyConfigRemovableMedia","Parameters":[{"CIMType":"String","Description":"TBD","Name":"deviceId","Option":"Write"},{"CIMType":"String","Description":"TBD","Name":"removableMediaVID","Option":"Write"},{"CIMType":"String","Description":"TBD","Name":"name","Option":"Write"},{"CIMType":"String","Description":"TBD","Name":"alias","Option":"Key"},{"CIMType":"String","Description":"TBD","Name":"removableMediaPID","Option":"Write"},{"CIMType":"String","Description":"TBD","Name":"instancePathId","Option":"Write"},{"CIMType":"String","Description":"TBD","Name":"serialNumberId","Option":"Write"},{"CIMType":"String","Description":"TBD","Name":"hardwareId","Option":"Write"}],"Description":"Configures the Data Loss Prevention settings in Purview."},{"ClassName":"MSFT_PolicyConfigDLPRemovableMediaGroups","Parameters":[{"CIMType":"String","Description":"TBD","Name":"groupName","Option":"Key"},{"CIMType":"MSFT_PolicyConfigRemovableMedia[]","Description":"TBD","Name":"removableMedia","Option":"Write"}],"Description":"Configures the Data Loss Prevention settings in Purview."},{"ClassName":"MSFT_PolicyConfigIPRange","Parameters":[{"CIMType":"String","Description":"TBD","Name":"fromAddress","Option":"Required"},{"CIMType":"String","Description":"TBD","Name":"toAddress","Option":"Required"}],"Description":"Configures the Data Loss Prevention settings in Purview."},{"ClassName":"MSFT_PolicyConfigPrinter","Parameters":[{"CIMType":"Boolean","Description":"TBD","Name":"universalPrinter","Option":"Write"},{"CIMType":"Boolean","Description":"TBD","Name":"usbPrinter","Option":"Write"},{"CIMType":"String","Description":"TBD","Name":"usbPrinterId","Option":"Write"},{"CIMType":"String","Description":"TBD","Name":"name","Option":"Write"},{"CIMType":"String","Description":"TBD","Name":"alias","Option":"Key"},{"CIMType":"String","Description":"TBD","Name":"usbPrinterVID","Option":"Write"},{"CIMType":"MSFT_PolicyConfigIPRange","Description":"TBD","Name":"ipRange","Option":"Write"},{"CIMType":"Boolean","Description":"TBD","Name":"corporatePrinter","Option":"Write"},{"CIMType":"Boolean","Description":"TBD","Name":"printToLocal","Option":"Write"},{"CIMType":"Boolean","Description":"TBD","Name":"printToFile","Option":"Write"}],"Description":"Configures the Data Loss Prevention settings in Purview."},{"ClassName":"MSFT_PolicyConfigDLPNetworkShareGroups","Parameters":[{"CIMType":"String","Description":"TBD","Name":"groupName","Option":"Key"},{"CIMType":"String","Description":"TBD","Name":"groupId","Option":"Write"},{"CIMType":"String[]","Description":"TBD","Name":"networkPaths","Option":"Write"}],"Description":"Configures the Data Loss Prevention settings in Purview."},{"ClassName":"MSFT_PolicyConfigDLPApp","Parameters":[{"CIMType":"String","Description":"TBD","Name":"ExecutableName","Option":"Write"},{"CIMType":"String","Description":"TBD","Name":"Name","Option":"Key"},{"CIMType":"Boolean","Description":"TBD","Name":"Quarantine","Option":"Write"}],"Description":"Configures the Data Loss Prevention settings in Purview."},{"ClassName":"MSFT_PolicyConfigDLPAppGroups","Parameters":[{"CIMType":"String","Description":"TBD","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"TBD","Name":"Name","Option":"Key"},{"CIMType":"String","Description":"TBD","Name":"Description","Option":"Write"},{"CIMType":"MSFT_PolicyConfigDLPApp[]","Description":"TBD","Name":"Apps","Option":"Write"}],"Description":"Configures the Data Loss Prevention settings in Purview."},{"ClassName":"MSFT_PolicyConfigEvidenceStoreSettings","Parameters":[{"CIMType":"Boolean","Description":"TBD","Name":"FileEvidenceIsEnabled","Option":"Write"},{"CIMType":"UInt32","Description":"TBD","Name":"NumberOfDaysToRetain","Option":"Write"},{"CIMType":"MSFT_PolicyConfigStorageAccount[]","Description":"TBD","Name":"StorageAccounts","Option":"Write"},{"CIMType":"String","Description":"TBD","Name":"Store","Option":"Write"}],"Description":"Configures the Data Loss Prevention settings in Purview."},{"ClassName":"MSFT_PolicyConfigBusinessJustificationList","Parameters":[{"CIMType":"String","Description":"TBD","Name":"Id","Option":"Key"},{"CIMType":"String","Description":"TBD","Name":"justificationText","Option":"Write"},{"CIMType":"Boolean","Description":"TBD","Name":"Enable","Option":"Write"}],"Description":"Configures the Data Loss Prevention settings in Purview."},{"ClassName":"MSFT_PolicyConfigDLPPrinterGroups","Parameters":[{"CIMType":"String","Description":"TBD","Name":"groupName","Option":"Key"},{"CIMType":"String","Description":"TBD","Name":"groupId","Option":"Write"},{"CIMType":"MSFT_PolicyConfigPrinter[]","Description":"TBD","Name":"printers","Option":"Write"}],"Description":"Configures the Data Loss Prevention settings in Purview."},{"ClassName":"MSFT_PolicyConfigQuarantineParameters","Parameters":[{"CIMType":"Boolean","Description":"TBD","Name":"EnableQuarantineForCloudSyncApps","Option":"Write"},{"CIMType":"String","Description":"TBD","Name":"QuarantinePath","Option":"Write"},{"CIMType":"String","Description":"TBD","Name":"MacQuarantinePath","Option":"Write"},{"CIMType":"Boolean","Description":"TBD","Name":"ShouldReplaceFile","Option":"Write"},{"CIMType":"String","Description":"TBD","Name":"FileReplacementText","Option":"Write"}],"Description":"Configures the Data Loss Prevention settings in Purview."},{"ClassName":"MSFT_SCPolicyConfig","Parameters":[{"CIMType":"String","Description":"Accepted value is 'Yes'.","Name":"IsSingleInstance","Option":"Key","ValueMap":["Yes"],"Values":["Yes"]},{"CIMType":"Boolean","Description":"Default value is false. If set to false, then you cannot specify BandwidthLimitEnabled nor DailyBandwidthLimitInMb","Name":"AdvancedClassificationEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"Default value is false.","Name":"AuditFileActivity","Option":"Write"},{"CIMType":"Boolean","Description":"Default value is true.","Name":"BandwidthLimitEnabled","Option":"Write"},{"CIMType":"MSFT_PolicyConfigBusinessJustificationList[]","Description":"TBD","Name":"BusinessJustificationList","Option":"Write"},{"CIMType":"String","Description":"Default value is Off.","Name":"CloudAppMode","Option":"Write"},{"CIMType":"String[]","Description":"TBD","Name":"CloudAppRestrictionList","Option":"Write"},{"CIMType":"UInt32","Description":"Default value is 0. If set to 0, you cannot specify the BusinessJustificationList parameter as part of your configuration.","Name":"CustomBusinessJustificationNotification","Option":"Write"},{"CIMType":"UInt32","Description":"Default value is 1000","Name":"DailyBandwidthLimitInMB","Option":"Write"},{"CIMType":"MSFT_PolicyConfigDLPAppGroups[]","Description":"TBD","Name":"DLPAppGroups","Option":"Write"},{"CIMType":"MSFT_PolicyConfigDLPNetworkShareGroups[]","Description":"TBD","Name":"DLPNetworkShareGroups","Option":"Write"},{"CIMType":"MSFT_PolicyConfigDLPPrinterGroups[]","Description":"TBD","Name":"DLPPrinterGroups","Option":"Write"},{"CIMType":"MSFT_PolicyConfigDLPRemovableMediaGroups[]","Description":"TBD","Name":"DLPRemovableMediaGroups","Option":"Write"},{"CIMType":"Boolean","Description":"Default value is true.","Name":"IncludePredefinedUnallowedBluetoothApps","Option":"Write"},{"CIMType":"Boolean","Description":"Default value is true.","Name":"MacDefaultPathExclusionsEnabled","Option":"Write"},{"CIMType":"String[]","Description":"TBD","Name":"MacPathExclusion","Option":"Write"},{"CIMType":"Boolean","Description":"Default value is false.","Name":"NetworkPathEnforcementEnabled","Option":"Write"},{"CIMType":"String","Description":"TBD","Name":"NetworkPathExclusion","Option":"Write"},{"CIMType":"String[]","Description":"TBD","Name":"PathExclusion","Option":"Write"},{"CIMType":"Boolean","Description":"Default value is false","Name":"serverDlpEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"Default value is false","Name":"FileCopiedToCloudFullUrlEnabled","Option":"Write"},{"CIMType":"MSFT_PolicyConfigEvidenceStoreSettings","Description":"TBD","Name":"EvidenceStoreSettings","Option":"Write"},{"CIMType":"MSFT_PolicyConfigDLPSiteGroups[]","Description":"TBD","Name":"SiteGroups","Option":"Write"},{"CIMType":"MSFT_PolicyConfigApp[]","Description":"TBD","Name":"UnallowedApp","Option":"Write"},{"CIMType":"MSFT_PolicyConfigApp[]","Description":"TBD","Name":"UnallowedCloudSyncApp","Option":"Write"},{"CIMType":"MSFT_PolicyConfigApp[]","Description":"TBD","Name":"UnallowedBluetoothApp","Option":"Write"},{"CIMType":"MSFT_PolicyConfigApp[]","Description":"TBD","Name":"UnallowedBrowser","Option":"Write"},{"CIMType":"MSFT_PolicyConfigQuarantineParameters","Description":"TBD","Name":"QuarantineParameters","Option":"Write"},{"CIMType":"String[]","Description":"TBD","Name":"VPNSettings","Option":"Write"},{"CIMType":"Boolean","Description":"The EnableLabelCoauth parameter enables or disables co-authoring support in Office desktop apps for the entire organization. Default value is false.","Name":"EnableLabelCoauth","Option":"Write"},{"CIMType":"Boolean","Description":"The EnableSpoAipMigration parameter enables or disables built-in labeling for supported Office files in SharePoint and OneDrive.","Name":"EnableSpoAipMigration","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Configures the Data Loss Prevention settings in Purview."},{"ClassName":"MSFT_SCProtectionAlert","Parameters":[{"CIMType":"String[]","Description":"Specifies the scope for aggregated alert policies","Name":"AlertBy","Option":"Write"},{"CIMType":"String[]","Description":"This parameter is reserved for internal Microsoft use","Name":"AlertFor","Option":"Write"},{"CIMType":"String","Description":"Specifies how the alert policy triggers alerts for multiple occurrences of monitored activity","Name":"AggregationType","Option":"Write","ValueMap":["None","SimpleAggregation","AnomalousAggregation","CustomAggregation"],"Values":["None","SimpleAggregation","AnomalousAggregation","CustomAggregation"]},{"CIMType":"String","Description":"Specifies a category for the alert policy","Name":"Category","Option":"Write"},{"CIMType":"String","Description":"Specifies an optional comment","Name":"Comment","Option":"Write"},{"CIMType":"Boolean","Description":"Enables or disables the alert policy","Name":"Disabled","Option":"Write"},{"CIMType":"String","Description":"Specify if this alert should exist or not.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"String","Description":"The Filter parameter uses OPATH syntax to filter the results by the specified properties and values","Name":"Filter","Option":"Write"},{"CIMType":"String","Description":"Specifies the unique name for the alert policy","Name":"Name","Option":"Key"},{"CIMType":"String","Description":"Specifies the language or locale that's used for notifications. For example, da-DK for Danish","Name":"NotificationCulture","Option":"Write"},{"CIMType":"Boolean","Description":"NotificationEnabled true or false","Name":"NotificationEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies whether to trigger an alert for a single event when the alert policy is configured for aggregated activity","Name":"NotifyUserOnFilterMatch","Option":"Write"},{"CIMType":"DateTime","Description":"Specifies whether to temporarily suspend notifications for the alert policy. Until the specified date-time, no notifications are sent for detected activities.","Name":"NotifyUserSuppressionExpiryDate","Option":"Write"},{"CIMType":"UInt32","Description":"Specifies the maximum number of notifications for the alert policy within the time period specified by the NotifyUserThrottleWindow parameter. Once the maximum number of notifications has been reached in the time period, no more notifications are sent for the alert.","Name":"NotifyUserThrottleThreshold","Option":"Write"},{"CIMType":"UInt32","Description":"Specifies the time interval in minutes that's used by the NotifyUserThrottleThreshold parameter","Name":"NotifyUserThrottleWindow","Option":"Write"},{"CIMType":"String[]","Description":"Specifies the SMTP address of the user who receives notification messages for the alert policy. You can specify multiple values separated by commas","Name":"NotifyUser","Option":"Write"},{"CIMType":"String[]","Description":"Specifies the activities that are monitored by the alert policy","Name":"Operation","Option":"Write"},{"CIMType":"String[]","Description":"PrivacyManagementScopedSensitiveInformationTypes","Name":"PrivacyManagementScopedSensitiveInformationTypes","Option":"Write"},{"CIMType":"String[]","Description":"PrivacyManagementScopedSensitiveInformationTypesForCounting","Name":"PrivacyManagementScopedSensitiveInformationTypesForCounting","Option":"Write"},{"CIMType":"UInt64","Description":"PrivacyManagementScopedSensitiveInformationTypesThreshold","Name":"PrivacyManagementScopedSensitiveInformationTypesThreshold","Option":"Write"},{"CIMType":"String","Description":"specifies the severity of the detection","Name":"Severity","Option":"Write","ValueMap":["Low","Medium","High","Informational"],"Values":["Low","Medium","High","Informational"]},{"CIMType":"String","Description":"Specifies the type of activities that are monitored by the alert policy","Name":"ThreatType","Option":"Write","ValueMap":["Activity","Malware","Phish","Malicious","MaliciousUrlClick","MailFlow"],"Values":["Activity","Malware","Phish","Malicious","MaliciousUrlClick","MailFlow"]},{"CIMType":"UInt32","Description":"Specifies the number of detections that trigger the alert policy within the time period specified by the TimeWindow parameter. A valid value is an integer that's greater than or equal to 3.","Name":"Threshold","Option":"Write"},{"CIMType":"UInt32","Description":"Specifies the time interval in minutes for number of detections specified by the Threshold parameter. A valid value is an integer that's greater than 60 (one hour).","Name":"TimeWindow","Option":"Write"},{"CIMType":"UInt32","Description":"Volume Threshold","Name":"VolumeThreshold","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Credentials of the Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures a Protection Alert in Purview."},{"ClassName":"MSFT_SCRecordReviewNotificationTemplateConfig","Parameters":[{"CIMType":"String","Description":"Specifies the resource is a single instance, the value must be 'Yes'","Name":"IsSingleInstance","Option":"Key","ValueMap":["Yes"],"Values":["Yes"]},{"CIMType":"String","Description":"The CustomizedNotificationDataString parameter specifies the customized review notification text to use. If the value contains spaces, enclose the value in quotation marks.","Name":"CustomizedNotificationDataString","Option":"Write"},{"CIMType":"String","Description":"The CustomizedReminderDataString parameter specifies the customized review reminder text to use. If the value contains spaces, enclose the value in quotation marks.","Name":"CustomizedReminderDataString","Option":"Write"},{"CIMType":"Boolean","Description":"The IsCustomizedNotificationTemplate switch specifies whether to use a customized review notification instead of the system default notification.","Name":"IsCustomizedNotificationTemplate","Option":"Write"},{"CIMType":"Boolean","Description":"The IsCustomizedReminderTemplate switch specifies whether to use a customized review reminder instead of the system default reminder.","Name":"IsCustomizedReminderTemplate","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Configures Purview Records Management disposition settings."},{"ClassName":"MSFT_SCRetentionCompliancePolicy","Parameters":[{"CIMType":"String","Description":"The Name parameter specifies the unique name of the retention policy.","Name":"Name","Option":"Key"},{"CIMType":"String","Description":"Specify if this policy should exist or not.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"String","Description":"The Comment parameter specifies an optional comment.","Name":"Comment","Option":"Write"},{"CIMType":"String[]","Description":"Location of the dynamic scope for this policy.","Name":"DynamicScopeLocation","Option":"Write"},{"CIMType":"Boolean","Description":"Determines if the policy is enabled or not.","Name":"Enabled","Option":"Write"},{"CIMType":"String[]","Description":"The ExchangeLocation parameter specifies the mailboxes to include.","Name":"ExchangeLocation","Option":"Write"},{"CIMType":"String[]","Description":"This parameter specifies the mailboxes to remove from the list of excluded mailboxes when you use the value All for the ExchangeLocation parameter","Name":"ExchangeLocationException","Option":"Write"},{"CIMType":"String[]","Description":"The ModernGroupLocation parameter specifies the Office 365 groups to include in the policy.","Name":"ModernGroupLocation","Option":"Write"},{"CIMType":"String[]","Description":"The ModernGroupLocationException parameter specifies the Office 365 groups to exclude when you're using the value All for the ModernGroupLocation parameter.","Name":"ModernGroupLocationException","Option":"Write"},{"CIMType":"String[]","Description":"The OneDriveLocation parameter specifies the OneDrive for Business sites to include. You identify the site by its URL value, or you can use the value All to include all sites.","Name":"OneDriveLocation","Option":"Write"},{"CIMType":"String[]","Description":"This parameter specifies the OneDrive for Business sites to exclude when you use the value All for the OneDriveLocation parameter. You identify the site by its URL value.","Name":"OneDriveLocationException","Option":"Write"},{"CIMType":"String[]","Description":"The PublicFolderLocation parameter specifies that you want to include all public folders in the retention policy. You use the value All for this parameter.","Name":"PublicFolderLocation","Option":"Write"},{"CIMType":"Boolean","Description":"The RestrictiveRetention parameter specifies whether Preservation Lock is enabled for the policy.","Name":"RestrictiveRetention","Option":"Write"},{"CIMType":"String[]","Description":"The SharePointLocation parameter specifies the SharePoint Online sites to include. You identify the site by its URL value, or you can use the value All to include all sites.","Name":"SharePointLocation","Option":"Write"},{"CIMType":"String[]","Description":"This parameter specifies the SharePoint Online sites to exclude when you use the value All for the SharePointLocation parameter. You identify the site by its URL value.","Name":"SharePointLocationException","Option":"Write"},{"CIMType":"String[]","Description":"The SkypeLocation parameter specifies the Skype for Business Online users to include in the policy.","Name":"SkypeLocation","Option":"Write"},{"CIMType":"String[]","Description":"This parameter is reserved for internal Microsoft use.","Name":"SkypeLocationException","Option":"Write"},{"CIMType":"String[]","Description":"The TeamsChannelLocation parameter specifies the Teams Channel to include in the policy.","Name":"TeamsChannelLocation","Option":"Write"},{"CIMType":"String[]","Description":"This parameter specifies the SharePoint Online sites to exclude when you use the value All for the TeamsChannelLocation parameter. You identify the site by its URL value.","Name":"TeamsChannelLocationException","Option":"Write"},{"CIMType":"String[]","Description":"The TeamsChatLocation parameter specifies the Teams Chat to include in the policy.","Name":"TeamsChatLocation","Option":"Write"},{"CIMType":"String[]","Description":"This parameter specifies the SharePoint Online sites to exclude when you use the value All for the TeamsChatLocation parameter. You identify the site by its URL value.","Name":"TeamsChatLocationException","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures a Retention Compliance Policy in Purview."},{"ClassName":"MSFT_SCRetentionComplianceRule","Parameters":[{"CIMType":"String","Description":"The Name parameter specifies the unique name of the retention rule.","Name":"Name","Option":"Key"},{"CIMType":"String","Description":"The Policy parameter specifies the policy to contain the rule.","Name":"Policy","Option":"Required"},{"CIMType":"String","Description":"Specify if this rule should exist or not.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"String","Description":"The Comment parameter specifies an optional comment.","Name":"Comment","Option":"Write"},{"CIMType":"String","Description":"The ExpirationDateOption parameter specifies whether the expiration date is calculated from the content creation date or last modification date. Valid values are: CreationAgeInDays and ModificationAgeInDays.","Name":"ExpirationDateOption","Option":"Write","ValueMap":["CreationAgeInDays","ModificationAgeInDays"],"Values":["CreationAgeInDays","ModificationAgeInDays"]},{"CIMType":"String[]","Description":"The ExcludedItemClasses parameter specifies the types of messages to exclude from the rule. You can use this parameter only to exclude items from a hold policy, which excludes the specified item class from being held. Using this parameter won't exclude items from deletion policies. Typically, you use this parameter to exclude voicemail messages, IM conversations, and other Skype for Business Online content from being held by a hold policy.","Name":"ExcludedItemClasses","Option":"Write"},{"CIMType":"String","Description":"The ContentMatchQuery parameter specifies a content search filter.","Name":"ContentMatchQuery","Option":"Write"},{"CIMType":"String","Description":"The RetentionComplianceAction parameter specifies the retention action for the rule. Valid values are: Delete, Keep and KeepAndDelete.","Name":"RetentionComplianceAction","Option":"Write","ValueMap":["Delete","Keep","KeepAndDelete"],"Values":["Delete","Keep","KeepAndDelete"]},{"CIMType":"String","Description":"The RetentionDuration parameter specifies the hold duration for the retention rule. Valid values are: An integer - The hold duration in days, Unlimited - The content is held indefinitely.","Name":"RetentionDuration","Option":"Write"},{"CIMType":"String","Description":"The RetentionDurationDisplayHint parameter specifies the units that are used to display the retention duration in the Security and Compliance Center. Valid values are: Days, Months or Years.","Name":"RetentionDurationDisplayHint","Option":"Write","ValueMap":["Days","Months","Years"],"Values":["Days","Months","Years"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures a Retention Compliance Rule in Purview."},{"ClassName":"MSFT_SCRetentionEventType","Parameters":[{"CIMType":"String","Description":"The Name parameter specifies the unique name of the retention event type.","Name":"Name","Option":"Key"},{"CIMType":"String","Description":"Specify if this rule should exist or not.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"String","Description":"The Comment parameter specifies an optional comment.","Name":"Comment","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures a Retention Event Type in Purview."},{"ClassName":"MSFT_SCRoleGroup","Parameters":[{"CIMType":"String","Description":"The Name parameter specifies the name of the role. The maximum length of the name is 64 characters.","Name":"Name","Option":"Key"},{"CIMType":"String","Description":"The DisplayName parameter specifies the friendly name of the role group. If the name contains spaces, enclose the name in quotation marks. This parameter has a maximum length of 256 characters.","Name":"DisplayName","Option":"Write"},{"CIMType":"String","Description":"The Description parameter specifies the description that's displayed when the role group is viewed using the Get-RoleGroup cmdlet. Enclose the description in quotation marks","Name":"Description","Option":"Write"},{"CIMType":"String[]","Description":"The Roles parameter specifies the management roles to assign to the role group when it's created. If a role name contains spaces, enclose the name in quotation marks. If you want to assign more that one role, separate the role names with commas.","Name":"Roles","Option":"Write"},{"CIMType":"String","Description":"Specify if the Role Group should exist or not.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures Role Groups in Purview."},{"ClassName":"MSFT_SCRoleGroupMember","Parameters":[{"CIMType":"String","Description":"The Name parameter specifies the name of the role. The maximum length of the name is 64 characters.","Name":"Name","Option":"Key"},{"CIMType":"String","Description":"The Description parameter specifies the description that's displayed when the role group is viewed using the Get-RoleGroup cmdlet. Enclose the description in quotation marks","Name":"Description","Option":"Write"},{"CIMType":"String[]","Description":"The Members parameter specifies the mailboxes or mail-enabled USGs to add as a member of the role group. You can identify the user or group by the name, DN, or primary SMTP address value. You can specify multiple members separated by commas (Value1,Value2,...ValueN). If the value contains spaces, enclose the value in quotation marks","Name":"Members","Option":"Write"},{"CIMType":"String","Description":"Specify if the Role Group Members should exist or not.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource manages Role Group members in Security Compliance Center."},{"ClassName":"MSFT_SCSecurityFilter","Parameters":[{"CIMType":"String","Description":"The FilterName parameter specifies the name of the compliance security filter that you want to view. If the value contains spaces, enclose the value in quotation marks (\\\").","Name":"FilterName","Option":"Key"},{"CIMType":"String","Description":"The Action parameter filters the results by the type of search action that a filter is applied to. ","Name":"Action","Option":"Write","ValueMap":["Export","Preview","Purge","Search","All"],"Values":["Export","Preview","Purge","Search","All"]},{"CIMType":"String[]","Description":"The User parameter filters the results by the user who gets a filter applied to their searches. Acceptable values are : The alias or email address of a user, All or The name of a role group","Name":"Users","Option":"Write"},{"CIMType":"String","Description":"The Description parameter specifies a description for the compliance security filter. The maximum length is 256 characters. If the value contains spaces, enclose the value in quotation marks (\\\").","Name":"Description","Option":"Write"},{"CIMType":"String[]","Description":"The Filters parameter specifies the search criteria for the compliance security filter. The filters are applied to the users specified by the Users parameter. You can create three different types of filters: Mailbox filter, Mailbox content filter or Site and site content filter","Name":"Filters","Option":"Write"},{"CIMType":"String","Description":"The Region parameter specifies the satellite location for multi-geo tenants to conduct eDiscovery searches in.","Name":"Region","Option":"Write","ValueMap":["APC","AUS","CAN","EUR","FRA","GBR","IND","JPN","LAM","NAM",""],"Values":["APC","AUS","CAN","EUR","FRA","GBR","IND","JPN","LAM","NAM",""]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Specify if this label policy should exist or not.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures a Security Filter in Purview.\n\n**Please note:** This resource does not support certificate based authentication."},{"ClassName":"MSFT_SCSLSensitiveInformationType","Parameters":[{"CIMType":"String","Description":"Name of the Sensitive Information Type","Name":"name","Option":"Key"},{"CIMType":"String","Description":"Confidence level value for the Sensitive Information","Name":"confidencelevel","Option":"Write","ValueMap":["Low","Medium","High"],"Values":["Low","Medium","High"]},{"CIMType":"String","Description":"Type of Classifier value for the Sensitive Information","Name":"classifiertype","Option":"Write"},{"CIMType":"String","Description":"Minimum Count value for the Sensitive Information","Name":"mincount","Option":"Write"},{"CIMType":"String","Description":"Maximum Count value for the Sensitive Information","Name":"maxcount","Option":"Write"}],"Description":"This resource configures Sensitivity labels in Purview."},{"ClassName":"MSFT_SCSLTrainableClassifiers","Parameters":[{"CIMType":"String","Description":"Name of the Trainable Classifier","Name":"name","Option":"Key"},{"CIMType":"String","Description":"Id of the Trainable Classifier","Name":"id","Option":"Write"}],"Description":"This resource configures Sensitivity labels in Purview."},{"ClassName":"MSFT_SCSLSensitiveInformationGroup","Parameters":[{"CIMType":"MSFT_SCSLSensitiveInformationType[]","Description":"Sensitive Information Content Types","Name":"SensitiveInformationType","Option":"Write"},{"CIMType":"MSFT_SCSLTrainableClassifiers[]","Description":"Trainable Classifiers","Name":"TrainableClassifier","Option":"Write"},{"CIMType":"String","Description":"Name of the group","Name":"Name","Option":"Required"},{"CIMType":"String","Description":"How to process the Sensitive Information Types and Trainable Classifiers","Name":"Operator","Option":"Required","ValueMap":["And","Or"],"Values":["And","Or"]}],"Description":"This resource configures Sensitivity labels in Purview."},{"ClassName":"MSFT_SCSLAutoLabelingSettings","Parameters":[{"CIMType":"MSFT_SCSLSensitiveInformationGroup[]","Description":"Groups of sensitive information types.","Name":"Groups","Option":"Required"},{"CIMType":"String","Description":"How to process the various groups","Name":"Operator","Option":"Required","ValueMap":["And","Or"],"Values":["And","Or"]},{"CIMType":"String","Description":"Display this message to users when the label is applied","Name":"PolicyTip","Option":"Write"},{"CIMType":"String","Description":"Specifies what to do when content matches the conditions","Name":"AutoApplyType","Option":"Required","ValueMap":["Automatic","Recommend"],"Values":["Automatic","Recommend"]}],"Description":"This resource configures Sensitivity labels in Purview."},{"ClassName":"MSFT_SCLabelLocaleSettings","Parameters":[{"CIMType":"String","Description":"Name of the Local key.","Name":"localeKey","Option":"Key"},{"CIMType":"MSFT_SCLabelSetting[]","Description":"The locale settings display names.","Name":"LabelSettings","Option":"Write"}],"Description":"This resource configures Sensitivity labels in Purview."},{"ClassName":"MSFT_SCSensitivityLabel","Parameters":[{"CIMType":"String","Description":"The Name parameter specifies the unique name for the sensitivity label. The maximum length is 64 characters. If the value contains spaces, enclose the value in quotation marks.","Name":"Name","Option":"Key"},{"CIMType":"String","Description":"Specify if this rule should exist or not.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"String","Description":"The Comment parameter specifies an optional comment.","Name":"Comment","Option":"Write"},{"CIMType":"MSFT_SCLabelSetting[]","Description":"The AdvancedSettings parameter enables client-specific features and capabilities on the sensitivity label. The settings that you configure with this parameter only affect apps that are designed for the setting.","Name":"AdvancedSettings","Option":"Write"},{"CIMType":"String","Description":"The DisplayName parameter specifies the display name for the sensitivity label. The display name appears in the Microsoft Office and is used by Outlook users to select the appropriate sensitivity label before they send a message.","Name":"DisplayName","Option":"Write"},{"CIMType":"MSFT_SCLabelLocaleSettings[]","Description":"The LocaleSettings parameter specifies one or more localized label name or label Tooltips in different languages. Regions include all region codes supported in Office Client applications.","Name":"LocaleSettings","Option":"Write"},{"CIMType":"String","Description":"The ParentId parameter specifies the parent label that you want this label to be under (a sublabel). You can use any value that uniquely identifies the parent sensitivity label for example name.","Name":"ParentId","Option":"Write"},{"CIMType":"uint32","Description":"The Priority parameter specifies a priority value for the sensitivity label that determines the order of label processing. A lower integer value indicates a higher priority.","Name":"Priority","Option":"Write"},{"CIMType":"String","Description":"The ToolTip parameter specifies the default tooltip and sensitivity label description that's seen by users. It the value contains spaces, enclose the value in quotation marks.","Name":"Tooltip","Option":"Write"},{"CIMType":"String","Description":"The ApplyContentMarkingFooterAlignment parameter specifies the footer alignment.","Name":"ApplyContentMarkingFooterAlignment","Option":"Write","ValueMap":["Left","Center","Right"],"Values":["Left","Center","Right"]},{"CIMType":"Boolean","Description":"The ApplyContentMarkingFooterEnabled parameter specifies whether to enable or disable the sensitivity label.","Name":"ApplyContentMarkingFooterEnabled","Option":"Write"},{"CIMType":"String","Description":"The ApplyContentMarkingFooterFontColor parameter specifies the color of the footer text. This parameter accepts a hexadecimal color code value in the format #xxxxxx. The default value is #000000.","Name":"ApplyContentMarkingFooterFontColor","Option":"Write"},{"CIMType":"SInt32","Description":"The ApplyContentMarkingFooterFontSize parameter specifies the font size (in points) of the footer text.","Name":"ApplyContentMarkingFooterFontSize","Option":"Write"},{"CIMType":"SInt32","Description":"The ApplyContentMarkingFooterMargin parameter specifies the size (in points) of the footer margin.","Name":"ApplyContentMarkingFooterMargin","Option":"Write"},{"CIMType":"String","Description":"The ApplyContentMarkingFooterText parameter specifies the footer text. If the value contains spaces, enclose the value in quotation marks.","Name":"ApplyContentMarkingFooterText","Option":"Write"},{"CIMType":"String","Description":"The ApplyContentMarkingHeaderAlignment parameter specifies the header alignment.","Name":"ApplyContentMarkingHeaderAlignment","Option":"Write","ValueMap":["Left","Center","Right"],"Values":["Left","Center","Right"]},{"CIMType":"Boolean","Description":"The ApplyContentMarkingHeaderEnabled parameter enables or disables the Apply Content Marking Header action for the label.","Name":"ApplyContentMarkingHeaderEnabled","Option":"Write"},{"CIMType":"String","Description":"The ApplyContentMarkingHeaderFontColor parameter specifies the color of the header text. This parameter accepts a hexadecimal color code value in the format #xxxxxx. The default value is #000000.","Name":"ApplyContentMarkingHeaderFontColor","Option":"Write"},{"CIMType":"SInt32","Description":"The ApplyContentMarkingHeaderFontSize parameter specifies the font size (in points) of the header text.","Name":"ApplyContentMarkingHeaderFontSize","Option":"Write"},{"CIMType":"SInt32","Description":"The ApplyContentMarkingHeaderMargin parameter specifies the size (in points) of the header margin.","Name":"ApplyContentMarkingHeaderMargin","Option":"Write"},{"CIMType":"String","Description":"The ApplyContentMarkingHeaderText parameter specifies the header text. If the value contains spaces, enclose the value in quotation marks.","Name":"ApplyContentMarkingHeaderText","Option":"Write"},{"CIMType":"Boolean","Description":"The ApplyWaterMarkingEnabled parameter enables or disables the Apply Watermarking Header action for the label.","Name":"ApplyWaterMarkingEnabled","Option":"Write"},{"CIMType":"String","Description":"The ApplyWaterMarkingFontColor parameter specifies the color of the watermark text. This parameter accepts a hexadecimal color code value in the format #xxxxxx.","Name":"ApplyWaterMarkingFontColor","Option":"Write"},{"CIMType":"SInt32","Description":"The ApplyWaterMarkingFontSize parameter specifies the font size (in points) of the watermark text.","Name":"ApplyWaterMarkingFontSize","Option":"Write"},{"CIMType":"String","Description":"The ApplyWaterMarkingAlignment parameter specifies the watermark alignment.","Name":"ApplyWaterMarkingLayout","Option":"Write","ValueMap":["Horizontal","Diagonal"],"Values":["Horizontal","Diagonal"]},{"CIMType":"String","Description":"The ApplyWaterMarkingText parameter specifies the watermark text. If the value contains spaces, enclose the value in quotation marks.","Name":"ApplyWaterMarkingText","Option":"Write"},{"CIMType":"String[]","Description":"The ContentType parameter specifies where the sensitivity label can be applied.","Name":"ContentType","Option":"Write","ValueMap":["File","Email","Site","UnifiedGroup","PurviewAssets","Teamwork","SchematizedData"],"Values":["File","Email","Site","UnifiedGroup","PurviewAssets","Teamwork","SchematizedData"]},{"CIMType":"String","Description":"The EncryptionContentExpiredOnDateInDaysOrNever parameter specifies when the encrypted content expires. Valid values are integer or never.","Name":"EncryptionContentExpiredOnDateInDaysOrNever","Option":"Write"},{"CIMType":"Boolean","Description":"The EncryptionDoNotForward parameter specifies whether the Do Not Forward template is applied.","Name":"EncryptionDoNotForward","Option":"Write"},{"CIMType":"Boolean","Description":"The EncryptionEncryptOnly parameter specifies whether the encrypt-only template is applied.","Name":"EncryptionEncryptOnly","Option":"Write"},{"CIMType":"Boolean","Description":"The EncryptionEnabled parameter specifies whether encryption in enabled.","Name":"EncryptionEnabled","Option":"Write"},{"CIMType":"SInt32","Description":"The EncryptionOfflineAccessDays parameter specifies the number of days that offline access is allowed.","Name":"EncryptionOfflineAccessDays","Option":"Write"},{"CIMType":"Boolean","Description":"The EncryptionPromptUser parameter specifies whether to set the label with user defined permission in Word, Excel, and PowerPoint.","Name":"EncryptionPromptUser","Option":"Write"},{"CIMType":"String","Description":"The EncryptionProtectionType parameter specifies the protection type for encryption.","Name":"EncryptionProtectionType","Option":"Write","ValueMap":["Template","RemoveProtection","UserDefined"],"Values":["Template","RemoveProtection","UserDefined"]},{"CIMType":"String","Description":"The EncryptionRightsDefinitions parameter specifies the rights users have when accessing protected. This parameter uses the syntax Identity1:Rights1,Rights2;Identity2:Rights3,Rights4. For example, john@contoso.com:VIEW,EDIT;microsoft.com:VIEW.","Name":"EncryptionRightsDefinitions","Option":"Write"},{"CIMType":"String","Description":"The EncryptionRightsUrl parameter specifies the URL for hold your own key (HYOK) protection.","Name":"EncryptionRightsUrl","Option":"Write"},{"CIMType":"Boolean","Description":"The SiteAndGroupProtectionAllowAccessToGuestUsers parameter enables or disables access to guest users.","Name":"SiteAndGroupProtectionAllowAccessToGuestUsers","Option":"Write"},{"CIMType":"Boolean","Description":"The SiteAndGroupProtectionAllowEmailFromGuestUsers parameter enables or disables email from guest users.","Name":"SiteAndGroupProtectionAllowEmailFromGuestUsers","Option":"Write"},{"CIMType":"Boolean","Description":"The SiteAndGroupProtectionAllowFullAccess parameter enables or disables full access.","Name":"SiteAndGroupProtectionAllowFullAccess","Option":"Write"},{"CIMType":"Boolean","Description":"The SiteAndGroupProtectionAllowLimitedAccess parameter enables or disables limited access.","Name":"SiteAndGroupProtectionAllowLimitedAccess","Option":"Write"},{"CIMType":"Boolean","Description":"The SiteAndGroupProtectionBlockAccess parameter blocks access.","Name":"SiteAndGroupProtectionBlockAccess","Option":"Write"},{"CIMType":"Boolean","Description":"The SiteAndGroupProtectionEnabled parameter enables or disables the Site and Group Protection action for the labels.","Name":"SiteAndGroupProtectionEnabled","Option":"Write"},{"CIMType":"String","Description":"The SiteAndGroupProtectionPrivacy parameter specifies the privacy level for the label.","Name":"SiteAndGroupProtectionPrivacy","Option":"Write","ValueMap":["Public","Private","Unspecified"],"Values":["Public","Private","Unspecified"]},{"CIMType":"String","Description":"The SiteAndGroupExternalSharingControlType parameter specifies the external user sharing setting for the label.","Name":"SiteAndGroupExternalSharingControlType","Option":"Write","ValueMap":["ExternalUserAndGuestSharing","ExternalUserSharingOnly","ExistingExternalUserSharingOnly","Disabled"],"Values":["ExternalUserAndGuestSharing","ExternalUserSharingOnly","ExistingExternalUserSharingOnly","Disabled"]},{"CIMType":"MSFT_SCSLAutoLabelingSettings","Description":"The AutoLabelingSettings parameter specifies the conditions for label to be automatically applied to files and emails.","Name":"AutoLabelingSettings","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures Sensitivity labels in Purview."},{"ClassName":"MSFT_SCSupervisoryReviewPolicy","Parameters":[{"CIMType":"String","Description":"The Name parameter specifies the unique name for the supervisory review policy. The name can't exceed 64 characters. If the value contains spaces, enclose the value in quotation marks.","Name":"Name","Option":"Key"},{"CIMType":"String","Description":"The Comment parameter specifies an optional comment. If you specify a value that contains spaces, enclose the value in quotation marks.","Name":"Comment","Option":"Write"},{"CIMType":"String[]","Description":"The Reviewers parameter specifies the SMTP addresses of the reviewers for the supervisory review policy. You can specify multiple email addresses separated by commas.","Name":"Reviewers","Option":"Required"},{"CIMType":"String","Description":"Specify if this rule should exist or not.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures a Supervision Policy in Purview.\nNOTE: This resource can only be used to monitor policies until further notice."},{"ClassName":"MSFT_SCSupervisoryReviewRule","Parameters":[{"CIMType":"String","Description":"The Name parameter specifies the unique name for the supervisory review policy. The name can't exceed 64 characters. If the value contains spaces, enclose the value in quotation marks.","Name":"Name","Option":"Key"},{"CIMType":"String","Description":"The Policy parameter specifies the supervisory review policy that's assigned to the rule. You can use any value that uniquely identifies the policy.","Name":"Policy","Option":"Key"},{"CIMType":"String","Description":"The Condition parameter specifies the conditions and exceptions for the rule.","Name":"Condition","Option":"Write"},{"CIMType":"UInt32","Description":"The SamplingRate parameter specifies the percentage of communications for review. If you want reviewers to review all detected items, use the value 100.","Name":"SamplingRate","Option":"Write"},{"CIMType":"String","Description":"Specify if this rule should exist or not.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures a Supervision Review Rule in Purview."},{"ClassName":"MSFT_SCUnifiedAuditLogRetentionPolicy","Parameters":[{"CIMType":"String","Description":"The description for the audit log retention policy","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Unique name for the audit log retention policy","Name":"Name","Option":"Key"},{"CIMType":"String[]","Description":"Specifies the audit log operations that are retained by the policy","Name":"Operations","Option":"Write"},{"CIMType":"UInt32","Description":"Priority value for the policy that determines the order of policy processing.","Name":"Priority","Option":"Write"},{"CIMType":"String[]","Description":"Specifies the audit logs of a specific record type that are retained by the policy.","Name":"RecordTypes","Option":"Write"},{"CIMType":"String","Description":"How long audit log records are kept","Name":"RetentionDuration","Option":"Write","ValueMap":["SevenDays","OneMonth","ThreeMonths","SixMonths","NineMonths","TwelveMonths","ThreeYears","FiveYears","SevenYears","TenYears"],"Values":["SevenDays","OneMonth","ThreeMonths","SixMonths","NineMonths","TwelveMonths","ThreeYears","FiveYears","SevenYears","TenYears"]},{"CIMType":"String[]","Description":"Specifies the audit logs that are retained by the policy based on the ID of the user who performed the action","Name":"UserIds","Option":"Write"},{"CIMType":"string","Description":"Present ensures the instance exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"}],"Description":"The resource configures a Unified Audit Log Retention Policy in the Purview."},{"ClassName":"MSFT_SentinelAlertRuleEventGroupingSettings","Parameters":[{"CIMType":"String","Description":"The event grouping aggregation kinds","Name":"aggregationKind","Option":"Write"}],"Description":"Configures alert rules in Azure Sentinel."},{"ClassName":"MSFT_SentinelAlertRuleCustomDetails","Parameters":[{"CIMType":"String","Description":"Key of the custom detail.","Name":"DetailKey","Option":"Write"},{"CIMType":"String","Description":"Associated value with the custom detail.","Name":"DetailValue","Option":"Write"}],"Description":"Configures alert rules in Azure Sentinel."},{"ClassName":"MSFT_SentinelAlertRuleEntityMapping","Parameters":[{"CIMType":"String","Description":"Type of entity.","Name":"entityType","Option":"Write"},{"CIMType":"MSFT_SentinelAlertRuleEntityMappingFieldMapping[]","Description":"List of field mappings.","Name":"fieldMappings","Option":"Write"}],"Description":"Configures alert rules in Azure Sentinel."},{"ClassName":"MSFT_SentinelAlertRuleEntityMappingFieldMapping","Parameters":[{"CIMType":"String","Description":"Name of the column","Name":"columnName","Option":"Key"},{"CIMType":"String","Description":"Identifier of the associated field.","Name":"identifier","Option":"Key"}],"Description":"Configures alert rules in Azure Sentinel."},{"ClassName":"MSFT_SentinelAlertRuleAlertDetailsOverride","Parameters":[{"CIMType":"String","Description":"The format containing columns name(s) to override the alert description","Name":"alertDescriptionFormat","Option":"Write"},{"CIMType":"String","Description":"The format containing columns name(s) to override the alert name","Name":"alertDisplayNameFormat","Option":"Write"},{"CIMType":"String","Description":"The column name to take the alert severity from","Name":"alertSeverityColumnName","Option":"Write"},{"CIMType":"String","Description":"The column name to take the alert tactics from","Name":"alertTacticsColumnName","Option":"Write"},{"CIMType":"MSFT_SentinelAlertRuleAlertDetailsOverrideAlertDynamicProperty[]","Description":"List of additional dynamic properties to override","Name":"alertDynamicProperties","Option":"Write"}],"Description":"Configures alert rules in Azure Sentinel."},{"ClassName":"MSFT_SentinelAlertRuleAlertDetailsOverrideAlertDynamicProperty","Parameters":[{"CIMType":"String","Description":"Dynamic property key.","Name":"alertProperty","Option":"Key"},{"CIMType":"String","Description":"Dynamic property value.","Name":"alertPropertyValue","Option":"Write"}],"Description":"Configures alert rules in Azure Sentinel."},{"ClassName":"MSFT_SentinelAlertRuleIncidentConfiguration","Parameters":[{"CIMType":"Boolean","Description":"Create incidents from alerts triggered by this analytics rule","Name":"createIncident","Option":"Write"},{"CIMType":"MSFT_SentinelAlertRuleIncidentConfigurationGroupingConfiguration","Description":"Set how the alerts that are triggered by this analytics rule, are grouped into incidents","Name":"groupingConfiguration","Option":"Write"}],"Description":"Configures alert rules in Azure Sentinel."},{"ClassName":"MSFT_SentinelAlertRuleIncidentConfigurationGroupingConfiguration","Parameters":[{"CIMType":"Boolean","Description":"Grouping enabled","Name":"enabled","Option":"Write"},{"CIMType":"String[]","Description":"A list of alert details to group by (when matchingMethod is Selected)","Name":"groupByAlertDetails","Option":"Write","ValueMap":["DisplayName","Severity"],"Values":["DisplayName","Severity"]},{"CIMType":"String[]","Description":"A list of custom details keys to group by (when matchingMethod is Selected). Only keys defined in the current alert rule may be used.","Name":"groupByCustomDetails","Option":"Write"},{"CIMType":"String[]","Description":"A list of entity types to group by (when matchingMethod is Selected). Only entities defined in the current alert rule may be used.","Name":"groupByEntities","Option":"Write"},{"CIMType":"String","Description":"Limit the group to alerts created within the lookback duration (in ISO 8601 duration format)","Name":"lookbackDuration","Option":"Write"},{"CIMType":"String","Description":"Grouping matching method. When method is Selected at least one of groupByEntities, groupByAlertDetails, groupByCustomDetails must be provided and not empty.","Name":"matchingMethod","Option":"Write"},{"CIMType":"Boolean","Description":"Re-open closed matching incidents","Name":"reopenClosedIncident","Option":"Write"}],"Description":"Configures alert rules in Azure Sentinel."},{"ClassName":"MSFT_SentinelAlertRule","Parameters":[{"CIMType":"String","Description":"The display name of the indicator","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"The name of the resource group. The name is case insensitive.","Name":"SubscriptionId","Option":"Write"},{"CIMType":"String","Description":"The name of the resource group. The name is case insensitive.","Name":"ResourceGroupName","Option":"Write"},{"CIMType":"String","Description":"The name of the workspace.","Name":"WorkspaceName","Option":"Write"},{"CIMType":"String","Description":"The unique id of the indicator.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"The name of the workspace.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"The alerts' productName on which the cases will be generated","Name":"ProductFilter","Option":"Write"},{"CIMType":"Boolean","Description":"Determines whether this alert rule is enabled or disabled.","Name":"Enabled","Option":"Write"},{"CIMType":"String","Description":"The severity for alerts created by this alert rule.","Name":"Severity","Option":"Write"},{"CIMType":"String[]","Description":"The tactics of the alert rule","Name":"Tactics","Option":"Write"},{"CIMType":"String[]","Description":"The techniques of the alert rule","Name":"Techniques","Option":"Write"},{"CIMType":"String[]","Description":"The sub-techniques of the alert rule","Name":"SubTechniques","Option":"Write"},{"CIMType":"String","Description":"The query that creates alerts for this rule.","Name":"Query","Option":"Write"},{"CIMType":"String","Description":"The frequency (in ISO 8601 duration format) for this alert rule to run.","Name":"QueryFrequency","Option":"Write"},{"CIMType":"String","Description":"The period (in ISO 8601 duration format) that this alert rule looks at.","Name":"QueryPeriod","Option":"Write"},{"CIMType":"String","Description":"The operation against the threshold that triggers alert rule.","Name":"TriggerOperator","Option":"Write"},{"CIMType":"UInt32","Description":"The threshold triggers this alert rule.","Name":"TriggerThreshold","Option":"Write"},{"CIMType":"String","Description":"The suppression (in ISO 8601 duration format) to wait since last time this alert rule been triggered.","Name":"SuppressionDuration","Option":"Write"},{"CIMType":"String","Description":"Determines whether the suppression for this alert rule is enabled or disabled.","Name":"SuppressionEnabled","Option":"Write"},{"CIMType":"String","Description":"The Name of the alert rule template used to create this rule.","Name":"AlertRuleTemplateName","Option":"Write"},{"CIMType":"String[]","Description":"The alerts' displayNames on which the cases will not be generated.","Name":"DisplayNamesExcludeFilter","Option":"Write"},{"CIMType":"String[]","Description":"The alerts' displayNames on which the cases will be generated.","Name":"DisplayNamesFilter","Option":"Write"},{"CIMType":"String[]","Description":"The alerts' severities on which the cases will be generated","Name":"SeveritiesFilter","Option":"Write"},{"CIMType":"MSFT_SentinelAlertRuleEventGroupingSettings","Description":"The event grouping settings.","Name":"EventGroupingSettings","Option":"Write"},{"CIMType":"MSFT_SentinelAlertRuleCustomDetails[]","Description":"Dictionary of string key-value pairs of columns to be attached to the alert","Name":"CustomDetails","Option":"Write"},{"CIMType":"MSFT_SentinelAlertRuleEntityMapping[]","Description":"Array of the entity mappings of the alert rule","Name":"EntityMappings","Option":"Write"},{"CIMType":"MSFT_SentinelAlertRuleAlertDetailsOverride","Description":"The alert details override settings","Name":"AlertDetailsOverride","Option":"Write"},{"CIMType":"MSFT_SentinelAlertRuleIncidentConfiguration","Description":"The settings of the incidents that created from alerts triggered by this analytics rule","Name":"IncidentConfiguration","Option":"Write"},{"CIMType":"String","Description":"The kind of the alert rule","Name":"Kind","Option":"Write"},{"CIMType":"string","Description":"Present ensures the instance exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Absent","Present"],"Values":["Absent","Present"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Configures alert rules in Azure Sentinel."},{"ClassName":"MSFT_SentinelSetting","Parameters":[{"CIMType":"String","Description":"The Resource Group Name","Name":"ResourceGroupName","Option":"Key"},{"CIMType":"String","Description":"The name of the workspace.","Name":"WorkspaceName","Option":"Required"},{"CIMType":"String","Description":"Gets subscription credentials which uniquely identify Microsoft Azure subscription. The subscription ID forms part of the URI for every service call.","Name":"SubscriptionId","Option":"Write"},{"CIMType":"Boolean","Description":"Specififies if Anomaly detection should be enabled or not.","Name":"AnomaliesIsEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"Specififies if Entity Analyticsshould be enabled or not.","Name":"EntityAnalyticsIsEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"Specififies if Auditing and Health Monitoring should be enabled or not.","Name":"EyesOnIsEnabled","Option":"Write"},{"CIMType":"String[]","Description":"The list of Data sources associated with the UEBA.","Name":"UebaDataSource","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Configures settings for a Sentinel instance."},{"ClassName":"MSFT_SentinelThreatIntelligenceIndicator","Parameters":[{"CIMType":"String","Description":"The display name of the indicator","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"The name of the resource group. The name is case insensitive.","Name":"SubscriptionId","Option":"Write"},{"CIMType":"String","Description":"The name of the resource group. The name is case insensitive.","Name":"ResourceGroupName","Option":"Write"},{"CIMType":"String","Description":"The name of the workspace.","Name":"WorkspaceName","Option":"Write"},{"CIMType":"String","Description":"The unique id of the indicator.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"The name of the workspace.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Pattern type of a threat intelligence entity","Name":"PatternType","Option":"Write"},{"CIMType":"String","Description":"Pattern of a threat intelligence entity","Name":"Pattern","Option":"Write"},{"CIMType":"String","Description":"Is threat intelligence entity revoked","Name":"Revoked","Option":"Write"},{"CIMType":"String","Description":"Valid from","Name":"ValidFrom","Option":"Write"},{"CIMType":"String","Description":"Valid until","Name":"ValidUntil","Option":"Write"},{"CIMType":"String","Description":"Source type.","Name":"Source","Option":"Write"},{"CIMType":"String[]","Description":"Labels of threat intelligence entity","Name":"Labels","Option":"Write"},{"CIMType":"String[]","Description":"List of tags","Name":"ThreatIntelligenceTags","Option":"Write"},{"CIMType":"String[]","Description":"Threat types","Name":"ThreatTypes","Option":"Write"},{"CIMType":"String[]","Description":"Kill chain phases","Name":"KillChainPhases","Option":"Write"},{"CIMType":"UInt32","Description":"Confidence of threat intelligence entity","Name":"Confidence","Option":"Write"},{"CIMType":"string","Description":"Present ensures the instance exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Absent","Present"],"Values":["Absent","Present"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Configures threat intelligence indicators in Azure Sentinel."},{"ClassName":"MSFT_SentinelWatchlist","Parameters":[{"CIMType":"String","Description":"Tha name of the watchlist.","Name":"Name","Option":"Key"},{"CIMType":"String","Description":"The name of the resource group. The name is case insensitive.","Name":"SubscriptionId","Option":"Write"},{"CIMType":"String","Description":"The name of the resource group. The name is case insensitive.","Name":"ResourceGroupName","Option":"Write"},{"CIMType":"String","Description":"The name of the workspace.","Name":"WorkspaceName","Option":"Write"},{"CIMType":"String","Description":"The id (a Guid) of the watchlist","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"The display name of the watchlist.","Name":"DisplayName","Option":"Write"},{"CIMType":"String","Description":"The source of the watchlist. Only accepts 'Local file' and 'Remote storage'. And it must included in the request.","Name":"SourceType","Option":"Write"},{"CIMType":"String","Description":"The search key is used to optimize query performance when using watchlists for joins with other data. For example, enable a column with IP addresses to be the designated SearchKey field, then use this field as the key field when joining to other event data by IP address.","Name":"ItemsSearchKey","Option":"Write"},{"CIMType":"String","Description":"A description of the watchlist","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"The default duration of a watchlist (in ISO 8601 duration format)","Name":"DefaultDuration","Option":"Write"},{"CIMType":"String","Description":"The watchlist alias","Name":"Alias","Option":"Write"},{"CIMType":"UInt32","Description":"The number of lines in a csv content to skip before the header","Name":"NumberOfLinesToSkip","Option":"Write"},{"CIMType":"String","Description":"The raw content that represents to watchlist items to create. Example : This line will be skipped header1,header2 value1,value2","Name":"RawContent","Option":"Write"},{"CIMType":"string","Description":"Present ensures the instance exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Absent","Present"],"Values":["Absent","Present"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Configures watchlists in Azure Sentinel."},{"ClassName":"MSFT_SHSpaceGroup","Parameters":[{"CIMType":"String","Description":"Name of the associated Services Hub space.","Name":"SpaceName","Option":"Key"},{"CIMType":"String","Description":"Name of the group.","Name":"GroupName","Option":"Key"},{"CIMType":"String[]","Description":"List of roles associated with the group. Accepted values are: CustomerActivityPagePermissionRole, HealthPermissionRole, InviteUsersPermissionRole, PlansPermissionRole, SharedFilesPermissionRole, SupportCasePermissionRole, TrainingManager, TrainingPermissionRole, WorkspaceAdministratorRole. Role Account manager,IncidentManagerUnified,CSMAdministrator, ContractSupportUser are read-only and inherited from the upstream system and cannot be modified.","Name":"Roles","Option":"Write"},{"CIMType":"string","Description":"Present ensures the instance exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Absent","Present"],"Values":["Absent","Present"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Represents a Services Hub space group."},{"ClassName":"MSFT_SHSpaceUser","Parameters":[{"CIMType":"String","Description":"Name of the associated Services Hub space.","Name":"SpaceName","Option":"Key"},{"CIMType":"String","Description":"Email identifier for the user.","Name":"Email","Option":"Key"},{"CIMType":"String[]","Description":"List of roles associated with the user. Accepted values are: CustomerActivityPagePermissionRole, HealthPermissionRole, InviteUsersPermissionRole, PlansPermissionRole, SharedFilesPermissionRole, SupportCasePermissionRole, TrainingManager, TrainingPermissionRole, WorkspaceAdministratorRole. Role Account manager,IncidentManagerUnified,CSMAdministrator, ContractSupportUser are read-only and inherited from the upstream system and cannot be modified.","Name":"Roles","Option":"Write"},{"CIMType":"string","Description":"Present ensures the instance exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Absent","Present"],"Values":["Absent","Present"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Represents a Services Hub space user."},{"ClassName":"MSFT_SPOAccessControlSettings","Parameters":[{"CIMType":"String","Description":"Specifies the resource is a single instance, the value must be 'Yes'","Name":"IsSingleInstance","Option":"Key","ValueMap":["Yes"],"Values":["Yes"]},{"CIMType":"boolean","Description":"Determines whether tenant users see the Start a Site menu option","Name":"DisplayStartASiteOption","Option":"Write"},{"CIMType":"string","Description":"Specifies URL of the form to load in the Start a Site dialog. The valid values are:<emptyString> (default) - Blank by default, this will also remove or clear any value that has been set.Full URL - Example: https://contoso.sharepoint.com/path/to/form","Name":"StartASiteFormUrl","Option":"Write"},{"CIMType":"boolean","Description":"Allows access from network locations that are defined by an administrator.","Name":"IPAddressEnforcement","Option":"Write"},{"CIMType":"string","Description":"Configures multiple IP addresses or IP address ranges (IPv4 or IPv6). Use commas to separate multiple IP addresses or IP address ranges.","Name":"IPAddressAllowList","Option":"Write"},{"CIMType":"uint32","Description":"Office webapps TokenLifeTime in minutes","Name":"IPAddressWACTokenLifetime","Option":"Write"},{"CIMType":"boolean","Description":"Prevents the Download button from being displayed on the Virus Found warning page.","Name":"DisallowInfectedFileDownload","Option":"Write"},{"CIMType":"boolean","Description":"Enables external services for a tenant. External services are defined as services that are not in the Office 365 datacenters.","Name":"ExternalServicesEnabled","Option":"Write"},{"CIMType":"boolean","Description":"Sets email attestation to required","Name":"EmailAttestationRequired","Option":"Write"},{"CIMType":"uint32","Description":"Sets email attestation re-auth days","Name":"EmailAttestationReAuthDays","Option":"Write"},{"CIMType":"boolean","Description":"Enables or disables the restricted access control.","Name":"EnableRestrictedAccessControl","Option":"Write"},{"CIMType":"String","Description":"Only value accepted is 'Present'","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the account to authenticate with.","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory application to authenticate with.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Name of the Azure Active Directory tenant used for authentication. Format contoso.onmicrosoft.com","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for certificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"string","Description":"Blocks or limits access to SharePoint and OneDrive content from un-managed devices.","Name":"ConditionalAccessPolicy","Option":"Write","ValueMap":["AllowFullAccess","AllowLimitedAccess","BlockAccess","ProtectionLevel"],"Values":["AllowFullAccess","AllowLimitedAccess","BlockAccess","ProtectionLevel"]},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource allows users to configure and monitor the access control settings for\nyour SPO tenant sharing settings."},{"ClassName":"MSFT_SPOApp","Parameters":[{"CIMType":"string","Description":"The name of the App.","Name":"Identity","Option":"Key"},{"CIMType":"string","Description":"The path the the app package on disk.","Name":"Path","Option":"Key"},{"CIMType":"boolean","Description":"This will deploy/trust an app into the app catalog.","Name":"Publish","Option":"Write"},{"CIMType":"boolean","Description":"Overwrites the existing app package if it already exists.","Name":"Overwrite","Option":"Write"},{"CIMType":"string","Description":"Present ensures the site collection exists, absent ensures it is removed","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the account to authenticate with.","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory application to authenticate with.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Name of the Azure Active Directory tenant used for authentication. Format contoso.onmicrosoft.com","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for certificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource allows users to deploy App instances in the\nApp Catalog."},{"ClassName":"MSFT_SPOBrowserIdleSignout","Parameters":[{"CIMType":"String","Description":"Specifies the resource is a single instance, the value must be 'Yes'","Name":"IsSingleInstance","Option":"Key","ValueMap":["Yes"],"Values":["Yes"]},{"CIMType":"Boolean","Description":"Enables the browser idle sign-out policy","Name":"Enabled","Option":"Write"},{"CIMType":"String","Description":"Specifies a time interval of inactivity before the user gets signed out","Name":"SignOutAfter","Option":"Write"},{"CIMType":"String","Description":"Specifies a time interval of inactivity before the user gets a warning about being signed out","Name":"WarnAfter","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Credentials of the SharePoint Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory application to authenticate with.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Name of the Azure Active Directory tenant used for authentication. Format contoso.onmicrosoft.com","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for certificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures an SharePoint Online Idle session sign-out policy."},{"ClassName":"MSFT_SPOHomeSite","Parameters":[{"CIMType":"String","Description":"Specifies the resource is a single instance, the value must be 'Yes'","Name":"IsSingleInstance","Option":"Key","ValueMap":["Yes"],"Values":["Yes"]},{"CIMType":"string","Description":"The URL of the home site collection","Name":"Url","Option":"Write"},{"CIMType":"string","Description":"Present ensures the site collection is registered as home site, absent ensures it is unregistered","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the account to authenticate with.","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory application to authenticate with.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Name of the Azure Active Directory tenant used for authentication. Format contoso.onmicrosoft.com","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for certificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource allows administrators to configure a Site Collection as the Home\nSite of the tenant. The menu of this SharePoint Site Collection will be shown on\nSharePoint Home.\n\n> NOTE:\n> This setting is not applied immediately and can take several hours to be fully\n> available within the tenant. Please use this resource with caution, as a direct\n> test run can lead to incorrect status results.\n> For more details about setting the home site, go to> aka.ms/homesites"},{"ClassName":"MSFT_SPOHubSite","Parameters":[{"CIMType":"string","Description":"The URL of the site collection","Name":"Url","Option":"Key"},{"CIMType":"string","Description":"The title of the hub site","Name":"Title","Option":"Write"},{"CIMType":"string","Description":"The description of the hub site","Name":"Description","Option":"Write"},{"CIMType":"string","Description":"The url to the logo of the hub site","Name":"LogoUrl","Option":"Write"},{"CIMType":"boolean","Description":"Does the hub site require approval to join","Name":"RequiresJoinApproval","Option":"Write"},{"CIMType":"string[]","Description":"The users or mail-enabled security groups which are allowed to associate their site with a hub site","Name":"AllowedToJoin","Option":"Write"},{"CIMType":"string","Description":"The guid of the site design to link to the hub site","Name":"SiteDesignId","Option":"Write"},{"CIMType":"string","Description":"Present ensures the site collection is registered as hub site, absent ensures it is unregistered","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the account to authenticate with.","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory application to authenticate with.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Name of the Azure Active Directory tenant used for authentication. Format contoso.onmicrosoft.com","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for certificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource allows users to configure a Site Collection as Hub Site\nCollection and configure its properties.\n\nNOTE:\nThe AllowedToJoin parameter accepts e-mail addresses (for users, Office\n365 Groups and Mail-Enabled Security groups) or DisplayName (for\nSecurity groups). However, when using DisplayName it is required that\nthere is only one group with that name. The resource will throw an\nexception if there are multiple groups with that name found!"},{"ClassName":"MSFT_SPOOrgAssetsLibrary","Parameters":[{"CIMType":"String","Description":"Indicates the absolute URL of the library to be designated as a central location for organization assets.","Name":"LibraryUrl","Option":"Key"},{"CIMType":"String","Description":"Specifies the CDN type. The valid values are public or private.","Name":"CdnType","Option":"Write","ValueMap":["Public","Private"],"Values":["Public","Private"]},{"CIMType":"String","Description":"Indicates the absolute URL of the library to be designated as a central location for organization Indicates the URL of the background image used when the library is publicly displayed. If no thumbnail URL is indicated, the card will have a gray background.","Name":"ThumbnailUrl","Option":"Write"},{"CIMType":"String","Description":"Specify if the SPO Org Assets library should exist or not.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the SharePoint Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory application to authenticate with.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Name of the Azure Active Directory tenant used for authentication. Format contoso.onmicrosoft.com","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for certificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures an SharePoint Online Org site assets library."},{"ClassName":"MSFT_SPOPropertyBag","Parameters":[{"CIMType":"String","Description":"Url of the site where to configure the PropertyBag property.","Name":"Url","Option":"Key"},{"CIMType":"String","Description":"Key that should be configured.","Name":"Key","Option":"Key"},{"CIMType":"String","Description":"Value of the assigned key.","Name":"Value","Option":"Key"},{"CIMType":"String","Description":"Specify if this policy should exist or not.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory application to authenticate with.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Name of the Azure Active Directory tenant used for authentication. Format contoso.onmicrosoft.com","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for certificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Configures a value in a site's property bag."},{"ClassName":"MSFT_SPORetentionLabelsSettings","Parameters":[{"CIMType":"String","Description":"Specifies the resource is a single instance, the value must be 'Yes'","Name":"IsSingleInstance","Option":"Key","ValueMap":["Yes"],"Values":["Yes"]},{"CIMType":"Boolean","Description":"Set whether files with Keep Label can be deleted in OneDrive for Business.","Name":"AllowFilesWithKeepLabelToBeDeletedODB","Option":"Write"},{"CIMType":"Boolean","Description":"Set whether files with Keep Label can be deleted in SharePoint Online.","Name":"AllowFilesWithKeepLabelToBeDeletedSPO","Option":"Write"},{"CIMType":"Boolean","Description":"Set to enable or disable the advanced record versioning.","Name":"AdvancedRecordVersioningDisabled","Option":"Write"},{"CIMType":"Boolean","Description":"Set metadata edit blocking enabled setting.","Name":"MetadataEditBlockingEnabled","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Configures the retention label settings. This setting is accessible via the Purview Record Management settings screen."},{"ClassName":"MSFT_SPOSearchManagedProperty","Parameters":[{"CIMType":"string","Description":"The Name of the Managed Property","Name":"Name","Option":"Key"},{"CIMType":"string","Description":"The Type of the Managed Property","Name":"Type","Option":"Key","ValueMap":["Text","Integer","Decimal","DateTime","YesNo","Double","Binary"],"Values":["Text","Integer","Decimal","DateTime","YesNo","Double","Binary"]},{"CIMType":"string","Description":"Description of the Managed Property","Name":"Description","Option":"Write"},{"CIMType":"boolean","Description":"Enables querying against the content of the managed property.  The content of this managed property is included in the full-text index. For example, if the property is 'author', a simple query for 'Smith' returns items containing the word 'Smith' and items whose author property contains 'Smith'.","Name":"Searchable","Option":"Write"},{"CIMType":"string","Description":"Defines which full-text index the Managed Property is stored in.","Name":"FullTextIndex","Option":"Write"},{"CIMType":"uint32","Description":"Defines the context of a managed property within its full-text index.","Name":"FullTextContext","Option":"Write"},{"CIMType":"boolean","Description":"Enables querying against the specific Managed Property. The Managed Property field name must be included in the query, either specified in the query itself or included in the query programmatically. If the Managed Property is 'author', the query must contain 'author:Smith'.","Name":"Queryable","Option":"Write"},{"CIMType":"boolean","Description":"Enables the content of this managed property to be returned in search results. Enable this setting for managed properties that are relevant to present in search results.","Name":"Retrievable","Option":"Write"},{"CIMType":"boolean","Description":"Allow multiple values of the same type in this managed property. For example, if this is the 'author' managed property, and a document has multiple authors, each author name will be stored as a separate value in this managed property.","Name":"AllowMultipleValues","Option":"Write"},{"CIMType":"string","Description":"Yes: Enables using the property as a refiner for search results in the front end. You must manually configure the refiner in the web part. Yes - latent: Enables switching refinable to active later, without having to do a full re-crawl when you switch. Both options require a full crawl to take effect.","Name":"Refinable","Option":"Write","ValueMap":["No","Yes - latent","Yes"],"Values":["No","Yes - latent","Yes"]},{"CIMType":"string","Description":"Yes: Enables sorting the result set based on the property before the result set is returned. Use for example for large result sets that cannot be sorted and retrieved at the same time. Yes - latent: Enables switching sortable to active later, without having to do a full re-crawl when you switch. Both options require a full crawl to take effect.","Name":"Sortable","Option":"Write","ValueMap":["No","Yes - latent","Yes"],"Values":["No","Yes - latent","Yes"]},{"CIMType":"boolean","Description":"Enables this managed property to be returned for queries executed by anonymous users. Enable this setting for managed properties that do not contain sensitive information and are appropriate for anonymous users to view.","Name":"Safe","Option":"Write"},{"CIMType":"string[]","Description":"Define an alias for a managed property if you want to use the alias instead of the managed property name in queries and in search results. Use the original managed property and not the alias to map to a crawled property. Use an alias if you don't want to or don't have permission to create a new managed property.","Name":"Aliases","Option":"Write"},{"CIMType":"boolean","Description":"Enable to return results independent of letter casing and diacritics(for example accented characters) used in the query.","Name":"TokenNormalization","Option":"Write"},{"CIMType":"boolean","Description":"By default, search returns partial matches between queries against this managed property and its content. Select Complete Matching for search to return exact matches instead. If a managed property 'Title' contains 'Contoso Sites', only the query Title: 'Contoso Sites' will give a result.","Name":"CompleteMatching","Option":"Write"},{"CIMType":"boolean","Description":"By default, search depends on language when it breaks queries and content into parts (tokenization). Select language neutral tokenization if you have multilingual content and this managed property contains tags that are based on metadata term sets or other identifiers.","Name":"LanguageNeutralTokenization","Option":"Write"},{"CIMType":"boolean","Description":"By default, search tokenizes queries coarser than content. If a managed property 'ID' contains the string '1-23-456#7', and you query ID:'1-23', you might not get a partial match because search didn't break the query into small enough parts. Consider selecting finer query tokenization if the content of this managed property contains separators such as dots and dashes. Finer query tokenization makes queries against this managed property slower.","Name":"FinerQueryTokenization","Option":"Write"},{"CIMType":"string[]","Description":"Names of the crawled properties that are mapped to this managed property","Name":"MappedCrawledProperties","Option":"Write"},{"CIMType":"boolean","Description":"Enables the system to extract company name entities from the managed property when crawling new or updated items. Afterwards, the extracted entities can be used to set up refiners in the web part.","Name":"CompanyNameExtraction","Option":"Write"},{"CIMType":"string","Description":"Present ensures the Search Managed Property exists.","Name":"Ensure","Option":"Write","ValueMap":["Present"],"Values":["Present"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the account to authenticate with.","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory application to authenticate with.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Name of the Azure Active Directory tenant used for authentication. Format contoso.onmicrosoft.com","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for certificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource allows users to create and monitor SharePoint Online Search\nManaged Properties."},{"ClassName":"MSFT_SPOSearchResultSource","Parameters":[{"CIMType":"string","Description":"The Name of the Result Source.","Name":"Name","Option":"Key"},{"CIMType":"string","Description":"Description of the Result Source.","Name":"Description","Option":"Write"},{"CIMType":"string","Description":"The protocol of the Result Source.","Name":"Protocol","Option":"Required","ValueMap":["Local","Remote","OpenSearch","Exchange"],"Values":["Local","Remote","OpenSearch","Exchange"]},{"CIMType":"string","Description":"Address of the root site collection of the remote SharePoint farm or Exchange server.","Name":"SourceURL","Option":"Write"},{"CIMType":"string","Description":"Select SharePoint Search Results to search over the entire index. Select People Search Results to enable query processing specific to People Search, such as phonetic name matching or nickname matching. Only people profiles will be returned from a People Search source.","Name":"Type","Option":"Write","ValueMap":["SharePoint","People"],"Values":["SharePoint","People"]},{"CIMType":"string","Description":"Change incoming queries to use this new query text instead. Include the incoming query in the new text by using the query variable '{searchTerms}'.","Name":"QueryTransform","Option":"Write"},{"CIMType":"boolean","Description":"Show partial search or not","Name":"ShowPartialSearch","Option":"Write"},{"CIMType":"boolean","Description":"Specifies if AutoDiscover should be used for the Exchange Source URL","Name":"UseAutoDiscover","Option":"Write"},{"CIMType":"string","Description":"Present ensures the Search Result Source exists.","Name":"Ensure","Option":"Write","ValueMap":["Present"],"Values":["Present"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the account to authenticate with.","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory application to authenticate with.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Name of the Azure Active Directory tenant used for authentication. Format contoso.onmicrosoft.com","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for certificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource allows users to create and monitor SharePoint Online Search\nResult Sources."},{"ClassName":"MSFT_SPOSharingSettings","Parameters":[{"CIMType":"String","Description":"Specifies the resource is a single instance, the value must be 'Yes'","Name":"IsSingleInstance","Option":"Key","ValueMap":["Yes"],"Values":["Yes"]},{"CIMType":"string","Description":"Configures sharing capability for SharePoint","Name":"SharingCapability","Option":"Write","ValueMap":["ExistingExternalUserSharingOnly","ExternalUserAndGuestSharing","Disabled","ExternalUserSharingOnly"],"Values":["ExistingExternalUserSharingOnly","ExternalUserAndGuestSharing","Disabled","ExternalUserSharingOnly"]},{"CIMType":"string","Description":"Configures sharing capability for mysite (onedrive)","Name":"MySiteSharingCapability","Option":"Write","ValueMap":["ExistingExternalUserSharingOnly","ExternalUserAndGuestSharing","Disabled","ExternalUserSharingOnly"],"Values":["ExistingExternalUserSharingOnly","ExternalUserAndGuestSharing","Disabled","ExternalUserSharingOnly"]},{"CIMType":"boolean","Description":"Enables the administrator to hide the Everyone claim in the People Picker.","Name":"ShowEveryoneClaim","Option":"Write"},{"CIMType":"boolean","Description":"Enables the administrator to hide the All Users claim groups in People Picker.","Name":"ShowAllUsersClaim","Option":"Write"},{"CIMType":"boolean","Description":"Enables the administrator to hide the Everyone except external users claim in the People Picker.","Name":"ShowEveryoneExceptExternalUsersClaim","Option":"Write"},{"CIMType":"boolean","Description":"Creates a Shared with Everyone folder in every user's new OneDrive for Business document library.","Name":"ProvisionSharedWithEveryoneFolder","Option":"Write"},{"CIMType":"boolean","Description":"Accelerates guest-enabled site collections as well as member-only site collections when the SignInAccelerationDomain parameter is set.","Name":"EnableGuestSignInAcceleration","Option":"Write"},{"CIMType":"boolean","Description":"When the feature is enabled, all external sharing invitations that are sent will blind copy the e-mail messages listed in the BccExternalSharingsInvitationList.","Name":"BccExternalSharingInvitations","Option":"Write"},{"CIMType":"string","Description":"Specifies a list of e-mail addresses to be BCC'd when the BCC for External Sharing feature is enabled.Multiple addresses can be specified by creating a comma separated list with no spaces.","Name":"BccExternalSharingInvitationsList","Option":"Write"},{"CIMType":"uint32","Description":"Specifies all anonymous links that have been created (or will be created) will expire after the set number of days.","Name":"RequireAnonymousLinksExpireInDays","Option":"Write"},{"CIMType":"string[]","Description":"Specifies a list of email domains that is allowed for sharing with the external collaborators. Entry values as an array of domains.","Name":"SharingAllowedDomainList","Option":"Write"},{"CIMType":"string[]","Description":"Specifies a list of email domains that is blocked or prohibited for sharing with the external collaborators. Entry values as an array of domains.","Name":"SharingBlockedDomainList","Option":"Write"},{"CIMType":"string","Description":"Specifies the external sharing mode for domains.","Name":"SharingDomainRestrictionMode","Option":"Write","ValueMap":["None","AllowList","BlockList"],"Values":["None","AllowList","BlockList"]},{"CIMType":"string","Description":"Lets administrators choose what type of link appears is selected in the 'Get a link' sharing dialog box in OneDrive for Business and SharePoint Online","Name":"DefaultSharingLinkType","Option":"Write","ValueMap":["None","Direct","Internal","AnonymousAccess"],"Values":["None","Direct","Internal","AnonymousAccess"]},{"CIMType":"boolean","Description":"Allow or deny external users re-sharing","Name":"PreventExternalUsersFromResharing","Option":"Write"},{"CIMType":"boolean","Description":"Enables the administrator to hide the guest users claim in the People Picker.","Name":"ShowPeoplePickerSuggestionsForGuestUsers","Option":"Write"},{"CIMType":"string","Description":"Configures anonymous link types for files","Name":"FileAnonymousLinkType","Option":"Write","ValueMap":["View","Edit"],"Values":["View","Edit"]},{"CIMType":"string","Description":"Configures anonymous link types for folders","Name":"FolderAnonymousLinkType","Option":"Write","ValueMap":["View","Edit"],"Values":["View","Edit"]},{"CIMType":"boolean","Description":"When this parameter is set to $true and another user re-shares a document from a user’s OneDrive for Business, the OneDrive for Business owner is notified by e-mail.","Name":"NotifyOwnersWhenItemsReshared","Option":"Write"},{"CIMType":"string","Description":"Specifies the link permission on the tenant level. Valid values to set are View and Edit. A value of None will be set to Edit as its the default value.","Name":"DefaultLinkPermission","Option":"Write","ValueMap":["None","View","Edit"],"Values":["None","View","Edit"]},{"CIMType":"String","Description":"Only accepted value is 'Present'.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the account to authenticate with.","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory application to authenticate with.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Name of the Azure Active Directory tenant used for authentication. Format contoso.onmicrosoft.com","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for certificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"boolean","Description":"Enable Guest access to a site or Onedrive to expire after","Name":"ExternalUserExpirationRequired","Option":"Write"},{"CIMType":"uint32","Description":"Specifies Number of days for Guest Access links to expire.","Name":"ExternalUserExpireInDays","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource allows users to configure and monitor the sharing settings for\nyour SPO tenant sharing settings"},{"ClassName":"MSFT_SPOSite","Parameters":[{"CIMType":"string","Description":"The URL of the site collection.","Name":"Url","Option":"Key"},{"CIMType":"string","Description":"The title of the site collection.","Name":"Title","Option":"Required"},{"CIMType":"string","Description":"Specifies the owner of the site.","Name":"Owner","Option":"Required"},{"CIMType":"uint32","Description":"TimeZone ID of the site collection.","Name":"TimeZoneId","Option":"Required"},{"CIMType":"string","Description":"Specifies with template of site to create.","Name":"Template","Option":"Write"},{"CIMType":"string","Description":"The URL of the Hub site the site collection needs to get connected to.","Name":"HubUrl","Option":"Write"},{"CIMType":"boolean","Description":"Disables Microsoft Flow for this site.","Name":"DisableFlows","Option":"Write"},{"CIMType":"string","Description":"Specifies what the sharing capabilities are for the site. Possible values: Disabled, ExternalUserSharingOnly, ExternalUserAndGuestSharing, ExistingExternalUserSharingOnly.","Name":"SharingCapability","Option":"Write","ValueMap":["Disabled","ExistingExternalUserSharingOnly","ExternalUserSharingOnly","ExternalUserAndGuestSharing"],"Values":["Disabled","ExistingExternalUserSharingOnly","ExternalUserSharingOnly","ExternalUserAndGuestSharing"]},{"CIMType":"uint32","Description":"Specifies the storage quota for this site collection in megabytes. This value must not exceed the company's available quota.","Name":"StorageMaximumLevel","Option":"Write"},{"CIMType":"uint32","Description":"Specifies the warning level for the storage quota in megabytes. This value must not exceed the values set for the StorageMaximumLevel parameter.","Name":"StorageWarningLevel","Option":"Write"},{"CIMType":"boolean","Description":"Specifies if the site administrator can upgrade the site collection.","Name":"AllowSelfServiceUpgrade","Option":"Write"},{"CIMType":"boolean","Description":"Specifies if comments on site pages are enabled or disabled.","Name":"CommentsOnSitePagesDisabled","Option":"Write"},{"CIMType":"string","Description":"Specifies the default link permission for the site collection. None - Respect the organization default link permission. View - Sets the default link permission for the site to 'view' permissions. Edit - Sets the default link permission for the site to 'edit' permissions.","Name":"DefaultLinkPermission","Option":"Write","ValueMap":["None","View","Edit"],"Values":["None","View","Edit"]},{"CIMType":"string","Description":"Specifies the default link type for the site collection. None - Respect the organization default sharing link type. AnonymousAccess - Sets the default sharing link for this site to an Anonymous Access or Anyone link. Internal - Sets the default sharing link for this site to the 'organization' link or company shareable link. Direct - Sets the default sharing link for this site to the 'Specific people' link.","Name":"DefaultSharingLinkType","Option":"Write","ValueMap":["None","AnonymousAccess","Internal","Direct"],"Values":["None","AnonymousAccess","Internal","Direct"]},{"CIMType":"string","Description":"Disables App Views.","Name":"DisableAppViews","Option":"Write","ValueMap":["Unknown","Disabled","NotDisabled"],"Values":["Unknown","Disabled","NotDisabled"]},{"CIMType":"string","Description":"Disables Company wide sharing links.","Name":"DisableCompanyWideSharingLinks","Option":"Write","ValueMap":["Unknown","Disabled","NotDisabled"],"Values":["Unknown","Disabled","NotDisabled"]},{"CIMType":"uint32","Description":"Specifies the language of the new site collection. Defaults to the current language of the web connected to.","Name":"LocaleId","Option":"Write"},{"CIMType":"boolean","Description":"Determines whether the Add And Customize Pages right is denied on the site collection. For more information about permission levels, see User permissions and permission levels in SharePoint.","Name":"DenyAddAndCustomizePages","Option":"Write"},{"CIMType":"string","Description":"Defines geo-restriction settings for this site","Name":"RestrictedToRegion","Option":"Write","ValueMap":["NoRestriction","BlockMoveOnly","BlockFull","Unknown"],"Values":["NoRestriction","BlockMoveOnly","BlockFull","Unknown"]},{"CIMType":"string","Description":"Specifies a list of email domains that is allowed for sharing with the external collaborators. Use the space character as the delimiter.","Name":"SharingAllowedDomainList","Option":"Write"},{"CIMType":"string","Description":"Specifies a list of email domains that is blocked for sharing with the external collaborators.","Name":"SharingBlockedDomainList","Option":"Write"},{"CIMType":"string","Description":"Specifies the external sharing mode for domains.","Name":"SharingDomainRestrictionMode","Option":"Write","ValueMap":["None","AllowList","BlockList"],"Values":["None","AllowList","BlockList"]},{"CIMType":"boolean","Description":"To enable the option to search for existing guest users at Site Collection Level, set this parameter to $true.","Name":"ShowPeoplePickerSuggestionsForGuestUsers","Option":"Write"},{"CIMType":"uint32","Description":"Specifies that all anonymous/anyone links that have been created (or will be created) will expire after the set number of days. Only applies if OverrideTenantAnonymousLinkExpirationPolicy is set to true. To remove the expiration requirement, set the value to zero (0)","Name":"AnonymousLinkExpirationInDays","Option":"Write"},{"CIMType":"boolean","Description":"Disables or enables the Social Bar for Site Collection.","Name":"SocialBarOnSitePagesDisabled","Option":"Write"},{"CIMType":"boolean","Description":"False - Respect the organization-level policy for anonymous or anyone link expiration. True - Override the organization-level policy for anonymous or anyone link expiration (can be more or less restrictive)","Name":"OverrideTenantAnonymousLinkExpirationPolicy","Option":"Write"},{"CIMType":"string","Description":"Present ensures the site collection exists, absent ensures it is removed","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the account to authenticate with.","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory application to authenticate with.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Name of the Azure Active Directory tenant used for authentication. Format contoso.onmicrosoft.com","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for certificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource allows users to create and monitor SharePoint Online Site Collections."},{"ClassName":"MSFT_SPOSiteAuditSettings","Parameters":[{"CIMType":"String","Description":"URL of the site collection to configure.","Name":"Url","Option":"Key"},{"CIMType":"String","Description":"Audit flag for the site collection. Can be 'All' or 'None'.","Name":"AuditFlags","Option":"Required","ValueMap":["All","None"],"Values":["All","None"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the account to authenticate with.","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory application to authenticate with.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Name of the Azure Active Directory tenant used for authentication. Format contoso.onmicrosoft.com","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for certificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Set Audit settings for a site."},{"ClassName":"MSFT_SPOSiteDesign","Parameters":[{"CIMType":"string","Description":"The title of the site design.","Name":"Title","Option":"Key"},{"CIMType":"string[]","Description":"The names of the site design scripts.","Name":"SiteScriptNames","Option":"Write"},{"CIMType":"string","Description":"Web template to which the site design is applied to when invoked.","Name":"WebTemplate","Option":"Write","ValueMap":["CommunicationSite","TeamSite","GrouplessTeamSite"],"Values":["CommunicationSite","TeamSite","GrouplessTeamSite"]},{"CIMType":"string","Description":"Description of site design.","Name":"Description","Option":"Write"},{"CIMType":"Boolean","Description":"Is site design applied by default to web templates.","Name":"IsDefault","Option":"Write"},{"CIMType":"string","Description":"Site design alternate preview image text.","Name":"PreviewImageAltText","Option":"Write"},{"CIMType":"string","Description":"Site design preview image url.","Name":"PreviewImageUrl","Option":"Write"},{"CIMType":"uint32","Description":"Site design version number.","Name":"Version","Option":"Write"},{"CIMType":"String","Description":"Used to add or remove site design.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Office365 Tenant Admin.","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory application to authenticate with.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Name of the Azure Active Directory tenant used for authentication. Format contoso.onmicrosoft.com","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for certificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures Site Designs."},{"ClassName":"MSFT_SPOSiteDesignRights","Parameters":[{"CIMType":"string","Description":"The title of the site design","Name":"SiteDesignTitle","Option":"Key"},{"CIMType":"string","Description":"Rights to grant user principals on site design rights.","Name":"Rights","Option":"Key","ValueMap":["View","None"],"Values":["View","None"]},{"CIMType":"string[]","Description":"List of user principals with separated by commas to site design rights.","Name":"UserPrincipals","Option":"Write"},{"CIMType":"String","Description":"Used to add or remove list of users from site design rights.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Office365 Tenant Admin.","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory application to authenticate with.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Name of the Azure Active Directory tenant used for authentication. Format contoso.onmicrosoft.com","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for certificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures rights on Site Designs."},{"ClassName":"MSFT_SPOSiteGroup","Parameters":[{"CIMType":"string","Description":"The name of the site group","Name":"Identity","Option":"Key"},{"CIMType":"string","Description":"The URL of the site.","Name":"Url","Option":"Key"},{"CIMType":"string","Description":"The owner (email address) of the site group","Name":"Owner","Option":"Write"},{"CIMType":"string[]","Description":"The permission level of the site group","Name":"PermissionLevels","Option":"Write"},{"CIMType":"String","Description":"Used to add or remove site design.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Office365 Tenant Admin.","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory application to authenticate with.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Name of the Azure Active Directory tenant used for authentication. Format contoso.onmicrosoft.com","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for certificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Configure groups for a SharePoint Online site."},{"ClassName":"MSFT_SPOSiteScript","Parameters":[{"CIMType":"string","Description":"The title of the site script.","Name":"Title","Option":"Key"},{"CIMType":"string","Description":"ID of the site Script","Name":"Identity","Option":"Write"},{"CIMType":"string","Description":"The description of the site script.","Name":"Description","Option":"Write"},{"CIMType":"string","Description":"A JSON string containing the site script.","Name":"Content","Option":"Write"},{"CIMType":"string","Description":"Present ensures the site script exists, absent ensures it is removed","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the account to authenticate with.","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory application to authenticate with.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Name of the Azure Active Directory tenant used for authentication. Format contoso.onmicrosoft.com","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for certificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource allows users to manage JSON files that specify an ordered list of actions to run when creating the new sites."},{"ClassName":"MSFT_SPOStorageEntity","Parameters":[{"CIMType":"string","Description":"The key of the storage entity.","Name":"Key","Option":"Key"},{"CIMType":"string","Description":"Scope of the storage entity.","Name":"EntityScope","Option":"Write","ValueMap":["Tenant","Site"],"Values":["Tenant","Site"]},{"CIMType":"string","Description":"Value of the storage entity.","Name":"Value","Option":"Write"},{"CIMType":"string","Description":"Description of storage entity.","Name":"Description","Option":"Write"},{"CIMType":"string","Description":"Comment for the storage entity.","Name":"Comment","Option":"Write"},{"CIMType":"string","Description":"Used to add or remove storage entity.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"string","Description":"The url of site collection or tenant.","Name":"SiteUrl","Option":"Required"},{"CIMType":"MSFT_Credential","Description":"Credentials of the Office365 Tenant Admin.","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory application to authenticate with.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Name of the Azure Active Directory tenant used for authentication. Format contoso.onmicrosoft.com","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for certificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures Storage Entity for SharePoint Online."},{"ClassName":"MSFT_SPOTenantCdnEnabled","Parameters":[{"CIMType":"String","Description":"Specifies the CDN type. The valid values are public or private.","Name":"CdnType","Option":"Key","ValueMap":["Public","Private"],"Values":["Public","Private"]},{"CIMType":"Boolean","Description":"Specify to enable or disable tenant CDN.","Name":"Enable","Option":"Write"},{"CIMType":"String","Description":"Get-PNPTenantCdnEnabled always returns a value, only support value is Present","Name":"Ensure","Option":"Write","ValueMap":["Present"],"Values":["Present"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the SharePoint Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory application to authenticate with.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Name of the Azure Active Directory tenant used for authentication. Format contoso.onmicrosoft.com","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for certificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource enables / disables SharePoint online CDN\n\n* Not supported in GCC High"},{"ClassName":"MSFT_SPOTenantCDNPolicy","Parameters":[{"CIMType":"string","Description":"Type of Content Delivery Network. Can be 'Private' or 'Public'.","Name":"CDNType","Option":"Key","ValueMap":["Private","Public"],"Values":["Private","Public"]},{"CIMType":"string[]","Description":"List of site classifications to exclude.","Name":"ExcludeRestrictedSiteClassifications","Option":"Write"},{"CIMType":"string[]","Description":"List of file extensions to include in the Policy.","Name":"IncludeFileExtensions","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Credentials of the Office365 Tenant Admin.","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory application to authenticate with.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Name of the Azure Active Directory tenant used for authentication. Format contoso.onmicrosoft.com","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for certificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures Content Delivery Network policies\nfor SharePoint Online.\n\n* Not supported in GCC High"},{"ClassName":"MSFT_SPOTenantSettings","Parameters":[{"CIMType":"String","Description":"Specifies the resource is a single instance, the value must be 'Yes'","Name":"IsSingleInstance","Option":"Key","ValueMap":["Yes"],"Values":["Yes"]},{"CIMType":"boolean","Description":"Enables OneDrive and SharePoint integration with Microsoft Entra B2B.","Name":"EnableAzureADB2BIntegration","Option":"Write"},{"CIMType":"string","Description":"DEPRECATED - Determines what level of sharing is available for OneDrive sites. It corresponds to the SharingCapabilities for OneDrive sites.","Name":"OneDriveSharingCapability","Option":"Write","ValueMap":["ExternalUserAndGuestSharing","Disabled","ExternalUserSharingOnly","ExistingExternalUserSharingOnly"],"Values":["ExternalUserAndGuestSharing","Disabled","ExternalUserSharingOnly","ExistingExternalUserSharingOnly"]},{"CIMType":"uint32","Description":"Specifies the lower bound on the compatibility level for new sites.","Name":"MinCompatibilityLevel","Option":"Write"},{"CIMType":"uint32","Description":"Specifies the upper bound on the compatibility level for new sites.","Name":"MaxCompatibilityLevel","Option":"Write"},{"CIMType":"boolean","Description":"Removes the search capability from People Picker. Note, recently resolved names will still appear in the list until browser cache is cleared or expired.","Name":"SearchResolveExactEmailOrUPN","Option":"Write"},{"CIMType":"boolean","Description":"When set to true this will disable the ability to use Modern Authentication that leverages ADAL across the tenant.","Name":"OfficeClientADALDisabled","Option":"Write"},{"CIMType":"boolean","Description":"Setting this parameter prevents Office clients using non-modern authentication protocols from accessing SharePoint Online resources.","Name":"LegacyAuthProtocolsEnabled","Option":"Write"},{"CIMType":"String","Description":"Specifies the home realm discovery value to be sent to Azure Active Directory (AAD) during the user sign-in process.","Name":"SignInAccelerationDomain","Option":"Write"},{"CIMType":"boolean","Description":"Lets SharePoint issue a special cookie that will allow this feature to work even when Keep Me Signed In is not selected.","Name":"UsePersistentCookiesForExplorerView","Option":"Write"},{"CIMType":"boolean","Description":"Configure PublicCDN","Name":"PublicCdnEnabled","Option":"Write"},{"CIMType":"String","Description":"Configure filetypes allowed for PublicCDN","Name":"PublicCdnAllowedFileTypes","Option":"Write"},{"CIMType":"boolean","Description":"When set to $true, users aren't able to share with security groups or SharePoint groups.","Name":"UseFindPeopleInPeoplePicker","Option":"Write"},{"CIMType":"boolean","Description":"When set to $true, users aren't able to share with security groups or SharePoint groups.","Name":"NotificationsInSharePointEnabled","Option":"Write"},{"CIMType":"boolean","Description":"Specifies whether an email notification should be sent to the OneDrive for Business owners when an anonymous links are created or changed.","Name":"OwnerAnonymousNotification","Option":"Write"},{"CIMType":"boolean","Description":"When the feature is enabled, all guest users are subject to conditional access policy. By default guest users who are accessing SharePoint Online files with pass code are exempt from the conditional access policy.","Name":"ApplyAppEnforcedRestrictionsToAdHocRecipients","Option":"Write"},{"CIMType":"boolean","Description":"Sets whether webparts that support inserting images, like for example Image or Hero webpart, the Web search (Powered by Bing) should allow choosing external images.","Name":"FilePickerExternalImageSearchEnabled","Option":"Write"},{"CIMType":"boolean","Description":"Defines if the default themes are visible or hidden","Name":"HideDefaultThemes","Option":"Write"},{"CIMType":"boolean","Description":"To enable or disable Sync button on Team sites","Name":"HideSyncButtonOnTeamSite","Option":"Write"},{"CIMType":"string","Description":"Allow or block external sharing until at least one Office DLP policy scans the content of the file.","Name":"MarkNewFilesSensitiveByDefault","Option":"Write","ValueMap":["AllowExternalSharing","BlockExternalSharing"],"Values":["AllowExternalSharing","BlockExternalSharing"]},{"CIMType":"string[]","Description":"Provide GUID for the Web Parts that are to be disabled on the Sharepoint Site","Name":"DisabledWebPartIds","Option":"Write"},{"CIMType":"boolean","Description":"Disables or enables the Social Bar. It will give users the ability to like a page, see the number of views, likes, and comments on a page, and see the people who have liked a page.","Name":"SocialBarOnSitePagesDisabled","Option":"Write"},{"CIMType":"boolean","Description":"Set to false to enable a comment section on all site pages, users who have access to the pages can leave comments. Set to true to disable this feature.","Name":"CommentsOnSitePagesDisabled","Option":"Write"},{"CIMType":"boolean","Description":"Boolean indicating if Azure Information Protection (AIP) should be enabled on the tenant.","Name":"EnableAIPIntegration","Option":"Write"},{"CIMType":"Boolean","Description":"Determines whether or not we need to include external participants in shared channels for SharePoint access restriction.","Name":"ExemptNativeUsersFromTenantLevelRestricedAccessControl","Option":"Write"},{"CIMType":"String[]","Description":"List of security groups to include in OneDrive access restrictions","Name":"AllowSelectSGsInODBListInTenant","Option":"Write"},{"CIMType":"String[]","Description":"List of security groups to exclude in OneDrive access restrictions","Name":"DenySelectSGsInODBListInTenant","Option":"Write"},{"CIMType":"String[]","Description":"List of security groups to exclude in SharePoint access restrictions","Name":"DenySelectSecurityGroupsInSPSitesList","Option":"Write"},{"CIMType":"String[]","Description":"List of security groups to include in SharePoint access restrictions.","Name":"AllowSelectSecurityGroupsInSPSitesList","Option":"Write"},{"CIMType":"String","Description":"The default timezone of a tenant for newly created sites.","Name":"TenantDefaultTimezone","Option":"Write"},{"CIMType":"Boolean","Description":"Gets or sets a value to specify if user checks handle mobile friendly url.","Name":"MobileFriendlyUrlEnabledInTenant","Option":"Write"},{"CIMType":"Boolean","Description":"Gets or sets a value to specify the advanced setting of the conditional access policy.","Name":"AllowDownloadingNonWebViewableFiles","Option":"Write"},{"CIMType":"Boolean","Description":"Prevents users from editing Office files in the browser and copying and pasting Office file contents out of the browser window.","Name":"AllowEditing","Option":"Write"},{"CIMType":"Boolean","Description":"Set whether to hide the sync button on OneDrive for Business sites.","Name":"HideSyncButtonOnODB","Option":"Write"},{"CIMType":"Boolean","Description":"Configure if ACS-based app-only authentication should be disabled or not.","Name":"DisableCustomAppAuthentication","Option":"Write"},{"CIMType":"String[]","Description":"Guids of out of the box modern list templates to hide when creating a new list.","Name":"DisabledModernListTemplateIds","Option":"Write"},{"CIMType":"Boolean","Description":"Allows configuring whether personal lists created within the OneDrive for Business site of the user is enabled or disabled in the tenant. If set to $false, personal lists will be allowed to be created in the tenant. If set to $true, it will be disabled in the tenant.","Name":"DisablePersonalListCreation","Option":"Write"},{"CIMType":"Boolean","Description":"Allows configuring whether display name of people who view the file are visible in the property pane of the site in SharePoint site collection.","Name":"DisplayNamesOfFileViewersInSpo","Option":"Write"},{"CIMType":"Boolean","Description":"Allows configuration on whether Fluid components are enabled or disabled in the tenant. If set to $true, then this feature will be enabled on all sites in the tenant. If set to $false, it will be disabled on all sites in the tenant.","Name":"IsFluidEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"Allows configuring whether loop components are enabled or disabled in the tenant. If set to $true, loop components will be allowed to be created in the tenant. If set to $false, it will be disabled in the tenant.","Name":"IsLoopEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether the newsfeed is allowed on the modern site pages in SharePoint.","Name":"IsSharePointNewsfeedEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether users are allowed to create sites.","Name":"IsSiteCreationEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether the UI commands for creating sites are shown.","Name":"IsSiteCreationUiEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether creating new modern pages is allowed on SharePoint sites.","Name":"IsSitePagesCreationEnabled","Option":"Write"},{"CIMType":"String","Description":"Specifies the URL of the redirected site for those site collections which have the locked state 'NoAccess'. The valid values are: '' (default) - Blank by default, this will also remove or clear any value that has been set. Full URL - Example: https://contoso.sharepoint.com/Pages/Locked.aspx","Name":"NoAccessRedirectUrl","Option":"Write"},{"CIMType":"Boolean","Description":"Ensures that an external user can only accept an external sharing invitation with an account matching the invited email address. Note, this only applies to new external users accepting new sharing invitations. Also, the resource owner must share with an organizational or Microsoft account or the external user will be unable to access the resource. ","Name":"RequireAcceptingAccountMatchInvitedAccount","Option":"Write"},{"CIMType":"String","Description":"Permits the use of special characters in file and folder names in SharePoint Online and OneDrive for Business document libraries. The only two characters that can be managed at this time are the # and % characters.","Name":"SpecialCharactersStateInFileFolderNames","Option":"Write","ValueMap":["NoPreference","Allowed","Disallowed"],"Values":["NoPreference","Allowed","Disallowed"]},{"CIMType":"String","Description":"Only accepted value is 'Present'.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the account to authenticate with.","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory application to authenticate with.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Name of the Azure Active Directory tenant used for authentication. Format contoso.onmicrosoft.com","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for certificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource allows users to configure and monitor the tenant settings for\ntheir SPO tenant settings."},{"ClassName":"MSFT_SPOThemePaletteProperty","Parameters":[{"CIMType":"String","Description":"Name of the property.","Name":"Property","Option":"Key"},{"CIMType":"String","Description":"Color value in Hexadecimal.","Name":"Value","Option":"Write"}],"Description":"This resource allows users to configure and monitor the themes for\ntheir SPO tenant.\n\nTo configure your SPO themes using this configuration resource requires you to\nprovide a color palette which at the end defines the colors of your theme.\n\nYou can use the SPO Theme builder under:\n\n[https://aka.ms/spthemebuilder](https://aka.ms/spthemebuilder)\n\nto create and preview your color palette.\n\nOnce you are satisfied with the color of your theme you can copy\nthe JSON Output and put it directly into your configuration.\n\nMore details on the theme schema can be found\n[here](https://aka.ms/AboutSPOThemes)"},{"ClassName":"MSFT_SPOTheme","Parameters":[{"CIMType":"String","Description":"The name of the theme, which appears in the theme picker UI and is also used by administrators and developers to refer to the theme in PowerShell cmdlets or calls to the SharePoint REST API.","Name":"Name","Option":"Key"},{"CIMType":"boolean","Description":"This value should be false for light themes and true for dark themes; it controls whether SharePoint uses dark or light theme colors to render text on colored backgrounds.","Name":"IsInverted","Option":"Write"},{"CIMType":"MSFT_SPOThemePaletteProperty[]","Description":"Specifies the color scheme which composes your theme.","Name":"Palette","Option":"Write"},{"CIMType":"String","Description":"Only accepted value is 'Present'.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the account to authenticate with.","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory application to authenticate with.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Name of the Azure Active Directory tenant used for authentication. Format contoso.onmicrosoft.com","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for certificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource allows users to configure and monitor the themes for\ntheir SPO tenant.\n\nTo configure your SPO themes using this configuration resource requires you to\nprovide a color palette which at the end defines the colors of your theme.\n\nYou can use the SPO Theme builder under:\n\n[https://aka.ms/spthemebuilder](https://aka.ms/spthemebuilder)\n\nto create and preview your color palette.\n\nOnce you are satisfied with the color of your theme you can copy\nthe JSON Output and put it directly into your configuration.\n\nMore details on the theme schema can be found\n[here](https://aka.ms/AboutSPOThemes)"},{"ClassName":"MSFT_SPOUserProfilePropertyInstance","Parameters":[{"CIMType":"String","Description":"Name of the User Profile Property.","Name":"Key","Option":"Key"},{"CIMType":"String","Description":"Value of the User Profile Property.","Name":"Value","Option":"Write"}],"Description":"This resource allows users to configure and monitor the profile\nproperties of a user."},{"ClassName":"MSFT_SPOUserProfileProperty","Parameters":[{"CIMType":"String","Description":"Username of the user to configure the profile properties for. E.g. John.Smith@contoso.com","Name":"UserName","Option":"Key"},{"CIMType":"MSFT_SPOUserProfilePropertyInstance[]","Description":"Array of MSFT_SPOUserProfilePropertyInstance representing the profile properties to set.","Name":"Properties","Option":"Write"},{"CIMType":"String","Description":"Only accepted value is 'Present'.","Name":"Ensure","Option":"Write","ValueMap":["Present"],"Values":["Present"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Global Admin.","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory application to authenticate with.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Name of the Azure Active Directory tenant used for authentication. Format contoso.onmicrosoft.com","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource allows users to configure and monitor the profile\nproperties of a user."},{"ClassName":"MSFT_TeamsAIPolicy","Parameters":[{"CIMType":"String","Description":"Unique identity of the AI Policy.","Name":"Identity","Option":"Key"},{"CIMType":"String","Description":"Provides explanatory text about the Teams AI policy.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"EnrollFace controls user access to user face enrollment in the Teams app settings.","Name":"EnrollFace","Option":"Write","ValueMap":["Enabled","Disabled"],"Values":["Enabled","Disabled"]},{"CIMType":"String","Description":"EnrollVoice controls user access to user voice enrollment in the Teams app settings.","Name":"EnrollVoice","Option":"Write","ValueMap":["Enabled","Disabled"],"Values":["Enabled","Disabled"]},{"CIMType":"String","Description":"Setting to Enabled turns on speaker attribution in BYOD scenarios while Disabled will turn off the function.","Name":"SpeakerAttributionForBYOD","Option":"Write","ValueMap":["Enabled","Disabled"],"Values":["Enabled","Disabled"]},{"CIMType":"string","Description":"Present ensures the instance exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource implements Teams AI Policies."},{"ClassName":"MSFT_TeamsApplicationInstance","Parameters":[{"CIMType":"String","Description":"The display name of the resource instance.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"The user principal name associated with the resource instance.","Name":"UserPrincipalName","Option":"Key"},{"CIMType":"String","Description":"The type of resource account. Values can be: AutoAttendant or CallQueue.","Name":"ResourceAccountType","Option":"Write","ValueMap":["AutoAttendant","CallQueue"],"Values":["AutoAttendant","CallQueue"]},{"CIMType":"string","Description":"Present ensures the instance exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Absent","Present"],"Values":["Absent","Present"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Manages Teams Resource Accounts."},{"ClassName":"MSFT_TeamsAppPermissionPolicy","Parameters":[{"CIMType":"String","Description":"Unique identifier to be assigned to the new Teams app permission policy. Use the 'Global' Identity if you wish to assign this policy to the entire tenant.","Name":"Identity","Option":"Key"},{"CIMType":"String","Description":"Enables administrators to provide explanatory text to accompany a Teams app permission policy.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"The types of apps for the Global Catalog.","Name":"GlobalCatalogAppsType","Option":"Write"},{"CIMType":"String","Description":"The types of apps for the Private Catalog.","Name":"PrivateCatalogAppsType","Option":"Write"},{"CIMType":"String","Description":"The types of apps for the Default Catalog.","Name":"DefaultCatalogAppsType","Option":"Write"},{"CIMType":"String[]","Description":"The list of apps for the Global Catalog.","Name":"GlobalCatalogApps","Option":"Write"},{"CIMType":"String[]","Description":"The list of apps for the Private Catalog.","Name":"PrivateCatalogApps","Option":"Write"},{"CIMType":"String[]","Description":"The list of apps for the Default Catalog.","Name":"DefaultCatalogApps","Option":"Write"},{"CIMType":"string","Description":"Present ensures the instance exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Manages the Teams App Permission Policies."},{"ClassName":"MSFT_TeamsAppSetupPolicy","Parameters":[{"CIMType":"String","Description":"Unique identifier to be assigned to the new Teams app setup policy. Use the 'Global' Identity if you wish to assign this policy to the entire tenant.","Name":"Identity","Option":"Key"},{"CIMType":"String","Description":"Enables administrators to provide explanatory text to accompany a Teams app setup policy.","Name":"Description","Option":"Write"},{"CIMType":"String[]","Description":"Choose which apps and messaging extensions you want to be installed in your users' personal Teams environment and in meetings they create. Users can install other available apps from the Teams app store.","Name":"AppPresetList","Option":"Write"},{"CIMType":"String[]","Description":"Choose which apps and meeting extensions you want to be installed in your users' personal Teams environment and in meetings they create. Users can install other available apps from the Teams app store.","Name":"AppPresetMeetingList","Option":"Write"},{"CIMType":"String[]","Description":"Pinning an app displays the app in the app bar in Teams client. Admins can pin apps and they can allow users to pin apps. Pinning is used to highlight apps that are needed the most by users and promote ease of access.","Name":"PinnedAppBarApps","Option":"Write"},{"CIMType":"String[]","Description":"Determines the list of apps that are pre pinned for a participant in Calls.","Name":"PinnedCallingBarApps","Option":"Write"},{"CIMType":"String[]","Description":"Apps are pinned in messaging extensions and into the ellipsis menu.","Name":"PinnedMessageBarApps","Option":"Write"},{"CIMType":"Boolean","Description":"If you turn this on, the user's existing app pins will be added to the list of pinned apps set in this policy. Users can rearrange, add, and remove pins as they choose. If you turn this off, the user's existing app pins will be removed and replaced with the apps defined in this policy.","Name":"AllowUserPinning","Option":"Write"},{"CIMType":"Boolean","Description":"This is also known as side loading. This setting determines if a user can upload a custom app package in the Teams app. Turning it on lets you create or develop a custom app to be used personally or across your organization without having to submit it to the Teams app store. Uploading a custom app also lets you test an app before you distribute it more widely by only assigning it to a single user or group of users.","Name":"AllowSideLoading","Option":"Write"},{"CIMType":"string","Description":"Present ensures the instance exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Manages Teams app setup policies in your tenant."},{"ClassName":"MSFT_TeamsAudioConferencingPolicy","Parameters":[{"CIMType":"String","Description":"Specify the name of the policy that you are creating","Name":"Identity","Option":"Key"},{"CIMType":"Boolean","Description":"Determines whether users of the Policy can have Toll free numbers","Name":"AllowTollFreeDialin","Option":"Write"},{"CIMType":"String","Description":"Determines the list of audio-conferencing Toll- and Toll-free telephone numbers that will be included in meetings invites created by users of this policy.","Name":"MeetingInvitePhoneNumbers","Option":"Write"},{"CIMType":"string","Description":"Present ensures the instance exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Configures a Teams Audio Conferencing Policy."},{"ClassName":"MSFT_TeamsCallHoldPolicy","Parameters":[{"CIMType":"String","Description":"Unique identifier to be assigned to the new Teams call hold policy. Use the 'Global' Identity if you wish to assign this policy to the entire tenant.","Name":"Identity","Option":"Key"},{"CIMType":"String","Description":"A string representing the ID referencing an audio file uploaded via the Import-CsOnlineAudioFile cmdlet.","Name":"AudioFileId","Option":"Write"},{"CIMType":"String","Description":"Enables administrators to provide explanatory text to accompany a Teams call hold policy.","Name":"Description","Option":"Write"},{"CIMType":"string","Description":"Present ensures the instance exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Creates a new Teams call hold policy in your tenant. The Teams call hold policy is used to customize the call hold experience for Teams clients."},{"ClassName":"MSFT_TeamsCallingPolicy","Parameters":[{"CIMType":"String","Description":"Identity of the Teams Calling Policy.","Name":"Identity","Option":"Key"},{"CIMType":"String","Description":"Description of the Teams Calling Policy.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Enables the user to use the AI Interpreter related features. Possible values are: Disabled, Enabled","Name":"AIInterpreter","Option":"Write","ValueMap":["Disabled","Enabled"],"Values":["Disabled","Enabled"]},{"CIMType":"UInt32","Description":"The maximum amount a user can spend on outgoing PSTN calls, including all calls made through Pay-as-you-go Calling Plans and any overages on plans with bundled minutes.","Name":"CallingSpendUserLimit","Option":"Write"},{"CIMType":"String","Description":"Setting this parameter lets you control how Copilot is used during calls and if transcription is needed to be turned on and saved after the call. Possible values: Enabled, EnabledWithTranscript, Disabled","Name":"Copilot","Option":"Write","ValueMap":["Enabled","EnabledWithTranscript","Disabled"],"Values":["Enabled","EnabledWithTranscript","Disabled"]},{"CIMType":"Boolean","Description":"This setting allows an admin to enable or disable spend limits on PSTN calls for their user base.","Name":"EnableSpendLimits","Option":"Write"},{"CIMType":"Boolean","Description":"Determines if MediaBypass is enabled for PSTN calls on specified Web platforms.","Name":"EnableWebPstnMediaBypass","Option":"Write"},{"CIMType":"String","Description":"This setting controls whether users must provide or obtain explicit consent before recording a 1:1 PSTN or Teams call. When enabled, both parties will receive a notification, and consent must be given before recording starts. Possible values: Enabled: Requires users to give and obtain explicit consent before starting a call recording. Disabled: Users are not required to obtain explicit consent before recording starts.","Name":"ExplicitRecordingConsent","Option":"Write","ValueMap":["Disabled","Enabled"],"Values":["Disabled","Enabled"]},{"CIMType":"String","Description":"Setting this parameter lets you control how inbound federated calls should be routed. Possible values are: RegularIncoming, Unanswered, Voicemail.","Name":"InboundFederatedCallRoutingTreatment","Option":"Write","ValueMap":["RegularIncoming","Unanswered","Voicemail"],"Values":["RegularIncoming","Unanswered","Voicemail"]},{"CIMType":"String","Description":"Setting this parameter lets you control how inbound PSTN calls should be routed. Possible values are: RegularIncoming, Unanswered, Voicemail, UserOverride.","Name":"InboundPstnCallRoutingTreatment","Option":"Write","ValueMap":["RegularIncoming","Unanswered","Voicemail","UserOverride"],"Values":["RegularIncoming","Unanswered","Voicemail","UserOverride"]},{"CIMType":"String","Description":"Setting this parameter allows you to set the PopoutForIncomingPstnCalls setting's URL path of the website to launch upon receiving incoming PSTN calls. This parameter accepts an HTTPS URL with less than 1024 characters. The URL can contain a {phone} placeholder that is replaced with the caller's PSTN number in E.164 format when launched.","Name":"PopoutAppPathForIncomingPstnCalls","Option":"Write"},{"CIMType":"String","Description":"Setting this parameter allows you to control the tenant users' ability to launch an external website URL automatically in the browser window upon incoming PSTN calls for specific users or user groups. Possible values are: Enabled, Disabled.","Name":"PopoutForIncomingPstnCalls","Option":"Write","ValueMap":["Disabled","Enabled"],"Values":["Disabled","Enabled"]},{"CIMType":"String","Description":"Allows users to use real time text during a call, allowing them to communicate by typing their messages in real time. Possible values are: Disabled, Enabled","Name":"RealTimeText","Option":"Write","ValueMap":["Disabled","Enabled"],"Values":["Disabled","Enabled"]},{"CIMType":"Boolean","Description":"Controls if Teams calls are shown in the call log.","Name":"ShowTeamsCallsInCallLog","Option":"Write"},{"CIMType":"String","Description":"Enables the user to use the voice simulation feature while being AI interpreted. Possible values are: Disabled, Enabled","Name":"VoiceSimulationInInterpreter","Option":"Write","ValueMap":["Disabled","Enabled"],"Values":["Disabled","Enabled"]},{"CIMType":"Boolean","Description":"Controls all calling capabilities in Teams. Turning this off will turn off all calling functionality in Teams. If you use Skype for Business for calling, this policy will not affect calling functionality in Skype for Business.","Name":"AllowPrivateCalling","Option":"Write"},{"CIMType":"String","Description":"Enables inbound calls to be routed to voice mail. Valid options are: AlwaysEnabled, AlwaysDisabled, UserOverride.","Name":"AllowVoicemail","Option":"Write","ValueMap":["AlwaysEnabled","AlwaysDisabled","UserOverride"],"Values":["AlwaysEnabled","AlwaysDisabled","UserOverride"]},{"CIMType":"Boolean","Description":"Enables inbound calls to be routed to call groups.","Name":"AllowCallGroups","Option":"Write"},{"CIMType":"Boolean","Description":"Enables inbound calls to be routed to delegates; allows delegates to make outbound calls on behalf of the users for whom they have delegated permissions.","Name":"AllowDelegation","Option":"Write"},{"CIMType":"Boolean","Description":"Enables call forwarding or simultaneous ringing of inbound calls to other users in your tenant.","Name":"AllowCallForwardingToUser","Option":"Write"},{"CIMType":"Boolean","Description":"Enables call forwarding or simultaneous ringing of inbound calls to any phone number.","Name":"AllowCallForwardingToPhone","Option":"Write"},{"CIMType":"String","Description":"Setting this parameter provides the ability to configure call redirection capabilities on Teams phones.","Name":"AllowCallRedirect","Option":"Write","ValueMap":["Enabled","Disabled","UserOverride"],"Values":["Enabled","Disabled","UserOverride"]},{"CIMType":"Boolean","Description":"Determines whether the user is allowed to use SIP devices for calling on behalf of a Teams client.","Name":"AllowSIPDevicesCalling","Option":"Write"},{"CIMType":"Boolean","Description":"Allows PSTN calling from the Team web client","Name":"AllowWebPSTNCalling","Option":"Write"},{"CIMType":"Boolean","Description":"Setting this parameter to True will send calls through PSTN and incur charges rather than going through the network and bypassing the tolls.","Name":"PreventTollBypass","Option":"Write"},{"CIMType":"String","Description":"Setting this parameter lets you configure how incoming calls are handled when a user is already in a call or conference or has a call placed on hold. New or incoming calls will be rejected with a busy signal. Valid options are: Enabled, Disabled and Unanswered.","Name":"BusyOnBusyEnabledType","Option":"Write","ValueMap":["Enabled","Disabled","Unanswered","UserOverride"],"Values":["Enabled","Disabled","Unanswered","UserOverride"]},{"CIMType":"UInt32","Description":"Sets the expiration of the recorded 1:1 calls.","Name":"CallRecordingExpirationDays","Option":"Write"},{"CIMType":"String","Description":"Setting this parameter allows you to turn on or turn off music on hold when a PSTN caller is placed on hold. It is turned on by default. Valid options are: Enabled, Disabled, UserOverride. For now setting the value to UserOverride is the same as Enabled. This setting does not apply to call park and SLA boss delegate features. Valid options are: Enabled, Disabled, UserOverride.","Name":"MusicOnHoldEnabledType","Option":"Write","ValueMap":["Enabled","Disabled","UserOverride"],"Values":["Enabled","Disabled","UserOverride"]},{"CIMType":"String","Description":"This parameter is not available for use. Valid options are: Enabled, Disabled, UserOverride.","Name":"SafeTransferEnabled","Option":"Write","ValueMap":["Enabled","Disabled","UserOverride"],"Values":["Enabled","Disabled","UserOverride"]},{"CIMType":"Boolean","Description":"Setting this parameter to True will allows 1:1 Calls to be recorded.","Name":"AllowCloudRecordingForCalls","Option":"Write"},{"CIMType":"Boolean","Description":"Determines whether post-meeting captions and transcriptions are allowed in a user's meetings. Set this to TRUE to allow. Set this to FALSE to prohibit.","Name":"AllowTranscriptionforCalling","Option":"Write"},{"CIMType":"String","Description":"Determines whether real-time captions are available for the user in Teams meetings. Set this to DisabledUserOverride to allow user to turn on live captions. Set this to Disabled to prohibit.","Name":"LiveCaptionsEnabledTypeForCalling","Option":"Write","ValueMap":["DisabledUserOverride","Disabled"],"Values":["DisabledUserOverride","Disabled"]},{"CIMType":"String","Description":"This setting allows the tenant admin to enable or disable the Auto-Answer setting. Valid options are: Enabled, Disabled.","Name":"AutoAnswerEnabledType","Option":"Write","ValueMap":["Enabled","Disabled"],"Values":["Enabled","Disabled"]},{"CIMType":"String","Description":"Setting this parameter determines whether calls identified as Spam will be rejected or not (probably). Valid options are: Enabled, Disabled.","Name":"SpamFilteringEnabledType","Option":"Write","ValueMap":["Enabled","Disabled"],"Values":["Enabled","Disabled"]},{"CIMType":"String","Description":"Present ensures the policyexists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Teams Admin.","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Name of the Azure Active Directory tenant used for authentication. Format contoso.onmicrosoft.com","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures a Teams Calling Policy.\n\nMore information: <https://docs.microsoft.com/en-us/microsoftteams/teams-calling-policy/>"},{"ClassName":"MSFT_TeamsCallParkPolicy","Parameters":[{"CIMType":"String","Description":"A unique identifier for the policy - this will be used to retrieve the policy later on to assign it to specific users.","Name":"Identity","Option":"Key"},{"CIMType":"Boolean","Description":"If set to true, customers will be able to leverage the call park feature to place calls on hold and then decide how the call should be handled - transferred to another department, retrieved using the same phone, or retrieved using a different phone.","Name":"AllowCallPark","Option":"Write"},{"CIMType":"String","Description":"Description of the Teams Call Park Policy.","Name":"Description","Option":"Write"},{"CIMType":"UInt64","Description":"Specify the number of seconds to wait before ringing the parker when the parked call hasn't been picked up. Value can be from 120 to 1800 (seconds).","Name":"ParkTimeoutSeconds","Option":"Write"},{"CIMType":"UInt64","Description":"Specify the maximum value that a rendered pickup code can take. Value can be from 10 to 9999. Note: PickupRangeStart must be smaller than PickupRangeEnd.","Name":"PickupRangeEnd","Option":"Write"},{"CIMType":"UInt64","Description":"Specify the minimum value that a rendered pickup code can take. Value can be from 10 to 9999.","Name":"PickupRangeStart","Option":"Write"},{"CIMType":"string","Description":"Present ensures the instance exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures a Teams Call Park Policy. Call park allows enterprise voice customers to place a call on hold and then perform a number of actions on that call: transfer to another department, retrieve via the same phone, or retrieve via a different Teams phone."},{"ClassName":"MSFT_TeamsCallQueue","Parameters":[{"CIMType":"String","Description":"The Name parameter specifies a unique name for the Call Queue.","Name":"Name","Option":"Key"},{"CIMType":"UInt16","Description":"The Name parameter specifies a unique name for the Call Queue.","Name":"AgentAlertTime","Option":"Write"},{"CIMType":"Boolean","Description":"The AllowOptOut parameter indicates whether or not agents can opt in or opt out from taking calls from a Call Queue.","Name":"AllowOptOut","Option":"Write"},{"CIMType":"String[]","Description":"The DistributionLists parameter lets you add all the members of the distribution lists to the Call Queue. This is a list of distribution list GUIDs. A service wide configurable maximum number of DLs per Call Queue are allowed. Only the first N (service wide configurable) agents from all distribution lists combined are considered for accepting the call. Nested DLs are supported. O365 Groups can also be used to add members to the Call Queue.","Name":"DistributionLists","Option":"Write"},{"CIMType":"Boolean","Description":"The UseDefaultMusicOnHold parameter indicates that this Call Queue uses the default music on hold. This parameter cannot be specified together with MusicOnHoldAudioFileId.","Name":"UseDefaultMusicOnHold","Option":"Write"},{"CIMType":"String","Description":"The WelcomeMusicAudioFileId parameter represents the audio file to play when callers are connected with the Call Queue. This is the unique identifier of the audio file.","Name":"WelcomeMusicAudioFileId","Option":"Write"},{"CIMType":"String","Description":"The MusicOnHoldFileContent parameter represents music to play when callers are placed on hold. This is the unique identifier of the audio file. This parameter is required if the UseDefaultMusicOnHold parameter is not specified.","Name":"MusicOnHoldAudioFileId","Option":"Write"},{"CIMType":"String","Description":"The OverflowAction parameter designates the action to take if the overflow threshold is reached. The OverflowAction property must be set to one of the following values: DisconnectWithBusy, Forward, Voicemail, and SharedVoicemail. The default value is DisconnectWithBusy.","Name":"OverflowAction","Option":"Write","ValueMap":["DisconnectWithBusy","Forward","Voicemail","SharedVoicemail"],"Values":["DisconnectWithBusy","Forward","Voicemail","SharedVoicemail"]},{"CIMType":"String","Description":"The OverflowActionTarget parameter represents the target of the overflow action. If the OverFlowAction is set to Forward, this parameter must be set to a Guid or a telephone number with a mandatory 'tel:' prefix. If the OverflowAction is set to SharedVoicemail, this parameter must be set to a group ID (Microsoft 365, Distribution list, or Mail-enabled security). Otherwise, this parameter is optional.","Name":"OverflowActionTarget","Option":"Write"},{"CIMType":"UInt16","Description":"The OverflowThreshold parameter defines the number of calls that can be in the queue at any one time before the overflow action is triggered. The OverflowThreshold can be any integer value between 0 and 200, inclusive. A value of 0 causes calls not to reach agents and the overflow action to be taken immediately.","Name":"OverflowThreshold","Option":"Write"},{"CIMType":"String","Description":"The TimeoutAction parameter defines the action to take if the timeout threshold is reached. The TimeoutAction property must be set to one of the following values: Disconnect, Forward, Voicemail, and SharedVoicemail. The default value is Disconnect.","Name":"TimeoutAction","Option":"Write","ValueMap":["Disconnect","Forward","Voicemail","SharedVoicemail"],"Values":["Disconnect","Forward","Voicemail","SharedVoicemail"]},{"CIMType":"String","Description":"The TimeoutActionTarget represents the target of the timeout action. If the TimeoutAction is set to Forward, this parameter must be set to a Guid or a telephone number with a mandatory 'tel:' prefix. If the TimeoutAction is set to SharedVoicemail, this parameter must be set to an Office 365 Group ID. Otherwise, this field is optional.","Name":"TimeoutActionTarget","Option":"Write"},{"CIMType":"UInt16","Description":"The TimeoutThreshold parameter defines the time (in seconds) that a call can be in the queue before that call times out. At that point, the system will take the action specified by the TimeoutAction parameter. The TimeoutThreshold can be any integer value between 0 and 2700 seconds (inclusive), and is rounded to the nearest 15th interval. For example, if set to 47 seconds, then it is rounded down to 45. If set to 0, welcome music is played, and then the timeout action will be taken.","Name":"TimeoutThreshold","Option":"Write"},{"CIMType":"String","Description":"The RoutingMethod defines how agents will be called in a Call Queue. If the routing method is set to Serial, then agents will be called one at a time. If the routing method is set to Attendant, then agents will be called in parallel. If routing method is set to RoundRobin, the agents will be called using Round Robin strategy so that all agents share the call-load equally. If routing method is set to LongestIdle, the agents will be called based on their idle time, i.e., the agent that has been idle for the longest period will be called.","Name":"RoutingMethod","Option":"Write","ValueMap":["Attendant","Serial","RoundRobin","LongestIdle"],"Values":["Attendant","Serial","RoundRobin","LongestIdle"]},{"CIMType":"Boolean","Description":"The PresenceBasedRouting parameter indicates whether or not presence based routing will be applied while call being routed to Call Queue agents. When set to False, calls will be routed to agents who have opted in to receive calls, regardless of their presence state. When set to True, opted-in agents will receive calls only when their presence state is Available.","Name":"PresenceBasedRouting","Option":"Write"},{"CIMType":"Boolean","Description":"The ConferenceMode parameter indicates whether or not Conference mode will be applied on calls for this Call queue. Conference mode significantly reduces the amount of time it takes for a caller to be connected to an agent, after the agent accepts the call.","Name":"ConferenceMode","Option":"Write"},{"CIMType":"String[]","Description":"The Users parameter lets you add agents to the Call Queue. This parameter expects a list of user unique identifiers (GUID).","Name":"Users","Option":"Write"},{"CIMType":"String","Description":"The LanguageId parameter indicates the language that is used to play shared voicemail prompts. This parameter becomes a required parameter If either OverflowAction or TimeoutAction is set to SharedVoicemail. You can query the supported languages using the Get-CsAutoAttendantSupportedLanguage cmdlet.","Name":"LanguageId","Option":"Write"},{"CIMType":"String[]","Description":"The OboResourceAccountIds parameter lets you add resource account with phone number to the Call Queue. The agents in the Call Queue will be able to make outbound calls using the phone number on the resource accounts. This is a list of resource account GUIDs. Only Call Queue managed by a Teams Channel will be able to use this feature.","Name":"OboResourceAccountIds","Option":"Write"},{"CIMType":"String","Description":"The OverflowDisconnectTextToSpeechPrompt parameter indicates the Text-to-Speech (TTS) prompt which is played to the caller when being disconnected due to overflow.","Name":"OverflowDisconnectTextToSpeechPrompt","Option":"Write"},{"CIMType":"String","Description":"The OverflowDisconnectAudioFilePrompt parameter indicates the unique identifier for the Audio file prompt which is played to the caller when being disconnected due to overflow.","Name":"OverflowDisconnectAudioFilePrompt","Option":"Write"},{"CIMType":"String","Description":"The OverflowRedirectPersonTextToSpeechPrompt parameter indicates the Text-to-Speech (TTS) prompt which is played to the caller when being redirected to a person in the organization due to overflow.","Name":"OverflowRedirectPersonTextToSpeechPrompt","Option":"Write"},{"CIMType":"String","Description":"The OverflowRedirectPersonAudioFilePrompt parameter indicates the unique identifier for the Audio file prompt which is played to the caller when being redirected to a person in the organization due to overflow.","Name":"OverflowRedirectPersonAudioFilePrompt","Option":"Write"},{"CIMType":"String","Description":"The OverflowRedirectVoiceAppsTextToSpeechPrompt parameter indicates the Text-to-Speech (TTS) prompt which is played to the caller when being redirected to a voice application due to overflow.","Name":"OverflowRedirectVoiceAppTextToSpeechPrompt","Option":"Write"},{"CIMType":"String","Description":"The OverflowRedirectVoiceAppAudioFilePrompt parameter indicates the unique identifier for the Audio file prompt which is played to the caller when being redirected to a voice application due to overflow.","Name":"OverflowRedirectVoiceAppAudioFilePrompt","Option":"Write"},{"CIMType":"String","Description":"The OverflowRedirectPhoneNumberTextToSpeechPrompt parameter indicates the Text-to-Speech (TTS) prompt which is played to the caller when being redirected to an external PSTN phone number due to overflow.","Name":"OverflowRedirectPhoneNumberTextToSpeechPrompt","Option":"Write"},{"CIMType":"String","Description":"The OverflowRedirectPhoneNumberAudioFilePrompt parameter indicates the unique identifier for the Audio file prompt which is played to the caller when being redirected to an external PSTN phone number due to overflow.","Name":"OverflowRedirectPhoneNumberAudioFilePrompt","Option":"Write"},{"CIMType":"String","Description":"The OverflowRedirectVoicemailTextToSpeechPrompt parameter indicates the Text-to-Speech (TTS) prompt which is played to the caller when being redirected to a person's voicemail due to overflow.","Name":"OverflowRedirectVoicemailTextToSpeechPrompt","Option":"Write"},{"CIMType":"String","Description":"The OverflowRedirectVoiceMailAudioFilePrompt parameter indicates the unique identifier for the Audio file prompt which is played to the caller when being redirected to a person's voicemail due to overflow.","Name":"OverflowRedirectVoicemailAudioFilePrompt","Option":"Write"},{"CIMType":"String","Description":"The OverflowRedirectVoicemailTextToSpeechPrompt parameter indicates the Text-to-Speech (TTS) prompt which is played to the caller when being redirected to a person's voicemail due to overflow.","Name":"OverflowSharedVoicemailTextToSpeechPrompt","Option":"Write"},{"CIMType":"String","Description":"The OverflowSharedVoicemailAudioFilePrompt parameter indicates the unique identifier for the Audio file prompt which is to be played as a greeting to the caller when transferred to shared voicemail on overflow. This parameter becomes a required parameter when OverflowAction is SharedVoicemail and OverflowSharedVoicemailTextToSpeechPrompt is null.","Name":"OverflowSharedVoicemailAudioFilePrompt","Option":"Write"},{"CIMType":"Boolean","Description":"The EnableOverflowSharedVoicemailTranscription parameter is used to turn on transcription for voicemails left by a caller on overflow. This parameter is only applicable when OverflowAction is set to SharedVoicemail.","Name":"EnableOverflowSharedVoicemailTranscription","Option":"Write"},{"CIMType":"String","Description":"The TimeoutDisconnectTextToSpeechPrompt parameter indicates the Text-to-Speech (TTS) prompt which is played to the caller when being disconnected due to timeout.","Name":"TimeoutDisconnectTextToSpeechPrompt","Option":"Write"},{"CIMType":"String","Description":"The TimeoutDisconnectAudioFilePrompt parameter indicates the unique identifier for the Audio file prompt which is played to the caller when being disconnected due to timeout.","Name":"TimeoutDisconnectAudioFilePrompt","Option":"Write"},{"CIMType":"String","Description":"The TimeoutRedirectPersonTextToSpeechPrompt parameter indicates the Text-to-Speech (TTS) prompt which is played to the caller when being redirected to a person in the organization due to timeout.","Name":"TimeoutRedirectPersonTextToSpeechPrompt","Option":"Write"},{"CIMType":"String","Description":"The TimeoutRedirectPersonAudioFilePrompt parameter indicates the unique identifier for the Audio file prompt which is played to the caller when being redirected to a person in the organization due to timeout.","Name":"TimeoutRedirectPersonAudioFilePrompt","Option":"Write"},{"CIMType":"String","Description":"The TimeoutRedirectVoiceAppsTextToSpeechPrompt parameter indicates the Text-to-Speech (TTS) prompt which is played to the caller when being redirected to a voice application due to timeout.","Name":"TimeoutRedirectVoiceAppTextToSpeechPrompt","Option":"Write"},{"CIMType":"String","Description":"The TimeoutRedirectVoiceAppAudioFilePrompt parameter indicates the unique identifier for the Audio file prompt which is played to the caller when being redirected to a voice application due to timeout.","Name":"TimeoutRedirectVoiceAppAudioFilePrompt","Option":"Write"},{"CIMType":"String","Description":"The TimeoutRedirectPhoneNumberTextToSpeechPrompt parameter indicates the Text-to-Speech (TTS) prompt which is played to the caller when being redirected to an external PSTN phone number due to timeout.","Name":"TimeoutRedirectPhoneNumberTextToSpeechPrompt","Option":"Write"},{"CIMType":"String","Description":"The TimeoutRedirectPhoneNumberAudioFilePrompt parameter indicates the unique identifier for the Audio file prompt which is played to the caller when being redirected to an external PSTN phone number due to timeout.","Name":"TimeoutRedirectPhoneNumberAudioFilePrompt","Option":"Write"},{"CIMType":"String","Description":"The TimeoutRedirectVoicemailTextToSpeechPrompt parameter indicates the Text-to-Speech (TTS) prompt which is played to the caller when being redirected to a person's voicemail due to timeout.","Name":"TimeoutRedirectVoicemailTextToSpeechPrompt","Option":"Write"},{"CIMType":"String","Description":"The TimeoutRedirectVoiceMailAudioFilePrompt parameter indicates the unique identifier for the Audio file prompt which is played to the caller when being redirected to a person's voicemail due to timeout.","Name":"TimeoutRedirectVoicemailAudioFilePrompt","Option":"Write"},{"CIMType":"String","Description":"The TimeoutSharedVoicemailTextToSpeechPrompt parameter indicates the Text-to-Speech (TTS) prompt which is to be played as a greeting to the caller when transferred to shared voicemail on timeout. This parameter becomes a required parameter when TimeoutAction is SharedVoicemail and TimeoutSharedVoicemailAudioFilePrompt is null.","Name":"TimeoutSharedVoicemailTextToSpeechPrompt","Option":"Write"},{"CIMType":"String","Description":"The TimeoutSharedVoicemailAudioFilePrompt parameter indicates the unique identifier for the Audio file prompt which is to be played as a greeting to the caller when transferred to shared voicemail on timeout. This parameter becomes a required parameter when TimeoutAction is SharedVoicemail and TimeoutSharedVoicemailTextToSpeechPrompt is null.","Name":"TimeoutSharedVoicemailAudioFilePrompt","Option":"Write"},{"CIMType":"Boolean","Description":"The EnableTimeoutSharedVoicemailTranscription parameter is used to turn on transcription for voicemails left by a caller on timeout. This parameter is only applicable when TimeoutAction is set to SharedVoicemail.","Name":"EnableTimeoutSharedVoicemailTranscription","Option":"Write"},{"CIMType":"String","Description":"Id of the channel to connect a call queue to.","Name":"ChannelId","Option":"Write"},{"CIMType":"String","Description":"Guid should contain 32 digits with 4 dashes (xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx). This is the GUID of one of the owners of the team the channels belongs to.","Name":"ChannelUserObjectId","Option":"Write"},{"CIMType":"String[]","Description":"This is a list of GUIDs for users who are authorized to make changes to this call queue. The users must also have a TeamsVoiceApplications policy assigned. The GUID should contain 32 digits with 4 dashes (xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx).","Name":"AuthorizedUsers","Option":"Write"},{"CIMType":"String","Description":"Present ensures the Team Message Policy exists, absent ensures it is removed","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Teams Service Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Name of the Azure Active Directory tenant used for authentication. Format contoso.onmicrosoft.com","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource is used to manage Call Queue in your Skype for Business Online organization."},{"ClassName":"MSFT_TeamsChannel","Parameters":[{"CIMType":"string","Description":"Current channel name","Name":"DisplayName","Option":"Key"},{"CIMType":"string","Description":"Name of the team the Channel belongs to","Name":"TeamName","Option":"Key"},{"CIMType":"string","Description":"Team group ID, only used to target a Team when duplicated display names occurs.","Name":"GroupID","Option":"Write"},{"CIMType":"string","Description":"Used to update current channel name","Name":"NewDisplayName","Option":"Write"},{"CIMType":"string","Description":"Channel description","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Present ensures the Team channel exists, absent ensures it is removed","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Teams Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource is used to add and update channels in existing Teams."},{"ClassName":"MSFT_TeamsChannelsPolicy","Parameters":[{"CIMType":"String","Description":"Identity of the Teams Channel Policy.","Name":"Identity","Option":"Key"},{"CIMType":"String","Description":"Description of the Teams Channel Policy.","Name":"Description","Option":"Write"},{"CIMType":"Boolean","Description":"Determines whether a user is allowed to share a shared channel with an external user. Set this to TRUE to allow. Set this FALSE to prohibit.","Name":"AllowChannelSharingToExternalUser","Option":"Write"},{"CIMType":"Boolean","Description":"Determines whether a user is allowed to create an org-wide team. Set this to TRUE to allow. Set this FALSE to prohibit.","Name":"AllowOrgWideTeamCreation","Option":"Write"},{"CIMType":"Boolean","Description":"Determines whether a user is allowed to discover private teams in suggestions and search results. Set this to TRUE to allow. Set this FALSE to prohibit.","Name":"EnablePrivateTeamDiscovery","Option":"Write"},{"CIMType":"Boolean","Description":"Determines whether a user is allowed to create a private channel. Set this to TRUE to allow. Set this FALSE to prohibit.","Name":"AllowPrivateChannelCreation","Option":"Write"},{"CIMType":"Boolean","Description":"Determines whether a user is allowed to create a shared channel. Set this to TRUE to allow. Set this FALSE to prohibit.","Name":"AllowSharedChannelCreation","Option":"Write"},{"CIMType":"Boolean","Description":"Determines whether a user is allowed to participate in a shared channel that has been shared by an external user. Set this to TRUE to allow. Set this FALSE to prohibit.","Name":"AllowUserToParticipateInExternalSharedChannel","Option":"Write"},{"CIMType":"String","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Teams Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Name of the Azure Active Directory tenant used for authentication. Format contoso.onmicrosoft.com","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures a Teams Channel Policy.\n\nMore information: <https://docs.microsoft.com/en-us/microsoftteams/teams-policies/>"},{"ClassName":"MSFT_TeamsChannelTab","Parameters":[{"CIMType":"String","Description":"Display Name of the Channel Tab.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"Display Name of the Team.","Name":"TeamName","Option":"Key"},{"CIMType":"String","Description":"Display Name of the Channel.","Name":"ChannelName","Option":"Key"},{"CIMType":"String","Description":"Unique Id of the Team of the instance on the source tenant.","Name":"TeamId","Option":"Write"},{"CIMType":"String","Description":"Id of the Teams App associated with the custom tab.","Name":"TeamsApp","Option":"Write"},{"CIMType":"UInt32","Description":"Index of the sort order for the custom tab.","Name":"SortOrderIndex","Option":"Write"},{"CIMType":"String","Description":"Url of the website linked to the Channel Tab.","Name":"WebSiteUrl","Option":"Write"},{"CIMType":"String","Description":"Url of the content linked to the Channel Tab.","Name":"ContentUrl","Option":"Write"},{"CIMType":"String","Description":"Url of the location used to remove the app.","Name":"RemoveUrl","Option":"Write"},{"CIMType":"String","Description":"Id of the Entity linked to the Channel Tab.","Name":"EntityId","Option":"Write"},{"CIMType":"String","Description":"Present ensures the Tab exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Teams Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures a new Custom tab in a Channel."},{"ClassName":"MSFT_TeamsClientConfiguration","Parameters":[{"CIMType":"String","Description":"Only valid value is 'Yes'.","Name":"IsSingleInstance","Option":"Key","ValueMap":["Yes"],"Values":["Yes"]},{"CIMType":"Boolean","Description":"Designates whether users are able to leverage Box as a third party storage solution in Microsoft Teams. If $true, users will be able to add Box in the client and interact with the files stored there.","Name":"AllowBox","Option":"Write"},{"CIMType":"Boolean","Description":"Designates whether users are able to leverage DropBox as a third party storage solution in Microsoft Teams. If $true, users will be able to add DropBox in the client and interact with the files stored there.","Name":"AllowDropBox","Option":"Write"},{"CIMType":"Boolean","Description":"When set to $true, mail hooks are enabled, and users can post messages to a channel by sending an email to the email address of Teams channel.","Name":"AllowEmailIntoChannel","Option":"Write"},{"CIMType":"Boolean","Description":"Designates whether users are able to leverage GoogleDrive as a third party storage solution in Microsoft Teams. If $true, users will be able to add Google Drive in the client and interact with the files stored there.","Name":"AllowGoogleDrive","Option":"Write"},{"CIMType":"Boolean","Description":"Designates whether or not guest users in your organization will have access to the Teams client. If $true, guests in your tenant will be able to access the Teams client. Note that this setting has a core dependency on Guest Access being enabled in your Office 365 tenant.","Name":"AllowGuestUser","Option":"Write"},{"CIMType":"Boolean","Description":"When set to $true, users will be able to see the organizational chart icon other users' contact cards, and when clicked, this icon will display the detailed organizational chart.","Name":"AllowOrganizationTab","Option":"Write"},{"CIMType":"Boolean","Description":"Surface Hub uses a device account to provide email and collaboration services (IM, video, voice). This device account is used as the originating identity (the from party) when sending email, IM, and placing calls. As this account is not coming from an individual, identifiable user, it is deemed anonymous because it originated from the Surface Hub's device account. If set to $true, these device accounts will be able to send chat messages in Skype for Business Online (does not apply to Microsoft Teams).","Name":"AllowResourceAccountSendMessage","Option":"Write"},{"CIMType":"Boolean","Description":"When set to True, Supervised Chat is enabled for the tenant.","Name":"AllowRoleBasedChatPermissions","Option":"Write"},{"CIMType":"Boolean","Description":"If set to $true, the Exchange address book policy (ABP) will be used to provide customized view of the global address book for each user. This is only a virtual separation and not a legal separation.","Name":"AllowScopedPeopleSearchandAccess","Option":"Write"},{"CIMType":"Boolean","Description":"Designates whether users are able to leverage ShareFile as a third party storage solution in Microsoft Teams. If $true, users will be able to add ShareFile in the client and interact with the files stored there.","Name":"AllowShareFile","Option":"Write"},{"CIMType":"Boolean","Description":"When set to $true, Teams conversations automatically show up in Skype for Business for users that aren't enabled for Teams.","Name":"AllowSkypeBusinessInterop","Option":"Write"},{"CIMType":"Boolean","Description":"Designates whether users are able to leverage Egnyte as a third party storage solution in Microsoft Teams. If $true, users will be able to add Egnyte in the client and interact with the files stored there.","Name":"AllowEgnyte","Option":"Write"},{"CIMType":"string","Description":"This setting applies only to Skype for Business Online (not Microsoft Teams) and defines whether the user must provide a secondary form of authentication to access the meeting content from a resource device account. Meeting content is defined as files that are shared to the Content Bin - files that have been attached to the meeting.","Name":"ContentPin","Option":"Write","ValueMap":["NotRequired","RequiredOutsideScheduleMeeting","AlwaysRequired"],"Values":["NotRequired","RequiredOutsideScheduleMeeting","AlwaysRequired"]},{"CIMType":"string","Description":"Require a secondary form of authentication to access meeting content.","Name":"ResourceAccountContentAccess","Option":"Write","ValueMap":["NoAccess","PartialAccess","FullAccess"],"Values":["NoAccess","PartialAccess","FullAccess"]},{"CIMType":"string[]","Description":"Senders domains can be further restricted to ensure that only allowed SMTP domains can send emails to the Teams channels. This is a comma-separated string of the domains you'd like to allow to send emails to Teams channels.","Name":"RestrictedSenderList","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Credentials of the Teams Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Name of the Azure Active Directory tenant used for authentication. Format contoso.onmicrosoft.com","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource is used to configure the Teams client settings.\n\nMore information: <https://docs.microsoft.com/en-us/microsoftteams/enable-features-office-365#teams-settings-and-teams-upgrade-settings-in-the-microsoft-teams-admin-center/>"},{"ClassName":"MSFT_TeamsComplianceRecordingApplication","Parameters":[{"CIMType":"String","Description":"A name that uniquely identifies the application instance of the policy-based recording application.","Name":"Id","Option":"Key"},{"CIMType":"String[]","Description":"Determines the other policy-based recording applications to pair with this application to achieve application resiliency. Can only have one paired application.","Name":"ComplianceRecordingPairedApplications","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether the policy-based recording application must be in the meeting before the user is allowed to join the meeting.","Name":"RequiredBeforeMeetingJoin","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether the policy-based recording application must be in the call before the call is allowed to establish.","Name":"RequiredBeforeCallEstablishment","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether the policy-based recording application must be in the meeting while the user is in the meeting.","Name":"RequiredDuringMeeting","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether the policy-based recording application must be in the call while the call is active.","Name":"RequiredDuringCall","Option":"Write"},{"CIMType":"String","Description":"Determines the number of invites to send out to the application instance of the policy-based recording application. Can be set to 1 or 2 only.","Name":"ConcurrentInvitationCount","Option":"Write"}],"Description":"Creates a new Teams recording policy for governing automatic policy-based recording in your tenant. Automatic policy-based recording is only applicable to Microsoft Teams users."},{"ClassName":"MSFT_TeamsComplianceRecordingPolicy","Parameters":[{"CIMType":"String","Description":"Unique identifier of the application instance of a policy-based recording application to be retrieved.","Name":"Identity","Option":"Key"},{"CIMType":"MSFT_TeamsComplianceRecordingApplication[]","Description":"A list of application instances of policy-based recording applications to assign to this policy. The Id of each of these application instances must be the ObjectId of the application instance as obtained by the Get-CsOnlineApplicationInstance cmdlet.","Name":"ComplianceRecordingApplications","Option":"Write"},{"CIMType":"String","Description":"Enables administrators to provide explanatory text to accompany a Teams recording policy. For example, the Description might include information about the users the policy should be assigned to.","Name":"Description","Option":"Write"},{"CIMType":"Boolean","Description":"Setting this attribute to true disables recording audio notifications for 1:1 calls that are under compliance recording.","Name":"DisableComplianceRecordingAudioNotificationForCalls","Option":"Write"},{"CIMType":"Boolean","Description":"Controls whether this Teams recording policy is active or not.","Name":"Enabled","Option":"Write"},{"CIMType":"Boolean","Description":"Setting this attribute to true enables compliance recording for calls that have been re-routed from a compliance recording-enabled user. Supported call scenarios include forward, transfer, delegation, call groups, and simultaneous ring.","Name":"RecordReroutedCalls","Option":"Write"},{"CIMType":"Boolean","Description":"This parameter is reserved for future use.","Name":"WarnUserOnRemoval","Option":"Write"},{"CIMType":"string","Description":"Present ensures the instance exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Creates a new Teams recording policy for governing automatic policy-based recording in your tenant. Automatic policy-based recording is only applicable to Microsoft Teams users."},{"ClassName":"MSFT_TeamsCortanaPolicy","Parameters":[{"CIMType":"String","Description":"Unique identifier for Teams cortana policy you're creating.","Name":"Identity","Option":"Key"},{"CIMType":"String","Description":"The value of this field indicates if Cortana is enabled and mode of invocation.","Name":"CortanaVoiceInvocationMode","Option":"Write","ValueMap":["Disabled","PushToTalkUserOverride","WakeWordPushToTalkUserOverride"],"Values":["Disabled","PushToTalkUserOverride","WakeWordPushToTalkUserOverride"]},{"CIMType":"String","Description":"Provide a description of your policy to identify purpose of creating it.","Name":"Description","Option":"Write"},{"CIMType":"string","Description":"Present ensures the instance exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"The CsTeamsCortanaPolicy resources enable administrators to control settings for Cortana voice assistant in Microsoft Teams."},{"ClassName":"MSFT_TeamsDialInConferencingTenantSettings","Parameters":[{"CIMType":"String","Description":"Only accepted value is Yes.","Name":"IsSingleInstance","Option":"Key","ValueMap":["Yes"],"Values":["Yes"]},{"CIMType":"Boolean","Description":"Specifies the default value that gets assigned to the 'AllowPSTNOnlyMeetings' setting of users when they are enabled for dial-in conferencing, or when a user's dial-in conferencing provider is set to Microsoft. If set to $true, the 'AllowPSTNOnlyMeetings' setting of the user will also be set to true. If $false, the user setting will be false. The default value for AllowPSTNOnlyMeetingsByDefault is $false.","Name":"AllowPSTNOnlyMeetingsByDefault","Option":"Write"},{"CIMType":"Boolean","Description":"Automatically Migrate User Meetings.","Name":"AutomaticallyMigrateUserMeetings","Option":"Write"},{"CIMType":"Boolean","Description":"Automatically replace ACP Provider.","Name":"AutomaticallyReplaceAcpProvider","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies whether advisory emails will be sent to users when the events listed below occur. Setting the parameter to $true enables the emails to be sent, $false disables the emails. The default is $true.","Name":"AutomaticallySendEmailsToUsers","Option":"Write"},{"CIMType":"Boolean","Description":"Enable Dial out join confirmation.","Name":"EnableDialOutJoinConfirmation","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies if, by default, announcements are made as users enter and exit a conference call. Set to $true to enable notifications, $false to disable notifications. The default is $true.","Name":"EnableEntryExitNotifications","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies whether the name of a user is recorded on entry to the conference. This recording is used during entry and exit notifications. Set to $true to enable name recording, set to $false to bypass name recording. The default is $true.","Name":"EnableNameRecording","Option":"Write"},{"CIMType":"String","Description":"Supported entry and exit announcement type.","Name":"EntryExitAnnouncementsType","Option":"Write"},{"CIMType":"String","Description":"This parameter allows tenant administrators to configure masking of PSTN participant phone numbers in the roster view for Microsoft Teams meetings enabled for Audio Conferencing, scheduled within the organization. Possible values are MaskedForExternalUsers, MaskedForAllUsers or NoMasking","Name":"MaskPstnNumbersType","Option":"Write","ValueMap":["MaskedForExternalUsers","MaskedForAllUsers","NoMasking"],"Values":["MaskedForExternalUsers","MaskedForAllUsers","NoMasking"]},{"CIMType":"Boolean","Description":"Specifies whether service numbers assigned to the tenant should be migrated to the new forest of the tenant when the tenant is migrated cross region. If false, service numbers will be released back to stock once the migration completes. This settings does not apply to ported-in numbers that are always migrated.","Name":"MigrateServiceNumbersOnCrossForestMove","Option":"Write"},{"CIMType":"UInt32","Description":"Specifies the number of digits in the automatically generated PINs. Organizers can enter their PIN to start a meeting they scheduled if they join via phone and are the first person to join. The minimum value is 4, the maximum is 12, and the default is 5.","Name":"PinLength","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies if Private Meetings are enabled for the users in this tenant.","Name":"UseUniqueConferenceIds","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Credentials of the Teams Global Admin.","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Name of the Azure Active Directory tenant used for authentication. Format contoso.onmicrosoft.com","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures a Teams User's Calling Settings.\n\nMore information: <https://learn.microsoft.com/en-us/microsoftteams/user-call-settings/>"},{"ClassName":"MSFT_TeamsEmergencyCallingExtendedNotification","Parameters":[{"CIMType":"String","Description":"The emergency dial string.","Name":"EmergencyDialString","Option":"Key"},{"CIMType":"String[]","Description":"The email recipients of the notifications.","Name":"NotificationGroup","Option":"Write"},{"CIMType":"String","Description":"The additional number to call when contacting an emergency number.","Name":"NotificationDialOutNumber","Option":"Write"},{"CIMType":"String","Description":"The notification mode for the additional number. Possible values: ConferenceMuted - Join the emergency call muted. ConferenceUnMuted - Join the emergency call unmuted. NotificationOnly - Only receive a notification for an emergency call.","Name":"NotificationMode","Option":"Write","ValueMap":["ConferenceMuted","ConferenceUnMuted","NotificationOnly"],"Values":["ConferenceMuted","ConferenceUnMuted","NotificationOnly"]}],"Description":"This resource configures the Teams Emergency Calling Policies.\n\nMore information: <https://docs.microsoft.com/en-us/microsoftteams/manage-emergency-calling-policies/>"},{"ClassName":"MSFT_TeamsEmergencyCallingPolicy","Parameters":[{"CIMType":"String","Description":"Identity of the Teams Emergency Calling Policy.","Name":"Identity","Option":"Key"},{"CIMType":"String","Description":"Description of the Teams Emergency Calling Policy.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Allows the tenant administrator to configure a text string, which is shown at the top of the Calls app.","Name":"EnhancedEmergencyServiceDisclaimer","Option":"Write"},{"CIMType":"MSFT_TeamsEmergencyCallingExtendedNotification[]","Description":"A list of one or more instances of TeamsEmergencyCallingExtendedNotification. Each TeamsEmergencyCallingExtendedNotification should use a unique EmergencyDialString. If an extended notification is found for an emergency phone number based on the EmergencyDialString parameter the extended notification will be controlling the notification. If no extended notification is found the notification settings on the policy instance itself will be used.","Name":"ExtendedNotifications","Option":"Write"},{"CIMType":"String","Description":"Enables ExternalLocationLookupMode. This mode allows users to set Emergency addresses for remote locations.","Name":"ExternalLocationLookupMode","Option":"Write","ValueMap":["Disabled","Enabled"],"Values":["Disabled","Enabled"]},{"CIMType":"String","Description":"This parameter represents PSTN number which can be dialed out if NotificationMode is set to either of the two Conference values.","Name":"NotificationDialOutNumber","Option":"Write"},{"CIMType":"String","Description":"NotificationGroup is a email list of users and groups to be notified of an emergency call.","Name":"NotificationGroup","Option":"Write"},{"CIMType":"String","Description":"The type of conference experience for security desk notification.","Name":"NotificationMode","Option":"Write","ValueMap":["NotificationOnly","ConferenceMuted","ConferenceUnMuted"],"Values":["NotificationOnly","ConferenceMuted","ConferenceUnMuted"]},{"CIMType":"String","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Teams Global Admin.","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Name of the Azure Active Directory tenant used for authentication. Format contoso.onmicrosoft.com","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures the Teams Emergency Calling Policies.\n\nMore information: <https://docs.microsoft.com/en-us/microsoftteams/manage-emergency-calling-policies/>"},{"ClassName":"MSFT_TeamsEmergencyNumber","Parameters":[{"CIMType":"String","Description":"Specifies the emergency phone number.","Name":"EmergencyDialString","Option":"Key"},{"CIMType":"String","Description":"For each Teams emergency number, you can specify zero or more emergency dial masks. A dial mask is a number that you want to translate into the value of the emergency dial number value when it is dialed.","Name":"EmergencyDialMask","Option":"Write"},{"CIMType":"String","Description":"Specify the online public switched telephone network (PSTN) usage","Name":"OnlinePSTNUsage","Option":"Write"}],"Description":"This resource configures the Teams Emergency Call Routing Policies.\n\nMore information: <https://docs.microsoft.com/en-us/microsoftteams/manage-emergency-call-routing-policies/>"},{"ClassName":"MSFT_TeamsEmergencyCallRoutingPolicy","Parameters":[{"CIMType":"String","Description":"Identity of the Teams Emergency Call Routing Policy.","Name":"Identity","Option":"Key"},{"CIMType":"String","Description":"Description of the Teams Emergency Call Routing Policy.","Name":"Description","Option":"Write"},{"CIMType":"MSFT_TeamsEmergencyNumber[]","Description":"Emergency number(s) associated with the policy.","Name":"EmergencyNumbers","Option":"Write"},{"CIMType":"Boolean","Description":"Flag to enable Enhanced Emergency Services","Name":"AllowEnhancedEmergencyServices","Option":"Write"},{"CIMType":"String","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Teams Admin.","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Name of the Azure Active Directory tenant used for authentication. Format contoso.onmicrosoft.com","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures the Teams Emergency Call Routing Policies.\n\nMore information: <https://docs.microsoft.com/en-us/microsoftteams/manage-emergency-call-routing-policies/>"},{"ClassName":"MSFT_TeamsEnhancedEncryptionPolicy","Parameters":[{"CIMType":"String","Description":"Unique identifier assigned to the Teams enhanced encryption policy.","Name":"Identity","Option":"Key"},{"CIMType":"String","Description":"Determines whether End-to-end encrypted calling is available for the user in Teams. Set this to DisabledUserOverride to allow user to turn on End-to-end encrypted calls. Set this to Disabled to prohibit.","Name":"CallingEndtoEndEncryptionEnabledType","Option":"Write"},{"CIMType":"String","Description":"Enables administrators to provide explanatory text to accompany a Teams enhanced encryption policy.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"N/A","Name":"MeetingEndToEndEncryption","Option":"Write"},{"CIMType":"string","Description":"Present ensures the instance exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Use this resource to create a new Teams enhanced encryption policy."},{"ClassName":"MSFT_TeamsEventsPolicy","Parameters":[{"CIMType":"String","Description":"Identity of the Teams Events Policy.","Name":"Identity","Option":"Key"},{"CIMType":"String","Description":"Description of the Teams Events Policy.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"This setting governs if a user is allowed to edit the communication emails in Teams Town Hall or Teams Webinar events.","Name":"AllowEmailEditing","Option":"Write","ValueMap":["Disabled","Enabled"],"Values":["Disabled","Enabled"]},{"CIMType":"Boolean","Description":"This setting governs access to the integrations tab in the event creation workflow.","Name":"AllowEventIntegrations","Option":"Write"},{"CIMType":"String","Description":"Determines if webinars are allowed by the policy or not.","Name":"AllowWebinars","Option":"Write","ValueMap":["Disabled","Enabled"],"Values":["Disabled","Enabled"]},{"CIMType":"String","Description":"This setting governs if a user can create town halls using Teams Events.","Name":"AllowTownhalls","Option":"Write","ValueMap":["Disabled","Enabled"],"Values":["Disabled","Enabled"]},{"CIMType":"String","Description":"This setting governs which users in a tenant can add which registration form questions to an event registration page for attendees to answer when registering for the event.","Name":"AllowedQuestionTypesInRegistrationForm","Option":"Write","ValueMap":["DefaultOnly","DefaultAndPredefinedOnly","AllQuestions"],"Values":["DefaultOnly","DefaultAndPredefinedOnly","AllQuestions"]},{"CIMType":"String","Description":"This setting describes how IT admins can control which types of Town Hall attendees can have their recordings published.","Name":"AllowedTownhallTypesForRecordingPublish","Option":"Write","ValueMap":["None","InviteOnly","EveryoneInCompanyIncludingGuests","Everyone"],"Values":["None","InviteOnly","EveryoneInCompanyIncludingGuests","Everyone"]},{"CIMType":"String","Description":"This setting describes how IT admins can control which types of webinar attendees can have their recordings published.","Name":"AllowedWebinarTypesForRecordingPublish","Option":"Write","ValueMap":["None","InviteOnly","EveryoneInCompanyIncludingGuests","Everyone"],"Values":["None","InviteOnly","EveryoneInCompanyIncludingGuests","Everyone"]},{"CIMType":"String","Description":"This setting will enable Tenant Admins to specify if an organizer of a Teams Premium town hall may add an app that is accessible by everyone, including attendees, in a broadcast style Event including a Town hall.","Name":"BroadcastPremiumApps","Option":"Write","ValueMap":["Enabled","Disabled"],"Values":["Enabled","Disabled"]},{"CIMType":"String","Description":"This setting governs if a user can create Immersive Events using Teams Events.","Name":"ImmersiveEvents","Option":"Write","ValueMap":["Enabled","Disabled"],"Values":["Enabled","Disabled"]},{"CIMType":"String","Description":"Determines whether recording is allowed in a user's townhall.","Name":"RecordingForTownhall","Option":"Write","ValueMap":["Enabled","Disabled"],"Values":["Enabled","Disabled"]},{"CIMType":"String","Description":"Determines whether recording is allowed in a user's webinar.","Name":"RecordingForWebinar","Option":"Write","ValueMap":["Enabled","Disabled"],"Values":["Enabled","Disabled"]},{"CIMType":"String","Description":"This setting governs what identity types may attend a Town hall that is scheduled by a particular person or group that is assigned this policy.","Name":"TownhallEventAttendeeAccess","Option":"Write","ValueMap":["Everyone","EveryoneInOrganizationAndGuests"],"Values":["Everyone","EveryoneInOrganizationAndGuests"]},{"CIMType":"String","Description":"Determines whether transcriptions are allowed in a user's townhall.","Name":"TranscriptionForTownhall","Option":"Write","ValueMap":["Enabled","Disabled"],"Values":["Enabled","Disabled"]},{"CIMType":"String","Description":"Determines whether transcriptions are allowed in a user's webinar.","Name":"TranscriptionForWebinar","Option":"Write","ValueMap":["Enabled","Disabled"],"Values":["Enabled","Disabled"]},{"CIMType":"String","Description":"Defines who is allowed to join the event.","Name":"EventAccessType","Option":"Write","ValueMap":["Everyone","EveryoneInCompanyExcludingGuests"],"Values":["Everyone","EveryoneInCompanyExcludingGuests"]},{"CIMType":"String","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"String","Description":"This setting governs whether the user can enable the Comment Stream chat experience for Town Halls.","Name":"TownhallChatExperience","Option":"Write","ValueMap":["Optimized","None"],"Values":["Optimized","None"]},{"CIMType":"Boolean","Description":"This setting governs whether the global admin disables this property and prevents the organizers from creating town halls that use Microsoft eCDN even though they have been assigned a Teams Premium license.","Name":"UseMicrosoftECDN","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Credentials of the Teams Global Admin.","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Name of the Azure Active Directory tenant used for authentication. Format contoso.onmicrosoft.com","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures the Teams Events Policies."},{"ClassName":"MSFT_TeamsFederationConfiguration","Parameters":[{"CIMType":"String","Description":"Only valid value is 'Yes'.","Name":"IsSingleInstance","Option":"Key","ValueMap":["Yes"],"Values":["Yes"]},{"CIMType":"Boolean","Description":"When set to True users will be potentially allowed to communicate with users from other domains.","Name":"AllowFederatedUsers","Option":"Write"},{"CIMType":"String[]","Description":"List of federated domains to allow.","Name":"AllowedDomains","Option":"Write"},{"CIMType":"String[]","Description":"List of federated domains to block.","Name":"BlockedDomains","Option":"Write"},{"CIMType":"Boolean","Description":"Allows federation with people using Teams with an account that's not managed by an organization.","Name":"AllowTeamsConsumer","Option":"Write"},{"CIMType":"Boolean","Description":"Allows people using Teams with an account that's not managed by an organization, to discover and start communication with users in your organization.","Name":"AllowTeamsConsumerInbound","Option":"Write"},{"CIMType":"String","Description":"When set to 'Enabled', security operations team will be able to add domains to the blocklist on security portal. When set to 'Disabled', security operations team will not have permissions to update the domains blocklist.","Name":"DomainBlockingForMDOAdminsInTeams","Option":"Write","ValueMap":["Disabled","Enabled"],"Values":["Disabled","Enabled"]},{"CIMType":"String","Description":"When set to Blocked, all external access with users from Teams subscriptions that contain only trial licenses will be blocked. This means users from these trial-only tenants will not be able to reach to your users via chats, Teams calls, and meetings (using the users authenticated identity) and your users will not be able to reach users in these trial-only tenants. If this setting is set to Blocked, users from the trial-only tenant will also be removed from existing chats.","Name":"ExternalAccessWithTrialTenants","Option":"Write","ValueMap":["Allowed","Blocked"],"Values":["Allowed","Blocked"]},{"CIMType":"Boolean","Description":"When set to True, messages sent from discovered partners are considered unverified. That means that those messages will be delivered only if they were sent from a person who is on the recipient's Contacts list.","Name":"TreatDiscoveredPartnersAsUnverified","Option":"Write"},{"CIMType":"Boolean","Description":"When set to True, indicates that the users homed on Skype for Business Online use the same SIP domain as users homed on the on-premises version of Skype for Business Server.","Name":"SharedSipAddressSpace","Option":"Write"},{"CIMType":"Boolean","Description":"When set to True, Teamsconsumer have access only to external user profiles","Name":"RestrictTeamsConsumerToExternalUserProfiles","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Credentials of the Teams Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Name of the Azure Active Directory tenant used for authentication. Format contoso.onmicrosoft.com","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource is used to configure the Teams Federation Configuration (CsTenantFederationConfiguration).\nIn the Teams admin center this is available in 'External access' in the Users section.\n\nMore information: <https://docs.microsoft.com/en-us/microsoftteams/manage-external-access/>"},{"ClassName":"MSFT_TeamsFeedbackPolicy","Parameters":[{"CIMType":"String","Description":"Specify the name of the Teams Feedback Policy.","Name":"Identity","Option":"Key"},{"CIMType":"String","Description":"Specifies if users are allowed to give feedback.","Name":"UserInitiatedMode","Option":"Write"},{"CIMType":"String","Description":"Specifies if users are allowed to receive the survey.","Name":"ReceiveSurveysMode","Option":"Write","ValueMap":["Enabled","Disabled","EnabledUserOverride"],"Values":["Enabled","Disabled","EnabledUserOverride"]},{"CIMType":"Boolean","Description":"Specifies if Screenshot Collection is enabled or not.","Name":"AllowScreenshotCollection","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies if Email Collection is enabled or not.","Name":"AllowEmailCollection","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies if Log Collection is enabled or not.","Name":"AllowLogCollection","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies if users are allowed to provide feature suggestions","Name":"EnableFeatureSuggestions","Option":"Write"},{"CIMType":"string","Description":"Present ensures the instance exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures a Teams Feedback Policy."},{"ClassName":"MSFT_TeamsFilesPolicy","Parameters":[{"CIMType":"String","Description":"Specifies the policy instance name","Name":"Identity","Option":"Key"},{"CIMType":"String","Description":"Indicates if file sharing in chats with external users is enabled. It is by default enabled, to disable admins can run following command.","Name":"FileSharingInChatswithExternalUsers","Option":"Write","ValueMap":["Enabled","Disabled"],"Values":["Enabled","Disabled"]},{"CIMType":"String","Description":"Specifies whether users see the options to upload files from OneDrive for Business, other cloud storage services configured for the user account, and SharePoint Online","Name":"NativeFileEntryPoints","Option":"Write","ValueMap":["Enabled","Disabled"],"Values":["Enabled","Disabled"]},{"CIMType":"String","Description":"Specifies whether users see the Teams Files channel tab in any channel or in Teams chat.","Name":"SPChannelFilesTab","Option":"Write","ValueMap":["Enabled","Disabled"],"Values":["Enabled","Disabled"]},{"CIMType":"String","Description":"This can be used by the 3p apps to configure their app, so when the files will be dragged and dropped in compose, it will get uploaded in that 3P app.","Name":"DefaultFileUploadAppId","Option":"Write"},{"CIMType":"string","Description":"Present ensures the instance exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures a Teams Files Policy."},{"ClassName":"MSFT_TeamsGroupPolicyAssignment","Parameters":[{"CIMType":"string","Description":"Group Displayname of the group the policies are assigned to","Name":"GroupDisplayName","Option":"Key"},{"CIMType":"String","Description":"GroupId, alternatively to Group Displayname","Name":"GroupId","Option":"Write"},{"CIMType":"String","Description":"Teams PolicyType. The type of the policy to be assigned. Possible values:","Name":"PolicyType","Option":"Key","ValueMap":["ApplicationAccessPolicy","CallingLineIdentity","OnlineAudioConferencingRoutingPolicy","OnlineVoicemailPolicy","OnlineVoiceRoutingPolicy","TeamsAudioConferencingPolicy","TeamsCallHoldPolicy","TeamsCallParkPolicy","TeamsChannelsPolicy","TeamsComplianceRecordingPolicy","TeamsCortanaPolicy","TeamsEmergencyCallingPolicy","TeamsEnhancedEncryptionPolicy","TeamsFeedbackPolicy","TeamsFilesPolicy","TeamsIPPhonePolicy","TeamsMediaLoggingPolicy","TeamsMeetingBroadcastPolicy","TeamsMeetingPolicy","TeamsMessagingPolicy","TeamsMobilityPolicy","TeamsRoomVideoTeleConferencingPolicy","TeamsShiftsPolicy","TeamsUpdateManagementPolicy","TeamsVdiPolicy","TeamsVideoInteropServicePolicy","TenantDialPlan","ExternalAccessPolicy","TeamsAppSetupPolicy","TeamsCallingPolicy","TeamsEventsPolicy","TeamsMeetingBrandingPolicy","TeamsMeetingTemplatePermissionPolicy","TeamsVerticalPackagePolicy"],"Values":["ApplicationAccessPolicy","CallingLineIdentity","OnlineAudioConferencingRoutingPolicy","OnlineVoicemailPolicy","OnlineVoiceRoutingPolicy","TeamsAudioConferencingPolicy","TeamsCallHoldPolicy","TeamsCallParkPolicy","TeamsChannelsPolicy","TeamsComplianceRecordingPolicy","TeamsCortanaPolicy","TeamsEmergencyCallingPolicy","TeamsEnhancedEncryptionPolicy","TeamsFeedbackPolicy","TeamsFilesPolicy","TeamsIPPhonePolicy","TeamsMediaLoggingPolicy","TeamsMeetingBroadcastPolicy","TeamsMeetingPolicy","TeamsMessagingPolicy","TeamsMobilityPolicy","TeamsRoomVideoTeleConferencingPolicy","TeamsShiftsPolicy","TeamsUpdateManagementPolicy","TeamsVdiPolicy","TeamsVideoInteropServicePolicy","TenantDialPlan","ExternalAccessPolicy","TeamsAppSetupPolicy","TeamsCallingPolicy","TeamsEventsPolicy","TeamsMeetingBrandingPolicy","TeamsMeetingTemplatePermissionPolicy","TeamsVerticalPackagePolicy"]},{"CIMType":"string","Description":"Teams PolicyName. The name of the policy to be assigned.","Name":"PolicyName","Option":"Write"},{"CIMType":"string","Description":"Teams Priority. The rank of the policy assignment, relative to other group policy assignments for the same policy type","Name":"Priority","Option":"Write"},{"CIMType":"String","Description":"Present ensures the group policy assignment exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Teams Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource is used to assign Teams policy to a specified group"},{"ClassName":"MSFT_TeamsGuestCallingConfiguration","Parameters":[{"CIMType":"String","Description":"Only valid value is 'Yes'.","Name":"IsSingleInstance","Option":"Key","ValueMap":["Yes"],"Values":["Yes"]},{"CIMType":"Boolean","Description":"Designates whether guests who have been enabled for Teams can use calling functionality. If $false, guests cannot call.","Name":"AllowPrivateCalling","Option":"Required"},{"CIMType":"MSFT_Credential","Description":"Credentials of the Teams Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Name of the Azure Active Directory tenant used for authentication. Format contoso.onmicrosoft.com","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource is used to configure the Teams guest calling configuration.\n\nMore information: <https://docs.microsoft.com/en-us/microsoftteams/set-up-guests/>"},{"ClassName":"MSFT_TeamsGuestMeetingConfiguration","Parameters":[{"CIMType":"String","Description":"Only valid value is 'Yes'.","Name":"IsSingleInstance","Option":"Key","ValueMap":["Yes"],"Values":["Yes"]},{"CIMType":"boolean","Description":"Determines whether video is enabled in a user's meetings or calls. Set this to TRUE to allow guests to share their video. Set this to FALSE to prohibit guests from sharing their video.","Name":"AllowIPVideo","Option":"Write"},{"CIMType":"string","Description":"Determines whether real-time captions are available for guests in Teams meetings.","Name":"LiveCaptionsEnabledType","Option":"Write","ValueMap":["Disabled","DisabledUserOverride"],"Values":["Disabled","DisabledUserOverride"]},{"CIMType":"string","Description":"Determines the mode in which guests can share a screen in calls or meetings. Set this to SingleApplication to allow the user to share an application at a given point in time. Set this to EntireScreen to allow the user to share anything on their screens. Set this to Disabled to prohibit the user from sharing their screens.","Name":"ScreenSharingMode","Option":"Write","ValueMap":["Disabled","EntireScreen","SingleApplication"],"Values":["Disabled","EntireScreen","SingleApplication"]},{"CIMType":"boolean","Description":"Determines whether guests can start ad-hoc meetings. Set this to TRUE to allow guests to start ad-hoc meetings. Set this to FALSE to prohibit guests from starting ad-hoc meetings.","Name":"AllowMeetNow","Option":"Write"},{"CIMType":"boolean","Description":"Determines whether guests can enable post-meeting captions and transcriptions in meetings. Set this to TRUE to allow. Set this to FALSE to prohibit.","Name":"AllowTranscription","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Credentials of the Teams Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Name of the Azure Active Directory tenant used for authentication. Format contoso.onmicrosoft.com","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource is used to configure the Teams Guest Meetings Configuration.\n\nMore information: <https://docs.microsoft.com/en-us/microsoftteams/set-up-guests/>"},{"ClassName":"MSFT_TeamsGuestMessagingConfiguration","Parameters":[{"CIMType":"String","Description":"Only valid value is 'Yes'.","Name":"IsSingleInstance","Option":"Key","ValueMap":["Yes"],"Values":["Yes"]},{"CIMType":"Boolean","Description":"Determines if a user is allowed to edit their own messages.","Name":"AllowUserEditMessage","Option":"Write"},{"CIMType":"Boolean","Description":"Determines if a user is allowed to delete their own messages.","Name":"AllowUserDeleteMessage","Option":"Write"},{"CIMType":"Boolean","Description":"Determines if a user is allowed to chat.","Name":"AllowUserChat","Option":"Write"},{"CIMType":"Boolean","Description":"Turn this setting on to allow users to permanently delete their one-on-one chat, group chat, and meeting chat as participants (this deletes the chat only for them, not other users in the chat).","Name":"AllowUserDeleteChat","Option":"Write"},{"CIMType":"String","Description":"Determines Giphy content restrictions. Default value is Moderate, other options are Strict and NoRestriction.","Name":"GiphyRatingType","Option":"Write","ValueMap":["Moderate","Strict","NoRestriction"],"Values":["Moderate","Strict","NoRestriction"]},{"CIMType":"Boolean","Description":"Determines if memes are available for use.","Name":"AllowMemes","Option":"Write"},{"CIMType":"Boolean","Description":"Determines if stickers are available for use.","Name":"AllowStickers","Option":"Write"},{"CIMType":"Boolean","Description":"Determines if Giphy are available for use.","Name":"AllowGiphy","Option":"Write"},{"CIMType":"Boolean","Description":"Determines if Immersive Reader is enabled.","Name":"AllowImmersiveReader","Option":"Write"},{"CIMType":"Boolean","Description":"Determines whether a user is allowed to delete messages sent by bots. Set this to TRUE to allow. Set this to FALSE to prohibit.","Name":"UsersCanDeleteBotMessages","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Credentials of the Teams Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Name of the Azure Active Directory tenant used for authentication. Format contoso.onmicrosoft.com","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource is used to configure the Teams Guest Messaging Configuration.\n\nMore information: <https://docs.microsoft.com/en-us/microsoftteams/set-up-guests/>"},{"ClassName":"MSFT_TeamsIPPhonePolicy","Parameters":[{"CIMType":"String","Description":"Specifies the policy instance name","Name":"Identity","Option":"Key"},{"CIMType":"String","Description":"Determines whether Better Together mode is enabled, phones can lock and unlock in an integrated fashion when connected to their Windows PC running a 64-bit Teams desktop client.","Name":"AllowBetterTogether","Option":"Write","ValueMap":["Enabled","Disabled"],"Values":["Enabled","Disabled"]},{"CIMType":"String","Description":"Determines whether the Home Screen feature of the Teams IP Phones is enabled.","Name":"AllowHomeScreen","Option":"Write","ValueMap":["Enabled","EnabledUserOverride","Disabled"],"Values":["Enabled","EnabledUserOverride","Disabled"]},{"CIMType":"Boolean","Description":"Determines whether hot desking mode is enabled.","Name":"AllowHotDesking","Option":"Write"},{"CIMType":"String","Description":"Specifies the description of the policy","Name":"Description","Option":"Write"},{"CIMType":"UInt64","Description":"Determines the idle timeout value in minutes for the signed in user account. When the timeout is reached, the account is logged out.","Name":"HotDeskingIdleTimeoutInMinutes","Option":"Write"},{"CIMType":"String","Description":"Determines whether a user can search the Global Address List in Common Area Phone Mode.","Name":"SearchOnCommonAreaPhoneMode","Option":"Write","ValueMap":["Enabled","Disabled"],"Values":["Enabled","Disabled"]},{"CIMType":"String","Description":"Determines the sign in mode for the device when signing in to Teams.","Name":"SignInMode","Option":"Write","ValueMap":["UserSignIn","CommonAreaPhoneSignIn","MeetingSignIn"],"Values":["UserSignIn","CommonAreaPhoneSignIn","MeetingSignIn"]},{"CIMType":"string","Description":"Present ensures the instance exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures a Teams IP Phone Policy."},{"ClassName":"MSFT_TeamsM365App","Parameters":[{"CIMType":"String","Description":"Application ID of Microsoft Teams app.","Name":"Id","Option":"Key"},{"CIMType":"Boolean","Description":"The state of the app in the tenant.","Name":"IsBlocked","Option":"Write"},{"CIMType":"String","Description":"App availability type.","Name":"AssignmentType","Option":"Write","ValueMap":["Everyone","UsersAndGroups","NoOne"],"Values":["Everyone","UsersAndGroups","NoOne"]},{"CIMType":"String[]","Description":"List of all the users for whom the app is enabled or disabled.","Name":"Users","Option":"Write"},{"CIMType":"String[]","Description":"List of all the groups for whom the app is enabled or disabled.","Name":"Groups","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource manages Teams app. This includes app state, app availability, user who updated app availability, and the associated timestamp."},{"ClassName":"MSFT_TeamsMeetingBroadcastConfiguration","Parameters":[{"CIMType":"String","Description":"Only valid value is 'Yes'.","Name":"IsSingleInstance","Option":"Key","ValueMap":["Yes"],"Values":["Yes"]},{"CIMType":"String","Description":"Specifies a URL where broadcast event attendees can find support information or FAQs specific to that event. The URL will be displayed to the attendees during the broadcast.","Name":"SupportURL","Option":"Write"},{"CIMType":"Boolean","Description":"If set to $true, Teams meeting broadcast streams are enabled to take advantage of the network and bandwidth management capabilities of your Software Defined Network (SDN) provider.","Name":"AllowSdnProviderForBroadcastMeeting","Option":"Write"},{"CIMType":"String","Description":"Specifies the Software Defined Network (SDN) provider's name. This parameter is only required if AllowSdnProviderForBroadcastMeeting is set to $true.","Name":"SdnProviderName","Option":"Write"},{"CIMType":"String","Description":"Specifies the Software Defined Network (SDN) license identifier. This is required and provided by some SDN providers. This parameter is only required if AllowSdnProviderForBroadcastMeeting is set to $true.","Name":"SdnLicenseId","Option":"Write"},{"CIMType":"String","Description":"Specifies the Software Defined Network (SDN) provider's HTTP API endpoint. This information is provided to you by the SDN provider. This parameter is only required if AllowSdnProviderForBroadcastMeeting is set to $true.","Name":"SdnApiTemplateUrl","Option":"Write"},{"CIMType":"String","Description":"Specifies the Software Defined Network (SDN) provider's authentication token which is required to use their SDN license. This is required by some SDN providers who will give you the required token. This parameter is only required if AllowSdnProviderForBroadcastMeeting is set to $true.","Name":"SdnApiToken","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Credentials of the Teams Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Name of the Azure Active Directory tenant used for authentication. Format contoso.onmicrosoft.com","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource is used to configure the Teams Meeting Broadcast Settings.\n\nMore information: <https://docs.microsoft.com/en-us/microsoftteams/teams-live-events/configure-teams-live-events/>"},{"ClassName":"MSFT_TeamsMeetingBroadcastPolicy","Parameters":[{"CIMType":"string","Description":"The identifier of the Teams Meeting Broadcast Policy.","Name":"Identity","Option":"Key"},{"CIMType":"Boolean","Description":"Specifies whether this user can create broadcast events in Teams. This setting impacts broadcasts that use both self-service and external encoder production methods.","Name":"AllowBroadcastScheduling","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies whether real-time transcription and translation can be enabled in the broadcast event. Note: this setting is applicable to broadcast events that use Teams Meeting production only and does not apply when external encoder is used as production method.","Name":"AllowBroadcastTranscription","Option":"Write"},{"CIMType":"String","Description":"Specifies the attendee visibility mode of the broadcast events created by this user.  This setting controls who can watch the broadcast event - e.g. anyone can watch this event including anonymous users or only authenticated users in my company can watch the event.  Note: this setting is applicable to broadcast events that use Teams Meeting production only and does not apply when external encoder is used as production method.","Name":"BroadcastAttendeeVisibilityMode","Option":"Write","ValueMap":["Everyone","EveryoneInCompany","InvitedUsersInCompany","EveryoneInCompanyAndExternal","InvitedUsersInCompanyAndExternal"],"Values":["Everyone","EveryoneInCompany","InvitedUsersInCompany","EveryoneInCompanyAndExternal","InvitedUsersInCompanyAndExternal"]},{"CIMType":"String","Description":"Specifies whether broadcast events created by this user are always recorded, never recorded or user can choose whether to record or not. Note: this setting is applicable to broadcast events that use Teams Meeting production only and does not apply when external encoder is used as production method.","Name":"BroadcastRecordingMode","Option":"Write","ValueMap":["AlwaysEnabled","AlwaysDisabled","UserOverride"],"Values":["AlwaysEnabled","AlwaysDisabled","UserOverride"]},{"CIMType":"String","Description":"Present ensures the Policy exists, absent ensures it is removed","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Teams Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Name of the Azure Active Directory tenant used for authentication. Format contoso.onmicrosoft.com","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource is used to configure the Teams Meeting Broadcast Policies.\n\nMore information: <https://docs.microsoft.com/en-us/microsoftteams/teams-live-events/set-up-for-teams-live-events/>"},{"ClassName":"MSFT_TeamsMeetingConfiguration","Parameters":[{"CIMType":"String","Description":"Only valid value is 'Yes'.","Name":"IsSingleInstance","Option":"Key","ValueMap":["Yes"],"Values":["Yes"]},{"CIMType":"String","Description":"URL to a logo image. This would be included in the meeting invite. Please ensure this URL is publicly accessible for invites that go beyond your federation boundaries.","Name":"LogoURL","Option":"Write"},{"CIMType":"String","Description":"URL to a website containing legal information and meeting disclaimers. This would be included in the meeting invite. Please ensure this URL is publicly accessible for invites that go beyond your federation boundaries.","Name":"LegalURL","Option":"Write"},{"CIMType":"String","Description":"URL to a website where users can obtain assistance on joining the meeting.This would be included in the meeting invite. Please ensure this URL is publicly accessible for invites that go beyond your federation boundaries.","Name":"HelpURL","Option":"Write"},{"CIMType":"String","Description":"Text to be used on custom meeting invitations.","Name":"CustomFooterText","Option":"Write"},{"CIMType":"Boolean","Description":"Determines whether anonymous users are blocked from joining meetings in the tenant. Set this to TRUE to block anonymous users from joining. Set this to FALSE to allow anonymous users to join meetings.","Name":"DisableAnonymousJoin","Option":"Write"},{"CIMType":"Boolean","Description":"Determines if anonymous users can interact with apps in meetings. Set to TRUE to disable App interaction. ","Name":"DisableAppInteractionForAnonymousUsers","Option":"Write"},{"CIMType":"Boolean","Description":"Determines whether Quality of Service Marking for real-time media (audio, video, screen/app sharing) is enabled in the tenant. Set this to TRUE to enable and FALSE to disable.","Name":"EnableQoS","Option":"Write"},{"CIMType":"String","Description":"Determines if anonymous participants receive surveys to provide feedback about their meeting experience. Set to Disabled to disable anonymous meeting participants to receive surveys. Set to Enabled to allow anonymous meeting participants to receive surveys. Possible values: Enabled, Disabled","Name":"FeedbackSurveyForAnonymousUsers","Option":"Write","ValueMap":["Disabled","Enabled"],"Values":["Disabled","Enabled"]},{"CIMType":"Boolean","Description":"When set to True, users within the Tenant will have their presenter role capabilities limited. When set to False, the presenter role capabilities will not be impacted and will remain as is.","Name":"LimitPresenterRolePermissions","Option":"Write"},{"CIMType":"UInt32","Description":"Determines the starting port number for client audio. Minimum allowed value: 1024 Maximum allowed value: 65535 Default value: 50000.","Name":"ClientAudioPort","Option":"Write"},{"CIMType":"UInt32","Description":"Determines the total number of ports available for client audio. Default value is 20.","Name":"ClientAudioPortRange","Option":"Write"},{"CIMType":"UInt32","Description":"Determines the starting port number for client video. Minimum allowed value: 1024 Maximum allowed value: 65535 Default value: 50020.","Name":"ClientVideoPort","Option":"Write"},{"CIMType":"UInt32","Description":"Determines the total number of ports available for client video. Default value is 20.","Name":"ClientVideoPortRange","Option":"Write"},{"CIMType":"UInt32","Description":"Determines the starting port number for client screen sharing or application sharing. Minimum allowed value: 1024 Maximum allowed value: 65535 Default value: 50040.","Name":"ClientAppSharingPort","Option":"Write"},{"CIMType":"Boolean","Description":"Determines whether custom media port and range selections need to be enforced. When set to True, clients will use the specified port range for media traffic. When set to False (the default value) for any available port (from port 1024 through port 65535) will be used to accommodate media traffic.","Name":"ClientMediaPortRangeEnabled","Option":"Write"},{"CIMType":"UInt32","Description":"Determines the total number of ports available for client sharing or application sharing. Default value is 20.","Name":"ClientAppSharingPortRange","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Credentials of the Teams Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Name of the Azure Active Directory tenant used for authentication. Format contoso.onmicrosoft.com","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource is used to configure the Teams Meeting Configuration.\n\nMore information: <https://docs.microsoft.com/en-us/microsoftteams/meeting-settings-in-teams/>"},{"ClassName":"MSFT_TeamsMeetingPolicy","Parameters":[{"CIMType":"String","Description":"Identity of the Teams Meeting Policy.","Name":"Identity","Option":"Key"},{"CIMType":"String","Description":"Description of the Teams Meeting Policy.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Enables the user to use the AI Interpreter related features. Possible values: Disabled, Enabled","Name":"AIInterpreter","Option":"Write","ValueMap":["Disabled","Enabled"],"Values":["Disabled","Enabled"]},{"CIMType":"Boolean","Description":"Determines whether a user can use the Annotation feature","Name":"AllowAnnotations","Option":"Write"},{"CIMType":"Boolean","Description":"CURRENTLY DISABLED: Determines whether anonymous users can use the Call Me At feature for meeting audio.","Name":"AllowAnonymousUsersToDialOut","Option":"Write"},{"CIMType":"Boolean","Description":"Determines whether anonymous users can join the meetings that impacted users organize. Set this to TRUE to allow anonymous users to join a meeting. Set this to FALSE to prohibit them from joining a meeting.","Name":"AllowAnonymousUsersToJoinMeeting","Option":"Write"},{"CIMType":"Boolean","Description":"Determines whether anonymous users can initiate a meeting. Set this to TRUE to allow anonymous users to initiate a meeting. Set this to FALSE to prohibit them from initiating a meeting.","Name":"AllowAnonymousUsersToStartMeeting","Option":"Write"},{"CIMType":"Boolean","Description":"If admins disable avatars in 2D meetings, then users cannot represent themselves as avatars in the Gallery view. This does not disable avatars in Immersive view.","Name":"AllowAvatarsInGallery","Option":"Write"},{"CIMType":"Boolean","Description":"Determines whether or not meetings created by users with this policy are able to utilize the Breakout Rooms feature.","Name":"AllowBreakoutRooms","Option":"Write"},{"CIMType":"String","Description":"Determines whether a user can add a URL for captions from a Communications Access Real-Time Translation (CART) captioner for providing real-time captions in meetings.","Name":"AllowCartCaptionsScheduling","Option":"Write","ValueMap":["EnabledUserOverride","DisabledUserOverride","Disabled"],"Values":["EnabledUserOverride","DisabledUserOverride","Disabled"]},{"CIMType":"Boolean","Description":"Determines whether a user can schedule channel meetings. Set this to TRUE to allow a user to schedule channel meetings. Set this to FALSE to prohibit the user from scheduling channel meetings. Note this only restricts from scheduling and not from joining a meeting scheduled by another user.","Name":"AllowChannelMeetingScheduling","Option":"Write"},{"CIMType":"Boolean","Description":"Determines whether cloud recording is allowed in a user's meetings. Set this to TRUE to allow the user to be able to record meetings. Set this to FALSE to prohibit the user from recording meetings.","Name":"AllowCloudRecording","Option":"Write"},{"CIMType":"String","Description":"This setting will allow admins to choose which users will be able to use the Document Collaboration feature.","Name":"AllowDocumentCollaboration","Option":"Write","ValueMap":["Enabled","Disabled"],"Values":["Enabled","Disabled"]},{"CIMType":"String","Description":"Enables the use of RTMP-In in Teams meetings.","Name":"AllowedStreamingMediaInput","Option":"Write"},{"CIMType":"String","Description":"Controls which users should have ability to see the meeting info details on join screen. 'None' option should disable the feature completely. Possible Values: UsersAllowedToByPassTheLobby: Users who are able to bypass lobby can see the meeting info details. Everyone: All meeting participants can see the meeting info details.","Name":"AllowedUsersForMeetingDetails","Option":"Write","ValueMap":["Everyone","UsersAllowedToByPassTheLobby"],"Values":["Everyone","UsersAllowedToByPassTheLobby"]},{"CIMType":"String","Description":"Determines whether or not a meeting Organizer can track join and leave times for all users within their meetings as well as download a roster.","Name":"AllowEngagementReport","Option":"Write","ValueMap":["Enabled","Disabled","ForceEnabled"],"Values":["Enabled","Disabled","ForceEnabled"]},{"CIMType":"Boolean","Description":"Determines whether external participants can request or give control of screen sharing during meetings scheduled by this user. Set this to TRUE to allow the user to be able to give or request control. Set this to FALSE to prohibit an external user from giving or requesting control in a meeting.","Name":"AllowExternalParticipantGiveRequestControl","Option":"Write"},{"CIMType":"Boolean","Description":"If admins have disabled avatars, this does not disable using avatars in Immersive view on Teams desktop or web. Additionally, it does not prevent users from joining the Teams meeting on VR headsets.","Name":"AllowImmersiveView","Option":"Write"},{"CIMType":"Boolean","Description":"Determines whether audio is enabled in a user's meetings or calls. Set this to TRUE to allow the user to share their audioo. Set this to FALSE to prohibit the user from sharing their audio.","Name":"AllowIPAudio","Option":"Write"},{"CIMType":"Boolean","Description":"Determines whether video is enabled in a user's meetings or calls. Set this to TRUE to allow the user to share their video. Set this to FALSE to prohibit the user from sharing their video.","Name":"AllowIPVideo","Option":"Write"},{"CIMType":"Boolean","Description":"This setting will allow admins to allow users the option of turning on Meeting Coach during meetings, which provides users with private personalized feedback on their communication and inclusivity.","Name":"AllowMeetingCoach","Option":"Write"},{"CIMType":"Boolean","Description":"Determines whether or not meetings created by users with this policy are able to utilize the Meeting Reactions feature.","Name":"AllowMeetingReactions","Option":"Write"},{"CIMType":"Boolean","Description":"Controls if a user can create a webinar meeting. The default value is True.","Name":"AllowMeetingRegistration","Option":"Write"},{"CIMType":"Boolean","Description":"Determines whether a user can start ad-hoc meetings. Set this to TRUE to allow a user to start ad-hoc meetings. Set this to FALSE to prohibit the user from starting ad-hoc meetings.","Name":"AllowMeetNow","Option":"Write"},{"CIMType":"Boolean","Description":"Determines whether a user is able to use NDI (Network Device Interface) in meetings - both for output and input streams.","Name":"AllowNDIStreaming","Option":"Write"},{"CIMType":"Boolean","Description":"Determines whether network configuration setting lookups can be made by users who are not Enterprise Voice enabled. It is used to enable Network Roaming policies.","Name":"AllowNetworkConfigurationSettingsLookup","Option":"Write"},{"CIMType":"Boolean","Description":"Determines whether organizers can override lobby settings for both VOIP and PSTN. Set this to TRUE to allow. Set this to FALSE to prohibit.","Name":"AllowOrganizersToOverrideLobbySettings","Option":"Write"},{"CIMType":"Boolean","Description":"Determines whether a user can schedule Teams Meetings in Outlook desktop client. Set this to TRUE to allow the user to be able to schedule Teams meetings in Outlook client. Set this to FALSE to prohibit a user from scheduling Teams meeting in Outlook client.","Name":"AllowOutlookAddIn","Option":"Write"},{"CIMType":"Boolean","Description":"Determines whether participants can request or give control of screen sharing during meetings scheduled by this user. Set this to TRUE to allow the user to be able to give or request control. Set this to FALSE to prohibit the user from giving, requesting control in a meeting.","Name":"AllowParticipantGiveRequestControl","Option":"Write"},{"CIMType":"Boolean","Description":"Determines whether Powerpoint sharing is allowed in a user's meetings. Set this to TRUE to allow. Set this to FALSE to prohibit.","Name":"AllowPowerPointSharing","Option":"Write"},{"CIMType":"Boolean","Description":"Determines whether a user can schedule private meetings. Note this only restricts from scheduling and not from joining a meeting scheduled by another user. Set this to TRUE to allow a user to schedule private meetings. Set this to FALSE to prohibit the user from scheduling private meetings. Note this only restricts from scheduling and not from joining a meeting scheduled by another user.","Name":"AllowPrivateMeetingScheduling","Option":"Write"},{"CIMType":"Boolean","Description":"Determines whether a user can start private ad-hoc meetings. Set this to TRUE to allow a user to start private ad-hoc meetings. Set this to FALSE to prohibit the user from starting private ad-hoc meetings.","Name":"AllowPrivateMeetNow","Option":"Write"},{"CIMType":"Boolean","Description":"Determines whether PSTN users should be automatically admitted to the meetings. Set this to TRUE to allow the PSTN user to be able bypass the meetinglobby. Set this to FALSE to prohibit the PSTN user from bypassing the meetinglobby.","Name":"AllowPSTNUsersToBypassLobby","Option":"Write"},{"CIMType":"Boolean","Description":"Determines whether cloud recording can be stored out of region for go-local tenants where recording is not yet enabled.","Name":"AllowRecordingStorageOutsideRegion","Option":"Write"},{"CIMType":"Boolean","Description":"Determines whether users are allowed to take shared notes. Set this to TRUE to allow. Set this to FALSE to prohibit.","Name":"AllowSharedNotes","Option":"Write"},{"CIMType":"String","Description":"This policy setting allows for the extraction of AI-Assisted Action Items/Tasks from the Meeting Transcript.","Name":"AllowTasksFromTranscript","Option":"Write","ValueMap":["Disabled","Enabled"],"Values":["Disabled","Enabled"]},{"CIMType":"Boolean","Description":"Determines whether real-time and/or post-meeting captions and transcriptions are allowed in a user's meetings. Set this to TRUE to allow. Set this to FALSE to prohibit.","Name":"AllowTranscription","Option":"Write"},{"CIMType":"String","Description":"Determines what types of external meetings users can join. Enabled is able join all external meetings.","Name":"AllowUserToJoinExternalMeeting","Option":"Write","ValueMap":["Enabled","FederatedOnly","Disabled"],"Values":["Enabled","FederatedOnly","Disabled"]},{"CIMType":"Boolean","Description":"This setting allows scheduling meetings with customized watermarking for video enabled.","Name":"AllowWatermarkCustomizationForCameraVideo","Option":"Write"},{"CIMType":"Boolean","Description":"This setting allows scheduling meetings with customized watermarking for screen sharing enabled.","Name":"AllowWatermarkCustomizationForScreenSharing","Option":"Write"},{"CIMType":"Boolean","Description":"This setting allows scheduling meetings with watermarking for video enabled.","Name":"AllowWatermarkForCameraVideo","Option":"Write"},{"CIMType":"Boolean","Description":"This setting allows scheduling meetings with watermarking for screen sharing enabled.","Name":"AllowWatermarkForScreenSharing","Option":"Write"},{"CIMType":"Boolean","Description":"Determines whether whiteboard is allowed in a user's meetings. Set this to TRUE to allow. Set this to FALSE to prohibit.","Name":"AllowWhiteboard","Option":"Write"},{"CIMType":"String","Description":"Determines how anonymous users will be authenticated when joining a meeting. Possible values are: OneTimePasscode, if you would like anonymous users to be sent a one time passcode to their email when joining a meeting. None, if you would like to disable authentication for anonymous users joining a meeting","Name":"AnonymousUserAuthenticationMethod","Option":"Write","ValueMap":["None","OneTimePasscode"],"Values":["None","OneTimePasscode"]},{"CIMType":"String","Description":"This setting will allow admins to enable or disable Masked Attendee mode in Meetings. Masked Attendee meetings will hide attendees' identifying information (e.g., name, contact information, profile photo).","Name":"AttendeeIdentityMasking","Option":"Write","ValueMap":["Enabled","Disabled","DisabledUserOverride"],"Values":["Enabled","Disabled","DisabledUserOverride"]},{"CIMType":"String","Description":"The setting controls whether recording notification is played to all attendees or just PSTN users.","Name":"AudibleRecordingNotification","Option":"Write","ValueMap":["AllAttendees","PstnOnly"],"Values":["AllAttendees","PstnOnly"]},{"CIMType":"String","Description":"Determines what types of participants will automatically be added to meetings organized by this user. Set this to EveryoneInCompany if you would like meetings to place every external user in the lobby but allow all users in the company to join the meeting immediately. Set this to Everyone if you'd like to admit anonymous users by default. Set this to EveryoneInSameAndFederatedCompany if you would like meetings to allow federated users to join like your company's users, but place all other external users in a lobby. Set this to InvitedUsers if you would like meetings to allow only the invited users.","Name":"AutoAdmittedUsers","Option":"Write","ValueMap":["EveryoneInCompany","Everyone","EveryoneInSameAndFederatedCompany","OrganizerOnly","InvitedUsers","EveryoneInCompanyExcludingGuests"],"Values":["EveryoneInCompany","Everyone","EveryoneInSameAndFederatedCompany","OrganizerOnly","InvitedUsers","EveryoneInCompanyExcludingGuests"]},{"CIMType":"String","Description":"This setting gives admins the ability to auto-start Copilot.","Name":"AutomaticallyStartCopilot","Option":"Write","ValueMap":["Enabled","Disabled"],"Values":["Enabled","Disabled"]},{"CIMType":"String","Description":"This setting will enable Tenant Admins to turn on/off auto recording feature.","Name":"AutoRecording","Option":"Write","ValueMap":["Enabled","Disabled"],"Values":["Enabled","Disabled"]},{"CIMType":"String","Description":"A user can join a Teams meeting anonymously using a Teams client or using a custom application built using Azure Communication Services. When anonymous meeting join is enabled, both types of clients may be used by default. This optional parameter can be used to block one of the client types that can be used. The allowed values are ACS (to block the use of Azure Communication Services clients) or Teams (to block the use of Teams clients). Both can also be specified, separated by a comma, but this is equivalent to disabling anonymous join completely.","Name":"BlockedAnonymousJoinClientTypes","Option":"Write"},{"CIMType":"String","Description":"Require a verification check for meeting join.","Name":"CaptchaVerificationForMeetingJoin","Option":"Write"},{"CIMType":"String","Description":"Determines how channel meeting recordings are saved, permissioned, and who can download them.","Name":"ChannelRecordingDownload","Option":"Write","ValueMap":["Allow","Block"],"Values":["Allow","Block"]},{"CIMType":"String","Description":"Allows external connections of thirdparty apps to Microsoft Teams.","Name":"ConnectToMeetingControls","Option":"Write","ValueMap":["Enabled","Disabled"],"Values":["Enabled","Disabled"]},{"CIMType":"String","Description":"This policy allows admins to determine whether the user can share content in meetings organized by external organizations. The user should have a Teams Premium license to be protected under this policy.","Name":"ContentSharingInExternalMeetings","Option":"Write","ValueMap":["EnabledForAnyone","EnabledForTrustedOrgs","Disabled"],"Values":["EnabledForAnyone","EnabledForTrustedOrgs","Disabled"]},{"CIMType":"String","Description":"This setting allows the admin to choose whether Copilot will be enabled with a persisted transcript or a non-persisted transcript.","Name":"Copilot","Option":"Write","ValueMap":["Disabled","Enabled","EnabledWithTranscript","EnabledWithTranscriptDefaultOn"],"Values":["Disabled","Enabled","EnabledWithTranscript","EnabledWithTranscriptDefaultOn"]},{"CIMType":"Boolean","Description":"This parameter enables a setting that controls a meeting option which allows users to disable right-click or Ctrl+C to copy, Copy link, Forward message, and Share to Outlook for meeting chat messages.","Name":"CopyRestriction","Option":"Write"},{"CIMType":"String","Description":"Determines if users can change the default value of the Who can present? setting in Meeting options in the Teams client. This policy setting affects all meetings, including Meet Now meetings.","Name":"DesignatedPresenterRoleMode","Option":"Write","ValueMap":["OrganizerOnlyUserOverride","EveryoneInCompanyUserOverride","EveryoneUserOverride"],"Values":["OrganizerOnlyUserOverride","EveryoneInCompanyUserOverride","EveryoneUserOverride"]},{"CIMType":"Boolean","Description":"Allows the admin to enable sensitive content detection during screen share.","Name":"DetectSensitiveContentDuringScreenSharing","Option":"Write"},{"CIMType":"String","Description":"Determines whether or not users will be able to enroll/capture their Biometric data: Face & Voice.","Name":"EnrollUserOverride","Option":"Write","ValueMap":["Disabled","Enabled"],"Values":["Disabled","Enabled"]},{"CIMType":"String","Description":"This setting will enable Tenant Admins to turn on/off Explicit Recording Consent feature.","Name":"ExplicitRecordingConsent","Option":"Write","ValueMap":["Disabled","Enabled"],"Values":["Disabled","Enabled"]},{"CIMType":"String","Description":"Determines whether the user is allowed to join external meetings.","Name":"ExternalMeetingJoin","Option":"Write","ValueMap":["EnabledForAnyone","EnabledForTrustedOrgs","Disabled"],"Values":["EnabledForAnyone","EnabledForTrustedOrgs","Disabled"]},{"CIMType":"String","Description":"This policy controls what kind of information get shown for the user's attendance in attendance report/dashboard.","Name":"InfoShownInReportMode","Option":"Write"},{"CIMType":"String","Description":"Determines whether audio can be turned on in meetings and group calls.","Name":"IPAudioMode","Option":"Write","ValueMap":["EnabledOutgoingIncoming","Disabled"],"Values":["EnabledOutgoingIncoming","Disabled"]},{"CIMType":"String","Description":"Determines whether video can be turned on in meetings and group calls. Can only be enabled if IPAudioMode is enabled","Name":"IPVideoMode","Option":"Write","ValueMap":["EnabledOutgoingIncoming","Disabled"],"Values":["EnabledOutgoingIncoming","Disabled"]},{"CIMType":"String","Description":"Determines whether a user should have the option to view live captions or not in a meeting.","Name":"LiveCaptionsEnabledType","Option":"Write","ValueMap":["Disabled","DisabledUserOverride"],"Values":["Disabled","DisabledUserOverride"]},{"CIMType":"String","Description":"Determines how meeting organizers can configure a meeting for language interpretation, select attendees of the meeting to become interpreters that other attendees can select and listen to the real-time translation they provide.","Name":"LiveInterpretationEnabledType","Option":"Write"},{"CIMType":"String","Description":"Determines whether you provide support for your users to stream their Teams meetings to large audiences through Real-Time Messaging Protocol (RTMP).","Name":"LiveStreamingMode","Option":"Write","ValueMap":["Disabled","Enabled"],"Values":["Disabled","Enabled"]},{"CIMType":"String","Description":"Determines whether chat messages are allowed in the lobby. Possible values are: Enabled, Disabled","Name":"LobbyChat","Option":"Write","ValueMap":["Disabled","Enabled"],"Values":["Disabled","Enabled"]},{"CIMType":"UInt32","Description":"Determines the media bit rate for audio/video/app sharing transmissions in meetings.","Name":"MediaBitRateKb","Option":"Write"},{"CIMType":"String","Description":"Determines whether or not Chat will be enabled, enabled except anonymous or disabled for meetings.","Name":"MeetingChatEnabledType","Option":"Write","ValueMap":["Disabled","Enabled","EnabledExceptAnonymous"],"Values":["Disabled","Enabled","EnabledExceptAnonymous"]},{"CIMType":"String","Description":"Controls how the join information in meeting invitations is displayed by enforcing a common language or enabling up to two languages to be displayed. Note: All Teams supported languages can be specified using language codes.","Name":"MeetingInviteLanguages","Option":"Write"},{"CIMType":"SInt32","Description":"Specifies the number of days before meeting recordings will expire and move to the recycle bin. Value can be from 1 to 99,999 days. NOTE: You may opt to set Meeting Recordings to never expire by entering the value -1.","Name":"NewMeetingRecordingExpirationDays","Option":"Write"},{"CIMType":"String","Description":"Control Noises Supression Feature for PST legs joining a meeting. Possible Values: MicrosoftDefault, Enabled, Disabled","Name":"NoiseSuppressionForDialInParticipants","Option":"Write","ValueMap":["Disabled","Enabled","MicrosoftDefault"],"Values":["Disabled","Enabled","MicrosoftDefault"]},{"CIMType":"String","Description":"This setting will enable Tenant Admins to turn on/off participant renaming feature.","Name":"ParticipantNameChange","Option":"Write","ValueMap":["Disabled","Enabled"],"Values":["Disabled","Enabled"]},{"CIMType":"String","Description":"Determines whether participants can give control of presentation slides during meetings scheduled by this user. Set the type of users you want to be able to give control and be given control of presentation slides in meetings. Users excluded from the selected group will be prohibited from giving control, or being given control, in a meeting. Possible Values: Everyone: Anyone in the meeting can give or take control. EveryoneInOrganization: Only internal AAD users and Multi-Tenant Organization (MTO) users can give or take control. EveryoneInOrganizationAndGuests: Only those who are Guests to the tenant, MTO users, and internal AAD users can give or take control. None: No one in the meeting can give or take control","Name":"ParticipantSlideControl","Option":"Write","ValueMap":["Everyone","EveryoneInOrganization","EveryoneInOrganizationAndGuests","None"],"Values":["Everyone","EveryoneInOrganization","EveryoneInOrganizationAndGuests","None"]},{"CIMType":"String","Description":"Determines which Outlook Add-in the user will get as preferred Meeting provider(TeamsAndSfb or Teams).","Name":"PreferredMeetingProviderForIslandsMode","Option":"Write","ValueMap":["TeamsAndSfb","Teams"],"Values":["TeamsAndSfb","Teams"]},{"CIMType":"String","Description":"This setting enables Microsoft 365 Tenant Admins to Enable or Disable the Questions and Answers experience (Q+A).","Name":"QnAEngagementMode","Option":"Write","ValueMap":["Disabled","Enabled"],"Values":["Disabled","Enabled"]},{"CIMType":"String","Description":"Allows users to use real time text during a meeting, allowing them to communicate by typing their messages in real time. Possible Values: Enabled: User is allowed to turn on real time text. Disabled: User is not allowed to turn on real time text.","Name":"RealTimeText","Option":"Write","ValueMap":["Disabled","Enabled"],"Values":["Disabled","Enabled"]},{"CIMType":"String","Description":"Determines whether or not biometric data will be used to distinguish and or attribute in the transcript.","Name":"RoomAttributeUserOverride","Option":"Write","ValueMap":["Off","Distinguish","Attribute"],"Values":["Off","Distinguish","Attribute"]},{"CIMType":"String","Description":"Determines if people recognition option is enabled for Teams Rooms. Enabling requires the RoomAttributeUserOverride to be Attribute for allowing individual voice and face profiles to be used for recognition in meetings.","Name":"RoomPeopleNameUserOverride","Option":"Write","ValueMap":["Off","On"],"Values":["Off","On"]},{"CIMType":"String","Description":"Determines the mode in which a user can share a screen in calls or meetings. Set this to SingleApplication to allow the user to share an application at a given point in time. Set this to EntireScreen to allow the user to share anything on their screens. Set this to Disabled to prohibit the user from sharing their screens.","Name":"ScreenSharingMode","Option":"Write","ValueMap":["SingleApplication","EntireScreen","Disabled"],"Values":["SingleApplication","EntireScreen","Disabled"]},{"CIMType":"String","Description":"Participants can sign up for text message meeting reminders.","Name":"SmsNotifications","Option":"Write","ValueMap":["OnAllowOrganizerOverride","OffAllowOrganizerOverride","Off"],"Values":["OnAllowOrganizerOverride","OffAllowOrganizerOverride","Off"]},{"CIMType":"String","Description":"Determines if users are identified in transcriptions and if they can change the value of the Automatically identify me in meeting captions and transcripts setting.","Name":"SpeakerAttributionMode","Option":"Write","ValueMap":["Disabled","DisabledUserOverride","EnabledUserOverride","Enabled"],"Values":["Disabled","DisabledUserOverride","EnabledUserOverride","Enabled"]},{"CIMType":"String","Description":"Controls if Teams uses overflow capability once a meeting reaches its capacity (1,000 users with full functionality).","Name":"StreamingAttendeeMode","Option":"Write","ValueMap":["Disabled","Enabled"],"Values":["Disabled","Enabled"]},{"CIMType":"String","Description":"Determines whether or not meetings created by users with this policy are able to utilize the Camera Far-End PTZ Mode.","Name":"TeamsCameraFarEndPTZMode","Option":"Write","ValueMap":["Disabled","AutoAcceptInTenant","AutoAcceptAll"],"Values":["Disabled","AutoAcceptInTenant","AutoAcceptAll"]},{"CIMType":"String","Description":"This policy controls who can admit from the lobby.","Name":"UsersCanAdmitFromLobby","Option":"Write","ValueMap":["OrganizerAndCoOrganizersOnly","OrganizersAndPresentersOnly"],"Values":["OrganizerAndCoOrganizersOnly","OrganizersAndPresentersOnly"]},{"CIMType":"String","Description":"Determines whether you provide support for your users to enable voice isolation in Teams meeting calls.","Name":"VoiceIsolation","Option":"Write","ValueMap":["Disabled","Enabled"],"Values":["Disabled","Enabled"]},{"CIMType":"String","Description":"Enables the user to use the voice simulation feature while being AI interpreted. Possible Values: Disabled, Enabled","Name":"VoiceSimulationInInterpreter","Option":"Write","ValueMap":["Disabled","Enabled"],"Values":["Disabled","Enabled"]},{"CIMType":"String","Description":"Determines the meeting experience and watermark content of an anonymous user.","Name":"WatermarkForAnonymousUsers","Option":"Write","ValueMap":["JoinWithAudioOnly","WatermarkWithDisplayName"],"Values":["JoinWithAudioOnly","WatermarkWithDisplayName"]},{"CIMType":"SInt32","Description":"Allows the transparency of watermark to be customizable. Must be between 1 and 100 inclusive.","Name":"WatermarkForCameraVideoOpacity","Option":"Write"},{"CIMType":"String","Description":"Allows the pattern design of watermark to be customizable.","Name":"WatermarkForCameraVideoPattern","Option":"Write","ValueMap":["Single","Tiled"],"Values":["Single","Tiled"]},{"CIMType":"SInt32","Description":"Allows the transparency of watermark to be customizable. Must be between 1 and 100 inclusive.","Name":"WatermarkForScreenSharingOpacity","Option":"Write"},{"CIMType":"String","Description":"Allows the pattern design of watermark to be customizable.","Name":"WatermarkForScreenSharingPattern","Option":"Write","ValueMap":["Single","Tiled"],"Values":["Single","Tiled"]},{"CIMType":"String","Description":"Determines the background effects that a user can configure in the Teams client. ","Name":"VideoFiltersMode","Option":"Write","ValueMap":["NoFilters","BlurOnly","BlurAndDefaultBackgrounds","AllFilters"],"Values":["NoFilters","BlurOnly","BlurAndDefaultBackgrounds","AllFilters"]},{"CIMType":"String","Description":"Specifies who can attend and register for webinars.","Name":"WhoCanRegister","Option":"Write","ValueMap":["Everyone","EveryoneInCompany"],"Values":["Everyone","EveryoneInCompany"]},{"CIMType":"String","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Teams Global Admin.","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Name of the Azure Active Directory tenant used for authentication. Format contoso.onmicrosoft.com","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures the Teams Meeting Policies.\n\nMore information: <https://docs.microsoft.com/en-us/microsoftteams/meeting-policies-overview/>"},{"ClassName":"MSFT_TeamsMessagingConfiguration","Parameters":[{"CIMType":"String","Description":"Only valid value is 'Yes'.","Name":"IsSingleInstance","Option":"Key","ValueMap":["Yes"],"Values":["Yes"]},{"CIMType":"Boolean","Description":"This setting determines if closed captions will be displayed, for Teams Video Clips, during playback. Possible values: True, False","Name":"EnableVideoMessageCaptions","Option":"Write"},{"CIMType":"Boolean","Description":"This setting determines if chat regulation for internal communication in tenant is allowed. Possible Values: True, False","Name":"EnableInOrganizationChatControl","Option":"Write"},{"CIMType":"Boolean","Description":"This setting enables/disables the use of custom emojis and reactions across the whole tenant. Upon enablement, admins and/or users can define a user group that is allowed. Possible Values: True, False","Name":"CustomEmojis","Option":"Write"},{"CIMType":"String","Description":"This setting enables/disables the availability of Viva Engage storylines in Teams chats across the whole tenant.","Name":"Storyline","Option":"Write","ValueMap":["Disabled","Enabled"],"Values":["Disabled","Enabled"]},{"CIMType":"String","Description":"This setting enables/disables MessagingNotes integration across the whole tenant. Possible Values: Disabled, Enabled","Name":"MessagingNotes","Option":"Write","ValueMap":["Disabled","Enabled"],"Values":["Disabled","Enabled"]},{"CIMType":"String","Description":"This setting enables weaponizable file detection in Teams messages in the tenant. Possible Values: Enabled, Disabled","Name":"FileTypeCheck","Option":"Write","ValueMap":["Disabled","Enabled"],"Values":["Disabled","Enabled"]},{"CIMType":"String","Description":"This setting enables malicious URL detection in Teams messages in the tenant. Possible Values: Enabled, Disabled","Name":"UrlReputationCheck","Option":"Write","ValueMap":["Disabled","Enabled"],"Values":["Disabled","Enabled"]},{"CIMType":"String","Description":"This setting enables content-based phishing detection for Teams messages in the tenant.","Name":"ContentBasedPhishingCheck","Option":"Write","ValueMap":["Disabled","Enabled"],"Values":["Disabled","Enabled"]},{"CIMType":"String","Description":"This setting enables the end users to Report incorrect security detections in Teams messages in the tenant. Possible Values: Enabled, Disabled","Name":"ReportIncorrectSecurityDetections","Option":"Write","ValueMap":["Disabled","Enabled"],"Values":["Disabled","Enabled"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"}],"Description":"The TeamsMessagingConfiguration determines the messaging settings for users in your tenant."},{"ClassName":"MSFT_TeamsMessagingPolicy","Parameters":[{"CIMType":"string","Description":"Identity for the teams messaging policy you're modifying. To modify the global policy, use this syntax: -Identity global. To modify a per-user policy, use syntax similar to this: -Identity TeamsMessagingPolicy.","Name":"Identity","Option":"Key"},{"CIMType":"Boolean","Description":"This setting determines if users can chat with groups (Distribution, M365 and Security groups). Possible values: True, False","Name":"AllowChatWithGroup","Option":"Write"},{"CIMType":"Boolean","Description":"These settings enables, disables updating or fetching custom group chat avatars for the users included in the messaging policy. Possible values: True, False","Name":"AllowCustomGroupChatAvatars","Option":"Write"},{"CIMType":"Boolean","Description":"This setting enables/disables showing company name and department name in search results for MTO users. Possible values: True, False","Name":"AllowExtendedWorkInfoInSearch","Option":"Write"},{"CIMType":"Boolean","Description":"This setting determines if users with the 'Full permissions' role can delete any group or meeting chat message within their tenant. Possible values: True, False","Name":"AllowFullChatPermissionUserToDeleteAnyMessage","Option":"Write"},{"CIMType":"Boolean","Description":"Determines if Giphy images should be displayed that had been already sent or received in chat. Possible values: True, False","Name":"AllowGiphyDisplay","Option":"Write"},{"CIMType":"Boolean","Description":"This setting determines if users in a group chat can create and share join links for other users within the organization to join that chat. Possible values: True, False","Name":"AllowGroupChatJoinLinks","Option":"Write"},{"CIMType":"Boolean","Description":"Determines if a user is allowed to paste internet-based images in compose. Possible values: True, False","Name":"AllowPasteInternetImage","Option":"Write"},{"CIMType":"String","Description":"Determines whether files are automatically shared in external chats. Possible values: Enabled: Files are automatically shared in external chats. Disabled: Files are not automatically shared in external chats.","Name":"AutoShareFilesInExternalChats","Option":"Write","ValueMap":["Enabled","Disabled"],"Values":["Enabled","Disabled"]},{"CIMType":"String","Description":"Determines the Supervised Chat role of the user. Set this to Full to allow the user to supervise chats. Supervisors have the ability to initiate chats with and invite any user within the environment. Set this to Limited to allow the user to initiate conversations with Full and Limited permissioned users, but not Restricted. Set this to Restricted to block chat creation with anyone other than Full permissioned users.","Name":"ChatPermissionRole","Option":"Write","ValueMap":["Full","Limited","Restricted"],"Values":["Full","Limited","Restricted"]},{"CIMType":"Boolean","Description":"This setting enables the creation of custom emojis and reactions within an organization for the specified policy users.","Name":"CreateCustomEmojis","Option":"Write"},{"CIMType":"Boolean","Description":"These settings enable and disable the editing and deletion of custom emojis and reactions for the users included in the messaging policy.","Name":"DeleteCustomEmojis","Option":"Write"},{"CIMType":"String","Description":"This setting determines whether a user is allowed to create custom AI-powered backgrounds and images with MS Designer.Possible values are: Enabled, Disabled","Name":"DesignerForBackgroundsAndImages","Option":"Write","ValueMap":["Enabled","Disabled"],"Values":["Enabled","Disabled"]},{"CIMType":"String","Description":"This setting determines if chat regulation for internal communication in the tenant is allowed. Possible values: BlockingAllowed, BlockingDisallowed","Name":"InOrganizationChatControl","Option":"Write","ValueMap":["BlockingDisallowed","BlockingAllowed"],"Values":["BlockingDisallowed","BlockingAllowed"]},{"CIMType":"Boolean","Description":"Determines whether a user is allowed to delete messages sent by bots. Possible values are: True, False","Name":"UsersCanDeleteBotMessages","Option":"Write"},{"CIMType":"boolean","Description":"Report inappropriate content.","Name":"AllowCommunicationComplianceEndUserReporting","Option":"Write"},{"CIMType":"boolean","Description":"Determines is Fluid Collaboration should be enabled or not.","Name":"AllowFluidCollaborate","Option":"Write"},{"CIMType":"boolean","Description":"Report a security concern.","Name":"AllowSecurityEndUserReporting","Option":"Write"},{"CIMType":"boolean","Description":"Determines whether a user is allowed to access and post Giphys. Set this to TRUE to allow. Set this FALSE to prohibit.","Name":"AllowGiphy","Option":"Write"},{"CIMType":"boolean","Description":"Determines whether a user is allowed to access and post memes. Set this to TRUE to allow. Set this FALSE to prohibit.","Name":"AllowMemes","Option":"Write"},{"CIMType":"boolean","Description":"Determines whether owners are allowed to delete all the messages in their team. Set this to TRUE to allow. Set this to FALSE to prohibit.","Name":"AllowOwnerDeleteMessage","Option":"Write"},{"CIMType":"boolean","Description":"Determines whether a user is allowed to edit their own messages. Set this to TRUE to allow. Set this to FALSE to prohibit.","Name":"AllowUserEditMessage","Option":"Write"},{"CIMType":"boolean","Description":"Turn on this setting to let a user get text predictions for chat messages.","Name":"AllowSmartCompose","Option":"Write"},{"CIMType":"boolean","Description":"Turn this setting on to enable suggested replies for chat messages. Set this to TRUE to allow. Set this to FALSE to prohibit.","Name":"AllowSmartReply","Option":"Write"},{"CIMType":"boolean","Description":"Determines whether a user is allowed to access and post stickers. Set this to TRUE to allow. Set this FALSE to prohibit.","Name":"AllowStickers","Option":"Write"},{"CIMType":"boolean","Description":"Use this setting to turn automatic URL previewing on or off in messages. Set this to TRUE to turn on. Set this to FALSE to turn off.","Name":"AllowUrlPreviews","Option":"Write"},{"CIMType":"boolean","Description":"Determines whether a user is allowed to chat. Set this to TRUE to allow a user to chat across private chat, group chat and in meetings. Set this to FALSE to prohibit all chat.","Name":"AllowUserChat","Option":"Write"},{"CIMType":"boolean","Description":"Determines whether a user is allowed to delete their own messages. Set this to TRUE to allow. Set this to FALSE to prohibit.","Name":"AllowUserDeleteMessage","Option":"Write"},{"CIMType":"boolean","Description":"Determines whether a user is allowed to translate messages to their client languages. Set this to TRUE to allow. Set this to FALSE to prohibit.","Name":"AllowUserTranslation","Option":"Write"},{"CIMType":"boolean","Description":"Determines whether a user is allowed to use Immersive Reader for reading conversation messages. Set this to TRUE to allow. Set this FALSE to prohibit.","Name":"AllowImmersiveReader","Option":"Write"},{"CIMType":"boolean","Description":"Determines whether a user is allowed to remove a user from a conversation. Set this to TRUE to allow. Set this FALSE to prohibit.","Name":"AllowRemoveUser","Option":"Write"},{"CIMType":"boolean","Description":"Determines whether a user is allowed to send priorities messages. Set this to TRUE to allow. Set this FALSE to prohibit.","Name":"AllowPriorityMessages","Option":"Write"},{"CIMType":"boolean","Description":"Turn this setting on to allow users to permanently delete their 1:1, group chat, and meeting chat as participants (this deletes the chat only for them, not other users in the chat).","Name":"AllowUserDeleteChat","Option":"Write"},{"CIMType":"boolean","Description":"Determines whether a user is allowed to send video messages in Chat. Set this to TRUE to allow a user to send video messages. Set this to FALSE to prohibit sending video messages.","Name":"AllowVideoMessages","Option":"Write"},{"CIMType":"string","Description":"Provide a description of your policy to identify purpose of creating it.","Name":"Description","Option":"Write"},{"CIMType":"string","Description":"Determines the Giphy content restrictions applicable to a user. Set this to STRICT, MODERATE or NORESTRICTION.","Name":"GiphyRatingType","Option":"Write","ValueMap":["STRICT","MODERATE","NORESTRICTION"],"Values":["STRICT","MODERATE","NORESTRICTION"]},{"CIMType":"string","Description":"Use this setting to specify whether read receipts are user controlled, enabled for everyone, or disabled. Set this to UserPreference, Everyone or None.","Name":"ReadReceiptsEnabledType","Option":"Write","ValueMap":["UserPreference","Everyone","None"],"Values":["UserPreference","Everyone","None"]},{"CIMType":"string","Description":"Possible values are: DisabledUserOverride,EnabledUserOverride.","Name":"ChannelsInChatListEnabledType","Option":"Write","ValueMap":["DisabledUserOverride","EnabledUserOverride"],"Values":["DisabledUserOverride","EnabledUserOverride"]},{"CIMType":"string","Description":"Determines whether a user is allowed to send audio messages. Possible values are: ChatsAndChannels,ChatsOnly,Disabled.","Name":"AudioMessageEnabledType","Option":"Write","ValueMap":["ChatsAndChannels","ChatsOnly","Disabled"],"Values":["ChatsAndChannels","ChatsOnly","Disabled"]},{"CIMType":"String","Description":"Indicates whether B2B invites should be used to add external users when necessary. Possible values: Enabled: External users will be added using B2B invites. Disabled: External users will not be added using B2B invites.","Name":"UseB2BInvitesToAddExternalUsers","Option":"Write","ValueMap":["Enabled","Disabled"],"Values":["Enabled","Disabled"]},{"CIMType":"string","Description":"Globally unique identifier (GUID) of the tenant account whose external user communication policy are being created.","Name":"Tenant","Option":"Write"},{"CIMType":"String","Description":"Present ensures the Team Message Policy exists, absent ensures it is removed","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Teams Service Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Name of the Azure Active Directory tenant used for authentication. Format contoso.onmicrosoft.com","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource is used to configure the Teams messaging policy.\n\nMore information: <https://docs.microsoft.com/en-us/microsoftteams/messaging-policies-in-teams/>"},{"ClassName":"MSFT_TeamsMobilityPolicy","Parameters":[{"CIMType":"String","Description":"Specify the name of the Teams Mobility Policy.","Name":"Identity","Option":"Key"},{"CIMType":"String","Description":"Enables administrators to provide explanatory text about the policy. For example, the Description might indicate the users the policy should be assigned to.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"When set to WifiOnly, prohibits the user from making and receiving calls or joining meetings using VoIP calls on the mobile device while on a cellular data connection. Possible values are: WifiOnly, AllNetworks.","Name":"IPAudioMobileMode","Option":"Write","ValueMap":["WifiOnly","AllNetworks"],"Values":["WifiOnly","AllNetworks"]},{"CIMType":"String","Description":"When set to WifiOnly, prohibits the user from making and receiving video calls or enabling video in meetings using VoIP calls on the mobile device while on a cellular data connection. Possible values are: WifiOnly, AllNetworks.","Name":"IPVideoMobileMode","Option":"Write","ValueMap":["WifiOnly","AllNetworks"],"Values":["WifiOnly","AllNetworks"]},{"CIMType":"String","Description":"Determines the mobile dialer preference, possible values are: Teams, Native, UserOverride.","Name":"MobileDialerPreference","Option":"Write","ValueMap":["Teams","Native","UserOverride"],"Values":["Teams","Native","UserOverride"]},{"CIMType":"string","Description":"Present ensures the instance exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"The TeamsMobilityPolicy allows Admins to control Teams mobile usage for users."},{"ClassName":"MSFT_TeamsNetworkRoamingPolicy","Parameters":[{"CIMType":"String","Description":"Specify the name of the Teams Network Roaming Policy.","Name":"Identity","Option":"Key"},{"CIMType":"Boolean","Description":"Determines whether video is enabled in a user's meetings or calls. Set this to TRUE to allow the user to share their video. Set this to FALSE to prohibit the user from sharing their video.","Name":"AllowIPVideo","Option":"Write"},{"CIMType":"String","Description":"Description of the new policy to be created.","Name":"Description","Option":"Write"},{"CIMType":"UInt64","Description":"Determines the media bit rate for audio/video/app sharing transmissions in meetings.","Name":"MediaBitRateKb","Option":"Write"},{"CIMType":"string","Description":"Present ensures the instance exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resources configures a Teams Network Roaming Policy."},{"ClassName":"MSFT_TeamsOnlineVoicemailPolicy","Parameters":[{"CIMType":"String","Description":"Identity of the Teams Online Voicemail Policy.","Name":"Identity","Option":"Key"},{"CIMType":"Boolean","Description":"Controls if editing call answer rule settings are enabled or disabled for a user. Possible values are $true or $false.","Name":"EnableEditingCallAnswerRulesSetting","Option":"Write"},{"CIMType":"Boolean","Description":"Allows you to disable or enable voicemail transcription. Possible values are $true or $false.","Name":"EnableTranscription","Option":"Write"},{"CIMType":"Boolean","Description":"Allows you to disable or enable profanity masking for the voicemail transcriptions. Possible values are $true or $false.","Name":"EnableTranscriptionProfanityMasking","Option":"Write"},{"CIMType":"Boolean","Description":"Allows you to disable or enable translation for the voicemail transcriptions. Possible values are $true or $false.","Name":"EnableTranscriptionTranslation","Option":"Write"},{"CIMType":"String","Description":"A duration of voicemail maximum recording length. The length should be between 30 seconds to 600 seconds.","Name":"MaximumRecordingLength","Option":"Write"},{"CIMType":"String","Description":"The audio file to play to the caller after the user's voicemail greeting has played and before the caller is allowed to leave a voicemail message.","Name":"PostambleAudioFile","Option":"Write"},{"CIMType":"String","Description":"The audio file to play to the caller before the user's voicemail greeting is played.","Name":"PreambleAudioFile","Option":"Write"},{"CIMType":"Boolean","Description":"Is playing the Pre- or Post-amble mandatory before the caller can leave a message. Possible values are $true or $false.","Name":"PreamblePostambleMandatory","Option":"Write"},{"CIMType":"String","Description":"The primary (or first) language that voicemail system prompts will be presented in. Must also set SecondarySystemPromptLanguage. When set, this overrides the user language choice.","Name":"PrimarySystemPromptLanguage","Option":"Write"},{"CIMType":"String","Description":"The secondary language that voicemail system prompts will be presented in. Must also set PrimarySystemPromptLanguage and may not be the same value as PrimarySystemPromptanguage. When set, this overrides the user language choice. ","Name":"SecondarySystemPromptLanguage","Option":"Write"},{"CIMType":"String","Description":"Specifies whether voicemail and transcription data are shared with the service for training and improving accuracy. Possible values are Defer and Deny.","Name":"ShareData","Option":"Write"},{"CIMType":"String","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Teams Global Admin.","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Name of the Azure Active Directory tenant used for authentication. Format contoso.onmicrosoft.com","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures the Teams Online Voicemail Policies.\n\nMore information: <https://learn.microsoft.com/en-us/microsoftteams/manage-voicemail-policies/>"},{"ClassName":"MSFT_TeamsOnlineVoicemailUserSettings","Parameters":[{"CIMType":"String","Description":"The Identity parameter represents the ID of the specific user in your organization; this can be either a SIP URI or an Object ID.","Name":"Identity","Option":"Key"},{"CIMType":"String","Description":"The CallAnswerRule parameter represents the value of the call answer rule, which can be any of the following: DeclineCall, PromptOnly, PromptOnlyWithTransfer, RegularVoicemail, VoicemailWithTransferOption.","Name":"CallAnswerRule","Option":"Write","ValueMap":["DeclineCall","PromptOnly","PromptOnlyWithTransfer","RegularVoicemail","VoicemailWithTransferOption"],"Values":["DeclineCall","PromptOnly","PromptOnlyWithTransfer","RegularVoicemail","VoicemailWithTransferOption"]},{"CIMType":"String","Description":"The DefaultGreetingPromptOverwrite parameter represents the contents that overwrite the default normal greeting prompt. If the user's normal custom greeting is not set and DefaultGreetingPromptOverwrite is not empty, the voicemail service will play this overwrite greeting instead of the default normal greeting in the voicemail deposit scenario.","Name":"DefaultGreetingPromptOverwrite","Option":"Write"},{"CIMType":"String","Description":"The DefaultOofGreetingPromptOverwrite parameter represents the contents that overwrite the default out-of-office greeting prompt. If the user's out-of-office custom greeting is not set and DefaultOofGreetingPromptOverwrite is not empty, the voicemail service will play this overwrite greeting instead of the default out-of-office greeting in the voicemail deposit scenario.","Name":"DefaultOofGreetingPromptOverwrite","Option":"Write"},{"CIMType":"Boolean","Description":"The OofGreetingEnabled parameter represents whether to play out-of-office greeting in voicemail deposit scenario.","Name":"OofGreetingEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The OofGreetingFollowAutomaticRepliesEnabled parameter represents whether to play out-of-office greeting in voicemail deposit scenario when user set automatic replies in Outlook.","Name":"OofGreetingFollowAutomaticRepliesEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The OofGreetingFollowCalendarEnabled parameter represents whether to play out-of-office greeting in voicemail deposit scenario when user set out-of-office in calendar.","Name":"OofGreetingFollowCalendarEnabled","Option":"Write"},{"CIMType":"String","Description":"The PromptLanguage parameter represents the language that is used to play voicemail prompts.","Name":"PromptLanguage","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies whether voicemail and transcription data is shared with the service for training and improving accuracy.","Name":"ShareData","Option":"Write"},{"CIMType":"String","Description":"The TransferTarget parameter represents the target to transfer the call when call answer rule set to PromptOnlyWithTransfer or VoicemailWithTransferOption. Value of this parameter should be a SIP URI of another user in your organization. For user with Enterprise Voice enabled, a valid telephone number could also be accepted as TransferTarget.","Name":"TransferTarget","Option":"Write"},{"CIMType":"Boolean","Description":"The VoicemailEnabled parameter represents whether to enable voicemail service. If set to $false, the user has no voicemail service.","Name":"VoicemailEnabled","Option":"Write"},{"CIMType":"String","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Teams Global Admin.","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Name of the Azure Active Directory tenant used for authentication. Format contoso.onmicrosoft.com","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures a Teams User's Online Voicemail Settings."},{"ClassName":"MSFT_TeamsOnlineVoiceUser","Parameters":[{"CIMType":"String","Description":"Specifies the identity of the target user.","Name":"Identity","Option":"Key"},{"CIMType":"String","Description":"Specifies the unique identifier of the emergency location to assign to the user. Location identities can be discovered by using the Get-CsOnlineLisLocation cmdlet.","Name":"LocationID","Option":"Write"},{"CIMType":"String","Description":"Specifies the telephone number to be assigned to the user. The value must be in E.164 format: +14255043920. Setting the value to $Null clears the user's telephone number.","Name":"TelephoneNumber","Option":"Write"},{"CIMType":"String","Description":"Present ensures the online voice user exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Teams Global Admin.","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Name of the Azure Active Directory tenant used for authentication. Format contoso.onmicrosoft.com","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures the Teams Online Voice User."},{"ClassName":"MSFT_TeamsOrgWideAppSettings","Parameters":[{"CIMType":"String","Description":"Specifies the resource is a single instance, the value must be 'Yes'","Name":"IsSingleInstance","Option":"Key","ValueMap":["Yes"],"Values":["Yes"]},{"CIMType":"Boolean","Description":"Determines whether or not to allow interaction with custom apps.","Name":"IsSideloadedAppsInteractionEnabled","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Credentials of the Teams Global Admin.","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Name of the Azure Active Directory tenant used for authentication. Format contoso.onmicrosoft.com","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures Org-Wide App Settings for Teams.\n\n**Please note:** This resource does not support certificate based authentication."},{"ClassName":"MSFT_TeamsPstnUsage","Parameters":[{"CIMType":"String","Description":"An online PSTN usage (such as Local or Long Distance) that can be used in conjunction with voice routes and voice routing policies.","Name":"Usage","Option":"Key"},{"CIMType":"String","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Teams Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Name of the Azure Active Directory tenant used for authentication. Format contoso.onmicrosoft.com","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures a Teams PSTN Usage.\n\nMore information: <https://docs.microsoft.com/en-us/microsoftteams/direct-routing-voice-routing/>"},{"ClassName":"MSFT_TeamsShiftsPolicy","Parameters":[{"CIMType":"String","Description":"Specifies the policy instance name","Name":"Identity","Option":"Key"},{"CIMType":"UInt64","Description":"Determines the grace period time in minutes between when the first shift starts or last shift ends and when access is blocked","Name":"AccessGracePeriodMinutes","Option":"Write"},{"CIMType":"String","Description":"Determines the Teams access type granted to the user. Today, only unrestricted access to Teams app is supported.","Name":"AccessType","Option":"Write","ValueMap":["UnrestrictedAccess_TeamsApp"],"Values":["UnrestrictedAccess_TeamsApp"]},{"CIMType":"Boolean","Description":"Determines whether a user can manage a Shifts schedule as a team member.","Name":"EnableScheduleOwnerPermissions","Option":"Write"},{"CIMType":"String","Description":"Determines the frequency of warning dialog displayed when user opens Teams.","Name":"ShiftNoticeFrequency","Option":"Write","ValueMap":["Always","ShowOnceOnChange","Never"],"Values":["Always","ShowOnceOnChange","Never"]},{"CIMType":"String","Description":"Specifies a custom message. Must set ShiftNoticeMessageType to 'CustomMessage' to enforce this","Name":"ShiftNoticeMessageCustom","Option":"Write"},{"CIMType":"String","Description":"Specifies the warning message is shown in the blocking dialog when a user access Teams off shift hours. Select one of 7 Microsoft provided messages, a default message or a custom message.","Name":"ShiftNoticeMessageType","Option":"Write","ValueMap":["DefaultMessage","Message1","Message2","Message3","Message4","Message5","Message6","Message7","CustomMessage"],"Values":["DefaultMessage","Message1","Message2","Message3","Message4","Message5","Message6","Message7","CustomMessage"]},{"CIMType":"string","Description":"Present ensures the instance exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource allows you to create a new TeamsShiftPolicy instance and set it's properties."},{"ClassName":"MSFT_TeamsTeam","Parameters":[{"CIMType":"string","Description":"Display Name of the Team","Name":"DisplayName","Option":"Key"},{"CIMType":"string","Description":"Description of Team.","Name":"Description","Option":"Write"},{"CIMType":"string","Description":"Team group ID, only used to target a Team when duplicated display names occurs.","Name":"GroupID","Option":"Write"},{"CIMType":"string","Description":"MailNickName of O365 Group associated with Team","Name":"MailNickName","Option":"Write"},{"CIMType":"string[]","Description":"Owners of the Team. At least one entry is required.","Name":"Owner","Option":"Write"},{"CIMType":"String","Description":"Visibility of the Team","Name":"Visibility","Option":"Write","ValueMap":["Public","Private","HiddenMembership"],"Values":["Public","Private","HiddenMembership"]},{"CIMType":"Boolean","Description":"Allow add or remove apps from the Team.","Name":"AllowAddRemoveApps","Option":"Write"},{"CIMType":"Boolean","Description":"Allow giphy in Team.","Name":"AllowGiphy","Option":"Write"},{"CIMType":"string","Description":"Giphy content rating of the Team.","Name":"GiphyContentRating","Option":"Write","ValueMap":["Strict","Moderate"],"Values":["Strict","Moderate"]},{"CIMType":"Boolean","Description":"Allow stickers and mimes in the Team.","Name":"AllowStickersAndMemes","Option":"Write"},{"CIMType":"Boolean","Description":"Allow custom memes in Team.","Name":"AllowCustomMemes","Option":"Write"},{"CIMType":"Boolean","Description":"Allow members to edit messages within Team.","Name":"AllowUserEditMessages","Option":"Write"},{"CIMType":"Boolean","Description":"Allow members to delete messages within Team.","Name":"AllowUserDeleteMessages","Option":"Write"},{"CIMType":"Boolean","Description":"Allow owners to delete messages within Team.","Name":"AllowOwnerDeleteMessages","Option":"Write"},{"CIMType":"Boolean","Description":"Allow members to delete channels within Team.","Name":"AllowDeleteChannels","Option":"Write"},{"CIMType":"Boolean","Description":"Determines whether private channel creation is allowed for the team.","Name":"AllowCreatePrivateChannels","Option":"Write"},{"CIMType":"Boolean","Description":"Allow members to manage connectors within Team.","Name":"AllowCreateUpdateRemoveConnectors","Option":"Write"},{"CIMType":"Boolean","Description":"Allow members to manage tabs within Team.","Name":"AllowCreateUpdateRemoveTabs","Option":"Write"},{"CIMType":"Boolean","Description":"Allow mentions in Team.","Name":"AllowTeamMentions","Option":"Write"},{"CIMType":"Boolean","Description":"Allow channel mention in Team.","Name":"AllowChannelMentions","Option":"Write"},{"CIMType":"Boolean","Description":"Allow guests to create and update channels in Team.","Name":"AllowGuestCreateUpdateChannels","Option":"Write"},{"CIMType":"Boolean","Description":"Allow guests to delete channel in Team.","Name":"AllowGuestDeleteChannels","Option":"Write"},{"CIMType":"Boolean","Description":"Allow members to create and update channels within Team.","Name":"AllowCreateUpdateChannels","Option":"Write"},{"CIMType":"Boolean","Description":"determines whether or not private teams should be searchable from Teams clients for users who do not belong to that team.  Set to $false to make those teams not discoverable from Teams clients.","Name":"ShowInTeamsSearchAndSuggestions","Option":"Write"},{"CIMType":"String","Description":"Present ensures the Team exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Teams Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures or creates a new Team."},{"ClassName":"MSFT_TeamsTemplatesPolicy","Parameters":[{"CIMType":"String","Description":"Identity of the Teams Templates Policy.","Name":"Identity","Option":"Key"},{"CIMType":"String","Description":"Description of the Teams Templates Policy.","Name":"Description","Option":"Write"},{"CIMType":"String[]","Description":"The list of Teams templates to hide.","Name":"HiddenTemplates","Option":"Write"},{"CIMType":"String","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Teams Admin.","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Name of the Azure Active Directory tenant used for authentication. Format contoso.onmicrosoft.com","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures a Teams Templates Policy.\n\nMore information: <https://learn.microsoft.com/en-us/microsoftteams/templates-policies/>"},{"ClassName":"MSFT_TeamsVoiceNormalizationRule","Parameters":[{"CIMType":"String","Description":"A unique identifier for the rule. The Identity specified must include the scope followed by a slash and then the name; for example: site:Redmond/Rule1, where site:Redmond is the scope and Rule1 is the name. The name portion will automatically be stored in the Name property. You cannot specify values for Identity and Name in the same command.","Name":"Identity","Option":"Key"},{"CIMType":"UInt32","Description":"The order in which rules are applied. A phone number might match more than one rule. This parameter sets the order in which the rules are tested against the number.","Name":"Priority","Option":"Write"},{"CIMType":"String","Description":"A friendly description of the normalization rule.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"A regular expression that the dialed number must match in order for this rule to be applied.","Name":"Pattern","Option":"Write"},{"CIMType":"String","Description":"The regular expression pattern that will be applied to the number to convert it to E.164 format.","Name":"Translation","Option":"Write"},{"CIMType":"Boolean","Description":"If True, the result of applying this rule will be a number internal to the organization. If False, applying the rule results in an external number. This value is ignored if the value of the OptimizeDeviceDialing property of the associated dial plan is set to False.","Name":"IsInternalExtension","Option":"Write"}],"Description":"This resource is used to configure the tenant-wide dial plans for Microsoft Teams.\n\nMore information: <https://docs.microsoft.com/en-us/microsoftteams/create-and-manage-dial-plans/>"},{"ClassName":"MSFT_TeamsTenantDialPlan","Parameters":[{"CIMType":"String","Description":"The Identity parameter is a unique identifier that designates the name of the tenant dial plan. Identity is an alphanumeric string that cannot exceed 49 characters. Valid characters are alphabetic or numeric characters, hyphen (-) and dot (.). The value should not begin with a (.).","Name":"Identity","Option":"Key"},{"CIMType":"String","Description":"The Description parameter describes the tenant dial plan - what it's for, what type of user it applies to and any other information that helps to identify the purpose of the tenant dial plan. Maximum characters: 512.","Name":"Description","Option":"Write"},{"CIMType":"MSFT_TeamsVoiceNormalizationRule[]","Description":"List of normalization rules that are applied to this dial plan.","Name":"NormalizationRules","Option":"Write"},{"CIMType":"String","Description":"The SimpleName parameter is a display name for the tenant dial plan. This name must be unique among all tenant dial plans within the Skype for Business Server deployment.This string can be up to 49 characters long. Valid characters are alphabetic or numeric characters, hyphen (-), dot (.) and parentheses (()).","Name":"SimpleName","Option":"Write"},{"CIMType":"String","Description":"Specify if this dial plan should exist or not.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Teams Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Name of the Azure Active Directory tenant used for authentication. Format contoso.onmicrosoft.com","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource is used to configure the tenant-wide dial plans for Microsoft Teams.\n\nMore information: <https://docs.microsoft.com/en-us/microsoftteams/create-and-manage-dial-plans/>"},{"ClassName":"MSFT_TeamsTenantNetworkRegion","Parameters":[{"CIMType":"String","Description":"Unique identifier for the network region to be created.","Name":"Identity","Option":"Key"},{"CIMType":"String","Description":"Name of the associated Central Site.","Name":"CentralSite","Option":"Write"},{"CIMType":"String","Description":"Provide a description of the network region to identify purpose of creating it.","Name":"Description","Option":"Write"},{"CIMType":"string","Description":"Present ensures the instance exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures a Teams Tenant Network Region. A network region interconnects various parts of a network across multiple geographic areas. The RegionID parameter is a logical name that represents the geography of the region, and has no dependencies or restrictions. Tenant network region is used for Location Based Routing."},{"ClassName":"MSFT_TeamsTenantNetworkSite","Parameters":[{"CIMType":"String","Description":"Unique identifier for the network site to be created.","Name":"Identity","Option":"Key"},{"CIMType":"String","Description":"Provide a description of the network site to identify purpose of creating it.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"This parameter is used to assign a custom emergency calling policy to a network site","Name":"EmergencyCallingPolicy","Option":"Write"},{"CIMType":"String","Description":"This parameter is used to assign a custom emergency call routing policy to a network site","Name":"EmergencyCallRoutingPolicy","Option":"Write"},{"CIMType":"Boolean","Description":"This parameter determines whether the current site is enabled for location based routing.","Name":"EnableLocationBasedRouting","Option":"Write"},{"CIMType":"String","Description":"LocationPolicy is the identifier for the location policy which the current network site is associating to.","Name":"LocationPolicy","Option":"Write"},{"CIMType":"String","Description":"NetworkRegionID is the identifier for the network region which the current network site is associating to.","Name":"NetworkRegionID","Option":"Write"},{"CIMType":"String","Description":"NetworkRoamingPolicy is the identifier for the network roaming policy to which the network site will associate to.","Name":"NetworkRoamingPolicy","Option":"Write"},{"CIMType":"String","Description":"The address of current network site.","Name":"SiteAddress","Option":"Write"},{"CIMType":"string","Description":"Present ensures the instance exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures a Teams Tenant Network Site. Network sites are defined as a collection of IP subnets. Each network site must be associated with a network region. Tenant network site is used for Location Based Routing."},{"ClassName":"MSFT_TeamsTenantNetworkSubnet","Parameters":[{"CIMType":"UInt32","Description":"This parameter determines the length of bits to mask to the subnet. IPv4 format subnet accepts maskbits from 0 to 32 inclusive. IPv6 format subnet accepts maskbits from 0 to 128 inclusive.","Name":"MaskBits","Option":"Key"},{"CIMType":"String","Description":"Unique identifier for the network subnet to be created.","Name":"Identity","Option":"Key"},{"CIMType":"String","Description":"Provide a description of the network subnet to identify purpose of creating it.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"NetworkSiteID is the identifier for the network site which the current network subnet is associating to.","Name":"NetworkSiteID","Option":"Write"},{"CIMType":"string","Description":"Present ensures the instance exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures a Teams Tenant Network Subnet. Each internal subnet may only be associated with one site. Tenant network subnet is used for Location Based Routing."},{"ClassName":"MSFT_TeamsTenantTrustedIPAddress","Parameters":[{"CIMType":"String","Description":"Unique identifier for the IP address to be created.","Name":"Identity","Option":"Key"},{"CIMType":"String","Description":"Provide a description of the trusted IP address to identify purpose of creating it.","Name":"Description","Option":"Write"},{"CIMType":"UInt32","Description":"This parameter determines the length of bits to mask to the subnet.","Name":"MaskBits","Option":"Write"},{"CIMType":"string","Description":"Present ensures the instance exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures a Teams Tenant Trusted IP Address."},{"ClassName":"MSFT_TeamsTranslationRule","Parameters":[{"CIMType":"String","Description":"The Identifier of the rule. This parameter is required and later used to assign the rule to the Inbound or Outbound Trunk Normalization policy.","Name":"Identity","Option":"Key"},{"CIMType":"String","Description":"A friendly description of the normalization rule.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"A regular expression that caller or callee number must match in order for this rule to be applied.","Name":"Pattern","Option":"Write"},{"CIMType":"String","Description":"The regular expression pattern that will be applied to the number to convert it.","Name":"Translation","Option":"Write"},{"CIMType":"string","Description":"Present ensures the instance exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Cmdlet to create a new telephone number manipulation rule."},{"ClassName":"MSFT_TeamsUnassignedNumberTreatment","Parameters":[{"CIMType":"String","Description":"The Id of the treatment.","Name":"Identity","Option":"Key"},{"CIMType":"String","Description":"Free format description of this treatment.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"A regular expression that the called number must match in order for the treatment to take effect. It is best practice to start the regular expression with the hat character and end it with the dollar character. You can use various regular expression test sites on the Internet to validate the expression.","Name":"Pattern","Option":"Write"},{"CIMType":"String","Description":"The identity of the destination the call should be routed to. Depending on the TargetType it should either be the ObjectId of the user or application instance/resource account or the AudioFileId of the uploaded audio file.","Name":"Target","Option":"Write"},{"CIMType":"String","Description":"The type of target used for the treatment. Allowed values are User, ResourceAccount and Announcement.","Name":"TargetType","Option":"Write","ValueMap":["User","ResourceAccount","Announcement"],"Values":["User","ResourceAccount","Announcement"]},{"CIMType":"UInt32","Description":"The priority of the treatment. Used to distinguish identical patterns. The lower the priority the higher preference. The priority needs to be unique.","Name":"TreatmentPriority","Option":"Write"},{"CIMType":"string","Description":"Present ensures the instance exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Creates a new treatment for how calls to an unassigned number range should be routed. The call can be routed to a user, an application or to an announcement service where a custom message will be played to the caller."},{"ClassName":"MSFT_TeamsUpdateManagementPolicy","Parameters":[{"CIMType":"String","Description":"Identity of the Teams Update Management Policy.","Name":"Identity","Option":"Key"},{"CIMType":"String","Description":"The description of the Teams Update Management Policy.","Name":"Description","Option":"Write"},{"CIMType":"Boolean","Description":"Determines if managed updates should be allowed or not.","Name":"AllowManagedUpdates","Option":"Write"},{"CIMType":"Boolean","Description":"Determines if preview builds should be allowed or not.","Name":"AllowPreview","Option":"Write"},{"CIMType":"String","Description":"Determines the ring of public previews to subscribes to.","Name":"AllowPublicPreview","Option":"Write","ValueMap":["Disabled","Enabled","Forced","FollowOfficePreview"],"Values":["Disabled","Enabled","Forced","FollowOfficePreview"]},{"CIMType":"Boolean","Description":"This setting will force Teams clients to enforce session revocation for core Messaging and Calling/Meeting scenarios. If turned ON, session revocation will be enforced for calls, chats and meetings for opted-in users. If turned OFF, session revocation will not be enforced for calls, chats and meetings for opted-in users.","Name":"BlockLegacyAuthorization","Option":"Write"},{"CIMType":"String[]","Description":"List of IDs of the categories of the in-product messages that will be disabled. You can choose one of the categories from this table: 91382d07-8b89-444c-bbcb-cfe43133af33 = What's New. edf2633e-9827-44de-b34c-8b8b9717e84c = Conferences","Name":"DisabledInProductMessages","Option":"Write","ValueMap":["91382d07-8b89-444c-bbcb-cfe43133af33","edf2633e-9827-44de-b34c-8b8b9717e84c"],"Values":["91382d07-8b89-444c-bbcb-cfe43133af33","edf2633e-9827-44de-b34c-8b8b9717e84c"]},{"CIMType":"UInt32","Description":"Determines the day of week to perform the updates. Value should be between 0 and 6.","Name":"UpdateDayOfWeek","Option":"Write"},{"CIMType":"String","Description":"Determines the time of day to perform the updates. Must be a valid HH:MM format string with leading 0. For instance 08:30.","Name":"UpdateTime","Option":"Write"},{"CIMType":"String","Description":"Determines the time of day to perform the updates. Accepts a DateTime as string. Only the time will be considered.","Name":"UpdateTimeOfDay","Option":"Write"},{"CIMType":"String","Description":"Determines whether or not users will use the new Teams client.","Name":"UseNewTeamsClient","Option":"Write","ValueMap":["NewTeamsAsDefault","UserChoice","MicrosoftChoice","AdminDisabled","NewTeamsOnly"],"Values":["NewTeamsAsDefault","UserChoice","MicrosoftChoice","AdminDisabled","NewTeamsOnly"]},{"CIMType":"String","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Teams Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Name of the Azure Active Directory tenant used for authentication. Format contoso.onmicrosoft.com","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures the Teams Update policies. For additional information, please refer to <https://docs.microsoft.com/en-us/MicrosoftTeams/public-preview-doc-updates#set-the-update-policy/>"},{"ClassName":"MSFT_TeamsUpgradeConfiguration","Parameters":[{"CIMType":"String","Description":"Specifies the resource is a single instance, the value must be 'Yes'","Name":"IsSingleInstance","Option":"Key","ValueMap":["Yes"],"Values":["Yes"]},{"CIMType":"Boolean","Description":"The DownloadTeams property allows admins to control whether the Skype for Business client should automatically download Teams in the background. This Boolean setting is only honored on Windows clients, and only for certain values of the user's TeamsUpgradePolicy. If NotifySfbUser=true or if Mode=TeamsOnly in TeamsUpgradePolicy, this setting is honored. Otherwise it is ignored.","Name":"DownloadTeams","Option":"Write"},{"CIMType":"String","Description":"The SfBMeetingJoinUx property allows admins to specify which app is used to join Skype for Business meetings, even after the user has been upgraded to Teams. Allowed values are: 'SkypeMeetingsApp' and 'NativeLimitedClient'. 'NativeLimitedClient' means the existing Skype for Business rich client will be used, but since the user is upgraded, only meeting functionality is available. Calling and Messaging are done via Teams. 'SkypeMeetingsApp' means use the web-downloadable app. This setting can be useful for organizations that have upgraded to Teams and no longer want to install Skype for Business on their users' computers.","Name":"SfBMeetingJoinUx","Option":"Write","ValueMap":["SkypeMeetingsApp","NativeLimitedClient"],"Values":["SkypeMeetingsApp","NativeLimitedClient"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Teams Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Name of the Azure Active Directory tenant used for authentication. Format contoso.onmicrosoft.com","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures the Teams Upgrade settings.\n\nMore information: <https://docs.microsoft.com/en-us/MicrosoftTeams/migration-interop-guidance-for-teams-with-skype/>"},{"ClassName":"MSFT_TeamsUpgradePolicy","Parameters":[{"CIMType":"String","Description":"Identity of the Teams Upgrade Policy.","Name":"Identity","Option":"Key"},{"CIMType":"String[]","Description":"DEPRECATED. Use the TeamsUserPolicyAssignment resource instead.","Name":"Users","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies whether to move existing Skype for Business meetings organized by the user to Teams. This parameter can only be true if the mode of the specified policy instance is either TeamsOnly or SfBWithTeamsCollabAndMeetings, and if the policy instance is being granted to a specific user. It not possible to trigger meeting migration when granting TeamsUpgradePolicy to the entire tenant.","Name":"MigrateMeetingsToTeams","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Credentials of the Teams Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Name of the Azure Active Directory tenant used for authentication. Format contoso.onmicrosoft.com","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures the Teams Upgrade policies.\n\nMore information: <https://docs.microsoft.com/en-us/microsoftteams/meetings-first#prepare-for-teams-meetings-in-meetings-first/>"},{"ClassName":"MSFT_TeamsUser","Parameters":[{"CIMType":"string","Description":"Team NAme","Name":"TeamName","Option":"Key"},{"CIMType":"string","Description":"UPN of user to add to Team","Name":"User","Option":"Key"},{"CIMType":"String","Description":"User role in Team","Name":"Role","Option":"Write","ValueMap":["Guest","Member","Owner"],"Values":["Guest","Member","Owner"]},{"CIMType":"String","Description":"Present ensures the Team user exists, absent ensures it is removed","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Teams Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource is used to add new users to a team"},{"ClassName":"MSFT_TeamsUserCallingSettings","Parameters":[{"CIMType":"String","Description":"The Identity of the user to set call forwarding, simultaneous ringing and call group settings for. Can be specified using the ObjectId or the SIP address.","Name":"Identity","Option":"Key"},{"CIMType":"String","Description":"The group notification override that will be set on the specified user. The supported values are Ring, Mute and Banner.","Name":"GroupNotificationOverride","Option":"Write","ValueMap":["Ring","Mute","Banner"],"Values":["Ring","Mute","Banner"]},{"CIMType":"String","Description":"The order in which to call members of the Call Group. The supported values are Simultaneous and InOrder.","Name":"CallGroupOrder","Option":"Write"},{"CIMType":"String[]","Description":"The members of the Call Group. You need to always specify the full set of members as the parameter value. What you set here will overwrite the current call group membership.","Name":"CallGroupTargets","Option":"Write"},{"CIMType":"Boolean","Description":"This parameter controls whether forwarding for unasnwered calls is enabled or not.","Name":"IsUnansweredEnabled","Option":"Write"},{"CIMType":"String","Description":"The time the call will ring the user before it is forwarded to the unanswered target. The supported format is hh:mm:ss and the delay range needs to be between 10 and 60 seconds in 10 seconds increments, i.e. 00:00:10, 00:00:20, 00:00:30, 00:00:40, 00:00:50 and 00:01:00. The default value is 20 seconds.","Name":"UnansweredDelay","Option":"Write"},{"CIMType":"String","Description":"The unanswered target. Supported type of values are ObjectId, SIP address and phone number. For phone numbers we support the following types of formats: E.164 (+12065551234 or +1206555000;ext=1234) or non-E.164 like 1234.","Name":"UnansweredTarget","Option":"Write"},{"CIMType":"String","Description":"The unanswered target type. Supported values are Voicemail, SingleTarget, MyDelegates and Group.","Name":"UnansweredTargetType","Option":"Write","ValueMap":["Group","MyDelegates","SingleTarget","Voicemail"],"Values":["Group","MyDelegates","SingleTarget","Voicemail"]},{"CIMType":"Boolean","Description":"This parameter controls whether forwarding is enabled or not.","Name":"IsForwardingEnabled","Option":"Write"},{"CIMType":"String","Description":"The type of forwarding to set. Supported values are Immediate and Simultaneous","Name":"ForwardingType","Option":"Write","ValueMap":["Immediate","Simultaneous"],"Values":["Immediate","Simultaneous"]},{"CIMType":"String","Description":"The forwarding target type. Supported values are Voicemail, SingleTarget, MyDelegates and Group. Voicemail is only supported for Immediate forwarding.","Name":"ForwardingTargetType","Option":"Write","ValueMap":["Group","MyDelegates","SingleTarget","Voicemail"],"Values":["Group","MyDelegates","SingleTarget","Voicemail"]},{"CIMType":"String","Description":"The forwarding target. Supported types of values are ObjectId's, SIP addresses and phone numbers. For phone numbers we support the following types of formats: E.164 (+12065551234 or +1206555000;ext=1234) or non-E.164 like 1234.","Name":"ForwardingTarget","Option":"Write"},{"CIMType":"String","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Teams Global Admin.","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Name of the Azure Active Directory tenant used for authentication. Format contoso.onmicrosoft.com","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures a Teams User's Calling Settings.\n\nMore information: <https://learn.microsoft.com/en-us/microsoftteams/user-call-settings/>"},{"ClassName":"MSFT_TeamsUserPolicyAssignment","Parameters":[{"CIMType":"string","Description":"User Principal Name of the user representing the policy assignments.","Name":"User","Option":"Key"},{"CIMType":"String","Description":"Name of the Calling Line Policy.","Name":"CallingLineIdentity","Option":"Write"},{"CIMType":"String","Description":"Name of the External Access Policy.","Name":"ExternalAccessPolicy","Option":"Write"},{"CIMType":"String","Description":"Name of the Online Voicemail Policy.","Name":"OnlineVoicemailPolicy","Option":"Write"},{"CIMType":"String","Description":"Name of the Online VOice Routing Policy.","Name":"OnlineVoiceRoutingPolicy","Option":"Write"},{"CIMType":"String","Description":"Name of the Teams App Permission Policy.","Name":"TeamsAppPermissionPolicy","Option":"Write"},{"CIMType":"String","Description":"Name of the Teams App Setup Policy.","Name":"TeamsAppSetupPolicy","Option":"Write"},{"CIMType":"String","Description":"Name of the Teams Audio Conferencing Policy.","Name":"TeamsAudioConferencingPolicy","Option":"Write"},{"CIMType":"String","Description":"Name of the Teams Call Hold Policy.","Name":"TeamsCallHoldPolicy","Option":"Write"},{"CIMType":"String","Description":"Name of the Teams Calling Policy.","Name":"TeamsCallingPolicy","Option":"Write"},{"CIMType":"String","Description":"Name of the Teams Call Park Policy.","Name":"TeamsCallParkPolicy","Option":"Write"},{"CIMType":"String","Description":"Name of the Teams Channel Policy.","Name":"TeamsChannelsPolicy","Option":"Write"},{"CIMType":"String","Description":"Name of the Teams Emergency Calling Policy.","Name":"TeamsEmergencyCallingPolicy","Option":"Write"},{"CIMType":"String","Description":"Name of the Teams Emergency Call Routing Policy.","Name":"TeamsEmergencyCallRoutingPolicy","Option":"Write"},{"CIMType":"String","Description":"Name of the Teams Enhanced Encryption Policy.","Name":"TeamsEnhancedEncryptionPolicy","Option":"Write"},{"CIMType":"String","Description":"Name of the Teams Events Policy.","Name":"TeamsEventsPolicy","Option":"Write"},{"CIMType":"String","Description":"Name of the Teams Meeting Broadcast Policy.","Name":"TeamsMeetingBroadcastPolicy","Option":"Write"},{"CIMType":"String","Description":"Name of the Teams Meeting Policy.","Name":"TeamsMeetingPolicy","Option":"Write"},{"CIMType":"String","Description":"Name of the Teams Messaging Policy.","Name":"TeamsMessagingPolicy","Option":"Write"},{"CIMType":"String","Description":"Name of the Teams Mobility Policy.","Name":"TeamsMobilityPolicy","Option":"Write"},{"CIMType":"String","Description":"Name of the Teams Update Management Policy.","Name":"TeamsUpdateManagementPolicy","Option":"Write"},{"CIMType":"String","Description":"Name of the Teams Upgrade Policy.","Name":"TeamsUpgradePolicy","Option":"Write"},{"CIMType":"String","Description":"Name of the Tenant Dial Plan Policy.","Name":"TenantDialPlan","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Credentials of the Teams Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource is used to assign Teams policy to a specified user."},{"ClassName":"MSFT_TeamsVdiPolicy","Parameters":[{"CIMType":"String","Description":"Unique identity of the VDI Policy.","Name":"Identity","Option":"Key"},{"CIMType":"Boolean","Description":"Disables Audio and Video in Calls and Meeting.","Name":"DisableAudioVideoInCallsAndMeetings","Option":"Write"},{"CIMType":"Boolean","Description":"Disables Calls and Meetings.","Name":"DisableCallsAndMeetings","Option":"Write"},{"CIMType":"String","Description":"Determines whether a user can be VDI 2.0 optimized.","Name":"VDI2Optimization","Option":"Write"},{"CIMType":"string","Description":"Present ensures the instance exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource implements Teams VDI Policies."},{"ClassName":"MSFT_TeamsVoiceRoute","Parameters":[{"CIMType":"String","Description":"Identity of the Teams Voice Route.","Name":"Identity","Option":"Key"},{"CIMType":"String","Description":"BridgeSourcePhoneNumber is an E.164 formatted Operator Connect Conferencing phone number assigned to your Audio Conferencing Bridge. Using BridgeSourcePhoneNumber in an online voice route is mutually exclusive with using OnlinePstnGatewayList in the same online voice route. When using BridgeSourcePhoneNumber in an online voice route, the OnlinePstnUsages used in the online voice route should only be used in a corresponding OnlineAudioConferencingRoutingPolicy. The same OnlinePstnUsages should not be used in online voice routes that are not using BridgeSourcePhoneNumber.","Name":"BridgeSourcePhoneNumber","Option":"Write"},{"CIMType":"String","Description":"A description of what this online voice route is for.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"A regular expression that specifies the phone numbers to which this route applies. Numbers matching this pattern will be routed according to the rest of the routing settings.","Name":"NumberPattern","Option":"Write"},{"CIMType":"String[]","Description":"This parameter contains a list of online gateways associated with this online voice route.  Each member of this list must be the service Identity of the online PSTN gateway.","Name":"OnlinePstnGatewayList","Option":"Write"},{"CIMType":"String[]","Description":"A list of online PSTN usages (such as Local, Long Distance, etc.) that can be applied to this online voice route. The PSTN usage must be an existing usage (PSTN usages can be retrieved by calling the Get-CsOnlinePstnUsage cmdlet).","Name":"OnlinePstnUsages","Option":"Write"},{"CIMType":"UInt32","Description":"A number could resolve to multiple online voice routes. The priority determines the order in which the routes will be applied if more than one route is possible.","Name":"Priority","Option":"Write"},{"CIMType":"String","Description":"Present ensures the route exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Teams Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Name of the Azure Active Directory tenant used for authentication. Format contoso.onmicrosoft.com","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures a Teams Voice Route.\n\nMore information: <https://docs.microsoft.com/en-us/microsoftteams/direct-routing-voice-routing/>"},{"ClassName":"MSFT_TeamsVoiceRoutingPolicy","Parameters":[{"CIMType":"String","Description":"Identity of the Teams Voice Routing Policy.","Name":"Identity","Option":"Key"},{"CIMType":"String[]","Description":"A list of online PSTN usages (such as Local or Long Distance) that can be applied to this online voice routing policy. The online PSTN usage must be an existing usage (PSTN usages can be retrieved by calling the Get-CsOnlinePstnUsage cmdlet).","Name":"OnlinePstnUsages","Option":"Write"},{"CIMType":"String","Description":"Enables administrators to provide explanatory text to accompany an online voice routing policy. For example, the Description might include information about the users the policy should be assigned to.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Teams Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Name of the Azure Active Directory tenant used for authentication. Format contoso.onmicrosoft.com","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures a Teams Voice Routing Policy.\n\nMore information: <https://docs.microsoft.com/en-us/microsoftteams/manage-voice-routing-policies/>"},{"ClassName":"MSFT_TeamsWorkloadPolicy","Parameters":[{"CIMType":"String","Description":"Unique identity for the Teams workload policy","Name":"Identity","Option":"Key"},{"CIMType":"Boolean","Description":"Allows calling.","Name":"AllowCalling","Option":"Write"},{"CIMType":"Boolean","Description":"Allows pinning a call.","Name":"AllowCallingPinned","Option":"Write"},{"CIMType":"Boolean","Description":"Allows meetins.","Name":"AllowMeeting","Option":"Write"},{"CIMType":"Boolean","Description":"Allows pinning meetings.","Name":"AllowMeetingPinned","Option":"Write"},{"CIMType":"Boolean","Description":"Allows messaging.","Name":"AllowMessaging","Option":"Write"},{"CIMType":"Boolean","Description":"Allows pinning a message.","Name":"AllowMessagingPinned","Option":"Write"},{"CIMType":"String","Description":"Description of the policy.","Name":"Description","Option":"Write"},{"CIMType":"string","Description":"Present ensures the instance exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resources implements a Teams workload policy."},{"ClassName":"MSFT_VivaEngagementRoleMember","Parameters":[{"CIMType":"String","Description":"Name of the engagement role.","Name":"Role","Option":"Key"},{"CIMType":"String[]","Description":"User principal names of the users to assign to the role.","Name":"Members","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Manage a Viva Engage roles assigned to a user."}]
+[{"ClassName":"MSFT_MicrosoftGraphAccessReviewPrincipalScope","Parameters":[{"CIMType":"String","Description":"The query representing what will be reviewed in an access review.","Name":"Query","Option":"Write"},{"CIMType":"String","Description":"In the scenario where reviewers need to be specified dynamically, this property is used to indicate the relative source of the query. This property is only required if a relative query is specified. For example, ./manager.","Name":"QueryRoot","Option":"Write"},{"CIMType":"String","Description":"Indicates the type of query. Types include MicrosoftGraph and ARM.","Name":"QueryType","Option":"Write"},{"CIMType":"String","Description":"The type of the entity.","Name":"odataType","Option":"Required","ValueMap":["#microsoft.graph.accessReviewPrincipalScope","#microsoft.graph.accessReviewQueryScope"],"Values":["#microsoft.graph.accessReviewPrincipalScope","#microsoft.graph.accessReviewQueryScope"]},{"CIMType":"String","Description":"The type of users to include in the review. The possible values are: allUsers, guestUsers, inactiveUsers, inactiveGuestUsers.","Name":"scopeType","Option":"Write","ValueMap":["allUsers","guestUsers","inactiveUsers","inactiveGuestUsers"],"Values":["allUsers","guestUsers","inactiveUsers","inactiveGuestUsers"]}],"Description":"Azure AD Access Review Definition"},{"ClassName":"MSFT_MicrosoftGraphAccessReviewResourceScope","Parameters":[{"CIMType":"String","Description":"The query representing what will be reviewed in an access review.","Name":"Query","Option":"Write"},{"CIMType":"String","Description":"In the scenario where reviewers need to be specified dynamically, this property is used to indicate the relative source of the query. This property is only required if a relative query is specified. For example, ./manager.","Name":"QueryRoot","Option":"Write"},{"CIMType":"String","Description":"Indicates the type of query. Types include MicrosoftGraph and ARM.","Name":"QueryType","Option":"Write"},{"CIMType":"String","Description":"The type of the entity.","Name":"odataType","Option":"Required","ValueMap":["#microsoft.graph.accessReviewResourceScope","#microsoft.graph.accessReviewQueryScope"],"Values":["#microsoft.graph.accessReviewResourceScope","#microsoft.graph.accessReviewQueryScope"]},{"CIMType":"String","Description":"The display name of the resource.","Name":"displayName","Option":"Write"},{"CIMType":"String","Description":"The identifier of the resource.","Name":"resourceScopeId","Option":"Write"},{"CIMType":"String","Description":"The type of users to include in the review. The possible values are: group, catalog, servicePrincipal, directoryRole, accessPackageAssignmentPolicy.","Name":"scopeType","Option":"Write","ValueMap":["group","catalog","servicePrincipal","directoryRole","accessPackageAssignmentPolicy"],"Values":["group","catalog","servicePrincipal","directoryRole","accessPackageAssignmentPolicy"]}],"Description":"Azure AD Access Review Definition"},{"ClassName":"MSFT_MicrosoftGraphAccessReviewScope","Parameters":[{"CIMType":"String","Description":"The query representing what will be reviewed in an access review.","Name":"Query","Option":"Write"},{"CIMType":"String","Description":"In the scenario where reviewers need to be specified dynamically, this property is used to indicate the relative source of the query. This property is only required if a relative query is specified. For example, ./manager.","Name":"QueryRoot","Option":"Write"},{"CIMType":"String","Description":"Indicates the type of query. Types include MicrosoftGraph and ARM.","Name":"QueryType","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphAccessReviewPrincipalScope[]","Description":"Defines the scopes of the principals for which access to resources are reviewed in the access review.","Name":"PrincipalScopes","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphAccessReviewResourceScope[]","Description":"Defines the scopes of the resources for which access is reviewed.","Name":"ResourceScopes","Option":"Write"},{"CIMType":"String","Description":"The type of the entity.","Name":"odataType","Option":"Required","ValueMap":["#microsoft.graph.accessReviewQueryScope","#microsoft.graph.accessReviewReviewerScope","#microsoft.graph.principalResourceMembershipsScope","#microsoft.graph.accessReviewInactiveUsersQueryScope"],"Values":["#microsoft.graph.accessReviewQueryScope","#microsoft.graph.accessReviewReviewerScope","#microsoft.graph.principalResourceMembershipsScope","#microsoft.graph.accessReviewInactiveUsersQueryScope"]}],"Description":"Azure AD Access Review Definition"},{"ClassName":"MSFT_MicrosoftGraphAccessReviewScheduleSettings","Parameters":[{"CIMType":"MSFT_MicrosoftGraphAccessReviewApplyAction[]","Description":"Optional field. Describes the  actions to take once a review is complete. There are two types that are currently supported: removeAccessApplyAction (default) and disableAndDeleteUserApplyAction. Field only needs to be specified in the case of disableAndDeleteUserApplyAction.","Name":"ApplyActions","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether decisions are automatically applied. When set to false, an admin must apply the decisions manually once the reviewer completes the access review. When set to true, decisions are applied automatically after the access review instance duration ends, whether or not the reviewers have responded. Default value is false.  CAUTION: If both autoApplyDecisionsEnabled and defaultDecisionEnabled are true, all access for the principals to the resource risks being revoked if the reviewers fail to respond.","Name":"AutoApplyDecisionsEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether decisions on previous access review stages are available for reviewers on an accessReviewInstance with multiple subsequent stages. If not provided, the default is disabled (false).","Name":"DecisionHistoriesForReviewersEnabled","Option":"Write"},{"CIMType":"String","Description":"Decision chosen if defaultDecisionEnabled is enabled. Can be one of Approve, Deny, or Recommendation.","Name":"DefaultDecision","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether the default decision is enabled or disabled when reviewers do not respond. Default value is false.  CAUTION: If both autoApplyDecisionsEnabled and defaultDecisionEnabled are true, all access for the principals to the resource risks being revoked if the reviewers fail to respond.","Name":"DefaultDecisionEnabled","Option":"Write"},{"CIMType":"UInt32","Description":"Duration of each recurrence of review (accessReviewInstance) in number of days. NOTE: If the stageSettings of the accessReviewScheduleDefinition object is defined, its durationInDays setting will be used instead of the value of this property.","Name":"InstanceDurationInDays","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether reviewers are required to provide justification with their decision. Default value is false.","Name":"JustificationRequiredOnApproval","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether emails are enabled or disabled. Default value is false.","Name":"MailNotificationsEnabled","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphAccessReviewRecommendationInsightSetting[]","Description":"Optional. Describes the types of insights that aid reviewers to make access review decisions. NOTE: If the stageSettings of the accessReviewScheduleDefinition object is defined, its recommendationInsightSettings setting will be used instead of the value of this property.","Name":"RecommendationInsightSettings","Option":"Write"},{"CIMType":"String","Description":"Optional field. Indicates the period of inactivity (with respect to the start date of the review instance) that recommendations will be configured from. The recommendation will be to deny if the user is inactive during the look-back duration. For reviews of groups and Microsoft Entra roles, any duration is accepted. For reviews of applications, 30 days is the maximum duration. If not specified, the duration is 30 days. NOTE: If the stageSettings of the accessReviewScheduleDefinition object is defined, its recommendationLookBackDuration setting will be used instead of the value of this property.","Name":"RecommendationLookBackDuration","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether decision recommendations are enabled or disabled. NOTE: If the stageSettings of the accessReviewScheduleDefinition object is defined, its recommendationsEnabled setting will be used instead of the value of this property.","Name":"RecommendationsEnabled","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphPatternedRecurrence","Description":"Detailed settings for recurrence using the standard Outlook recurrence object. Note: Only dayOfMonth, interval, and type (weekly, absoluteMonthly) properties are supported. Use the property startDate on recurrenceRange to determine the day the review starts.","Name":"Recurrence","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether reminders are enabled or disabled. Default value is false.","Name":"ReminderNotificationsEnabled","Option":"Write"}],"Description":"Azure AD Access Review Definition"},{"ClassName":"MSFT_MicrosoftGraphAccessReviewApplyAction","Parameters":[{"CIMType":"String","Description":"The type of the entity.","Name":"odataType","Option":"Write","ValueMap":["#microsoft.graph.disableAndDeleteUserApplyAction","#microsoft.graph.removeAccessApplyAction"],"Values":["#microsoft.graph.disableAndDeleteUserApplyAction","#microsoft.graph.removeAccessApplyAction"]}],"Description":"Azure AD Access Review Definition"},{"ClassName":"MSFT_MicrosoftGraphAccessReviewRecommendationInsightSetting","Parameters":[{"CIMType":"String","Description":"Optional. Indicates the time period of inactivity (with respect to the start date of the review instance) that recommendations will be configured from. The recommendation will be to deny if the user is inactive during the look-back duration. For reviews of groups and Microsoft Entra roles, any duration is accepted. For reviews of applications, 30 days is the maximum duration. If not specified, the duration is 30 days.","Name":"RecommendationLookBackDuration","Option":"Write"},{"CIMType":"String","Description":"Indicates whether inactivity is calculated based on the user's inactivity in the tenant or in the application. The possible values are tenant, application, unknownFutureValue. application is only relevant when the access review is a review of an assignment to an application.","Name":"SignInScope","Option":"Write","ValueMap":["tenant","application","unknownFutureValue"],"Values":["tenant","application","unknownFutureValue"]},{"CIMType":"String","Description":"The type of the entity.","Name":"odataType","Option":"Write","ValueMap":["#microsoft.graph.groupPeerOutlierRecommendationInsightSettings","#microsoft.graph.userLastSignInRecommendationInsightSetting"],"Values":["#microsoft.graph.groupPeerOutlierRecommendationInsightSettings","#microsoft.graph.userLastSignInRecommendationInsightSetting"]}],"Description":"Azure AD Access Review Definition"},{"ClassName":"MSFT_MicrosoftGraphPatternedRecurrence","Parameters":[{"CIMType":"MSFT_MicrosoftGraphRecurrencePattern","Description":"The frequency of an event. Do not specify for a one-time access review.  For access reviews: Do not specify this property for a one-time access review.   Only interval, dayOfMonth, and type (weekly, absoluteMonthly) properties of recurrencePattern are supported.","Name":"Pattern","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphRecurrenceRange","Description":"The duration of an event.","Name":"Range","Option":"Write"}],"Description":"Azure AD Access Review Definition"},{"ClassName":"MSFT_MicrosoftGraphRecurrencePattern","Parameters":[{"CIMType":"UInt32","Description":"The day of the month on which the event occurs. Required if type is absoluteMonthly or absoluteYearly.","Name":"DayOfMonth","Option":"Write"},{"CIMType":"String[]","Description":"A collection of the days of the week on which the event occurs. The possible values are: sunday, monday, tuesday, wednesday, thursday, friday, saturday. If type is relativeMonthly or relativeYearly, and daysOfWeek specifies more than one day, the event falls on the first day that satisfies the pattern.  Required if type is weekly, relativeMonthly, or relativeYearly.","Name":"DaysOfWeek","Option":"Write"},{"CIMType":"String","Description":"The first day of the week. The possible values are: sunday, monday, tuesday, wednesday, thursday, friday, saturday. Default is sunday. Required if type is weekly.","Name":"FirstDayOfWeek","Option":"Write"},{"CIMType":"String","Description":"Specifies on which instance of the allowed days specified in daysOfWeek the event occurs, counted from the first instance in the month. The possible values are: first, second, third, fourth, last. Default is first. Optional and used if type is relativeMonthly or relativeYearly.","Name":"Index","Option":"Write","ValueMap":["first","second","third","fourth","last"],"Values":["first","second","third","fourth","last"]},{"CIMType":"UInt32","Description":"The number of units between occurrences, where units can be in days, weeks, months, or years, depending on the type. Required.","Name":"Interval","Option":"Write"},{"CIMType":"UInt32","Description":"The month in which the event occurs.  This is a number from 1 to 12.","Name":"Month","Option":"Write"},{"CIMType":"String","Description":"The recurrence pattern type: daily, weekly, absoluteMonthly, relativeMonthly, absoluteYearly, relativeYearly. Required. For more information, see values of type property.","Name":"Type","Option":"Write","ValueMap":["daily","weekly","absoluteMonthly","relativeMonthly","absoluteYearly","relativeYearly"],"Values":["daily","weekly","absoluteMonthly","relativeMonthly","absoluteYearly","relativeYearly"]}],"Description":"Azure AD Access Review Definition"},{"ClassName":"MSFT_MicrosoftGraphRecurrenceRange","Parameters":[{"CIMType":"String","Description":"The date to stop applying the recurrence pattern. Depending on the recurrence pattern of the event, the last occurrence of the meeting may not be this date. Required if type is endDate.","Name":"EndDate","Option":"Write"},{"CIMType":"UInt32","Description":"The number of times to repeat the event. Required and must be positive if type is numbered.","Name":"NumberOfOccurrences","Option":"Write"},{"CIMType":"String","Description":"Time zone for the startDate and endDate properties. Optional. If not specified, the time zone of the event is used.","Name":"RecurrenceTimeZone","Option":"Write"},{"CIMType":"String","Description":"The date to start applying the recurrence pattern. The first occurrence of the meeting may be this date or later, depending on the recurrence pattern of the event. Must be the same value as the start property of the recurring event. Required.","Name":"StartDate","Option":"Write"},{"CIMType":"String","Description":"The recurrence range. Possible values are: endDate, noEnd, numbered. Required.","Name":"Type","Option":"Write","ValueMap":["endDate","noEnd","numbered"],"Values":["endDate","noEnd","numbered"]}],"Description":"Azure AD Access Review Definition"},{"ClassName":"MSFT_MicrosoftGraphAccessReviewStageSettings","Parameters":[{"CIMType":"String[]","Description":"Indicate which decisions will go to the next stage. Can be a subset of Approve, Deny, Recommendation, or NotReviewed. If not provided, all decisions will go to the next stage. Optional.","Name":"DecisionsThatWillMoveToNextStage","Option":"Write"},{"CIMType":"String[]","Description":"Defines the sequential or parallel order of the stages and depends on the stageId. Only sequential stages are currently supported. For example, if stageId is 2, then dependsOn must be 1. If stageId is 1, don't specify dependsOn. Required if stageId isn't 1.","Name":"DependsOnValue","Option":"Write"},{"CIMType":"UInt32","Description":"The duration of the stage. Required.  NOTE: The cumulative value of this property across all stages  1. Will override the instanceDurationInDays setting on the accessReviewScheduleDefinition object. 2. Can't exceed the length of one recurrence. That is, if the review recurs weekly, the cumulative durationInDays can't exceed 7.","Name":"DurationInDays","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphAccessReviewRecommendationInsightSetting[]","Description":"Recommendation Insights Settings","Name":"RecommendationInsightSettings","Option":"Write"},{"CIMType":"String","Description":"Optional field. Indicates the time period of inactivity (with respect to the start date of the review instance) from which that recommendations will be configured. The recommendation is to deny if the user is inactive during the look back duration. For reviews of groups and Microsoft Entra roles, any duration is accepted. For reviews of applications, 30 days is the maximum duration. If not specified, the duration is 30 days. NOTE: The value of this property overrides the corresponding setting on the accessReviewScheduleDefinition object.","Name":"RecommendationLookBackDuration","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether showing recommendations to reviewers is enabled. Required. NOTE: The value of this property overrides the corresponding setting on the accessReviewScheduleDefinition object.","Name":"RecommendationsEnabled","Option":"Required"},{"CIMType":"String","Description":"Unique identifier of the accessReviewStageSettings. The stageId is used in dependsOn property to indicate the stage relationship. Required.","Name":"StageId","Option":"Write"}],"Description":"Azure AD Access Review Definition"},{"ClassName":"MSFT_AADAccessReviewDefinitionReviewer","Parameters":[{"CIMType":"String","Description":"Indicates the display name of the current reviewer, either of a group or of a user.","Name":"DisplayName","Option":"Write"},{"CIMType":"String","Description":"Indicates the type of reviewer. Possible values: Manager, Owner, User, Group","Name":"Type","Option":"Required","ValueMap":["Manager","Owner","User","Group"],"Values":["Manager","Owner","User","Group"]},{"CIMType":"String","Description":"Indicates the type of reviewer. Possible values: User, Group, Self, Manager, Sponsor, ResourceOwner, ManagerOrSponsor","Name":"ScopeType","Option":"Write","ValueMap":["User","Group","Self","Manager","Sponsor","ResourceOwner","ManagerOrSponsor"],"Values":["User","Group","Self","Manager","Sponsor","ResourceOwner","ManagerOrSponsor"]}],"Description":"Azure AD Access Review Definition"},{"ClassName":"MSFT_AADAccessReviewDefinition","Parameters":[{"CIMType":"String","Description":"Name of the access review series. Supports $select and $orderby. Required on create.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"Description provided by review creators to provide more context of the review to admins. Supports $select.","Name":"DescriptionForAdmins","Option":"Write"},{"CIMType":"String","Description":"Description provided  by review creators to provide more context of the review to reviewers. Reviewers see this description in the email sent to them requesting their review. Email notifications support up to 256 characters. Supports $select.","Name":"DescriptionForReviewers","Option":"Write"},{"CIMType":"MSFT_AADAccessReviewDefinitionReviewer[]","Description":"The fallback reviewers of the access review.","Name":"FallbackReviewers","Option":"Write"},{"CIMType":"MSFT_AADAccessReviewDefinitionReviewer[]","Description":"The reviewers of the access review.","Name":"Reviewers","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphaccessReviewScope","Description":"Defines the entities whose access is reviewed. For supported scopes, see accessReviewScope. Required on create. Supports $select and $filter (contains only). For examples of options for configuring scope, see Configure the scope of your access review definition using the Microsoft Graph API.","Name":"ScopeValue","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphaccessReviewScheduleSettings","Description":"The settings for an access review series, see type definition below. Supports $select. Required on create.","Name":"SettingsValue","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphaccessReviewStageSettings[]","Description":"Required only for a multi-stage access review to define the stages and their settings. You can break down each review instance into up to three sequential stages, where each stage can have a different set of reviewers, fallback reviewers, and settings. Stages are created sequentially based on the dependsOn property. Optional.  When this property is defined, its settings are used instead of the corresponding settings in the accessReviewScheduleDefinition object and its settings, reviewers, and fallbackReviewers properties.","Name":"StageSettings","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Azure AD Access Review Definition"},{"ClassName":"MSFT_AADAccessReviewPolicy","Parameters":[{"CIMType":"String","Description":"Only valid value is 'Yes'.","Name":"IsSingleInstance","Option":"Key","ValueMap":["Yes"],"Values":["Yes"]},{"CIMType":"Boolean","Description":"If true, group owners can create and manage access reviews on groups they own.","Name":"IsGroupOwnerManagementEnabled","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Use this resource to monitor the access review policy object."},{"ClassName":"MSFT_AADActivityBasedTimeoutPolicy","Parameters":[{"CIMType":"String","Description":"Display name for this policy. Required.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"Id of the policy","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"Timeout value in hh:mm:ss for c44b4083-3bb0-49c1-b47d-974e53cbdf3c: applies the policy to the Azure portal.","Name":"AzurePortalTimeOut","Option":"Write"},{"CIMType":"String","Description":"Timeout value in hh:mm:ss for default: applies the policy to all applications that support activity-based timeout functionality but don't have application-specific override.","Name":"DefaultTimeOut","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configure the Azure AD Activity Based Timeout Policy"},{"ClassName":"MSFT_AADAdminConsentRequestPolicyReviewer","Parameters":[{"CIMType":"String","Description":"Type of reviewwer. Can be User, Group or Role","Name":"ReviewerType","Option":"Write"},{"CIMType":"String","Description":"Identifier for the reviewer instance.","Name":"ReviewerId","Option":"Key"},{"CIMType":"String","Description":"Associated query.","Name":"QueryRoot","Option":"Write"}],"Description":"Configures the Admin Consent Request Policy in Entra Id."},{"ClassName":"MSFT_AADAdminConsentRequestPolicy","Parameters":[{"CIMType":"String","Description":"Only valid value is 'Yes'.","Name":"IsSingleInstance","Option":"Key","ValueMap":["Yes"],"Values":["Yes"]},{"CIMType":"Boolean","Description":"Determines if the policy is enabled or not.","Name":"IsEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies whether reviewers will receive notifications.","Name":"NotifyReviewers","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies whether reviewers will receive reminder emails.","Name":"RemindersEnabled","Option":"Write"},{"CIMType":"UInt32","Description":"Specifies the duration the request is active before it automatically expires if no decision is applied.","Name":"RequestDurationInDays","Option":"Write"},{"CIMType":"MSFT_AADAdminConsentRequestPolicyReviewer[]","Description":"The list of reviewers for the admin consent.","Name":"Reviewers","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory application to authenticate with.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Configures the Admin Consent Request Policy in Entra Id."},{"ClassName":"MSFT_MicrosoftGraphMember","Parameters":[{"CIMType":"String","Description":"Identity of member. For users, specify a UserPrincipalName. For groups, devices and serviceprincipals, specify DisplayName","Name":"Identity","Option":"Key"},{"CIMType":"String","Description":"Specify User, Group or Device to interpret the identity for Members. Specify User, Group or ServicePrincipal for ScopedRoleMembers.","Name":"Type","Option":"Key","ValueMap":["User","Group","Device","ServicePrincipal"],"Values":["User","Group","Device","ServicePrincipal"]}],"Description":"This resource configures an Azure AD Administrative Unit."},{"ClassName":"MSFT_MicrosoftGraphScopedRoleMembership","Parameters":[{"CIMType":"String","Description":"Name of the Azure AD Role that is assigned. See https://learn.microsoft.com/en-us/azure/active-directory/roles/admin-units-assign-roles#roles-that-can-be-assigned-with-administrative-unit-scope","Name":"RoleName","Option":"Key"},{"CIMType":"MSFT_MicrosoftGraphMember","Description":"Member that is assigned the scoped role. Note: Any groups must be role-enabled","Name":"RoleMemberInfo","Option":"Write"}],"Description":"This resource configures an Azure AD Administrative Unit."},{"ClassName":"MSFT_AADAdministrativeUnit","Parameters":[{"CIMType":"String","Description":"DisplayName of the Administrative Unit","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"Object-Id of the Administrative Unit","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"Description of the Administrative Unit","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Visibility of the Administrative Unit. Specify HiddenMembership if members of the AU are hidden","Name":"Visibility","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether the management rights on resources in the administrative units should be restricted to ONLY the administrators scoped on the administrative unit object.","Name":"IsMemberManagementRestricted","Option":"Write"},{"CIMType":"String","Description":"Specify membership type. Possible values are Assigned and Dynamic. Note that the functionality is currently in preview.","Name":"MembershipType","Option":"Write"},{"CIMType":"String","Description":"Specify membership rule. Requires that MembershipType is set to Dynamic. Note that the functionality is currently in preview.","Name":"MembershipRule","Option":"Write"},{"CIMType":"String","Description":"Specify dynamic membership-rule processing-state. Valid values are 'On' and 'Paused'. Requires that MembershipType is set to Dynamic. Note that the functionality is currently in preview.","Name":"MembershipRuleProcessingState","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphMember[]","Description":"Specify members. Only specify if MembershipType is NOT set to Dynamic","Name":"Members","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphScopedRoleMembership[]","Description":"Specify Scoped Role Membership. Note: Any groups must be role-enabled","Name":"ScopedRoleMembers","Option":"Write"},{"CIMType":"string","Description":"Present ensures the Administrative Unit exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Intune Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory application to authenticate with.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures an Azure AD Administrative Unit."},{"ClassName":"MSFT_AADAgreement","Parameters":[{"CIMType":"String","Description":"The display name of the agreement.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"The unique identifier of the agreement.","Name":"Id","Option":"Write"},{"CIMType":"Boolean","Description":"Whether the user is required to view the agreement document before accepting.","Name":"IsViewingBeforeAcceptanceRequired","Option":"Write"},{"CIMType":"Boolean","Description":"Whether the agreement is per device or per user.","Name":"IsPerDeviceAcceptanceRequired","Option":"Write"},{"CIMType":"String","Description":"Duration after which the user must re-accept the terms of use. Must be in ISO 8601 duration format.","Name":"UserReacceptRequiredFrequency","Option":"Write"},{"CIMType":"String","Description":"The acceptance statement included in the agreement.","Name":"AcceptanceStatement","Option":"Write"},{"CIMType":"String","Description":"The content of the agreement file.","Name":"FileData","Option":"Write"},{"CIMType":"String","Description":"The name of the agreement file.","Name":"FileName","Option":"Write"},{"CIMType":"String","Description":"The language of the agreement file.","Name":"Language","Option":"Write"},{"CIMType":"String","Description":"Specify if the agreement should exist or not.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory application to authenticate with.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures Azure AD Terms of Use Agreements in Entra ID."},{"ClassName":"MSFT_AADApplicationOnPremisesPublishingSegmentCORS","Parameters":[{"CIMType":"String[]","Description":"The request headers that the origin domain may specify on the CORS request. The wildcard character * indicates that any header beginning with the specified prefix is allowed.","Name":"allowedHeaders","Option":"Write"},{"CIMType":"UInt32","Description":"The maximum amount of time that a browser should cache the response to the preflight OPTIONS request.","Name":"maxAgeInSeconds","Option":"Write"},{"CIMType":"String","Description":"Resource within the application segment for which CORS permissions are granted. / grants permission for whole app segment.","Name":"resource","Option":"Write"},{"CIMType":"String[]","Description":"The HTTP request methods that the origin domain may use for a CORS request.","Name":"allowedMethods","Option":"Write"},{"CIMType":"String[]","Description":"The origin domains that are permitted to make a request against the service via CORS. The origin domain is the domain from which the request originates. The origin must be an exact case-sensitive match with the origin that the user age sends to the service.","Name":"allowedOrigins","Option":"Write"}],"Description":"This resource configures an Azure Active Directory Application."},{"ClassName":"MSFT_AADApplicationOnPremisesPublishingSegment","Parameters":[{"CIMType":"String","Description":"If you're configuring a traffic manager in front of multiple App Proxy application segments, contains the user-friendly URL that will point to the traffic manager.","Name":"alternateUrl","Option":"Write"},{"CIMType":"MSFT_AADApplicationOnPremisesPublishingSegmentCORS[]","Description":"CORS Rule definition for a particular application segment.","Name":"corsConfigurations","Option":"Write"},{"CIMType":"String","Description":"The published external URL for the application segment; for example, https://intranet.contoso.com./","Name":"externalUrl","Option":"Write"},{"CIMType":"String","Description":"The internal URL of the application segment; for example, https://intranet/.","Name":"internalUrl","Option":"Write"}],"Description":"This resource configures an Azure Active Directory Application."},{"ClassName":"MSFT_AADApplicationOnPremisesPublishingSingleSignOnSettingKerberos","Parameters":[{"CIMType":"String","Description":"The Internal Application SPN of the application server. This SPN needs to be in the list of services to which the connector can present delegated credentials.","Name":"kerberosServicePrincipalName","Option":"Write"},{"CIMType":"String","Description":"The Delegated Login Identity for the connector to use on behalf of your users. For more information, see Working with different on-premises and cloud identities . Possible values are: userPrincipalName, onPremisesUserPrincipalName, userPrincipalUsername, onPremisesUserPrincipalUsername, onPremisesSAMAccountName.","Name":"kerberosSignOnMappingAttributeType","Option":"Write"}],"Description":"This resource configures an Azure Active Directory Application."},{"ClassName":"MSFT_AADApplicationOnPremisesPublishingSingleSignOnSetting","Parameters":[{"CIMType":"String","Description":"The preferred single-sign on mode for the application. Possible values are: none, onPremisesKerberos, aadHeaderBased,pingHeaderBased, oAuthToken.","Name":"singleSignOnMode","Option":"Write"},{"CIMType":"MSFT_AADApplicationOnPremisesPublishingSingleSignOnSettingKerberos","Description":"The Kerberos Constrained Delegation settings for applications that use Integrated Window Authentication.","Name":"kerberosSignOnSettings","Option":"Write"}],"Description":"This resource configures an Azure Active Directory Application."},{"ClassName":"MSFT_AADApplicationOnPremisesPublishing","Parameters":[{"CIMType":"String","Description":"If you're configuring a traffic manager in front of multiple App Proxy applications, the alternateUrl is the user-friendly URL that points to the traffic manager.","Name":"alternateUrl","Option":"Write"},{"CIMType":"String","Description":"The duration the connector waits for a response from the backend application before closing the connection. Possible values are default, long.","Name":"applicationServerTimeout","Option":"Write"},{"CIMType":"String","Description":"Details the pre-authentication setting for the application. Pre-authentication enforces that users must authenticate before accessing the app. Pass through doesn't require authentication. Possible values are: passthru, aadPreAuthentication.","Name":"externalAuthenticationType","Option":"Write"},{"CIMType":"String","Description":"The published external url for the application. For example, https://intranet-contoso.msappproxy.net/.","Name":"externalUrl","Option":"Write"},{"CIMType":"String","Description":"The internal url of the application. For example, https://intranet/.","Name":"internalUrl","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether backend SSL certificate validation is enabled for the application. For all new Application Proxy apps, the property is set to true by default. For all existing apps, the property is set to false.","Name":"isBackendCertificateValidationEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates if the HTTPOnly cookie flag should be set in the HTTP response headers. Set this value to true to have Application Proxy cookies include the HTTPOnly flag in the HTTP response headers. If using Remote Desktop Services, set this value to False. Default value is false.","Name":"isHttpOnlyCookieEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates if the Persistent cookie flag should be set in the HTTP response headers. Keep this value set to false. Only use this setting for applications that can't share cookies between processes. For more information about cookie settings, see Cookie settings for accessing on-premises applications in Microsoft Entra ID. Default value is false.","Name":"isPersistentCookieEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates if the Secure cookie flag should be set in the HTTP response headers. Set this value to true to transmit cookies over a secure channel such as an encrypted HTTPS request. Default value is true.","Name":"isSecureCookieEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether validation of the state parameter when the client uses the OAuth 2.0 authorization code grant flow is enabled. This setting allows admins to specify whether they want to enable CSRF protection for their apps.","Name":"isStateSessionEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates if the application should translate urls in the response headers. Keep this value as true unless your application required the original host header in the authentication request. Default value is true.","Name":"isTranslateHostHeaderEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates if the application should translate urls in the application body. Keep this value as false unless you have hardcoded HTML links to other on-premises applications and don't use custom domains. For more information, see Link translation with Application Proxy. Default value is false.","Name":"isTranslateLinksInBodyEnabled","Option":"Write"},{"CIMType":"MSFT_AADApplicationOnPremisesPublishingSegment[]","Description":"Represents the collection of application segments for an on-premises wildcard application that's published through Microsoft Entra application proxy.","Name":"onPremisesApplicationSegments","Option":"Write"},{"CIMType":"MSFT_AADApplicationOnPremisesPublishingSingleSignOnSetting","Description":"Represents the single sign-on configuration for the on-premises application.","Name":"singleSignOnSettings","Option":"Write"}],"Description":"This resource configures an Azure Active Directory Application."},{"ClassName":"MSFT_AADApplicationPermission","Parameters":[{"CIMType":"String","Description":"Name of the requested permission.","Name":"Name","Option":"Key"},{"CIMType":"String","Description":"Name of the API from which the permission comes from.","Name":"SourceAPI","Option":"Key"},{"CIMType":"String","Description":"Type of permission.","Name":"Type","Option":"Key","ValueMap":["AppOnly","Delegated"],"Values":["AppOnly","Delegated"]},{"CIMType":"Boolean","Description":"Represented whether or not the Admin consent been granted on the app.","Name":"AdminConsentGranted","Option":"Write"}],"Description":"This resource configures an Azure Active Directory Application."},{"ClassName":"MSFT_MicrosoftGraphOptionalClaims","Parameters":[{"CIMType":"MSFT_MicrosoftGraphOptionalClaim[]","Description":"The optional claims returned in the JWT access token.","Name":"AccessToken","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphOptionalClaim[]","Description":"The optional claims returned in the JWT ID token.","Name":"IdToken","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphOptionalClaim[]","Description":"The optional claims returned in the SAML token.","Name":"Saml2Token","Option":"Write"}],"Description":"This resource configures an Azure Active Directory Application."},{"ClassName":"MSFT_MicrosoftGraphOptionalClaim","Parameters":[{"CIMType":"Boolean","Description":"If the value is true, the claim specified by the client is necessary to ensure a smooth authorization experience for the specific task requested by the end user. The default value is false.","Name":"Essential","Option":"Write"},{"CIMType":"String","Description":"The name of the optional claim.","Name":"Name","Option":"Key"},{"CIMType":"String","Description":"The source (directory object) of the claim. There are predefined claims and user-defined claims from extension properties. If the source value is null, the claim is a predefined optional claim. If the source value is user, the value in the name property is the extension property from the user object.","Name":"Source","Option":"Write"}],"Description":"This resource configures an Azure Active Directory Application."},{"ClassName":"MSFT_MicrosoftGraphPreAuthorizedApplication","Parameters":[{"CIMType":"String","Description":"The unique identifier for the client application.","Name":"AppId","Option":"Key"},{"CIMType":"String[]","Description":"The unique identifier for the scopes the client application is granted.","Name":"PermissionIds","Option":"Required"}],"Description":"This resource configures an Azure Active Directory Application."},{"ClassName":"MSFT_MicrosoftGraphApiOauth2PermissionScopes","Parameters":[{"CIMType":"String","Description":"A description of the delegated permissions, intended to be read by an administrator granting the permission on behalf of all users. This text appears in tenant-wide admin consent experiences.","Name":"adminConsentDescription","Option":"Write"},{"CIMType":"String","Description":"The permission's title, intended to be read by an administrator granting the permission on behalf of all users.","Name":"adminConsentDisplayName","Option":"Write"},{"CIMType":"String","Description":"A description of the delegated permissions, intended to be read by a user granting the permission on their own behalf. This text appears in consent experiences where the user is consenting only on behalf of themselves.","Name":"userConsentDescription","Option":"Write"},{"CIMType":"String","Description":"A title for the permission, intended to be read by a user granting the permission on their own behalf. This text appears in consent experiences where the user is consenting only on behalf of themselves.","Name":"userConsentDisplayName","Option":"Write"},{"CIMType":"String","Description":"Specifies the value to include in the scp (scope) claim in access tokens. Must not exceed 120 characters in length.","Name":"value","Option":"Key"},{"CIMType":"Boolean","Description":"When you create or update a permission, this property must be set to true (which is the default). To delete a permission, this property must first be set to false. At that point, in a subsequent call, the permission may be removed.","Name":"isEnabled","Option":"Write"},{"CIMType":"String","Description":"The possible values are: User and Admin. Specifies whether this delegated permission should be considered safe for non-admin users to consent to on behalf of themselves, or whether an administrator consent should always be required.","Name":"type","Option":"Write"},{"CIMType":"String","Description":"Unique delegated permission identifier inside the collection of delegated permissions defined for a resource application.","Name":"id","Option":"Write"}],"Description":"This resource configures an Azure Active Directory Application."},{"ClassName":"MSFT_MicrosoftGraphApiApplication","Parameters":[{"CIMType":"MSFT_MicrosoftGraphPreAuthorizedApplication[]","Description":"Lists the client applications that are preauthorized with the specified delegated permissions to access this application's APIs. Users aren't required to consent to any preauthorized application (for the permissions specified). However, any other permissions not listed in preAuthorizedApplications (requested through incremental consent for example) will require user consent.","Name":"PreAuthorizedApplications","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphAPIOauth2PermissionScopes[]","Description":"List of associated API scopes.","Name":"Oauth2PermissionScopes","Option":"Write"}],"Description":"This resource configures an Azure Active Directory Application."},{"ClassName":"MSFT_MicrosoftGraphAuthenticationBehaviors","Parameters":[{"CIMType":"String","Description":"If false, allows the app to have extended access to Azure AD Graph until June 30, 2025 when Azure AD Graph is fully retired. For more information on Azure AD retirement updates, see June 2024 update on Azure AD Graph API retirement. Use 'Null' to ensure the value is not configured.","Name":"BlockAzureADGraphAccess","Option":"Write","ValueMap":["True","False","Null"],"Values":["True","False","Null"]},{"CIMType":"String","Description":"If true, removes the email claim from tokens sent to an application when the email address's domain can't be verified. Use 'Null' to ensure the value is not configured.","Name":"RemoveUnverifiedEmailClaim","Option":"Write","ValueMap":["True","False","Null"],"Values":["True","False","Null"]}],"Description":"This resource configures an Azure Active Directory Application."},{"ClassName":"MSFT_MicrosoftGraphKeyCredential","Parameters":[{"CIMType":"String","Description":"A 40-character binary type that can be used to identify the credential. Optional. When not provided in the payload, defaults to the thumbprint of the certificate.","Name":"CustomKeyIdentifier","Option":"Write"},{"CIMType":"String","Description":"Friendly name for the key. Optional.","Name":"DisplayName","Option":"Write"},{"CIMType":"String","Description":"The date and time at which the credential expires. The DateTimeOffset type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.","Name":"EndDateTime","Option":"Write"},{"CIMType":"String","Description":"The unique identifier (GUID) for the key.","Name":"KeyId","Option":"Write"},{"CIMType":"String","Description":"The certificate's raw data in byte array converted to Base64 string.","Name":"Key","Option":"Write"},{"CIMType":"String","Description":"The date and time at which the credential becomes valid.The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.","Name":"StartDateTime","Option":"Write"},{"CIMType":"String","Description":"The type of key credential for example, Symmetric, AsymmetricX509Cert.","Name":"Type","Option":"Write"},{"CIMType":"String","Description":"A string that describes the purpose for which the key can be used for example, Verify.","Name":"Usage","Option":"Write"}],"Description":"This resource configures an Azure Active Directory Application."},{"ClassName":"MSFT_MicrosoftGraphPasswordCredential","Parameters":[{"CIMType":"String","Description":"Friendly name for the password. Optional.","Name":"DisplayName","Option":"Write"},{"CIMType":"String","Description":"The date and time at which the password expires represented using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. Optional.","Name":"EndDateTime","Option":"Write"},{"CIMType":"String","Description":"Contains the first three characters of the password. Read-only.","Name":"Hint","Option":"Write"},{"CIMType":"String","Description":"The unique identifier for the password.","Name":"KeyId","Option":"Write"},{"CIMType":"String","Description":"The date and time at which the password becomes valid. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. Optional.","Name":"StartDateTime","Option":"Write"}],"Description":"This resource configures an Azure Active Directory Application."},{"ClassName":"MSFT_MicrosoftGraphAppRole","Parameters":[{"CIMType":"String[]","Description":"Specifies whether this app role can be assigned to users and groups (by setting to 'User'), to other application's (by setting to 'Application', or both (by setting to 'User', 'Application')). App roles supporting assignment to other applications' service principals are also known as application permissions. The 'Application' value is only supported for app roles defined on application entities.","Name":"AllowedMemberTypes","Option":"Write"},{"CIMType":"String","Description":"The description for the app role. This is displayed when the app role is being assigned and, if the app role functions as an application permission, during  consent experiences.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Display name for the permission that appears in the app role assignment and consent experiences.","Name":"DisplayName","Option":"Write"},{"CIMType":"String","Description":"Unique role identifier inside the appRoles collection. When creating a new app role, a new GUID identifier must be provided.","Name":"Id","Option":"Write"},{"CIMType":"Boolean","Description":"When creating or updating an app role, this must be set to true (which is the default). To delete a role, this must first be set to false.  At that point, in a subsequent call, this role may be removed.","Name":"IsEnabled","Option":"Write"},{"CIMType":"String","Description":"Specifies if the app role is defined on the application object or on the servicePrincipal entity. Must not be included in any POST or PATCH requests. Read-only.","Name":"Origin","Option":"Write"},{"CIMType":"String","Description":"Specifies the value to include in the roles claim in ID tokens and access tokens authenticating an assigned user or service principal. Must not exceed 120 characters in length. Allowed characters are : ! # $ % & ' ( ) * + , - . / :   =       + _    } , and characters in the ranges 0-9, A-Z and a-z. Any other character, including the space character, aren't allowed. May not begin with ..","Name":"Value","Option":"Key"}],"Description":"This resource configures an Azure Active Directory Application."},{"ClassName":"MSFT_AADApplicationSPA","Parameters":[{"CIMType":"String[]","Description":"Single page application redirect URIs.","Name":"RedirectUris","Option":"Write"}],"Description":"This resource configures an Azure Active Directory Application."},{"ClassName":"MSFT_AADApplication","Parameters":[{"CIMType":"string","Description":"DisplayName of the app","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"ObjectID of the app.","Name":"ObjectId","Option":"Write"},{"CIMType":"String","Description":"AppId for the app.","Name":"AppId","Option":"Write"},{"CIMType":"String","Description":"A free text field to provide a description of the application object to end users. The maximum allowed size is 1024 characters.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"A bitmask that configures the groups claim issued in a user or OAuth 2.0 access token that the application expects.","Name":"GroupMembershipClaims","Option":"Write"},{"CIMType":"String","Description":"The URL to the application's homepage.","Name":"Homepage","Option":"Write"},{"CIMType":"string[]","Description":"User-defined URI(s) that uniquely identify a Web application within its Azure AD tenant, or within a verified custom domain.","Name":"IdentifierUris","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies the fallback application type as public client, such as an installed application running on a mobile device. The default value is false, which means the fallback application type is confidential client such as web app. There are certain scenarios where Microsoft Entra ID cannot determine the client application type (for example, ROPC flow where it is configured without specifying a redirect URI). In those cases, Microsoft Entra ID will interpret the application type based on the value of this property.","Name":"IsFallbackPublicClient","Option":"Write"},{"CIMType":"string[]","Description":"Client applications that are tied to this resource application.","Name":"KnownClientApplications","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphoptionalClaims","Description":"Application developers can configure optional claims in their Microsoft Entra applications to specify the claims that are sent to their application by the Microsoft security token service. For more information, see How to: Provide optional claims to your app.","Name":"OptionalClaims","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphapiApplication","Description":"Specifies settings for an application that implements a web API.","Name":"Api","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphauthenticationBehaviors","Description":"The collection of breaking change behaviors related to token issuance that are configured for the application. Authentication behaviors are unset by default (null) and must be explicitly enabled or disabled. Nullable. Returned only on $select.  For more information about authentication behaviors, see Manage application authenticationBehaviors to avoid unverified use of email claims for user identification or authorization.","Name":"AuthenticationBehaviors","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphpasswordCredential[]","Description":"The collection of password credentials associated with the application. Not nullable.","Name":"PasswordCredentials","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphkeyCredential[]","Description":"The collection of key credentials associated with the application. Not nullable. Supports $filter (eq, not, ge, le).","Name":"KeyCredentials","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphappRole[]","Description":"The collection of roles defined for the application. With app role assignments, these roles can be assigned to users, groups, or service principals associated with other applications. Not nullable.","Name":"AppRoles","Option":"Write"},{"CIMType":"string","Description":"The logout url for this application.","Name":"LogoutURL","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies whether this application is a public client (such as an installed application running on a mobile device). Default is false.","Name":"PublicClient","Option":"Write"},{"CIMType":"String[]","Description":"Specifies the URLs that user tokens are sent to for sign in, or the redirect URIs that OAuth 2.0 authorization codes and access tokens are sent to.","Name":"ReplyURLs","Option":"Write"},{"CIMType":"String[]","Description":"UPN or ObjectID values of the app's owners.","Name":"Owners","Option":"Write"},{"CIMType":"MSFT_AADApplicationOnPremisesPublishing","Description":"Represents the set of properties required for configuring Application Proxy for this application. Configuring these properties allows you to publish your on-premises application for secure remote access.","Name":"OnPremisesPublishing","Option":"Write"},{"CIMType":"String","Description":"Identifier of the associated Application Template.","Name":"ApplicationTemplateId","Option":"Write"},{"CIMType":"String[]","Description":"List of public clients redirect URIs.","Name":"PublicClientRedirectUris","Option":"Write"},{"CIMType":"MSFT_AADApplicationSpa","Description":"List of single page application settings.","Name":"Spa","Option":"Write"},{"CIMType":"String","Description":"Specifies the Microsoft accounts that are supported for the current application. The possible values are: AzureADMyOrg (default), AzureADMultipleOrgs, AzureADandPersonalMicrosoftAccount, and PersonalMicrosoftAccount","Name":"SignInAudience","Option":"Write","ValueMap":["AzureADandPersonalMicrosoftAccount","AzureADMultipleOrgs","AzureADMyOrg","PersonalMicrosoftAccount"],"Values":["AzureADandPersonalMicrosoftAccount","AzureADMultipleOrgs","AzureADMyOrg","PersonalMicrosoftAccount"]},{"CIMType":"String","Description":"The Token Lifetime Policy assigned to the application with its DisplayName.","Name":"TokenLifetimePolicy","Option":"Write"},{"CIMType":"String","Description":"Specify if the Azure AD App should exist or not.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials for the Microsoft Graph delegated permissions.","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory application to authenticate with.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_AADApplicationPermission[]","Description":"API permissions for the Azure Active Directory Application.","Name":"Permissions","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures an Azure Active Directory Application."},{"ClassName":"MSFT_AADAppManagementPolicyRestrictionsCredential","Parameters":[{"CIMType":"string[]","Description":"Collection of GUIDs of certificateBasedApplicationConfiguration objects that represent trusted certificate authorities. Used when restrictionType is set to trustedCertificateAuthority for keyCredentials.","Name":"CertificateBasedApplicationConfigurationIds","Option":"Write"},{"CIMType":"string","Description":"String value that indicates the maximum lifetime for password expiration, defined as an ISO 8601 duration. For example, P4DT12H30M5S represents four days, 12 hours, 30 minutes, and five seconds. This property is required when restrictionType is set to passwordLifetime.","Name":"MaxLifetime","Option":"Write"},{"CIMType":"string","Description":"Specifies the date from which the policy restriction applies to newly created applications. For existing applications, the enforcement date can be retroactively applied.","Name":"RestrictForAppsCreatedAfterDateTime","Option":"Write"},{"CIMType":"string","Description":"The type of restriction being applied. The possible values are: passwordAddition, passwordLifetime, symmetricKeyAddition, symmetricKeyLifetime, customPasswordAddition, asymmetricKeyLifetime, trustedCertificateAuthority, and unknownFutureValue. Each value of restrictionType can be used only once per policy.","Name":"RestrictionType","Option":"Key"},{"CIMType":"string","Description":"Indicates whether the restriction is evaluated. The possible values are: enabled, disabled, unknownFutureValue. If enabled, the restriction is evaluated. If disabled, the restriction isn't evaluated or enforced.","Name":"State","Option":"Write"}],"Description":"Manages an app management policy that can be assigned to an application or service principal object."},{"ClassName":"MSFT_AADAppManagementPolicyRestrictions","Parameters":[{"CIMType":"MSFT_AADAppManagementPolicyRestrictionsCredential[]","Description":"Collection of keyCredential restrictions settings to be applied to an application or service principal.","Name":"KeyCredentials","Option":"Write"},{"CIMType":"MSFT_AADAppManagementPolicyRestrictionsCredential[]","Description":"Collection of password restrictions settings to be applied to an application or service principal.","Name":"PasswordCredentials","Option":"Write"}],"Description":"Manages an app management policy that can be assigned to an application or service principal object."},{"ClassName":"MSFT_AADAppManagementPolicy","Parameters":[{"CIMType":"String","Description":"The display name of the policy.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"Id of the policy.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"The description of the policy.","Name":"Description","Option":"Required"},{"CIMType":"Boolean","Description":"Denotes whether the policy is enabled.","Name":"IsEnabled","Option":"Write"},{"CIMType":"MSFT_AADAppManagementPolicyRestrictions","Description":"Restrictions that apply to an application or service principal object.","Name":"Restrictions","Option":"Write"},{"CIMType":"string","Description":"Present ensures the instance exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Absent","Present"],"Values":["Absent","Present"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Manages an app management policy that can be assigned to an application or service principal object."},{"ClassName":"MSFT_AADAttributeSet","Parameters":[{"CIMType":"String","Description":"Identifier for the attribute set that is unique within a tenant. Can be up to 32 characters long and include Unicode characters. Cannot contain spaces or special characters. Cannot be changed later. Case insensitive","Name":"Id","Option":"Key"},{"CIMType":"String","Description":"Identifier for the attribute set that is unique within a tenant. Can be up to 32 characters long and include Unicode characters. Cannot contain spaces or special characters. Cannot be changed later. Case insensitive","Name":"Description","Option":"Write"},{"CIMType":"UInt32","Description":"Maximum number of custom security attributes that can be defined in this attribute set. Default value is null. If not specified, the administrator can add up to the maximum of 500 active attributes per tenant. Can be changed later.","Name":"MaxAttributesPerSet","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present"],"Values":["Present"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Represents a group of related custom security attribute definitions."},{"ClassName":"MSFT_AADAuthenticationContextClassReference","Parameters":[{"CIMType":"String","Description":"Identifier used to reference the authentication context class. The id is used to trigger step-up authentication for the referenced authentication requirements and is the value that will be issued in the acrs claim of an access token. This value in the claim is used to verify that the required authentication context has been satisfied. The allowed values are c1 through c25.","Name":"Id","Option":"Key","ValueMap":["c1","c2","c3","c4","c5","c6","c7","c8","c9","c10","c11","c12","c13","c14","c15","c16","c17","c18","c19","c20","c21","c22","c23","c24","c25"],"Values":["c1","c2","c3","c4","c5","c6","c7","c8","c9","c10","c11","c12","c13","c14","c15","c16","c17","c18","c19","c20","c21","c22","c23","c24","c25"]},{"CIMType":"String","Description":"A friendly name that identifies the authenticationContextClassReference object when building user-facing admin experiences. For example, a selection UX","Name":"DisplayName","Option":"Write"},{"CIMType":"String","Description":"A short explanation of the policies that are enforced by authenticationContextClassReference. This value should be used to provide secondary text to describe the authentication context class reference when building user-facing admin experiences. For example, a selection UX.","Name":"Description","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether the authenticationContextClassReference has been published by the security admin and is ready for use by apps. When it's set to false, it shouldn't be shown in admin UX experiences because the value isn't currently available for selection.","Name":"IsAvailable","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Represents a Microsoft Entra authentication context class reference. Authentication context class references are custom values that define a Conditional Access authentication requirement"},{"ClassName":"MSFT_AADAuthenticationFlowPolicy","Parameters":[{"CIMType":"String","Description":"Only valid value is 'Yes'.","Name":"IsSingleInstance","Option":"Key","ValueMap":["Yes"],"Values":["Yes"]},{"CIMType":"String","Description":"Unique identifier of the Authentication Flow Policy.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"Display name of the Authentication Flow Policy.","Name":"DisplayName","Option":"Write"},{"CIMType":"String","Description":"Description of the Authentication Flow Policy.","Name":"Description","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether self-service sign-up flow is enabled or disabled. The default value is false. This property isn't a key. Required.","Name":"SelfServiceSignUpEnabled","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Credentials of the Azure Active Directory Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory application to authenticate with.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Represents the policy configuration of self-service sign-up experience at a tenant level that lets external users request to sign up for approval. It contains information, such as the identifier, display name, and description, and indicates whether self-service sign-up is enabled for the policy."},{"ClassName":"MSFT_MicrosoftGraphRegistrationEnforcement","Parameters":[{"CIMType":"MSFT_MicrosoftGraphAuthenticationMethodsRegistrationCampaign","Description":"Run campaigns to remind users to setup targeted authentication methods.","Name":"AuthenticationMethodsRegistrationCampaign","Option":"Write"}],"Description":"Azure AD Authentication Method Policy"},{"ClassName":"MSFT_MicrosoftGraphAuthenticationMethodsRegistrationCampaign","Parameters":[{"CIMType":"MSFT_MicrosoftGraphExcludeTarget[]","Description":"Users and groups of users that are excluded from being prompted to set up the authentication method.","Name":"ExcludeTargets","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphAuthenticationMethodsRegistrationCampaignIncludeTarget[]","Description":"Users and groups of users that are prompted to set up the authentication method.","Name":"IncludeTargets","Option":"Write"},{"CIMType":"UInt32","Description":"Specifies the number of days that the user sees a prompt again if they select 'Not now' and snoozes the prompt. Minimum 0 days. Maximum: 14 days. If the value is '0'  The user is prompted during every MFA attempt.","Name":"SnoozeDurationInDays","Option":"Write"},{"CIMType":"String","Description":"Enable or disable the feature. Possible values are: default, enabled, disabled, unknownFutureValue. The default value is used when the configuration hasn't been explicitly set and uses the default behavior of Azure AD for the setting. The default value is disabled.","Name":"State","Option":"Write","ValueMap":["default","enabled","disabled","unknownFutureValue"],"Values":["default","enabled","disabled","unknownFutureValue"]}],"Description":"Azure AD Authentication Method Policy"},{"ClassName":"MSFT_AADAuthenticationMethodPolicyExcludeTarget","Parameters":[{"CIMType":"String","Description":"The object identifier of an Azure AD group.","Name":"Id","Option":"Key"},{"CIMType":"String","Description":"The type of the authentication method target. Possible values are: group and unknownFutureValue.","Name":"TargetType","Option":"Key","ValueMap":["user","group","unknownFutureValue"],"Values":["user","group","unknownFutureValue"]}],"Description":"Azure AD Authentication Method Policy"},{"ClassName":"MSFT_AADAuthenticationMethodPolicyIncludeTarget","Parameters":[{"CIMType":"String","Description":"The ID of the entity targeted.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"The kind of entity targeted. Possible values are: user, group.","Name":"TargetType","Option":"Write","ValueMap":["user","group","unknownFutureValue"],"Values":["user","group","unknownFutureValue"]}],"Description":"Azure AD Authentication Method Policy"},{"ClassName":"MSFT_MicrosoftGraphExcludeTarget","Parameters":[{"CIMType":"String","Description":"The object identifier of an Azure AD user or group.","Name":"Id","Option":"Key"},{"CIMType":"String","Description":"The type of the authentication method target. Possible values are: user, group, unknownFutureValue.","Name":"TargetType","Option":"Key","ValueMap":["user","group","unknownFutureValue"],"Values":["user","group","unknownFutureValue"]}],"Description":"Azure AD Authentication Method Policy"},{"ClassName":"MSFT_MicrosoftGraphAuthenticationMethodsRegistrationCampaignIncludeTarget","Parameters":[{"CIMType":"String","Description":"The object identifier of an Azure AD user or group.","Name":"Id","Option":"Key"},{"CIMType":"String","Description":"The authentication method that the user is prompted to register. The value must be microsoftAuthenticator.","Name":"TargetedAuthenticationMethod","Option":"Required"},{"CIMType":"String","Description":"The type of the authentication method target. Possible values are: user, group, unknownFutureValue.","Name":"TargetType","Option":"Key","ValueMap":["user","group","unknownFutureValue"],"Values":["user","group","unknownFutureValue"]}],"Description":"Azure AD Authentication Method Policy"},{"ClassName":"MSFT_MicrosoftGraphSystemCredentialPreferences","Parameters":[{"CIMType":"MSFT_AADAuthenticationMethodPolicyExcludeTarget[]","Description":"Users and groups excluded from the preferred authentication method experience of the system.","Name":"ExcludeTargets","Option":"Write"},{"CIMType":"MSFT_AADAuthenticationMethodPolicyIncludeTarget[]","Description":"Users and groups included in the preferred authentication method experience of the system.","Name":"IncludeTargets","Option":"Write"},{"CIMType":"String","Description":"Indicates whether the feature is enabled or disabled. Possible values are: default, enabled, disabled, unknownFutureValue. The default value is used when the configuration hasn't been explicitly set, and uses the default behavior of Azure Active Directory for the setting. The default value is disabled.","Name":"State","Option":"Write","ValueMap":["default","enabled","disabled","unknownFutureValue"],"Values":["default","enabled","disabled","unknownFutureValue"]}],"Description":"Azure AD Authentication Method Policy"},{"ClassName":"MSFT_MicrosoftGraphReportSuspiciousActivitySettings","Parameters":[{"CIMType":"MSFT_AADAuthenticationMethodPolicyIncludeTarget","Description":"Group IDs in scope for report suspicious activity.","Name":"IncludeTarget","Option":"Write"},{"CIMType":"String","Description":"Specifies the state of the reportSuspiciousActivitySettings object.","Name":"State","Option":"Write","ValueMap":["default","enabled","disabled","unknownFutureValue"],"Values":["default","enabled","disabled","unknownFutureValue"]},{"CIMType":"UInt32","Description":"Specifies the number the user enters on their phone to report the MFA prompt as suspicious.","Name":"VoiceReportingCode","Option":"Write"}],"Description":"Azure AD Authentication Method Policy"},{"ClassName":"MSFT_AADAuthenticationMethodPolicy","Parameters":[{"CIMType":"UInt32","Description":"Days before the user will be asked to reconfirm their method.","Name":"ReconfirmationInDays","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphregistrationEnforcement","Description":"Enforce registration at sign-in time. This property can be used to remind users to set up targeted authentication methods.","Name":"RegistrationEnforcement","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphreportSuspiciousActivitySettings","Description":"Allows users to report suspicious activities if they receive an authentication request that they did not initiate.","Name":"ReportSuspiciousActivitySettings","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphsystemCredentialPreferences","Description":"Prompt users with their most-preferred credential for multifactor authentication.","Name":"SystemCredentialPreferences","Option":"Write"},{"CIMType":"String","Description":"Only valid value is 'Yes'.","Name":"IsSingleInstance","Option":"Key","ValueMap":["Yes"],"Values":["Yes"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Azure AD Authentication Method Policy"},{"ClassName":"MSFT_MicrosoftGraphMicrosoftAuthenticatorFeatureSettings","Parameters":[{"CIMType":"MSFT_MicrosoftGraphAuthenticationMethodFeatureConfiguration","Description":"Determines whether users will be able to approve push notifications on other Microsoft applications such as Outlook Mobile.","Name":"CompanionAppAllowedState","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphAuthenticationMethodFeatureConfiguration","Description":"Determines whether the user's Authenticator app will show them the client app they are signing into.","Name":"DisplayAppInformationRequiredState","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphAuthenticationMethodFeatureConfiguration","Description":"Determines whether the user's Authenticator app will show them the geographic location of where the authentication request originated from.","Name":"DisplayLocationInformationRequiredState","Option":"Write"}],"Description":"Azure AD Authentication Method Policy Authenticator"},{"ClassName":"MSFT_MicrosoftGraphAuthenticationMethodFeatureConfiguration","Parameters":[{"CIMType":"MSFT_AADAuthenticationMethodPolicyAuthenticatorFeatureTarget","Description":"A single entity that's excluded from using this feature.","Name":"ExcludeTarget","Option":"Write"},{"CIMType":"MSFT_AADAuthenticationMethodPolicyAuthenticatorFeatureTarget","Description":"A single entity that's allowed to use this feature.","Name":"IncludeTarget","Option":"Write"},{"CIMType":"String","Description":"Enable or disable the feature. Possible values are: default, enabled, disabled, unknownFutureValue. The default value is used when the configuration hasn't been explicitly set and uses the default behavior of Azure AD for the setting. The default value is disabled.","Name":"State","Option":"Write","ValueMap":["default","enabled","disabled","unknownFutureValue"],"Values":["default","enabled","disabled","unknownFutureValue"]}],"Description":"Azure AD Authentication Method Policy Authenticator"},{"ClassName":"MSFT_AADAuthenticationMethodPolicyAuthenticatorFeatureTarget","Parameters":[{"CIMType":"String","Description":"The ID of the entity that's targeted in the include or exclude rule or all_users to target all users.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"The kind of entity that's targeted. The possible values are: group, administrativeUnit, role, unknownFutureValue.","Name":"TargetType","Option":"Write","ValueMap":["group","administrativeUnit","role","unknownFutureValue"],"Values":["group","administrativeUnit","role","unknownFutureValue"]}],"Description":"Azure AD Authentication Method Policy Authenticator"},{"ClassName":"MSFT_AADAuthenticationMethodPolicyAuthenticatorExcludeTarget","Parameters":[{"CIMType":"String","Description":"The object identifier of an Azure AD group.","Name":"Id","Option":"Key"},{"CIMType":"String","Description":"The type of the authentication method target. Possible values are: group and unknownFutureValue.","Name":"TargetType","Option":"Key","ValueMap":["group","unknownFutureValue"],"Values":["group","unknownFutureValue"]}],"Description":"Azure AD Authentication Method Policy Authenticator"},{"ClassName":"MSFT_AADAuthenticationMethodPolicyAuthenticatorIncludeTarget","Parameters":[{"CIMType":"String","Description":"The object identifier of an Azure AD group.","Name":"Id","Option":"Key"},{"CIMType":"String","Description":"The type of the authentication method target. Possible values are: group and unknownFutureValue.","Name":"TargetType","Option":"Key","ValueMap":["group","unknownFutureValue"],"Values":["group","unknownFutureValue"]}],"Description":"Azure AD Authentication Method Policy Authenticator"},{"ClassName":"MSFT_AADAuthenticationMethodPolicyAuthenticator","Parameters":[{"CIMType":"MSFT_MicrosoftGraphMicrosoftAuthenticatorFeatureSettings","Description":"A collection of Microsoft Authenticator settings such as number matching and location context, and whether they are enabled for all users or specific users only.","Name":"FeatureSettings","Option":"Write"},{"CIMType":"Boolean","Description":"true if users can use the OTP code generated by the Microsoft Authenticator app, false otherwise.","Name":"IsSoftwareOathEnabled","Option":"Write"},{"CIMType":"MSFT_AADAuthenticationMethodPolicyAuthenticatorExcludeTarget[]","Description":"Displayname of the groups of users that are excluded from a policy.","Name":"ExcludeTargets","Option":"Write"},{"CIMType":"MSFT_AADAuthenticationMethodPolicyAuthenticatorIncludeTarget[]","Description":"Displayname of the groups of users that are included from a policy.","Name":"IncludeTargets","Option":"Write"},{"CIMType":"String","Description":"The state of the policy. Possible values are: enabled, disabled.","Name":"State","Option":"Write","ValueMap":["enabled","disabled"],"Values":["enabled","disabled"]},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Key"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Azure AD Authentication Method Policy Authenticator"},{"ClassName":"MSFT_AADAuthenticationMethodPolicyEmailExcludeTarget","Parameters":[{"CIMType":"String","Description":"The object identifier of an Azure AD group.","Name":"Id","Option":"Key"},{"CIMType":"String","Description":"The type of the authentication method target. Possible values are: group and unknownFutureValue.","Name":"TargetType","Option":"Key","ValueMap":["group","unknownFutureValue"],"Values":["group","unknownFutureValue"]}],"Description":"Azure AD Authentication Method Policy Email"},{"ClassName":"MSFT_AADAuthenticationMethodPolicyEmailIncludeTarget","Parameters":[{"CIMType":"String","Description":"The object identifier of an Azure AD group.","Name":"Id","Option":"Key"},{"CIMType":"String","Description":"The type of the authentication method target. Possible values are: group and unknownFutureValue.","Name":"TargetType","Option":"Key","ValueMap":["group","unknownFutureValue"],"Values":["group","unknownFutureValue"]}],"Description":"Azure AD Authentication Method Policy Email"},{"ClassName":"MSFT_AADAuthenticationMethodPolicyEmail","Parameters":[{"CIMType":"String","Description":"Determines whether email OTP is usable by external users for authentication. Possible values are: default, enabled, disabled, unknownFutureValue. Tenants in the default state who did not use public preview will automatically have email OTP enabled beginning in October 2021.","Name":"AllowExternalIdToUseEmailOtp","Option":"Write","ValueMap":["default","enabled","disabled","unknownFutureValue"],"Values":["default","enabled","disabled","unknownFutureValue"]},{"CIMType":"MSFT_AADAuthenticationMethodPolicyEmailExcludeTarget[]","Description":"Displayname of the groups of users that are excluded from a policy.","Name":"ExcludeTargets","Option":"Write"},{"CIMType":"MSFT_AADAuthenticationMethodPolicyEmailIncludeTarget[]","Description":"Displayname of the groups of users that are included from a policy.","Name":"IncludeTargets","Option":"Write"},{"CIMType":"String","Description":"The state of the policy. Possible values are: enabled, disabled.","Name":"State","Option":"Write","ValueMap":["enabled","disabled"],"Values":["enabled","disabled"]},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Key"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Azure AD Authentication Method Policy Email"},{"ClassName":"MSFT_AADAuthenticationMethodPolicyExternalExcludeTarget","Parameters":[{"CIMType":"String","Description":"The object identifier of an Azure AD group.","Name":"Id","Option":"Key"},{"CIMType":"String","Description":"The type of the authentication method target. Possible values are: group and unknownFutureValue.","Name":"TargetType","Option":"Key","ValueMap":["group","unknownFutureValue"],"Values":["group","unknownFutureValue"]}],"Description":"Azure AD Authentication Method Policy External"},{"ClassName":"MSFT_AADAuthenticationMethodPolicyExternalIncludeTarget","Parameters":[{"CIMType":"String","Description":"The object identifier of an Azure AD group.","Name":"Id","Option":"Key"},{"CIMType":"String","Description":"The type of the authentication method target. Possible values are: group and unknownFutureValue.","Name":"TargetType","Option":"Key","ValueMap":["group","unknownFutureValue"],"Values":["group","unknownFutureValue"]}],"Description":"Azure AD Authentication Method Policy External"},{"ClassName":"MSFT_AADAuthenticationMethodPolicyExternalOpenIdConnectSetting","Parameters":[{"CIMType":"String","Description":"The Microsoft Entra ID's client ID as generated by the provider or admin to identify Microsoft Entra ID.","Name":"ClientId","Option":"Write"},{"CIMType":"String","Description":"The host URL of the external identity provider's OIDC discovery endpoint.","Name":"DiscoveryUrl","Option":"Write"}],"Description":"Azure AD Authentication Method Policy External"},{"ClassName":"MSFT_AADAuthenticationMethodPolicyExternal","Parameters":[{"CIMType":"MSFT_AADAuthenticationMethodPolicyExternalExcludeTarget[]","Description":"Displayname of the groups of users that are excluded from a policy.","Name":"ExcludeTargets","Option":"Write"},{"CIMType":"MSFT_AADAuthenticationMethodPolicyExternalIncludeTarget[]","Description":"Displayname of the groups of users that are included from a policy.","Name":"IncludeTargets","Option":"Write"},{"CIMType":"MSFT_AADAuthenticationMethodPolicyExternalOpenIdConnectSetting","Description":"Open ID Connection settings used by this external authentication method.","Name":"OpenIdConnectSetting","Option":"Write"},{"CIMType":"String","Description":"The state of the policy. Possible values are: enabled, disabled.","Name":"State","Option":"Write","ValueMap":["enabled","disabled"],"Values":["enabled","disabled"]},{"CIMType":"String","Description":"The appId for the app registration in Microsoft Entra ID representing the integration with the external provider.","Name":"AppId","Option":"Write"},{"CIMType":"String","Description":"The displayName of the authentication policy configuration. Read-only.","Name":"DisplayName","Option":"Key"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Azure AD Authentication Method Policy External"},{"ClassName":"MSFT_MicrosoftGraphFido2KeyRestrictions","Parameters":[{"CIMType":"String[]","Description":"A collection of Authenticator Attestation GUIDs. AADGUIDs define key types and manufacturers.","Name":"AaGuids","Option":"Write"},{"CIMType":"String","Description":"Enforcement type. Possible values are: allow, block.","Name":"EnforcementType","Option":"Write","ValueMap":["allow","block","unknownFutureValue"],"Values":["allow","block","unknownFutureValue"]},{"CIMType":"Boolean","Description":"Determines if the configured key enforcement is enabled.","Name":"IsEnforced","Option":"Write"}],"Description":"Azure AD Authentication Method Policy Fido2"},{"ClassName":"MSFT_AADAuthenticationMethodPolicyFido2ExcludeTarget","Parameters":[{"CIMType":"String","Description":"The object identifier of an Azure AD group.","Name":"Id","Option":"Key"},{"CIMType":"String","Description":"The type of the authentication method target. Possible values are: group and unknownFutureValue.","Name":"TargetType","Option":"Key","ValueMap":["group","unknownFutureValue"],"Values":["group","unknownFutureValue"]},{"CIMType":"Boolean","Description":"Determines if registration is required for the authentication method.","Name":"IsRegistrationRequired","Option":"Write"},{"CIMType":"String[]","Description":"Collection of allowed passkey profile IDs for this target.","Name":"AllowedPasskeyProfiles","Option":"Write"}],"Description":"Azure AD Authentication Method Policy Fido2"},{"ClassName":"MSFT_AADAuthenticationMethodPolicyFido2IncludeTarget","Parameters":[{"CIMType":"String","Description":"The object identifier of an Azure AD group.","Name":"Id","Option":"Key"},{"CIMType":"String","Description":"The type of the authentication method target. Possible values are: group and unknownFutureValue.","Name":"TargetType","Option":"Key","ValueMap":["group","unknownFutureValue"],"Values":["group","unknownFutureValue"]},{"CIMType":"Boolean","Description":"Determines if registration is required for the authentication method.","Name":"IsRegistrationRequired","Option":"Write"},{"CIMType":"String[]","Description":"Collection of allowed passkey profile IDs for this target.","Name":"AllowedPasskeyProfiles","Option":"Write"}],"Description":"Azure AD Authentication Method Policy Fido2"},{"ClassName":"MSFT_AADAuthenticationMethodPolicyFido2PasskeyProfile","Parameters":[{"CIMType":"String","Description":"The unique identifier for the passkey profile.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"The display name for the passkey profile.","Name":"Name","Option":"Key"},{"CIMType":"String","Description":"The passkey types supported by this profile.","Name":"PasskeyTypes","Option":"Write","ValueMap":["deviceBound","deviceBound","synced","crossDevice","synced"],"Values":["deviceBound","deviceBound","synced","crossDevice","synced"]},{"CIMType":"String","Description":"The attestation enforcement level for this profile.","Name":"AttestationEnforcement","Option":"Write","ValueMap":["disabled","registrationOnly","registrationAndSignIn"],"Values":["disabled","registrationOnly","registrationAndSignIn"]},{"CIMType":"MSFT_MicrosoftGraphFido2KeyRestrictions","Description":"Key restrictions for this passkey profile.","Name":"KeyRestrictions","Option":"Write"}],"Description":"Azure AD Authentication Method Policy Fido2"},{"ClassName":"MSFT_AADAuthenticationMethodPolicyFido2","Parameters":[{"CIMType":"Boolean","Description":"Determines whether attestation must be enforced for FIDO2 security key registration.","Name":"IsAttestationEnforced","Option":"Write"},{"CIMType":"Boolean","Description":"Determines if users can register new FIDO2 security keys.","Name":"IsSelfServiceRegistrationAllowed","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphFido2KeyRestrictions","Description":"Controls whether key restrictions are enforced on FIDO2 security keys, either allowing or disallowing certain key types as defined by Authenticator Attestation GUID (AAGUID), an identifier that indicates the type (e.g. make and model) of the authenticator.","Name":"KeyRestrictions","Option":"Write"},{"CIMType":"MSFT_AADAuthenticationMethodPolicyFido2ExcludeTarget[]","Description":"Displayname of the groups of users that are excluded from a policy.","Name":"ExcludeTargets","Option":"Write"},{"CIMType":"MSFT_AADAuthenticationMethodPolicyFido2IncludeTarget[]","Description":"Displayname of the groups of users that are included from a policy.","Name":"IncludeTargets","Option":"Write"},{"CIMType":"MSFT_AADAuthenticationMethodPolicyFido2PasskeyProfile[]","Description":"Passkey profiles configuration for FIDO2 authentication.","Name":"PasskeyProfiles","Option":"Write"},{"CIMType":"String","Description":"The state of the policy. Possible values are: enabled, disabled.","Name":"State","Option":"Write","ValueMap":["enabled","disabled"],"Values":["enabled","disabled"]},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Key"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Azure AD Authentication Method Policy Fido2"},{"ClassName":"MSFT_AADAuthenticationMethodPolicyHardwareExcludeTarget","Parameters":[{"CIMType":"String","Description":"The object identifier of an Azure AD group.","Name":"Id","Option":"Key"},{"CIMType":"String","Description":"The type of the authentication method target. Possible values are: group and unknownFutureValue.","Name":"TargetType","Option":"Key","ValueMap":["group","unknownFutureValue"],"Values":["group","unknownFutureValue"]}],"Description":"Azure AD Authentication Method Policy Hardware"},{"ClassName":"MSFT_AADAuthenticationMethodPolicyHardwareIncludeTarget","Parameters":[{"CIMType":"String","Description":"The object identifier of an Azure AD group.","Name":"Id","Option":"Key"},{"CIMType":"String","Description":"The type of the authentication method target. Possible values are: group and unknownFutureValue.","Name":"TargetType","Option":"Key","ValueMap":["group","unknownFutureValue"],"Values":["group","unknownFutureValue"]}],"Description":"Azure AD Authentication Method Policy Hardware"},{"ClassName":"MSFT_AADAuthenticationMethodPolicyHardware","Parameters":[{"CIMType":"MSFT_AADAuthenticationMethodPolicyHardwareExcludeTarget[]","Description":"Displayname of the groups of users that are excluded from a policy.","Name":"ExcludeTargets","Option":"Write"},{"CIMType":"MSFT_AADAuthenticationMethodPolicyHardwareIncludeTarget[]","Description":"Displayname of the groups of users that are included from a policy.","Name":"IncludeTargets","Option":"Write"},{"CIMType":"String","Description":"The state of the policy. Possible values are: enabled, disabled.","Name":"State","Option":"Write","ValueMap":["enabled","disabled"],"Values":["enabled","disabled"]},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Key"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Azure AD Authentication Method Policy Hardware"},{"ClassName":"MSFT_AADAuthenticationMethodPolicyQRCodeImageExcludeTarget","Parameters":[{"CIMType":"String","Description":"The object identifier of an Azure AD group.","Name":"Id","Option":"Key"},{"CIMType":"String","Description":"The type of the authentication method target. Possible values are: group and unknownFutureValue.","Name":"TargetType","Option":"Key","ValueMap":["group","unknownFutureValue"],"Values":["group","unknownFutureValue"]}],"Description":"This resource configures an Azure AD Authentication Method Policy QR Code Image."},{"ClassName":"MSFT_AADAuthenticationMethodPolicyQRCodeImageIncludeTarget","Parameters":[{"CIMType":"String","Description":"The object identifier of an Azure AD group.","Name":"Id","Option":"Key"},{"CIMType":"String","Description":"The type of the authentication method target. Possible values are: group and unknownFutureValue.","Name":"TargetType","Option":"Key","ValueMap":["group","unknownFutureValue"],"Values":["group","unknownFutureValue"]}],"Description":"This resource configures an Azure AD Authentication Method Policy QR Code Image."},{"ClassName":"MSFT_AADAuthenticationMethodPolicyQRCodeImage","Parameters":[{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Key"},{"CIMType":"MSFT_AADAuthenticationMethodPolicyQRCodeImageExcludeTarget[]","Description":"Displayname of the groups of users that are excluded from a policy.","Name":"ExcludeTargets","Option":"Write"},{"CIMType":"MSFT_AADAuthenticationMethodPolicyQRCodeImageIncludeTarget[]","Description":"Displayname of the groups of users that are included from a policy.","Name":"IncludeTargets","Option":"Write"},{"CIMType":"String","Description":"The state of the policy. Possible values are: enabled, disabled.","Name":"State","Option":"Write","ValueMap":["enabled","disabled"],"Values":["enabled","disabled"]},{"CIMType":"UInt32","Description":"Lifetime in days of the qr code.","Name":"StandardQRCodeLifetimeInDays","Option":"Write"},{"CIMType":"UInt32","Description":"Length of the PIN.","Name":"PinLength","Option":"Write"},{"CIMType":"string","Description":"Present ensures the instance exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Absent","Present"],"Values":["Absent","Present"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures an Azure AD Authentication Method Policy QR Code Image."},{"ClassName":"MSFT_AADAuthenticationMethodPolicySmsExcludeTarget","Parameters":[{"CIMType":"String","Description":"The object identifier of an Azure AD group.","Name":"Id","Option":"Key"},{"CIMType":"String","Description":"The type of the authentication method target. Possible values are: group and unknownFutureValue.","Name":"TargetType","Option":"Key","ValueMap":["group","unknownFutureValue"],"Values":["group","unknownFutureValue"]}],"Description":"Azure AD Authentication Method Policy Sms"},{"ClassName":"MSFT_AADAuthenticationMethodPolicySmsIncludeTarget","Parameters":[{"CIMType":"String","Description":"The object identifier of an Azure AD group.","Name":"Id","Option":"Key"},{"CIMType":"String","Description":"The type of the authentication method target. Possible values are: group and unknownFutureValue.","Name":"TargetType","Option":"Key","ValueMap":["group","unknownFutureValue"],"Values":["group","unknownFutureValue"]}],"Description":"Azure AD Authentication Method Policy Sms"},{"ClassName":"MSFT_AADAuthenticationMethodPolicySms","Parameters":[{"CIMType":"MSFT_AADAuthenticationMethodPolicySmsExcludeTarget[]","Description":"Displayname of the groups of users that are excluded from a policy.","Name":"ExcludeTargets","Option":"Write"},{"CIMType":"MSFT_AADAuthenticationMethodPolicySmsIncludeTarget[]","Description":"Displayname of the groups of users that are included from a policy.","Name":"IncludeTargets","Option":"Write"},{"CIMType":"String","Description":"The state of the policy. Possible values are: enabled, disabled.","Name":"State","Option":"Write","ValueMap":["enabled","disabled"],"Values":["enabled","disabled"]},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Key"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Azure AD Authentication Method Policy Sms"},{"ClassName":"MSFT_AADAuthenticationMethodPolicySoftwareExcludeTarget","Parameters":[{"CIMType":"String","Description":"The object identifier of an Azure AD group.","Name":"Id","Option":"Key"},{"CIMType":"String","Description":"The type of the authentication method target. Possible values are: group and unknownFutureValue.","Name":"TargetType","Option":"Key","ValueMap":["group","unknownFutureValue"],"Values":["group","unknownFutureValue"]}],"Description":"Azure AD Authentication Method Policy Software"},{"ClassName":"MSFT_AADAuthenticationMethodPolicySoftwareIncludeTarget","Parameters":[{"CIMType":"String","Description":"The object identifier of an Azure AD group.","Name":"Id","Option":"Key"},{"CIMType":"String","Description":"The type of the authentication method target. Possible values are: group and unknownFutureValue.","Name":"TargetType","Option":"Key","ValueMap":["group","unknownFutureValue"],"Values":["group","unknownFutureValue"]}],"Description":"Azure AD Authentication Method Policy Software"},{"ClassName":"MSFT_AADAuthenticationMethodPolicySoftware","Parameters":[{"CIMType":"MSFT_AADAuthenticationMethodPolicySoftwareExcludeTarget[]","Description":"Displayname of the groups of users that are excluded from a policy.","Name":"ExcludeTargets","Option":"Write"},{"CIMType":"MSFT_AADAuthenticationMethodPolicySoftwareIncludeTarget[]","Description":"Displayname of the groups of users that are included from a policy.","Name":"IncludeTargets","Option":"Write"},{"CIMType":"String","Description":"The state of the policy. Possible values are: enabled, disabled.","Name":"State","Option":"Write","ValueMap":["enabled","disabled"],"Values":["enabled","disabled"]},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Key"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Azure AD Authentication Method Policy Software"},{"ClassName":"MSFT_AADAuthenticationMethodPolicyTemporaryExcludeTarget","Parameters":[{"CIMType":"String","Description":"The object identifier of an Azure AD group.","Name":"Id","Option":"Key"},{"CIMType":"String","Description":"The type of the authentication method target. Possible values are: group and unknownFutureValue.","Name":"TargetType","Option":"Key","ValueMap":["group","unknownFutureValue"],"Values":["group","unknownFutureValue"]}],"Description":"Azure AD Authentication Method Policy Temporary"},{"ClassName":"MSFT_AADAuthenticationMethodPolicyTemporaryIncludeTarget","Parameters":[{"CIMType":"String","Description":"The object identifier of an Azure AD group.","Name":"Id","Option":"Key"},{"CIMType":"String","Description":"The type of the authentication method target. Possible values are: group and unknownFutureValue.","Name":"TargetType","Option":"Key","ValueMap":["group","unknownFutureValue"],"Values":["group","unknownFutureValue"]}],"Description":"Azure AD Authentication Method Policy Temporary"},{"ClassName":"MSFT_AADAuthenticationMethodPolicyTemporary","Parameters":[{"CIMType":"UInt32","Description":"Default length in characters of a Temporary Access Pass object. Must be between 8 and 48 characters.","Name":"DefaultLength","Option":"Write"},{"CIMType":"UInt32","Description":"Default lifetime in minutes for a Temporary Access Pass. Value can be any integer between the minimumLifetimeInMinutes and maximumLifetimeInMinutes.","Name":"DefaultLifetimeInMinutes","Option":"Write"},{"CIMType":"Boolean","Description":"If true, all the passes in the tenant will be restricted to one-time use. If false, passes in the tenant can be created to be either one-time use or reusable.","Name":"IsUsableOnce","Option":"Write"},{"CIMType":"UInt32","Description":"Maximum lifetime in minutes for any Temporary Access Pass created in the tenant. Value can be between 10 and 43200 minutes (equivalent to 30 days).","Name":"MaximumLifetimeInMinutes","Option":"Write"},{"CIMType":"UInt32","Description":"Minimum lifetime in minutes for any Temporary Access Pass created in the tenant. Value can be between 10 and 43200 minutes (equivalent to 30 days).","Name":"MinimumLifetimeInMinutes","Option":"Write"},{"CIMType":"MSFT_AADAuthenticationMethodPolicyTemporaryExcludeTarget[]","Description":"Displayname of the groups of users that are excluded from a policy.","Name":"ExcludeTargets","Option":"Write"},{"CIMType":"MSFT_AADAuthenticationMethodPolicyTemporaryIncludeTarget[]","Description":"Displayname of the groups of users that are included from a policy.","Name":"IncludeTargets","Option":"Write"},{"CIMType":"String","Description":"The state of the policy. Possible values are: enabled, disabled.","Name":"State","Option":"Write","ValueMap":["enabled","disabled"],"Values":["enabled","disabled"]},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Key"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Azure AD Authentication Method Policy Temporary"},{"ClassName":"MSFT_AADAuthenticationMethodPolicyVoiceExcludeTarget","Parameters":[{"CIMType":"String","Description":"The object identifier of an Azure AD group.","Name":"Id","Option":"Key"},{"CIMType":"String","Description":"The type of the authentication method target. Possible values are: group and unknownFutureValue.","Name":"TargetType","Option":"Key","ValueMap":["group","unknownFutureValue"],"Values":["group","unknownFutureValue"]}],"Description":"Azure AD Authentication Method Policy Voice"},{"ClassName":"MSFT_AADAuthenticationMethodPolicyVoiceIncludeTarget","Parameters":[{"CIMType":"String","Description":"The object identifier of an Azure AD group.","Name":"Id","Option":"Key"},{"CIMType":"String","Description":"The type of the authentication method target. Possible values are: group and unknownFutureValue.","Name":"TargetType","Option":"Key","ValueMap":["group","unknownFutureValue"],"Values":["group","unknownFutureValue"]}],"Description":"Azure AD Authentication Method Policy Voice"},{"ClassName":"MSFT_AADAuthenticationMethodPolicyVoice","Parameters":[{"CIMType":"Boolean","Description":"true if users can register office phones, otherwise, false.","Name":"IsOfficePhoneAllowed","Option":"Write"},{"CIMType":"MSFT_AADAuthenticationMethodPolicyVoiceExcludeTarget[]","Description":"Displayname of the groups of users that are excluded from a policy.","Name":"ExcludeTargets","Option":"Write"},{"CIMType":"MSFT_AADAuthenticationMethodPolicyVoiceIncludeTarget[]","Description":"Displayname of the groups of users that are included from a policy.","Name":"IncludeTargets","Option":"Write"},{"CIMType":"String","Description":"The state of the policy. Possible values are: enabled, disabled.","Name":"State","Option":"Write","ValueMap":["enabled","disabled"],"Values":["enabled","disabled"]},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Key"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Azure AD Authentication Method Policy Voice"},{"ClassName":"MSFT_MicrosoftGraphX509CertificateAuthenticationModeConfiguration","Parameters":[{"CIMType":"MSFT_MicrosoftGraphX509CertificateRule[]","Description":"Rules are configured in addition to the authentication mode to bind a specific x509CertificateRuleType to an x509CertificateAuthenticationMode. For example, bind the policyOID with identifier 1.32.132.343 to x509CertificateMultiFactor authentication mode.","Name":"Rules","Option":"Write"},{"CIMType":"String","Description":"The type of strong authentication mode. The possible values are: x509CertificateSingleFactor, x509CertificateMultiFactor, unknownFutureValue.","Name":"X509CertificateAuthenticationDefaultMode","Option":"Write","ValueMap":["x509CertificateSingleFactor","x509CertificateMultiFactor","unknownFutureValue"],"Values":["x509CertificateSingleFactor","x509CertificateMultiFactor","unknownFutureValue"]}],"Description":"Azure AD Authentication Method Policy X509"},{"ClassName":"MSFT_MicrosoftGraphX509CertificateRule","Parameters":[{"CIMType":"String","Description":"The identifier of the X.509 certificate. Required.","Name":"Identifier","Option":"Key"},{"CIMType":"String","Description":"The type of strong authentication mode. The possible values are: x509CertificateSingleFactor, x509CertificateMultiFactor, unknownFutureValue. Required.","Name":"X509CertificateAuthenticationMode","Option":"Required","ValueMap":["x509CertificateSingleFactor","x509CertificateMultiFactor","unknownFutureValue"],"Values":["x509CertificateSingleFactor","x509CertificateMultiFactor","unknownFutureValue"]},{"CIMType":"String","Description":"The type of the X.509 certificate mode configuration rule. The possible values are: issuerSubject, policyOID, unknownFutureValue. Required.","Name":"X509CertificateRuleType","Option":"Write","ValueMap":["issuerSubject","policyOID","unknownFutureValue"],"Values":["issuerSubject","policyOID","unknownFutureValue"]}],"Description":"Azure AD Authentication Method Policy X509"},{"ClassName":"MSFT_MicrosoftGraphX509CertificateUserBinding","Parameters":[{"CIMType":"UInt32","Description":"The priority of the binding. Azure AD uses the binding with the highest priority. This value must be a non-negative integer and unique in the collection of objects in the certificateUserBindings property of an x509CertificateAuthenticationMethodConfiguration object. Required","Name":"Priority","Option":"Write"},{"CIMType":"String","Description":"Defines the Azure AD user property of the user object to use for the binding. The possible values are: userPrincipalName, onPremisesUserPrincipalName, email. Required.","Name":"UserProperty","Option":"Required"},{"CIMType":"String","Description":"The field on the X.509 certificate to use for the binding. The possible values are: PrincipalName, RFC822Name.","Name":"X509CertificateField","Option":"Write"}],"Description":"Azure AD Authentication Method Policy X509"},{"ClassName":"MSFT_AADAuthenticationMethodPolicyX509ExcludeTarget","Parameters":[{"CIMType":"String","Description":"The object identifier of an Azure AD group.","Name":"Id","Option":"Key"},{"CIMType":"String","Description":"The type of the authentication method target. Possible values are: group and unknownFutureValue.","Name":"TargetType","Option":"Key","ValueMap":["group","unknownFutureValue"],"Values":["group","unknownFutureValue"]}],"Description":"Azure AD Authentication Method Policy X509"},{"ClassName":"MSFT_AADAuthenticationMethodPolicyX509IncludeTarget","Parameters":[{"CIMType":"String","Description":"The object identifier of an Azure AD group.","Name":"Id","Option":"Key"},{"CIMType":"Boolean","Description":"Determines if the user is enforced to register the authentication method.","Name":"isRegistrationRequired","Option":"Write"},{"CIMType":"String","Description":"The type of the authentication method target. Possible values are: group and unknownFutureValue.","Name":"TargetType","Option":"Key","ValueMap":["group","unknownFutureValue"],"Values":["group","unknownFutureValue"]}],"Description":"Azure AD Authentication Method Policy X509"},{"ClassName":"MSFT_AADAuthenticationMethodPolicyX509","Parameters":[{"CIMType":"MSFT_MicrosoftGraphx509CertificateAuthenticationModeConfiguration","Description":"Defines strong authentication configurations. This configuration includes the default authentication mode and the different rules for strong authentication bindings.","Name":"AuthenticationModeConfiguration","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphx509CertificateUserBinding[]","Description":"Defines fields in the X.509 certificate that map to attributes of the Azure AD user object in order to bind the certificate to the user. The priority of the object determines the order in which the binding is carried out. The first binding that matches will be used and the rest ignored.","Name":"CertificateUserBindings","Option":"Write"},{"CIMType":"MSFT_AADAuthenticationMethodPolicyX509ExcludeTarget[]","Description":"Displayname of the groups of users that are excluded from a policy.","Name":"ExcludeTargets","Option":"Write"},{"CIMType":"MSFT_AADAuthenticationMethodPolicyX509IncludeTarget[]","Description":"Displayname of the groups of users that are included from a policy.","Name":"IncludeTargets","Option":"Write"},{"CIMType":"String","Description":"The state of the policy. Possible values are: enabled, disabled.","Name":"State","Option":"Write","ValueMap":["enabled","disabled"],"Values":["enabled","disabled"]},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Key"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Azure AD Authentication Method Policy X509"},{"ClassName":"MSFT_AADAuthenticationRequirement","Parameters":[{"CIMType":"String","Description":"The state of the MFA enablement for the user. Possible values are: enabled, disabled.","Name":"PerUserMfaState","Option":"Write","ValueMap":["enabled","disabled"],"Values":["enabled","disabled"]},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"UserPrincipalName","Option":"Key"},{"CIMType":"String","Description":"Only valid value is 'Yes'.","Name":"IsSingleInstance","Option":"Key","ValueMap":["Yes"],"Values":["Yes"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Azure AD Authentication Requirement Resource to set up Per-User MFA settings"},{"ClassName":"MSFT_AADAuthenticationStrengthPolicy","Parameters":[{"CIMType":"String","Description":"The name of the policy.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"A description of the policy.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"The unique identifier of the policy.","Name":"Id","Option":"Write"},{"CIMType":"String[]","Description":"The authentication method combinations allowed by this authentication strength policy.","Name":"AllowedCombinations","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Azure AD Authentication Strength Policy"},{"ClassName":"MSFT_AADAuthorizationPolicy","Parameters":[{"CIMType":"String","Description":"Only valid value is 'Yes'.","Name":"IsSingleInstance","Option":"Key","ValueMap":["Yes"],"Values":["Yes"]},{"CIMType":"String","Description":"Display name for this policy.","Name":"DisplayName","Option":"Write"},{"CIMType":"String","Description":"Description of this policy.","Name":"Description","Option":"Write"},{"CIMType":"Boolean","Description":"Boolean Indicates whether users can sign up for email based subscriptions.","Name":"AllowedToSignUpEmailBasedSubscriptions","Option":"Write"},{"CIMType":"Boolean","Description":"Boolean Indicates whether the Self-Serve Password Reset feature can be used by users on the tenant.","Name":"AllowedToUseSSPR","Option":"Write"},{"CIMType":"Boolean","Description":"Boolean Indicates whether a user can join the tenant by email validation.","Name":"AllowEmailVerifiedUsersToJoinOrganization","Option":"Write"},{"CIMType":"String","Description":"Indicates who can invite external users to the organization. Possible values are: None, AdminsAndGuestInviters, AdminsGuestInvitersAndAllMembers, Everyone. Everyone is the default setting for all cloud environments except US Government.","Name":"AllowInvitesFrom","Option":"Write","ValueMap":["None","AdminsAndGuestInviters","AdminsGuestInvitersAndAllMembers","Everyone"],"Values":["None","AdminsAndGuestInviters","AdminsGuestInvitersAndAllMembers","Everyone"]},{"CIMType":"Boolean","Description":"Indicates whether user consent for risky apps is allowed.","Name":"AllowUserConsentForRiskyApps","Option":"Write"},{"CIMType":"Boolean","Description":"Boolean To disable the use of MSOL PowerShell, set this property to true. This will also disable user-based access to the legacy service endpoint used by MSOL PowerShell. This does not affect Azure AD Connect or Microsoft Graph.","Name":"BlockMsolPowershell","Option":"Write"},{"CIMType":"Boolean","Description":"Boolean Indicates whether the default user role can create applications.","Name":"DefaultUserRoleAllowedToCreateApps","Option":"Write"},{"CIMType":"Boolean","Description":"Boolean Indicates whether the default user role can create security groups.","Name":"DefaultUserRoleAllowedToCreateSecurityGroups","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether the registered owners of a device can read their own BitLocker recovery keys with default user role.","Name":"DefaultUserRoleAllowedToReadBitlockerKeysForOwnedDevice","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether the default user role can create tenants. This setting corresponds to the Restrict non-admin users from creating tenants setting in the User settings menu in the Azure portal. When this setting is false, users assigned the Tenant Creator role can still create tenants.","Name":"DefaultUserRoleAllowedToCreateTenants","Option":"Write"},{"CIMType":"Boolean","Description":"Boolean Indicates whether the default user role can read other users.","Name":"DefaultUserRoleAllowedToReadOtherUsers","Option":"Write"},{"CIMType":"String","Description":"The role that should be granted to guest users. Refer to List unifiedRoleDefinitions to find the list of available role templates. Only supported roles today are User, Guest User, and Restricted Guest User (2af84b1e-32c8-42b7-82bc-daa82404023b).","Name":"GuestUserRole","Option":"Write","ValueMap":["Guest","RestrictedGuest","User"],"Values":["Guest","RestrictedGuest","User"]},{"CIMType":"String[]","Description":"String collection Indicates if user consent to apps is allowed, and if it is, which permission to grant consent and which app consent policy (permissionGrantPolicy) govern the permission for users to grant consent. Value should be in the format managePermissionGrantsForSelf.{id}, where {id} is the id of a built-in or custom app consent policy. An empty list indicates user consent to apps is disabled.","Name":"PermissionGrantPolicyIdsAssignedToDefaultUserRole","Option":"Write"},{"CIMType":"String","Description":"Specify that the Azure Authorization Policy should exist.","Name":"Ensure","Option":"Write","ValueMap":["Present"],"Values":["Present"]},{"CIMType":"MSFT_Credential","Description":"Credentials for the Microsoft Graph delegated permissions.","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory application to authenticate with.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures AAD Authorization Policies."},{"ClassName":"MSFT_AADB2CAuthenticationMethodsPolicy","Parameters":[{"CIMType":"String","Description":"Only valid value is 'Yes'.","Name":"IsSingleInstance","Option":"Key","ValueMap":["Yes"],"Values":["Yes"]},{"CIMType":"Boolean","Description":"The tenant admin can configure local accounts using email if the email and password authentication method is enabled.","Name":"IsEmailPasswordAuthenticationEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The tenant admin can configure local accounts using username if the username and password authentication method is enabled.","Name":"IsUserNameAuthenticationEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The tenant admin can configure local accounts using phone number if the phone number and one-time password authentication method is enabled.","Name":"IsPhoneOneTimePasswordAuthenticationEnabled","Option":"Write"},{"CIMType":"string","Description":"Present ensures the instance exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Absent","Present"],"Values":["Absent","Present"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"B2C allows tenant admins to choose a mechanism for letting end users register via local accounts."},{"ClassName":"MSFT_AADCertificateBasedApplicationConfigurationTrustedCertificateAuthority","Parameters":[{"CIMType":"String","Description":"The certificate data in base64 encoded format.","Name":"Certificate","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates if the certificate is a root authority.","Name":"IsRootAuthority","Option":"Write"},{"CIMType":"String","Description":"The issuer of the certificate.","Name":"Issuer","Option":"Write"},{"CIMType":"String","Description":"The subject key identifier of the issuer.","Name":"IssuerSubjectKeyIdentifier","Option":"Write"}],"Description":"Manages certificate-based application configurations that define trusted certificate authorities for application authentication in Azure AD. These configurations are global tenant-wide objects that can be referenced by multiple app management policies."},{"ClassName":"MSFT_AADCertificateBasedApplicationConfiguration","Parameters":[{"CIMType":"String","Description":"Display name for the configuration.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"The unique identifier for the configuration.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"Description for the configuration.","Name":"Description","Option":"Write"},{"CIMType":"MSFT_AADCertificateBasedApplicationConfigurationTrustedCertificateAuthority[]","Description":"Collection of trusted certificate authorities.","Name":"TrustedCertificateAuthorities","Option":"Write"},{"CIMType":"String","Description":"Present ensures the instance exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Absent","Present"],"Values":["Absent","Present"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Manages certificate-based application configurations that define trusted certificate authorities for application authentication in Azure AD. These configurations are global tenant-wide objects that can be referenced by multiple app management policies."},{"ClassName":"MSFT_AADClaimsMappingPolicyDefinitionMappingPolicyClaimsTransformationInputParameter","Parameters":[{"CIMType":"String","Description":"The value of the input parameters of the claims transformation in the claims mapping policy.","Name":"Value","Option":"Write"},{"CIMType":"String","Description":"The object identifier of the input parameters of the claims transformation in the claims mapping policy.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"The data type of the input parameters of the claims transformation in the claims mapping policy.","Name":"DataType","Option":"Write"}],"Description":"Azure AD Claims Mapping Policy"},{"ClassName":"MSFT_AADClaimsMappingPolicyDefinitionMappingPolicyClaimsTransformationOutputClaims","Parameters":[{"CIMType":"String","Description":"The claim type reference ID of the output claims of the claims transformation in the claims mapping policy.","Name":"ClaimTypeReferenceId","Option":"Write"},{"CIMType":"String","Description":"The transformation type of the output claims of the claims transformation in the claims mapping policy.","Name":"TransformationClaimType","Option":"Write"}],"Description":"Azure AD Claims Mapping Policy"},{"ClassName":"MSFT_AADClaimsMappingPolicyDefinitionMappingPolicyClaimsTransformation","Parameters":[{"CIMType":"String","Description":"The object identifier of the claims transformation in the claims mapping policy.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"The transformation method of the claims transformation in the claims mapping policy.","Name":"TransformationMethod","Option":"Write"},{"CIMType":"MSFT_AADClaimsMappingPolicyDefinitionMappingPolicyClaimsTransformationInputParameter[]","Description":"The list of input parameters of the claims transformation in the claims mapping policy.","Name":"InputParameters","Option":"Write"},{"CIMType":"MSFT_AADClaimsMappingPolicyDefinitionMappingPolicyClaimsTransformationOutputClaims[]","Description":"The list of output claims of the claims transformation in the claims mapping policy.","Name":"OutputClaims","Option":"Write"}],"Description":"Azure AD Claims Mapping Policy"},{"ClassName":"MSFT_AADClaimsMappingPolicyDefinitionMappingPolicyClaimsSchema","Parameters":[{"CIMType":"String","Description":"The source name of the claims schema in the claims mapping policy.","Name":"Source","Option":"Write"},{"CIMType":"String","Description":"The object identifier of the claims schema in the claims mapping policy.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"The SAML claims type of the claims schema in the claims mapping policy.","Name":"SamlClaimType","Option":"Write"}],"Description":"Azure AD Claims Mapping Policy"},{"ClassName":"MSFT_AADClaimsMappingPolicyDefinitionMappingPolicy","Parameters":[{"CIMType":"uint32","Description":"Set value of 1. Required.","Name":"Version","Option":"Write"},{"CIMType":"Boolean","Description":"If set to true, all claims in the basic claim set are emitted in tokens affected by the policy. If set to false, claims in the basic claim set are not in the tokens, unless they are individually added in the ClaimsSchema property of the same policy.","Name":"IncludeBasicClaimSet","Option":"Write"},{"CIMType":"MSFT_AADClaimsMappingPolicyDefinitionMappingPolicyClaimsSchema[]","Description":"Defines which claims are present in the tokens affected by the policy, in addition to the basic claim set and the core claim set.","Name":"ClaimsSchema","Option":"Write"},{"CIMType":"MSFT_AADClaimsMappingPolicyDefinitionMappingPolicyClaimsTransformation[]","Description":"Defines common transformations that can be applied to source data, to generate the output data for claims specified in the ClaimsSchema.","Name":"ClaimsTransformation","Option":"Write"}],"Description":"Azure AD Claims Mapping Policy"},{"ClassName":"MSFT_AADClaimsMappingPolicyDefinition","Parameters":[{"CIMType":"MSFT_AADClaimsMappingPolicyDefinitionMappingPolicy","Description":"Rules and settings of the policy.","Name":"ClaimsMappingPolicy","Option":"Write"}],"Description":"Azure AD Claims Mapping Policy"},{"ClassName":"MSFT_AADClaimsMappingPolicy","Parameters":[{"CIMType":"MSFT_AADClaimsMappingPolicyDefinition[]","Description":"A string collection containing a JSON string that defines the rules and settings for a policy. The syntax for the definition differs for each derived policy type. Required.","Name":"Definition","Option":"Write"},{"CIMType":"Boolean","Description":"If set to true, activates this policy. There can be many policies for the same policy type, but only one can be activated as the organization default. Optional, default value is false.","Name":"IsOrganizationDefault","Option":"Write"},{"CIMType":"String","Description":"Description for this policy. Required.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Display name for this policy. Required.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Azure AD Claims Mapping Policy"},{"ClassName":"MSFT_AADConditionalAccessPolicy","Parameters":[{"CIMType":"String","Description":"DisplayName of the AAD CA Policy","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"Specifies the GUID for the Policy.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"Specifies the State of the Policy.","Name":"State","Option":"Write","ValueMap":["disabled","enabled","enabledForReportingButNotEnforced"],"Values":["disabled","enabled","enabledForReportingButNotEnforced"]},{"CIMType":"String[]","Description":"Cloud Apps in scope of the Policy.","Name":"IncludeApplications","Option":"Write"},{"CIMType":"String","Description":"Rule syntax is similar to that used for membership rules for groups in Microsoft Entra ID.","Name":"ApplicationsFilter","Option":"Write"},{"CIMType":"String","Description":"Mode to use for the filter. Possible values are include or exclude.","Name":"ApplicationsFilterMode","Option":"Write","ValueMap":["include","exclude"],"Values":["include","exclude"]},{"CIMType":"String[]","Description":"Cloud Apps out of scope of the Policy.","Name":"ExcludeApplications","Option":"Write"},{"CIMType":"String[]","Description":"User Actions in scope of the Policy.","Name":"IncludeUserActions","Option":"Write"},{"CIMType":"String[]","Description":"Users in scope of the Policy.","Name":"IncludeUsers","Option":"Write"},{"CIMType":"String[]","Description":"Users out of scope of the Policy.","Name":"ExcludeUsers","Option":"Write"},{"CIMType":"String[]","Description":"Groups in scope of the Policy.","Name":"IncludeGroups","Option":"Write"},{"CIMType":"String[]","Description":"Groups out of scope of the Policy.","Name":"ExcludeGroups","Option":"Write"},{"CIMType":"String[]","Description":"AAD Admin Roles in scope of the Policy.","Name":"IncludeRoles","Option":"Write"},{"CIMType":"String[]","Description":"AAD Admin Roles out of scope of the Policy.","Name":"ExcludeRoles","Option":"Write"},{"CIMType":"String[]","Description":"Represents the Included internal guests or external user types. This is a multi-valued property. Supported values are: b2bCollaborationGuest, b2bCollaborationMember, b2bDirectConnectUser, internalGuest, OtherExternalUser, serviceProvider and unknownFutureValue.","Name":"IncludeGuestOrExternalUserTypes","Option":"Write","ValueMap":["none","internalGuest","b2bCollaborationGuest","b2bCollaborationMember","b2bDirectConnectUser","otherExternalUser","serviceProvider","unknownFutureValue"],"Values":["none","internalGuest","b2bCollaborationGuest","b2bCollaborationMember","b2bDirectConnectUser","otherExternalUser","serviceProvider","unknownFutureValue"]},{"CIMType":"String","Description":"Represents the Included Tenants membership kind. The possible values are: all, enumerated, unknownFutureValue. enumerated references an object of conditionalAccessEnumeratedExternalTenants derived type.","Name":"IncludeExternalTenantsMembershipKind","Option":"Write","ValueMap":["","all","enumerated","unknownFutureValue"],"Values":["","all","enumerated","unknownFutureValue"]},{"CIMType":"String[]","Description":"Represents the Included collection of tenant ids in the scope of Conditional Access for guests and external users policy targeting.","Name":"IncludeExternalTenantsMembers","Option":"Write"},{"CIMType":"String[]","Description":"Represents the Excluded internal guests or external user types. This is a multi-valued property. Supported values are: b2bCollaborationGuest, b2bCollaborationMember, b2bDirectConnectUser, internalGuest, OtherExternalUser, serviceProvider and unknownFutureValue.","Name":"ExcludeGuestOrExternalUserTypes","Option":"Write","ValueMap":["none","internalGuest","b2bCollaborationGuest","b2bCollaborationMember","b2bDirectConnectUser","otherExternalUser","serviceProvider","unknownFutureValue"],"Values":["none","internalGuest","b2bCollaborationGuest","b2bCollaborationMember","b2bDirectConnectUser","otherExternalUser","serviceProvider","unknownFutureValue"]},{"CIMType":"String","Description":"Represents the Excluded Tenants membership kind. The possible values are: all, enumerated, unknownFutureValue. enumerated references an object of conditionalAccessEnumeratedExternalTenants derived type.","Name":"ExcludeExternalTenantsMembershipKind","Option":"Write","ValueMap":["","all","enumerated","unknownFutureValue"],"Values":["","all","enumerated","unknownFutureValue"]},{"CIMType":"String[]","Description":"Represents the Excluded collection of tenant ids in the scope of Conditional Access for guests and external users policy targeting.","Name":"ExcludeExternalTenantsMembers","Option":"Write"},{"CIMType":"String[]","Description":"Service Principals in scope of the Policy. 'Attribute Definition Reader' role is needed.","Name":"IncludeServicePrincipals","Option":"Write"},{"CIMType":"String[]","Description":"Service Principals out of scope of the Policy. 'Attribute Definition Reader' role is needed.","Name":"ExcludeServicePrincipals","Option":"Write"},{"CIMType":"String","Description":"Mode to use for the Service Principal filter. Possible values are include or exclude. 'Attribute Definition Reader' role is needed.","Name":"ServicePrincipalFilterMode","Option":"Write","ValueMap":["include","exclude"],"Values":["include","exclude"]},{"CIMType":"String","Description":"Rule syntax for the Service Principal filter. 'Attribute Definition Reader' role is needed.","Name":"ServicePrincipalFilterRule","Option":"Write"},{"CIMType":"String[]","Description":"Client Device Platforms in scope of the Policy.","Name":"IncludePlatforms","Option":"Write"},{"CIMType":"String[]","Description":"Client Device Platforms out of scope of the Policy.","Name":"ExcludePlatforms","Option":"Write"},{"CIMType":"String[]","Description":"AAD Named Locations in scope of the Policy.","Name":"IncludeLocations","Option":"Write"},{"CIMType":"String[]","Description":"AAD Named Locations out of scope of the Policy.","Name":"ExcludeLocations","Option":"Write"},{"CIMType":"String","Description":"Client Device Filter mode of the Policy.","Name":"DeviceFilterMode","Option":"Write","ValueMap":["include","exclude"],"Values":["include","exclude"]},{"CIMType":"String","Description":"Client Device Filter rule of the Policy.","Name":"DeviceFilterRule","Option":"Write"},{"CIMType":"String[]","Description":"AAD Identity Protection User Risk Levels in scope of the Policy.","Name":"UserRiskLevels","Option":"Write"},{"CIMType":"String[]","Description":"AAD Identity Protection Sign-in Risk Levels in scope of the Policy.","Name":"SignInRiskLevels","Option":"Write"},{"CIMType":"String[]","Description":"Client App types in scope of the Policy.","Name":"ClientAppTypes","Option":"Write"},{"CIMType":"String","Description":"Operator to be used for Grant Controls.","Name":"GrantControlOperator","Option":"Write","ValueMap":["AND","OR"],"Values":["AND","OR"]},{"CIMType":"String[]","Description":"List of built-in Grant Controls to be applied by the Policy.","Name":"BuiltInControls","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies, whether Application Enforced Restrictions are enabled in the Policy.","Name":"ApplicationEnforcedRestrictionsIsEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies, whether Cloud App Security is enforced by the Policy.","Name":"CloudAppSecurityIsEnabled","Option":"Write"},{"CIMType":"String","Description":"Specifies, what Cloud App Security control is enforced by the Policy.","Name":"CloudAppSecurityType","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies if token protection for sign-in sessions is to be enforced by the policy.","Name":"SecureSignInSessionIsEnabled","Option":"Write"},{"CIMType":"UInt32","Description":"Sign in frequency time in the given unit to be enforced by the policy.","Name":"SignInFrequencyValue","Option":"Write"},{"CIMType":"String","Description":"Display name of the terms of use to assign.","Name":"TermsOfUse","Option":"Write"},{"CIMType":"String[]","Description":"Custom Controls assigned to the grant property of this policy.","Name":"CustomAuthenticationFactors","Option":"Write"},{"CIMType":"String","Description":"Sign in frequency unit (days/hours) to be interpreted by the policy.","Name":"SignInFrequencyType","Option":"Write","ValueMap":["Days","Hours",""],"Values":["Days","Hours",""]},{"CIMType":"Boolean","Description":"Specifies, whether sign-in frequency is enforced by the Policy.","Name":"SignInFrequencyIsEnabled","Option":"Write"},{"CIMType":"String","Description":"Sign in frequency interval. Possible values are: 'timeBased', 'everyTime' and 'unknownFutureValue'.","Name":"SignInFrequencyInterval","Option":"Write","ValueMap":["timeBased","everyTime","unknownFutureValue"],"Values":["timeBased","everyTime","unknownFutureValue"]},{"CIMType":"Boolean","Description":"Specifies, whether Browser Persistence is controlled by the Policy.","Name":"PersistentBrowserIsEnabled","Option":"Write"},{"CIMType":"String","Description":"Specifies, what Browser Persistence control is enforced by the Policy.","Name":"PersistentBrowserMode","Option":"Write","ValueMap":["Always","Never",""],"Values":["Always","Never",""]},{"CIMType":"Boolean","Description":"Specifies, if DisableResilienceDefaults is enabled.","Name":"DisableResilienceDefaultsIsEnabled","Option":"Write"},{"CIMType":"String","Description":"Name of the associated authentication strength policy.","Name":"AuthenticationStrength","Option":"Write"},{"CIMType":"String","Description":"Names of the associated authentication flow transfer methods. Possible values are '', 'deviceCodeFlow', 'authenticationTransfer', or 'deviceCodeFlow,authenticationTransfer'.","Name":"TransferMethods","Option":"Write"},{"CIMType":"String[]","Description":"Authentication context class references.","Name":"AuthenticationContexts","Option":"Write"},{"CIMType":"String[]","Description":"Insider risk levels conditions.","Name":"InsiderRiskLevels","Option":"Write","ValueMap":["minor","moderate","elevated","unknownFutureValue"],"Values":["minor","moderate","elevated","unknownFutureValue"]},{"CIMType":"String[]","Description":"Service principal risk levels included in the policy.","Name":"ServicePrincipalRiskLevels","Option":"Write","ValueMap":["low","medium","high","none","unknownFutureValue"],"Values":["low","medium","high","none","unknownFutureValue"]},{"CIMType":"String[]","Description":"Specifies the protocol flows to block.","Name":"ProtocolFlows","Option":"Write"},{"CIMType":"String","Description":"Specify if the Azure AD CA Policy should exist or not.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials for the Microsoft Graph delegated permissions.","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory application to authenticate with.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures an Azure Active Directory Conditional Access Policy."},{"ClassName":"MSFT_AADConnectorGroupApplicationProxy","Parameters":[{"CIMType":"String","Description":"The name associated with the connectorGroup.","Name":"Name","Option":"Key"},{"CIMType":"String","Description":"The region the connectorGroup is assigned to and will optimize traffic for. This region can only be set if no connectors or applications are assigned to the connectorGroup. The possible values are: nam (for North America), eur (for Europe), aus (for Australia), asia (for Asia), ind (for India), and unknownFutureValue.","Name":"Region","Option":"Write","ValueMap":["nam","eur","aus","asia","ind","unknownFutureValue"],"Values":["nam","eur","aus","asia","ind","unknownFutureValue"]},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Azure AD Connector Group Application Proxy"},{"ClassName":"MSFT_AADCrossTenantAccessPolicy","Parameters":[{"CIMType":"String","Description":"Only valid value is 'Yes'.","Name":"IsSingleInstance","Option":"Key","ValueMap":["Yes"],"Values":["Yes"]},{"CIMType":"String","Description":"The name of the policy.","Name":"DisplayName","Option":"Write"},{"CIMType":"String[]","Description":"Used to specify which Microsoft clouds an organization would like to collaborate with. By default, this value is empty.","Name":"AllowedCloudEndpoints","Option":"Write","ValueMap":["microsoftonline.com","microsoftonline.us","partner.microsoftonline.cn"],"Values":["microsoftonline.com","microsoftonline.us","partner.microsoftonline.cn"]},{"CIMType":"String","Description":"Specify if the policy should exist or not.","Name":"Ensure","Option":"Write","ValueMap":["Present"],"Values":["Present"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource manages Azure AD Cross Tenant Access Policies."},{"ClassName":"MSFT_AADCrossTenantAccessPolicyTarget","Parameters":[{"CIMType":"String","Description":"The unique identifier of the user, group, or application; one of the following keywords: AllUsers and AllApplications; or for targets that are applications, you may use reserved values.","Name":"Target","Option":"Write"},{"CIMType":"String","Description":"The type of resource that you want to target. The possible values are: user, group, application, unknownFutureValue.","Name":"TargetType","Option":"Write","ValueMap":["user","group","application","unknownFutureValue"],"Values":["user","group","application","unknownFutureValue"]}],"Description":"This resource manages Azure AD Cross Tenant Access Policies Configuration Default."},{"ClassName":"MSFT_AADCrossTenantAccessPolicyTargetConfiguration","Parameters":[{"CIMType":"String","Description":"Defines whether access is allowed or blocked. The possible values are: allowed, blocked, unknownFutureValue.","Name":"AccessType","Option":"Write","ValueMap":["allowed","blocked","unknownFutureValue"],"Values":["allowed","blocked","unknownFutureValue"]},{"CIMType":"MSFT_AADCrossTenantAccessPolicyTarget[]","Description":"Specifies whether to target users, groups, or applications with this rule.","Name":"Targets","Option":"Write"}],"Description":"This resource manages Azure AD Cross Tenant Access Policies Configuration Default."},{"ClassName":"MSFT_AADCrossTenantAccessPolicyB2BSetting","Parameters":[{"CIMType":"MSFT_AADCrossTenantAccessPolicyTargetConfiguration","Description":"The list of applications targeted with your cross-tenant access policy.","Name":"Applications","Option":"Write"},{"CIMType":"MSFT_AADCrossTenantAccessPolicyTargetConfiguration","Description":"The list of users and groups targeted with your cross-tenant access policy.","Name":"UsersAndGroups","Option":"Write"}],"Description":"This resource manages Azure AD Cross Tenant Access Policies Configuration Default."},{"ClassName":"MSFT_AADCrossTenantAccessPolicyInboundTrust","Parameters":[{"CIMType":"Boolean","Description":"Specifies whether compliant devices from external Azure AD organizations are trusted.","Name":"IsCompliantDeviceAccepted","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies whether hybrid Azure AD joined devices from external Azure AD organizations are trusted.","Name":"IsHybridAzureADJoinedDeviceAccepted","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies whether MFA from external Azure AD organizations is trusted.","Name":"IsMfaAccepted","Option":"Write"}],"Description":"This resource manages Azure AD Cross Tenant Access Policies Configuration Default."},{"ClassName":"MSFT_AADDefaultInvitationRedemptionIdentityProviderConfiguration","Parameters":[{"CIMType":"String[]","Description":"Collection of identity providers in priority order of preference to be used for guest invitation redemption. The possible values are: azureActiveDirectory, externalFederation, or socialIdentityProviders.","Name":"PrimaryIdentityProviderPrecedenceOrder","Option":"Write","ValueMap":["azureActiveDirectory","externalFederation","socialIdentityProviders"],"Values":["azureActiveDirectory","externalFederation","socialIdentityProviders"]},{"CIMType":"String","Description":"The fallback identity provider to be used in case no primary identity provider can be used for guest invitation redemption. The possible values are: defaultConfiguredIdp, emailOneTimePasscode, or microsoftAccount.","Name":"FallbackIdentityProvider","Option":"Write","ValueMap":["defaultConfiguredIdp","emailOneTimePasscode","microsoftAccount"],"Values":["defaultConfiguredIdp","emailOneTimePasscode","microsoftAccount"]}],"Description":"This resource manages Azure AD Cross Tenant Access Policies Configuration Default."},{"ClassName":"MSFT_AADDevicesFilter","Parameters":[{"CIMType":"String","Description":"Determines whether devices that satisfy the rule should be allowed or blocked. The possible values are: allowed, blocked.","Name":"Mode","Option":"Write","ValueMap":["allowed","blocked"],"Values":["allowed","blocked"]},{"CIMType":"String","Description":"Defines the rule to filter the devices. For example, 'device.deviceAttribute2 -eq 'PrivilegedAccessWorkstation'.","Name":"Rule","Option":"Write"}],"Description":"This resource manages Azure AD Cross Tenant Access Policies Configuration Default."},{"ClassName":"MSFT_AADCrossTenantAccessPolicyTenantRestrictions","Parameters":[{"CIMType":"MSFT_AADCrossTenantAccessPolicyTargetConfiguration","Description":"The list of applications targeted with your cross-tenant access policy.","Name":"Applications","Option":"Write"},{"CIMType":"MSFT_AADDevicesFilter","Description":"Defines the rule for filtering devices and whether devices satisfying the rule should be allowed or blocked. This property isn't supported on the server side yet.","Name":"Devices","Option":"Write"},{"CIMType":"MSFT_AADCrossTenantAccessPolicyTargetConfiguration","Description":"The list of users and groups targeted with your cross-tenant access policy.","Name":"UsersAndGroups","Option":"Write"}],"Description":"This resource manages Azure AD Cross Tenant Access Policies Configuration Default."},{"ClassName":"MSFT_AADCrossTenantAccessPolicyConfigurationDefault","Parameters":[{"CIMType":"String","Description":"Only valid value is 'Yes'.","Name":"IsSingleInstance","Option":"Key","ValueMap":["Yes"],"Values":["Yes"]},{"CIMType":"MSFT_AADCrossTenantAccessPolicyB2BSetting","Description":"Defines your partner-specific configuration for users from other organizations accessing your resources via Azure AD B2B collaboration.","Name":"B2BCollaborationInbound","Option":"Write"},{"CIMType":"MSFT_AADCrossTenantAccessPolicyB2BSetting","Description":"Defines your partner-specific configuration for users in your organization going outbound to access resources in another organization via Azure AD B2B collaboration.","Name":"B2BCollaborationOutbound","Option":"Write"},{"CIMType":"MSFT_AADCrossTenantAccessPolicyB2BSetting","Description":"Defines your partner-specific configuration for users from other organizations accessing your resources via Azure AD B2B direct connect.","Name":"B2BDirectConnectInbound","Option":"Write"},{"CIMType":"MSFT_AADCrossTenantAccessPolicyB2BSetting","Description":"Defines your partner-specific configuration for users in your organization going outbound to access resources in another organization via Azure AD B2B direct connect.","Name":"B2BDirectConnectOutbound","Option":"Write"},{"CIMType":"MSFT_AADCrossTenantAccessPolicyInboundTrust","Description":"Determines the partner-specific configuration for trusting other Conditional Access claims from external Azure AD organizations.","Name":"InboundTrust","Option":"Write"},{"CIMType":"MSFT_AADDefaultInvitationRedemptionIdentityProviderConfiguration","Description":"Defines the priority order based on which an identity provider is selected during invitation redemption for a guest user.","Name":"InvitationRedemptionIdentityProviderConfiguration","Option":"Write"},{"CIMType":"MSFT_AADCrossTenantAccessPolicyTenantRestrictions","Description":"Defines the default tenant restrictions configuration for users in your organization who access an external organization on your network or devices.","Name":"TenantRestrictions","Option":"Write"},{"CIMType":"String","Description":"Specify if the instance should exist or not.","Name":"Ensure","Option":"Write","ValueMap":["Present"],"Values":["Present"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource manages Azure AD Cross Tenant Access Policies Configuration Default."},{"ClassName":"MSFT_AADCrossTenantAccessPolicyAutomaticUserConsentSettings","Parameters":[{"CIMType":"Boolean","Description":"Specifies whether you want to automatically trust Inbound invitations.","Name":"InboundAllowed","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies whether you want to automatically trust Outbound invitations.","Name":"OutboundAllowed","Option":"Write"}],"Description":"This resource manages Azure AD Cross Tenant Access Policies Configuration Partner."},{"ClassName":"MSFT_AADCrossTenantGroupSyncInbound","Parameters":[{"CIMType":"Boolean","Description":"Defines whether group objects should be synchronized from the partner tenant. false stops any current group synchronization from the source tenant to the target tenant. This property has no impact on existing groups that were synchronized.","Name":"IsSyncAllowed","Option":"Write"}],"Description":"This resource manages Azure AD Cross Tenant Access Policies Configuration Partner."},{"ClassName":"MSFT_AADCrossTenantUserSyncInbound","Parameters":[{"CIMType":"Boolean","Description":"Defines whether user objects should be synchronized from the partner tenant. false causes any current user synchronization from the source tenant to the target tenant to stop. This property has no impact on existing users who have already been synchronized.","Name":"IsSyncAllowed","Option":"Write"}],"Description":"This resource manages Azure AD Cross Tenant Access Policies Configuration Partner."},{"ClassName":"MSFT_AADCrossTenantIdentitySyncPolicyPartner","Parameters":[{"CIMType":"MSFT_AADCrossTenantGroupSyncInbound","Description":"Defines whether groups can be synchronized from a partner tenant. Key.","Name":"GroupSyncInbound","Option":"Write"},{"CIMType":"MSFT_AADCrossTenantUserSyncInbound","Description":"Specifies whether you want to automatically trust Outbound invitations.","Name":"UserSyncInbound","Option":"Write"}],"Description":"This resource manages Azure AD Cross Tenant Access Policies Configuration Partner."},{"ClassName":"MSFT_AADCrossTenantAccessPolicyConfigurationPartner","Parameters":[{"CIMType":"String","Description":"The tenant identifier for the partner Azure Active Directory (Azure AD) organization.","Name":"PartnerTenantId","Option":"Key"},{"CIMType":"MSFT_AADCrossTenantAccessPolicyB2BSetting","Description":"Defines your partner-specific configuration for users from other organizations accessing your resources via Azure AD B2B collaboration.","Name":"B2BCollaborationInbound","Option":"Write"},{"CIMType":"MSFT_AADCrossTenantAccessPolicyB2BSetting","Description":"Defines your partner-specific configuration for users in your organization going outbound to access resources in another organization via Azure AD B2B collaboration.","Name":"B2BCollaborationOutbound","Option":"Write"},{"CIMType":"MSFT_AADCrossTenantAccessPolicyB2BSetting","Description":"Defines your partner-specific configuration for users from other organizations accessing your resources via Azure AD B2B direct connect.","Name":"B2BDirectConnectInbound","Option":"Write"},{"CIMType":"MSFT_AADCrossTenantAccessPolicyB2BSetting","Description":"Defines your partner-specific configuration for users in your organization going outbound to access resources in another organization via Azure AD B2B direct connect.","Name":"B2BDirectConnectOutbound","Option":"Write"},{"CIMType":"MSFT_AADCrossTenantAccessPolicyAutomaticUserConsentSettings","Description":"Determines the partner-specific configuration for accepting trust claims from other tenant invitations.","Name":"AutomaticUserConsentSettings","Option":"Write"},{"CIMType":"MSFT_AADCrossTenantIdentitySyncPolicyPartner","Description":"Defines the identity synchronization settings.","Name":"IdentitySynchronization","Option":"Write"},{"CIMType":"MSFT_AADCrossTenantAccessPolicyInboundTrust","Description":"Determines the partner-specific configuration for trusting other Conditional Access claims from external Azure AD organizations.","Name":"InboundTrust","Option":"Write"},{"CIMType":"String","Description":"Specify if the policy should exist or not.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource manages Azure AD Cross Tenant Access Policies Configuration Partner."},{"ClassName":"MSFT_AADCustomAuthenticationExtensionEndPointConfiguration","Parameters":[{"CIMType":"String","Description":"Defines the type of the endpoint configuration","Name":"EndpointType","Option":"Write"},{"CIMType":"String","Description":"Defines the workflow name for the logic app","Name":"LogicAppWorkflowName","Option":"Write"},{"CIMType":"String","Description":"Defines the resource group name for the logic app","Name":"ResourceGroupName","Option":"Write"},{"CIMType":"String","Description":"Defines the subscription id for the logic app","Name":"SubscriptionId","Option":"Write"},{"CIMType":"String","Description":"Defines the target url for the http endpoint","Name":"TargetUrl","Option":"Write"}],"Description":"Custom authentication extensions define interactions with external systems during a user authentication session."},{"ClassName":"MSFT_AADCustomAuthenticationExtensionClaimForTokenConfiguration","Parameters":[{"CIMType":"String","Description":"Defines the claim id in api response.","Name":"ClaimIdInApiResponse","Option":"Write"}],"Description":"Custom authentication extensions define interactions with external systems during a user authentication session."},{"ClassName":"MSFT_AADCustomAuthenticationExtension","Parameters":[{"CIMType":"String","Description":"Display Name of the custom security attribute. Must be unique within an attribute set. Can be up to 32 characters long and include Unicode characters. Can't contain spaces or special characters. Can't be changed later. Case sensitive.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"Unique identifier of the Attribute Definition.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"Defines the custom authentication extension type.","Name":"CustomAuthenticationExtensionType","Option":"Write"},{"CIMType":"String","Description":"Description of the custom security attribute. Can be up to 128 characters long and include Unicode characters. Can't contain spaces or special characters. Can be changed later. ","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Defines the authentication configuration type","Name":"AuthenticationConfigurationType","Option":"Write"},{"CIMType":"String","Description":"Defines the authentication configuration resource id","Name":"AuthenticationConfigurationResourceId","Option":"Write"},{"CIMType":"UInt32","Description":"Defines the client configuration timeout in milliseconds","Name":"ClientConfigurationTimeoutMilliseconds","Option":"Write"},{"CIMType":"UInt32","Description":"Defines the client configuration max retries","Name":"ClientConfigurationMaximumRetries","Option":"Write"},{"CIMType":"MSFT_AADCustomAuthenticationExtensionEndPointConfiguration","Description":"Defines the endpoint configuration","Name":"EndpointConfiguration","Option":"Write"},{"CIMType":"MSFT_AADCustomAuthenticationExtensionClaimForTokenConfiguration[]","Description":"Defines the list of claims for token configurations","Name":"ClaimsForTokenConfiguration","Option":"Write"},{"CIMType":"string","Description":"Present ensures the instance exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Absent","Present"],"Values":["Absent","Present"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Custom authentication extensions define interactions with external systems during a user authentication session."},{"ClassName":"MSFT_CustomSecurityAttributeAllowedValue","Parameters":[{"CIMType":"String","Description":"The id of the allowed value. Must be unique in the set of allowed values.","Name":"ValueId","Option":"Key"},{"CIMType":"Boolean","Description":"If the allowed value is active.","Name":"IsActive","Option":"Required"}],"Description":"Configures custom security attribute definitions in Entra Id."},{"ClassName":"MSFT_AADCustomSecurityAttributeDefinition","Parameters":[{"CIMType":"String","Description":"Name of the custom security attribute. Must be unique within an attribute set. Can be up to 32 characters long and include Unicode characters. Can't contain spaces or special characters. Can't be changed later. Case sensitive.","Name":"Name","Option":"Key"},{"CIMType":"String","Description":"Name of the attribute set. Case sensitive.","Name":"AttributeSet","Option":"Key"},{"CIMType":"MSFT_CustomSecurityAttributeAllowedValue[]","Description":"The allowed values of the attribute definition.","Name":"AllowedValues","Option":"Write"},{"CIMType":"String","Description":"Unique identifier of the Attribute Definition.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"Description of the custom security attribute. Can be up to 128 characters long and include Unicode characters. Can't contain spaces or special characters. Can be changed later. ","Name":"Description","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether multiple values can be assigned to the custom security attribute. Can't be changed later. If type is set to Boolean, isCollection can't be set to true.","Name":"IsCollection","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether custom security attribute values are indexed for searching on objects that are assigned attribute values. Can't be changed later.","Name":"IsSearchable","Option":"Write"},{"CIMType":"String","Description":"Specifies whether the custom security attribute is active or deactivated. Acceptable values are Available and Deprecated. Can be changed later.","Name":"Status","Option":"Write","ValueMap":["Available","Deprecated"],"Values":["Available","Deprecated"]},{"CIMType":"String","Description":"Data type for the custom security attribute values. Supported types are: Boolean, Integer, and String. Can't be changed later.","Name":"Type","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether only predefined values can be assigned to the custom security attribute. If set to false, free-form values are allowed. Can later be changed from true to false, but can't be changed from false to true. If type is set to Boolean, usePreDefinedValuesOnly can't be set to true.","Name":"UsePreDefinedValuesOnly","Option":"Write"},{"CIMType":"string","Description":"Present ensures the instance exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Absent","Present"],"Values":["Absent","Present"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Configures custom security attribute definitions in Entra Id."},{"ClassName":"MSFT_AADDeviceRegistrationPolicy","Parameters":[{"CIMType":"String","Description":"Only valid value is 'Yes'.","Name":"IsSingleInstance","Option":"Key","ValueMap":["Yes"],"Values":["Yes"]},{"CIMType":"Boolean","Description":"Determines whether or not administrators can configure Azure AD Join.","Name":"AzureADJoinIsAdminConfigurable","Option":"Write"},{"CIMType":"UInt32","Description":"Specifies the maximum number of devices that a user can have within your organization before blocking new device registrations. The default value is set to 50. If this property isn't specified during the policy update operation, it's automatically reset to 0 to indicate that users aren't allowed to join any devices.","Name":"UserDeviceQuota","Option":"Write"},{"CIMType":"String","Description":"Scope that a device registration policy applies to.","Name":"AzureADAllowedToJoin","Option":"Write","ValueMap":["All","Selected","None"],"Values":["All","Selected","None"]},{"CIMType":"String[]","Description":"List of users that this policy applies to.","Name":"AzureADAllowedToJoinUsers","Option":"Write"},{"CIMType":"String[]","Description":"List of groups that this policy applies to.","Name":"AzureADAllowedToJoinGroups","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies the authentication policy for a user to complete registration using Microsoft Entra join or Microsoft Entra registered within your organization.","Name":"MultiFactorAuthConfiguration","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether global administrators are local administrators on all Microsoft Entra-joined devices. This setting only applies to future registrations. Default is true.","Name":"LocalAdminsEnableGlobalAdmins","Option":"Write"},{"CIMType":"String","Description":"Scope that a device registration policy applies to for local admins.","Name":"AzureAdJoinLocalAdminsRegisteringMode","Option":"Write","ValueMap":["All","Selected","None"],"Values":["All","Selected","None"]},{"CIMType":"String[]","Description":"List of groups that this policy applies to.","Name":"AzureAdJoinLocalAdminsRegisteringGroups","Option":"Write"},{"CIMType":"String[]","Description":"List of users that this policy applies to.","Name":"AzureAdJoinLocalAdminsRegisteringUsers","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies whether this policy scope is configurable by the admin. The default value is false. An admin can set it to true to enable Local Admin Password Solution (LAPS) within their organzation.","Name":"LocalAdminPasswordIsEnabled","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Represents the policy scope that controls quota restrictions, additional authentication, and authorization policies to register device identities to your organization."},{"ClassName":"MSFT_AADDomain","Parameters":[{"CIMType":"String","Description":"Custom domain name.","Name":"Id","Option":"Key"},{"CIMType":"String","Description":"Indicates the configured authentication type for the domain. The value is either Managed or Federated. Managed indicates a cloud managed domain where Microsoft Entra ID performs user authentication. Federated indicates authentication is federated with an identity provider such as the tenant's on-premises Active Directory via Active Directory Federation Services.","Name":"AuthenticationType","Option":"Write"},{"CIMType":"String","Description":"This property is always null except when the verify action is used. When the verify action is used, a domain entity is returned in the response. The availabilityStatus property of the domain entity in the response is either AvailableImmediately or EmailVerifiedDomainTakeoverScheduled.","Name":"AvailabilityStatus","Option":"Write"},{"CIMType":"Boolean","Description":"The value of the property is false if the DNS record management of the domain is delegated to Microsoft 365. Otherwise, the value is true. Not nullable","Name":"IsAdminManaged","Option":"Write"},{"CIMType":"Boolean","Description":"True if this is the default domain that is used for user creation. There's only one default domain per company. Not nullable.","Name":"IsDefault","Option":"Write"},{"CIMType":"Boolean","Description":"True if the domain is a verified root domain. Otherwise, false if the domain is a subdomain or unverified. Not nullable.","Name":"IsRoot","Option":"Write"},{"CIMType":"Boolean","Description":"True if the domain completed domain ownership verification. Not nullable.","Name":"IsVerified","Option":"Write"},{"CIMType":"UInt32","Description":"Specifies the number of days before a user receives notification that their password expires. If the property isn't set, a default value of 14 days is used.","Name":"PasswordNotificationWindowInDays","Option":"Write"},{"CIMType":"UInt32","Description":"Specifies the length of time that a password is valid before it must be changed. If the property isn't set, a default value of 90 days is used.","Name":"PasswordValidityPeriodInDays","Option":"Write"},{"CIMType":"String[]","Description":"The capabilities assigned to the domain. Can include 0, 1 or more of following values: Email, Sharepoint, EmailInternalRelayOnly, OfficeCommunicationsOnline, SharePointDefaultDomain, FullRedelegation, SharePointPublic, OrgIdAuthentication, Yammer, Intune. The values that you can add or remove using the API include: Email, OfficeCommunicationsOnline, Yammer. Not nullable.","Name":"SupportedServices","Option":"Write"},{"CIMType":"string","Description":"Present ensures the instance exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Absent","Present"],"Values":["Absent","Present"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory application to authenticate with.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Configures custom domain names in Entra Id."},{"ClassName":"MSFT_AccessPackageResourceRoleScope","Parameters":[{"CIMType":"String","Description":"The Id of the resource roleScope.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"The origine Id of the resource.","Name":"AccessPackageResourceOriginId","Option":"Write"},{"CIMType":"String","Description":"The display name of the resource role.","Name":"AccessPackageResourceRoleDisplayName","Option":"Write"}],"Description":"This resource configures an Azure AD Entitlement Management Access Package."},{"ClassName":"MSFT_AADEntitlementManagementAccessPackage","Parameters":[{"CIMType":"String","Description":"The display name of the access package.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"The Id of the access package.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"Identifier of the access package catalog referencing this access package.","Name":"CatalogId","Option":"Write"},{"CIMType":"String","Description":"The description of the access package.","Name":"Description","Option":"Write"},{"CIMType":"Boolean","Description":"Whether the access package is hidden from the requestor.","Name":"IsHidden","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether role scopes are visible.","Name":"IsRoleScopesVisible","Option":"Write"},{"CIMType":"MSFT_AccessPackageResourceRoleScope[]","Description":"The resources and roles included in the access package.","Name":"AccessPackageResourceRoleScopes","Option":"Write"},{"CIMType":"String[]","Description":"The access packages whose assigned users are ineligible to be assigned this access package.","Name":"IncompatibleAccessPackages","Option":"Write"},{"CIMType":"String[]","Description":"The access packages that are incompatible with this package.","Name":"AccessPackagesIncompatibleWith","Option":"Write"},{"CIMType":"String[]","Description":"The groups whose members are ineligible to be assigned this access package.","Name":"IncompatibleGroups","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Intune Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures an Azure AD Entitlement Management Access Package."},{"ClassName":"MSFT_MicrosoftGraphassignmentreviewsettings","Parameters":[{"CIMType":"String","Description":"The default decision to apply if the request is not reviewed within the period specified in durationInDays.","Name":"AccessReviewTimeoutBehavior","Option":"Write","ValueMap":["acceptAccessRecommendation","keepAccess","removeAccess","unknownFutureValue"],"Values":["acceptAccessRecommendation","keepAccess","removeAccess","unknownFutureValue"]},{"CIMType":"UInt32","Description":"The number of days within which reviewers should provide input.","Name":"DurationInDays","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies whether to display recommendations to the reviewer. The default value is true","Name":"IsAccessRecommendationEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies whether the agentic experience is enabled for this policy.","Name":"IsAgenticExperienceEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies whether the reviewer must provide justification for the approval. The default value is true.","Name":"IsApprovalJustificationRequired","Option":"Write"},{"CIMType":"Boolean","Description":"If true, access reviews are required for assignments from this policy.","Name":"IsEnabled","Option":"Write"},{"CIMType":"String","Description":"The interval for recurrence, such as monthly or quarterly.","Name":"RecurrenceType","Option":"Write"},{"CIMType":"String","Description":"Who should be asked to do the review, either Self or Reviewers.","Name":"ReviewerType","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphuserset[]","Description":"If the reviewerType is Reviewers, this collection specifies the users who will be reviewers, either by ID or as members of a group, using a collection of singleUser and groupMembers.","Name":"Reviewers","Option":"Write"},{"CIMType":"String","Description":"When the first review should start.","Name":"StartDateTime","Option":"Write"}],"Description":"This resource configures an Azure AD Entitlement Management Access Package Assignment Policy."},{"ClassName":"MSFT_MicrosoftGraphuserset","Parameters":[{"CIMType":"String","Description":"The type of the resource","Name":"odataType","Option":"Write","ValueMap":["#microsoft.graph.singleUser","#microsoft.graph.groupMembers","#microsoft.graph.requestorManager","#microsoft.graph.internalSponsors","#microsoft.graph.externalSponsors","#microsoft.graph.connectedOrganizationMembers"],"Values":["#microsoft.graph.singleUser","#microsoft.graph.groupMembers","#microsoft.graph.requestorManager","#microsoft.graph.internalSponsors","#microsoft.graph.externalSponsors","#microsoft.graph.connectedOrganizationMembers"]},{"CIMType":"String","Description":"The id of the resource.","Name":"Id","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether the resource is a backup fallback approver.","Name":"IsBackup","Option":"Write"},{"CIMType":"UInt32","Description":"The hierarchical level of the manager with respect to the requestor. For example, the direct manager of a requestor would have a managerLevel of 1, while the manager of the requestor's manager would have a managerLevel of 2. Default value for managerLevel is 1. Possible values for this property range from 1 to 2.","Name":"ManagerLevel","Option":"Write"}],"Description":"This resource configures an Azure AD Entitlement Management Access Package Assignment Policy."},{"ClassName":"MSFT_MicrosoftGraphaccesspackagequestion","Parameters":[{"CIMType":"String","Description":"The type of the resource","Name":"odataType","Option":"Write","ValueMap":["#microsoft.graph.accessPackageMultipleChoiceQuestion","#microsoft.graph.accessPackageTextInputQuestion"],"Values":["#microsoft.graph.accessPackageMultipleChoiceQuestion","#microsoft.graph.accessPackageTextInputQuestion"]},{"CIMType":"String","Description":"ID of the question.","Name":"Id","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies whether the requestor is allowed to edit answers to questions.","Name":"IsAnswerEditable","Option":"Write"},{"CIMType":"Boolean","Description":"Whether the requestor is required to supply an answer or not.","Name":"IsRequired","Option":"Write"},{"CIMType":"UInt32","Description":"Relative position of this question when displaying a list of questions to the requestor.","Name":"Sequence","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphaccessPackageLocalizedContent","Description":"The text of the question to show to the requestor.","Name":"QuestionText","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphaccessPackageAnswerChoice[]","Description":"List of answer choices.","Name":"Choices","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether requestor can select multiple choices as their answer.","Name":"AllowsMultipleSelection","Option":"Write"},{"CIMType":"String","Description":"This is the regex pattern that the corresponding text answer must follow.","Name":"RegexPattern","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether the answer will be in single or multiple line format.","Name":"IsSingleLineQuestion","Option":"Write"}],"Description":"This resource configures an Azure AD Entitlement Management Access Package Assignment Policy."},{"ClassName":"MSFT_MicrosoftGraphaccessPackageLocalizedContent","Parameters":[{"CIMType":"String","Description":"The fallback string, which is used when a requested localization is not available. Required.","Name":"DefaultText","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphaccessPackageLocalizedText[]","Description":"Content represented in a format for a specific locale.","Name":"LocalizedTexts","Option":"Write"}],"Description":"This resource configures an Azure AD Entitlement Management Access Package Assignment Policy."},{"ClassName":"MSFT_MicrosoftGraphaccessPackageLocalizedText","Parameters":[{"CIMType":"String","Description":"The text in the specific language. Required.","Name":"Text","Option":"Write"},{"CIMType":"String","Description":"The ISO code for the intended language. Required.","Name":"LanguageCode","Option":"Write"}],"Description":"This resource configures an Azure AD Entitlement Management Access Package Assignment Policy."},{"ClassName":"MSFT_MicrosoftGraphaccessPackageAnswerChoice","Parameters":[{"CIMType":"String","Description":"The actual value of the selected choice. This is typically a string value which is understandable by applications. Required.","Name":"ActualValue","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphaccessPackageLocalizedContent","Description":"The localized display values shown to the requestor and approvers. Required.","Name":"displayValue","Option":"Write"}],"Description":"This resource configures an Azure AD Entitlement Management Access Package Assignment Policy."},{"ClassName":"MSFT_MicrosoftGraphapprovalsettings","Parameters":[{"CIMType":"String","Description":"One of SingleStage, Serial, Parallel, NoApproval (default). NoApproval is used when isApprovalRequired is false.","Name":"ApprovalMode","Option":"Write","ValueMap":["SingleStage","Serial","Parallel","NoApproval"],"Values":["SingleStage","Serial","Parallel","NoApproval"]},{"CIMType":"MSFT_MicrosoftGraphapprovalstage1[]","Description":"If approval is required, the one or two elements of this collection define each of the stages of approval. An empty array if no approval is required.","Name":"ApprovalStages","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether approval is required for requests in this policy.","Name":"IsApprovalRequired","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether approval is required for a user to extend their assignment.","Name":"IsApprovalRequiredForExtension","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether the requestor is required to supply a justification in their request.","Name":"IsRequestorJustificationRequired","Option":"Write"}],"Description":"This resource configures an Azure AD Entitlement Management Access Package Assignment Policy."},{"ClassName":"MSFT_MicrosoftGraphapprovalstage1","Parameters":[{"CIMType":"UInt32","Description":"The number of days that a request can be pending a response before it is automatically denied.","Name":"ApprovalStageTimeOutInDays","Option":"Write"},{"CIMType":"String","Description":"Defines whether approver information is visible to the requestor in approval processes within Microsoft Entra entitlement management and related governance scenarios.","Name":"ApproverInformationVisibility","Option":"Write","ValueMap":["default","notVisible","visible","unknownFutureValue"],"Values":["default","notVisible","visible","unknownFutureValue"]},{"CIMType":"UInt32","Description":"Indicates whether the approver is required to provide a justification for approving a request.","Name":"EscalationTimeInMinutes","Option":"Write"},{"CIMType":"Boolean","Description":"If true, then one or more escalation approvers are configured in this approval stage.","Name":"IsApproverJustificationRequired","Option":"Write"},{"CIMType":"Boolean","Description":"If escalation is required, the time a request can be pending a response from a primary approver.","Name":"IsEscalationEnabled","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphuserset[]","Description":"The users who will be asked to approve requests. A collection of singleUser, groupMembers, requestorManager, internalSponsors and externalSponsors. When creating or updating a policy, include at least one userSet in this collection.","Name":"PrimaryApprovers","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphuserset[]","Description":"If escalation is enabled and the primary approvers do not respond before the escalation time, the escalationApprovers are the users who will be asked to approve requests. This can be a collection of singleUser, groupMembers, requestorManager, internalSponsors and externalSponsors. When creating or updating a policy, if there are no escalation approvers, or escalation approvers are not required for the stage, the value of this property should be an empty collection.","Name":"EscalationApprovers","Option":"Write"}],"Description":"This resource configures an Azure AD Entitlement Management Access Package Assignment Policy."},{"ClassName":"MSFT_MicrosoftGraphrequestorsettings","Parameters":[{"CIMType":"Boolean","Description":"Indicates whether new requests are accepted on this policy.","Name":"AcceptRequests","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphuserset[]","Description":"The users who are allowed to request on this policy, which can be singleUser, groupMembers, and connectedOrganizationMembers.","Name":"AllowedRequestors","Option":"Write"},{"CIMType":"String","Description":"Who can request.","Name":"ScopeType","Option":"Write","ValueMap":["NoSubjects","SpecificDirectorySubjects","SpecificConnectedOrganizationSubjects","AllConfiguredConnectedOrganizationSubjects","AllExistingConnectedOrganizationSubjects","AllExistingDirectoryMemberUsers","AllExistingDirectorySubjects","AllExternalSubjects"],"Values":["NoSubjects","SpecificDirectorySubjects","SpecificConnectedOrganizationSubjects","AllConfiguredConnectedOrganizationSubjects","AllExistingConnectedOrganizationSubjects","AllExistingDirectoryMemberUsers","AllExistingDirectorySubjects","AllExternalSubjects"]}],"Description":"This resource configures an Azure AD Entitlement Management Access Package Assignment Policy."},{"ClassName":"MSFT_MicrosoftGraphcustomextensionhandler","Parameters":[{"CIMType":"String","Description":"Indicates which custom workflow extension will be executed at this stage.","Name":"CustomExtensionId","Option":"Write"},{"CIMType":"String","Description":"Indicates the stage of the access package assignment request workflow when the access package custom extension runs.","Name":"Stage","Option":"Write","ValueMap":["assignmentRequestCreated","assignmentRequestApproved","assignmentRequestGranted","assignmentRequestRemoved","assignmentFourteenDaysBeforeExpiration","assignmentOneDayBeforeExpiration","unknownFutureValue"],"Values":["assignmentRequestCreated","assignmentRequestApproved","assignmentRequestGranted","assignmentRequestRemoved","assignmentFourteenDaysBeforeExpiration","assignmentOneDayBeforeExpiration","unknownFutureValue"]},{"CIMType":"String","Description":"Identifier of the stage.","Name":"Id","Option":"Write"}],"Description":"This resource configures an Azure AD Entitlement Management Access Package Assignment Policy."},{"ClassName":"MSFT_AADEntitlementManagementAccessPackageAssignmentPolicy","Parameters":[{"CIMType":"String","Description":"The display name of the policy.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"Id of the access package assignment policy.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"Identifier of the access package.","Name":"AccessPackageId","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphassignmentreviewsettings","Description":"Who must review, and how often, the assignments to the access package from this policy. This property is null if reviews are not required.","Name":"AccessReviewSettings","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether a user can extend the access package assignment duration after approval.","Name":"CanExtend","Option":"Write"},{"CIMType":"String","Description":"The description of the policy.","Name":"Description","Option":"Write"},{"CIMType":"UInt32","Description":"The number of days in which assignments from this policy last until they are expired.","Name":"DurationInDays","Option":"Write"},{"CIMType":"String","Description":"The expiration date for assignments created in this policy. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z","Name":"ExpirationDateTime","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphaccesspackagequestion[]","Description":"Questions that are posed to the requestor.","Name":"Questions","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphapprovalsettings","Description":"Who must approve requests for access package in this policy.","Name":"RequestApprovalSettings","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphrequestorsettings","Description":"Who can request this access package from this policy.","Name":"RequestorSettings","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphcustomextensionhandler[]","Description":"The collection of stages when to execute one or more custom access package workflow extensions.","Name":"CustomExtensionHandlers","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Intune Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures an Azure AD Entitlement Management Access Package Assignment Policy."},{"ClassName":"MSFT_AADEntitlementManagementAccessPackageCatalog","Parameters":[{"CIMType":"String","Description":"The display name of the access package catalog.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"The id of the access package catalog.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"Has the value Published if the access packages are available for management.","Name":"CatalogStatus","Option":"Write"},{"CIMType":"String","Description":"One of UserManaged or ServiceDefault.","Name":"CatalogType","Option":"Write","ValueMap":["UserManaged","ServiceDefault"],"Values":["UserManaged","ServiceDefault"]},{"CIMType":"String","Description":"The description of the access package catalog.","Name":"Description","Option":"Write"},{"CIMType":"Boolean","Description":"Whether the access packages in this catalog can be requested by users outside of the tenant.","Name":"IsExternallyVisible","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Intune Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures an Azure AD Entitlement Management Access Package Catalog."},{"ClassName":"MSFT_MicrosoftGraphaccesspackageresourceattribute","Parameters":[{"CIMType":"MSFT_MicrosoftGraphaccesspackageresourceattributedestination","Description":"Information about how to set the attribute, currently a accessPackageUserDirectoryAttributeStore object type.","Name":"AttributeDestination","Option":"Write"},{"CIMType":"String","Description":"The name of the attribute in the end system.","Name":"AttributeName","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphaccesspackageresourceattributesource","Description":"Information about how to populate the attribute value when an accessPackageAssignmentRequest is being fulfilled, currently a accessPackageResourceAttributeQuestion object type.","Name":"AttributeSource","Option":"Write"},{"CIMType":"String","Description":"Id of the access package resource attribute.","Name":"Id","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies whether or not an existing attribute value can be edited by the requester.","Name":"IsEditable","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies whether the attribute will remain in the end system after an assignment ends.","Name":"IsPersistedOnAssignmentRemoval","Option":"Write"}],"Description":"This resource configures an Azure AD Entitlement Management Access Package Catalog Resource."},{"ClassName":"MSFT_MicrosoftGraphaccesspackageresourceattributedestination","Parameters":[{"CIMType":"String","Description":"Type of the access package resource attribute destination.","Name":"odataType","Option":"Write","ValueMap":["#microsoft.graph.accessPackageUserDirectoryAttributeStore"],"Values":["#microsoft.graph.accessPackageUserDirectoryAttributeStore"]}],"Description":"This resource configures an Azure AD Entitlement Management Access Package Catalog Resource."},{"ClassName":"MSFT_MicrosoftGraphaccesspackageresourceattributesource","Parameters":[{"CIMType":"String","Description":"Type of the access package resource attribute source.","Name":"odataType","Option":"Write","ValueMap":["#microsoft.graph.accessPackageResourceAttributeQuestion"],"Values":["#microsoft.graph.accessPackageResourceAttributeQuestion"]},{"CIMType":"MSFT_MicrosoftGraphaccessPackageResourceAttributeQuestion","Description":"The question asked in order to get the value of the attribute.","Name":"Question","Option":"Write"}],"Description":"This resource configures an Azure AD Entitlement Management Access Package Catalog Resource."},{"ClassName":"MSFT_MicrosoftGraphaccessPackageResourceAttributeQuestion","Parameters":[{"CIMType":"String","Description":"Type of the access package resource attribute question.","Name":"odataType","Option":"Write","ValueMap":["#microsoft.graph.accessPackageTextInputQuestion","#microsoft.graph.accessPackageMultipleChoiceQuestion"],"Values":["#microsoft.graph.accessPackageTextInputQuestion","#microsoft.graph.accessPackageMultipleChoiceQuestion"]},{"CIMType":"String","Description":"Id of the access package resource attribute question.","Name":"Id","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether the requestor is required to supply an answer or not.","Name":"IsRequired","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether the answer will be in single or multiple line format.","Name":"IsSingleLine","Option":"Write"},{"CIMType":"String","Description":"This is the regex pattern that the corresponding text answer must follow.","Name":"RegexPattern","Option":"Write"},{"CIMType":"UInt32","Description":"Relative position of this question when displaying a list of questions to the requestor.","Name":"Sequence","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphaccessPackageLocalizedContent","Description":"The text of the question to show to the requestor.","Name":"QuestionText","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether requestor can select multiple choices as their answer.","Name":"AllowsMultipleSelection","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphaccessPackageAnswerChoice[]","Description":"List of answer choices.","Name":"Choices","Option":"Write"}],"Description":"This resource configures an Azure AD Entitlement Management Access Package Catalog Resource."},{"ClassName":"MSFT_AADEntitlementManagementAccessPackageCatalogResource","Parameters":[{"CIMType":"String","Description":"The display name of the resource, such as the application name, group name or site name.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"Id of the access package catalog resource.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"The unique ID of the access package catalog.","Name":"CatalogId","Option":"Write"},{"CIMType":"String","Description":"The name of the user or application that first added this resource. Read-only.","Name":"AddedBy","Option":"Write"},{"CIMType":"String","Description":"The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. Read-only.","Name":"AddedOn","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphaccesspackageresourceattribute[]","Description":"Contains information about the attributes to be collected from the requestor and sent to the resource application.","Name":"Attributes","Option":"Write"},{"CIMType":"String","Description":"A description for the resource.","Name":"Description","Option":"Write"},{"CIMType":"Boolean","Description":"True if the resource is not yet available for assignment. Read-only.","Name":"IsPendingOnboarding","Option":"Write"},{"CIMType":"String","Description":"The unique identifier of the resource in the origin system. In the case of an Azure AD group, this is the identifier of the group.","Name":"OriginId","Option":"Write"},{"CIMType":"String","Description":"The type of the resource in the origin system.","Name":"OriginSystem","Option":"Write"},{"CIMType":"String","Description":"The type of the resource.","Name":"ResourceType","Option":"Write"},{"CIMType":"String","Description":"A unique resource locator for the resource, such as the URL for signing a user into an application.","Name":"Url","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Intune Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures an Azure AD Entitlement Management Access Package Catalog Resource."},{"ClassName":"MSFT_AADEntitlementManagementConnectedOrganizationIdentitySource","Parameters":[{"CIMType":"String","Description":"Type of the identity source.","Name":"odataType","Option":"Required","ValueMap":["#microsoft.graph.azureActiveDirectoryTenant","#microsoft.graph.crossCloudAzureActiveDirectoryTenant","#microsoft.graph.domainIdentitySource","#microsoft.graph.externalDomainFederation"],"Values":["#microsoft.graph.azureActiveDirectoryTenant","#microsoft.graph.crossCloudAzureActiveDirectoryTenant","#microsoft.graph.domainIdentitySource","#microsoft.graph.externalDomainFederation"]},{"CIMType":"String","Description":"The name of the Azure Active Directory tenant.","Name":"DisplayName","Option":"Write"},{"CIMType":"String","Description":"The ID of the Azure Active Directory tenant.","Name":"ExternalTenantId","Option":"Key"},{"CIMType":"String","Description":"The ID of the cloud where the tenant is located, one of microsoftonline.com, microsoftonline.us or partner.microsoftonline.cn.","Name":"CloudInstance","Option":"Write"},{"CIMType":"String","Description":"The domain name.","Name":"DomainName","Option":"Write"},{"CIMType":"String","Description":"The issuerURI of the incoming federation.","Name":"IssuerUri","Option":"Write"}],"Description":"This resource configures an Azure AD Entitlement Management Connected Organization."},{"ClassName":"MSFT_AADEntitlementManagementConnectedOrganization","Parameters":[{"CIMType":"String","Description":"The display name of the connected organization.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"The Id of the Connected organization object.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"The description of the connected organization.","Name":"Description","Option":"Write"},{"CIMType":"MSFT_AADEntitlementManagementConnectedOrganizationIdentitySource[]","Description":"The identity sources in this connected organization.","Name":"IdentitySources","Option":"Write"},{"CIMType":"String","Description":"The state of a connected organization defines whether assignment policies with requestor scope type AllConfiguredConnectedOrganizationSubjects are applicable or not.","Name":"State","Option":"Write","ValueMap":["configured","proposed","unknownFutureValue"],"Values":["configured","proposed","unknownFutureValue"]},{"CIMType":"String[]","Description":"Collection of objectID of external sponsors. the sponsor can be a user or a group.","Name":"ExternalSponsors","Option":"Write"},{"CIMType":"String[]","Description":"Collection of objectID of internal sponsors. the sponsor can be a user or a group.","Name":"InternalSponsors","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Intune Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures an Azure AD Entitlement Management Connected Organization."},{"ClassName":"MSFT_AADEntitlementManagementRoleAssignment","Parameters":[{"CIMType":"String","Description":"Unique Id of the role assignment.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"Identifier of the principal to which the assignment is granted.","Name":"Principal","Option":"Key"},{"CIMType":"String","Description":"Identifier of the unifiedRoleDefinition the assignment is for.","Name":"RoleDefinition","Option":"Key"},{"CIMType":"String","Description":"Identifier of the app specific scope when the assignment scope is app specific. The scope of an assignment determines the set of resources for which the principal has been granted access. App scopes are scopes that are defined and understood by a resource application only.","Name":"AppScopeId","Option":"Write"},{"CIMType":"String","Description":"Identifier of the directory object representing the scope of the assignment. The scope of an assignment determines the set of resources for which the principal has been granted access. Directory scopes are shared scopes stored in the directory that are understood by multiple applications, unlike app scopes that are defined and understood by a resource application only.","Name":"DirectoryScopeId","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Intune Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures an Azure AD Entitlement Management Role Assignment."},{"ClassName":"MSFT_AADEntitlementManagementSettings","Parameters":[{"CIMType":"String","Description":"Only accepted value is 'Yes'.","Name":"IsSingleInstance","Option":"Key","ValueMap":["Yes"],"Values":["Yes"]},{"CIMType":"UInt32","Description":"If externalUserLifecycleAction is blockSignInAndDelete, the duration, typically many days, after an external user is blocked from sign in before their account is deleted.","Name":"DaysUntilExternalUserDeletedAfterBlocked","Option":"Write"},{"CIMType":"String","Description":"Automatic action that the service should take when an external user's last access package assignment is removed. The possible values are: none, blockSignIn, blockSignInAndDelete, unknownFutureValue.","Name":"ExternalUserLifecycleAction","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Manages Entra Id Entitlement Management settings."},{"ClassName":"MSFT_AADExternalIdentityPolicy","Parameters":[{"CIMType":"String","Description":"Only valid value is 'Yes'.","Name":"IsSingleInstance","Option":"Key","ValueMap":["Yes"],"Values":["Yes"]},{"CIMType":"Boolean","Description":"Reserved for future use.","Name":"AllowDeletedIdentitiesDataRemoval","Option":"Write"},{"CIMType":"Boolean","Description":"Defines whether external users can leave the guest tenant. If set to false, self-service controls are disabled, and the admin of the guest tenant must manually remove the external user from the guest tenant. When the external user leaves the tenant, their data in the guest tenant is first soft-deleted then permanently deleted in 30 days.","Name":"AllowExternalIdentitiesToLeave","Option":"Required"},{"CIMType":"MSFT_Credential","Description":"Credentials for the Microsoft Graph delegated permissions.","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory application to authenticate with.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Represents the tenant-wide policy that controls whether external users can leave the guest Microsoft Entra tenant via self-service controls."},{"ClassName":"MSFT_AADFeatureRolloutPolicy","Parameters":[{"CIMType":"String[]","Description":"Indicates the DisplayName of the groups the policy is assigned to.","Name":"AppliesTo","Option":"Write"},{"CIMType":"String","Description":"A description for this feature rollout policy.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"The display name for this  feature rollout policy.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"Possible values are: passthroughAuthentication, seamlessSso, passwordHashSync, emailAsAlternateId, unknownFutureValue, certificateBasedAuthentication. You must use the Prefer: include-unknown-enum-members request header to get the following value or values in this evolvable enum: certificateBasedAuthentication. For more information about the prerequisites for the enabled features, see Prerequisites for enabled features.","Name":"Feature","Option":"Write","ValueMap":["passthroughAuthentication","seamlessSso","passwordHashSync","emailAsAlternateId","unknownFutureValue","certificateBasedAuthentication"],"Values":["passthroughAuthentication","seamlessSso","passwordHashSync","emailAsAlternateId","unknownFutureValue","certificateBasedAuthentication"]},{"CIMType":"Boolean","Description":"Indicates whether this feature rollout policy should be applied to the entire organization.","Name":"IsAppliedToOrganization","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether the feature rollout is enabled.","Name":"IsEnabled","Option":"Write"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Azure AD Policy Feature Rollout Policy"},{"ClassName":"MSFT_AADFederationConfiguration","Parameters":[{"CIMType":"String","Description":"The display name of the SAML/WS-Fed based identity provider. Inherited from identityProviderBase.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"Unique fientifier","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"Issuer URI of the federation server. Inherited from samlOrWsFedProvider.","Name":"IssuerUri","Option":"Write"},{"CIMType":"String","Description":"URI of the metadata exchange endpoint used for authentication from rich client applications. Inherited from samlOrWsFedProvider.","Name":"MetadataExchangeUri","Option":"Write"},{"CIMType":"String","Description":"URI that web-based clients are directed to when signing in to Microsoft Entra services. Inherited from samlOrWsFedProvider.","Name":"PassiveSignInUri","Option":"Write"},{"CIMType":"String","Description":"Preferred authentication protocol. The possible values are: wsFed, saml. Inherited from samlOrWsFedProvider.","Name":"PreferredAuthenticationProtocol","Option":"Write"},{"CIMType":"String","Description":"Current certificate used to sign tokens passed to the Microsoft identity platform. The certificate is formatted as a Base64 encoded string of the public portion of the federated IdP's token signing certificate and must be compatible with the X509Certificate2 class.","Name":"SigningCertificate","Option":"Write"},{"CIMType":"String[]","Description":"List of associated domains.","Name":"Domains","Option":"Write"},{"CIMType":"string","Description":"Present ensures the instance exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Absent","Present"],"Values":["Absent","Present"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Configures federation in Entra Id."},{"ClassName":"MSFT_AADFilteringPolicy","Parameters":[{"CIMType":"String","Description":"Name of the policy.","Name":"Name","Option":"Key"},{"CIMType":"String","Description":"Unique identifier of the policy.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"Description for the policy.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Action associated with the policy.","Name":"Action","Option":"Write"},{"CIMType":"string","Description":"Present ensures the instance exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Absent","Present"],"Values":["Absent","Present"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Configures filtering policies in Entra Id."},{"ClassName":"MSFT_AADFilteringPolicyRuleDestination","Parameters":[{"CIMType":"String","Description":"Name of the destination.","Name":"name","Option":"Write"},{"CIMType":"String","Description":"FQDN value for the destination.","Name":"value","Option":"Write"}],"Description":"Configures filtering rules in Entra Id."},{"ClassName":"MSFT_AADFilteringPolicyRule","Parameters":[{"CIMType":"String","Description":"Name of the rule.","Name":"Name","Option":"Key"},{"CIMType":"String","Description":"Name of the associated policy.","Name":"Policy","Option":"Key"},{"CIMType":"String","Description":"Unique Id for the rule.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"Type of rule.","Name":"RuleType","Option":"Write"},{"CIMType":"MSFT_AADFilteringPolicyRuleDestination[]","Description":"List of associated destinations with the rule.","Name":"Destinations","Option":"Write"},{"CIMType":"string","Description":"Present ensures the instance exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Absent","Present"],"Values":["Absent","Present"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Configures filtering rules in Entra Id."},{"ClassName":"MSFT_AADFilteringProfilePolicyLink","Parameters":[{"CIMType":"String","Description":"Logging state for the associated policy.","Name":"LoggingState","Option":"Write"},{"CIMType":"UInt32","Description":"Priority of the associated policy.","Name":"Priority","Option":"Write"},{"CIMType":"String","Description":"State of the associated policy.","Name":"State","Option":"Write"},{"CIMType":"String","Description":"Name of the associated policy.","Name":"PolicyName","Option":"Key"}],"Description":"Configures filtering profiles in Entra Id."},{"ClassName":"MSFT_AADFilteringProfile","Parameters":[{"CIMType":"String","Description":"Profile name.","Name":"Name","Option":"Key"},{"CIMType":"String","Description":"Unique identifier for the profile.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"Description of the profile.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"State of the profile.","Name":"State","Option":"Write"},{"CIMType":"UInt32","Description":"Priority level for the profile.","Name":"Priority","Option":"Write"},{"CIMType":"MSFT_AADFilteringProfilePolicyLink[]","Description":"List of filtering policy names associated with the profile.","Name":"Policies","Option":"Write"},{"CIMType":"string","Description":"Present ensures the instance exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Absent","Present"],"Values":["Absent","Present"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Configures filtering profiles in Entra Id."},{"ClassName":"MSFT_AADGroupLicense","Parameters":[{"CIMType":"String[]","Description":"A collection of the unique identifiers for plans that have been disabled.","Name":"DisabledPlans","Option":"Write"},{"CIMType":"String","Description":"The unique identifier for the SKU.","Name":"SkuId","Option":"Key"}],"Description":"This resource configures an Azure Active Directory group. IMPORTANT: It does not support mail enabled security groups or mail enabled groups that are not unified or dynamic groups.\n\nIf using with AADUser, be aware that if AADUser->MemberOf is being specified and the referenced group is configured with AADGroup->Member then a conflict may arise if the two don't match. It is usually best to choose only one of them. See AADUser"},{"ClassName":"MSFT_AADGroup","Parameters":[{"CIMType":"String","Description":"DisplayName of the Azure Active Directory Group","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"Specifies a mail nickname for the group.","Name":"MailNickname","Option":"Key"},{"CIMType":"String","Description":"Specifies a description for the group.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Specifies an ID for the group.","Name":"Id","Option":"Write"},{"CIMType":"String[]","Description":"User Service Principal values for the group's owners.","Name":"Owners","Option":"Write"},{"CIMType":"String[]","Description":"User Service Principal values for the group's members.","Name":"Members","Option":"Write"},{"CIMType":"String[]","Description":"Displayname values for the groups member of the group.","Name":"GroupAsMembers","Option":"Write"},{"CIMType":"String[]","Description":"DisplayName values for the groups that this group is a member of.","Name":"MemberOf","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies if the current group is part of a selected Group Lifecycle Policy configuration. Only applicable for Microsoft 365 Groups.","Name":"GroupLifecyclePolicySelectedEnabled","Option":"Write"},{"CIMType":"String[]","Description":"Specifies that the group is a dynamic group. To create a dynamic group, specify a value of DynamicMembership.","Name":"GroupTypes","Option":"Write"},{"CIMType":"String","Description":"Specifies the membership rule for a dynamic group.","Name":"MembershipRule","Option":"Write"},{"CIMType":"String","Description":"Specifies the rule processing state. The acceptable values for this parameter are: On. Process the group rule or Paused. Stop processing the group rule.","Name":"MembershipRuleProcessingState","Option":"Write","ValueMap":["On","Paused"],"Values":["On","Paused"]},{"CIMType":"Boolean","Description":"Specifies whether the group is security enabled. For security groups, this value must be $True.","Name":"SecurityEnabled","Option":"Required"},{"CIMType":"Boolean","Description":"Specifies whether this group is mail enabled. Currently, you cannot create mail enabled groups in Azure AD.","Name":"MailEnabled","Option":"Required"},{"CIMType":"Boolean","Description":"Specifies whether this group can be assigned a role. Only available when creating a group and can't be modified after group is created.","Name":"IsAssignableToRole","Option":"Write"},{"CIMType":"String[]","Description":"DisplayName values for the roles that the group is assigned to.","Name":"AssignedToRole","Option":"Write"},{"CIMType":"String","Description":"This parameter determines the visibility of the group's content and members list.","Name":"Visibility","Option":"Write","ValueMap":["Public","Private","HiddenMembership"],"Values":["Public","Private","HiddenMembership"]},{"CIMType":"MSFT_AADGroupLicense[]","Description":"List of Licenses assigned to the group.","Name":"AssignedLicenses","Option":"Write"},{"CIMType":"String","Description":"Specify if the Azure AD Group should exist or not.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials for the Microsoft Graph delegated permissions.","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory application to authenticate with.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures an Azure Active Directory group. IMPORTANT: It does not support mail enabled security groups or mail enabled groups that are not unified or dynamic groups.\n\nIf using with AADUser, be aware that if AADUser->MemberOf is being specified and the referenced group is configured with AADGroup->Member then a conflict may arise if the two don't match. It is usually best to choose only one of them. See AADUser"},{"ClassName":"MSFT_MicrosoftGraphRequestSchedule","Parameters":[{"CIMType":"MSFT_MicrosoftGraphExpirationPattern","Description":"When the eligible or active assignment expires.","Name":"Expiration","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphPatternedRecurrence1","Description":"The frequency of the  eligible or active assignment. This property is currently unsupported in PIM.","Name":"Recurrence","Option":"Write"},{"CIMType":"String","Description":"When the  eligible or active assignment becomes active.","Name":"StartDateTime","Option":"Write"}],"Description":"Azure AD Group Eligibility Schedule"},{"ClassName":"MSFT_MicrosoftGraphExpirationPattern","Parameters":[{"CIMType":"String","Description":"The requestor's desired duration of access represented in ISO 8601 format for durations. For example, PT3H refers to three hours.  If specified in a request, endDateTime should not be present and the type property should be set to afterDuration.","Name":"Duration","Option":"Write"},{"CIMType":"String","Description":"Timestamp of date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.","Name":"EndDateTime","Option":"Write"},{"CIMType":"String","Description":"The requestor's desired expiration pattern type. The possible values are: notSpecified, noExpiration, afterDateTime, afterDuration.","Name":"Type","Option":"Write","ValueMap":["notSpecified","noExpiration","afterDateTime","afterDuration"],"Values":["notSpecified","noExpiration","afterDateTime","afterDuration"]}],"Description":"Azure AD Group Eligibility Schedule"},{"ClassName":"MSFT_MicrosoftGraphPatternedRecurrence1","Parameters":[{"CIMType":"MSFT_MicrosoftGraphRecurrencePattern1","Description":"The frequency of an event.  For access reviews: Do not specify this property for a one-time access review.  Only interval, dayOfMonth, and type (weekly, absoluteMonthly) properties of recurrencePattern are supported.","Name":"Pattern","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphRecurrenceRange1","Description":"The duration of an event.","Name":"Range","Option":"Write"}],"Description":"Azure AD Group Eligibility Schedule"},{"ClassName":"MSFT_MicrosoftGraphRecurrencePattern1","Parameters":[{"CIMType":"UInt32","Description":"The day of the month on which the event occurs. Required if type is absoluteMonthly or absoluteYearly.","Name":"DayOfMonth","Option":"Write"},{"CIMType":"String[]","Description":"A collection of the days of the week on which the event occurs. The possible values are: sunday, monday, tuesday, wednesday, thursday, friday, saturday. If type is relativeMonthly or relativeYearly, and daysOfWeek specifies more than one day, the event falls on the first day that satisfies the pattern.  Required if type is weekly, relativeMonthly, or relativeYearly.","Name":"DaysOfWeek","Option":"Write","ValueMap":["sunday","monday","tuesday","wednesday","thursday","friday","saturday"],"Values":["sunday","monday","tuesday","wednesday","thursday","friday","saturday"]},{"CIMType":"String","Description":"The first day of the week. The possible values are: sunday, monday, tuesday, wednesday, thursday, friday, saturday. Default is sunday. Required if type is weekly.","Name":"FirstDayOfWeek","Option":"Write","ValueMap":["sunday","monday","tuesday","wednesday","thursday","friday","saturday"],"Values":["sunday","monday","tuesday","wednesday","thursday","friday","saturday"]},{"CIMType":"String","Description":"Specifies on which instance of the allowed days specified in daysOfWeek the event occurs, counted from the first instance in the month. The possible values are: first, second, third, fourth, last. Default is first. Optional and used if type is relativeMonthly or relativeYearly.","Name":"Index","Option":"Write","ValueMap":["first","second","third","fourth","last"],"Values":["first","second","third","fourth","last"]},{"CIMType":"UInt32","Description":"The number of units between occurrences, where units can be in days, weeks, months, or years, depending on the type. Required.","Name":"Interval","Option":"Write"},{"CIMType":"UInt32","Description":"The month in which the event occurs.  This is a number from 1 to 12.","Name":"Month","Option":"Write"},{"CIMType":"String","Description":"The recurrence pattern type: daily, weekly, absoluteMonthly, relativeMonthly, absoluteYearly, relativeYearly. Required. For more information, see values of type property.","Name":"Type","Option":"Write","ValueMap":["daily","weekly","absoluteMonthly","relativeMonthly","absoluteYearly","relativeYearly"],"Values":["daily","weekly","absoluteMonthly","relativeMonthly","absoluteYearly","relativeYearly"]}],"Description":"Azure AD Group Eligibility Schedule"},{"ClassName":"MSFT_MicrosoftGraphRecurrenceRange1","Parameters":[{"CIMType":"String","Description":"The date to stop applying the recurrence pattern. Depending on the recurrence pattern of the event, the last occurrence of the meeting may not be this date. Required if type is endDate.","Name":"EndDate","Option":"Write"},{"CIMType":"UInt32","Description":"The number of times to repeat the event. Required and must be positive if type is numbered.","Name":"NumberOfOccurrences","Option":"Write"},{"CIMType":"String","Description":"Time zone for the startDate and endDate properties. Optional. If not specified, the time zone of the event is used.","Name":"RecurrenceTimeZone","Option":"Write"},{"CIMType":"String","Description":"The date to start applying the recurrence pattern. The first occurrence of the meeting may be this date or later, depending on the recurrence pattern of the event. Must be the same value as the start property of the recurring event. Required.","Name":"StartDate","Option":"Write"},{"CIMType":"String","Description":"The recurrence range. The possible values are: endDate, noEnd, numbered. Required.","Name":"Type","Option":"Write","ValueMap":["endDate","noEnd","numbered"],"Values":["endDate","noEnd","numbered"]}],"Description":"Azure AD Group Eligibility Schedule"},{"ClassName":"MSFT_AADGroupEligibilitySchedule","Parameters":[{"CIMType":"String","Description":"Displayname if the Principal is group, otherwise UserPrincipalName for user.","Name":"Principal","Option":"Key"},{"CIMType":"String","Description":"The identifier of the membership or ownership eligibility to the group that is governed by PIM. Required. The possible values are: owner, member. Supports $filter (eq).","Name":"AccessId","Option":"Key","ValueMap":["owner","member","unknownFutureValue"],"Values":["owner","member","unknownFutureValue"]},{"CIMType":"String","Description":"Displayname of the group representing the scope of the membership or ownership eligibility through PIM for groups.","Name":"GroupDisplayName","Option":"Key"},{"CIMType":"String","Description":"The identifier of the group representing the scope of the membership or ownership eligibility through PIM for groups. Required. Supports $filter (eq).","Name":"GroupId","Option":"Write"},{"CIMType":"String","Description":"Indicates whether the assignment is derived from a group assignment. It can further imply whether the caller can manage the schedule. Required. The possible values are: direct, group, unknownFutureValue. Supports $filter (eq).","Name":"MemberType","Option":"Write","ValueMap":["direct","group","unknownFutureValue"],"Values":["direct","group","unknownFutureValue"]},{"CIMType":"String","Description":"Principal type user or group","Name":"PrincipalType","Option":"Write","ValueMap":["user","group"],"Values":["user","group"]},{"CIMType":"MSFT_MicrosoftGraphrequestSchedule","Description":"Represents the period of the access assignment or eligibility. The scheduleInfo can represent a single occurrence or multiple recurring instances. Required.","Name":"ScheduleInfo","Option":"Write"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Azure AD Group Eligibility Schedule"},{"ClassName":"MSFT_AADRoleManagementPolicyExpirationRule","Parameters":[{"CIMType":"Boolean","Description":"Specifies if expiration is required.","Name":"isExpirationRequired","Option":"Write"},{"CIMType":"String","Description":"The maximum duration for the expiration.","Name":"maximumDuration","Option":"Write"}],"Description":"Azure AD Group Eligibility Schedule Settings"},{"ClassName":"MSFT_AADRoleManagementPolicyNotificationRule","Parameters":[{"CIMType":"String","Description":"Notification type for the rule.","Name":"notificationType","Option":"Write"},{"CIMType":"String","Description":"Type of the recipient for the notification.","Name":"recipientType","Option":"Write"},{"CIMType":"String","Description":"Level of the notification.","Name":"notificationLevel","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates if default recipients are enabled.","Name":"isDefaultRecipientsEnabled","Option":"Write"},{"CIMType":"String[]","Description":"List of notification recipients.","Name":"notificationRecipients","Option":"Write"}],"Description":"Azure AD Group Eligibility Schedule Settings"},{"ClassName":"MSFT_AADRoleManagementPolicyEnablementRule","Parameters":[{"CIMType":"String[]","Description":"List of enabled rules.","Name":"enabledRules","Option":"Write"}],"Description":"Azure AD Group Eligibility Schedule Settings"},{"ClassName":"MSFT_AADRoleManagementPolicySubjectSet","Parameters":[{"CIMType":"String","Description":"The type of the subject set.","Name":"odataType","Option":"Write"}],"Description":"Azure AD Group Eligibility Schedule Settings"},{"ClassName":"MSFT_AADRoleManagementPolicyApprovalStage","Parameters":[{"CIMType":"UInt32","Description":"The number of days that a request can be pending a response before it is automatically denied.","Name":"approvalStageTimeOutInDays","Option":"Write"},{"CIMType":"UInt32","Description":"The time a request can be pending a response from a primary approver before it can be escalated to the escalation approvers.","Name":"escalationTimeInMinutes","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether the approver must provide justification for their reponse.","Name":"isApproverJustificationRequired","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether escalation if enabled.","Name":"isEscalationEnabled","Option":"Write"},{"CIMType":"MSFT_AADRoleManagementPolicySubjectSet[]","Description":"The escalation approvers for this stage when the primary approvers don't respond.","Name":"escalationApprovers","Option":"Write"},{"CIMType":"MSFT_AADRoleManagementPolicySubjectSet[]","Description":"The primary approvers of this stage.","Name":"primaryApprovers","Option":"Write"}],"Description":"Azure AD Group Eligibility Schedule Settings"},{"ClassName":"MSFT_AADRoleManagementPolicyApprovalSettings","Parameters":[{"CIMType":"String","Description":"One of SingleStage, Serial, Parallel, NoApproval (default). NoApproval is used when isApprovalRequired is false.","Name":"approvalMode","Option":"Write"},{"CIMType":"MSFT_AADRoleManagementPolicyApprovalStage[]","Description":"If approval is required, the one or two elements of this collection define each of the stages of approval. An empty array if no approval is required.","Name":"approvalStages","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether approval is required for requests in this policy.","Name":"isApprovalRequired","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether approval is required for a user to extend their assignment.","Name":"isApprovalRequiredForExtension","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether the requestor is required to supply a justification in their request.","Name":"isRequestorJustificationRequired","Option":"Write"}],"Description":"Azure AD Group Eligibility Schedule Settings"},{"ClassName":"MSFT_AADRoleManagementPolicyApprovalRule","Parameters":[{"CIMType":"MSFT_AADRoleManagementPolicyApprovalSettings","Description":"Settings for approval requirements.","Name":"setting","Option":"Write"}],"Description":"Azure AD Group Eligibility Schedule Settings"},{"ClassName":"MSFT_AADRoleManagementPolicyAuthenticationContextRule","Parameters":[{"CIMType":"Boolean","Description":"Indicates if the authentication context rule is enabled.","Name":"isEnabled","Option":"Write"},{"CIMType":"String","Description":"Claim value associated with the rule.","Name":"claimValue","Option":"Write"}],"Description":"Azure AD Group Eligibility Schedule Settings"},{"ClassName":"MSFT_AADGroupEligibilityScheduleSettings","Parameters":[{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Key"},{"CIMType":"String","Description":"Group display name.","Name":"GroupDisplayName","Option":"Key"},{"CIMType":"String","Description":"Rule Type.","Name":"RuleType","Option":"Write"},{"CIMType":"string","Description":"PIM Group Role.","Name":"PIMGroupRole","Option":"Key","ValueMap":["member","owner"],"Values":["member","owner"]},{"CIMType":"MSFT_AADRoleManagementPolicyExpirationRule","Description":"Expiration Rule.","Name":"ExpirationRule","Option":"Write"},{"CIMType":"MSFT_AADRoleManagementPolicyNotificationRule","Description":"Notification Rule.","Name":"NotificationRule","Option":"Write"},{"CIMType":"MSFT_AADRoleManagementPolicyEnablementRule","Description":"Enablement Rule.","Name":"EnablementRule","Option":"Write"},{"CIMType":"MSFT_AADRoleManagementPolicyApprovalRule","Description":"Approval Rule.","Name":"ApprovalRule","Option":"Write"},{"CIMType":"MSFT_AADRoleManagementPolicyAuthenticationContextRule","Description":"Authentication Context Rule.","Name":"AuthenticationContextRule","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Azure AD Group Eligibility Schedule Settings"},{"ClassName":"MSFT_AADGroupLifecyclePolicy","Parameters":[{"CIMType":"String","Description":"Only valid value is 'Yes'.","Name":"IsSingleInstance","Option":"Key","ValueMap":["Yes"],"Values":["Yes"]},{"CIMType":"UInt32","Description":"The number of days a group can exist before it needs to be renewed.","Name":"GroupLifetimeInDays","Option":"Required"},{"CIMType":"String","Description":"This parameter allows the admin to select which office 365 groups the policy will apply to. 'None' will create the policy in a disabled state. 'All' will apply the policy to every Office 365 group in the tenant. 'Selected' will allow the admin to choose specific Office 365 groups that the policy will apply to.","Name":"ManagedGroupTypes","Option":"Required","ValueMap":["All","None","Selected"],"Values":["All","None","Selected"]},{"CIMType":"String[]","Description":"Notification emails for groups that have no owners will be sent to these email addresses.","Name":"AlternateNotificationEmails","Option":"Required"},{"CIMType":"String","Description":"Specify if the Azure AD Groups Lifecycle Policy should exist or not.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials for the Microsoft Graph delegated permissions.","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory application to authenticate with.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures an Azure Active Directory Group Lifecycle Policy (e.g. Expiration)."},{"ClassName":"MSFT_AADGroupsNamingPolicy","Parameters":[{"CIMType":"String","Description":"Only valid value is 'Yes'.","Name":"IsSingleInstance","Option":"Key","ValueMap":["Yes"],"Values":["Yes"]},{"CIMType":"String","Description":"Prefixes and suffixes to add to the group name.","Name":"PrefixSuffixNamingRequirement","Option":"Write"},{"CIMType":"String[]","Description":"Comma delimited list of words that should be blocked from being included in groups' names.","Name":"CustomBlockedWordsList","Option":"Write"},{"CIMType":"String","Description":"Specify if the Azure AD Groups Naming Policy should exist or not.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials for the Microsoft Graph delegated permissions.","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory application to authenticate with.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures an Azure Active Directory Group Naming Policy."},{"ClassName":"MSFT_AADGroupsSettings","Parameters":[{"CIMType":"String","Description":"Only valid value is 'Yes'.","Name":"IsSingleInstance","Option":"Key","ValueMap":["Yes"],"Values":["Yes"]},{"CIMType":"Boolean","Description":"The flag indicating whether Office 365 group creation is allowed in the directory by non-admin users. This setting does not require an Azure Active Directory Premium P1 license.","Name":"EnableGroupCreation","Option":"Write"},{"CIMType":"Boolean","Description":"Boolean indicating whether or not sensitivity labels can be assigned to M365-groups.","Name":"EnableMIPLabels","Option":"Write"},{"CIMType":"Boolean","Description":"Boolean indicating whether or not a guest user can be an owner of groups.","Name":"AllowGuestsToBeGroupOwner","Option":"Write"},{"CIMType":"Boolean","Description":"Boolean indicating whether or not a guest user can have access to Office 365 groups content. This setting does not require an Azure Active Directory Premium P1 license.","Name":"AllowGuestsToAccessGroups","Option":"Write"},{"CIMType":"String","Description":"The url of a link to the guest usage guidelines.","Name":"GuestUsageGuidelinesUrl","Option":"Write"},{"CIMType":"String","Description":"Name of the security group for which the members are allowed to create Office 365 groups even when EnableGroupCreation == false.","Name":"GroupCreationAllowedGroupName","Option":"Write"},{"CIMType":"Boolean","Description":"A boolean indicating whether or not is allowed to add guests to this directory.","Name":"AllowToAddGuests","Option":"Write"},{"CIMType":"String","Description":"A link to the Group Usage Guidelines.","Name":"UsageGuidelinesUrl","Option":"Write"},{"CIMType":"Boolean","Description":"Boolean, a tenant-wide setting that assigns the default value to the writebackConfiguration/isEnabled property of new groups, if the property isn't specified during group creation. This setting is applicable when group writeback is configured in Microsoft Entra Connect.","Name":"NewUnifiedGroupWritebackDefault","Option":"Write"},{"CIMType":"String","Description":"Specify if the Azure AD Groups Naming Policy should exist or not.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials for the Microsoft Graph delegated permissions.","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory application to authenticate with.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures an Azure Active Directory Groups Settings."},{"ClassName":"MSFT_AADHomeRealDiscoveryPolicyDefinition","Parameters":[{"CIMType":"Boolean","Description":"Accelerate to Federated Domain.","Name":"AccelerateToFederatedDomain","Option":"Write"},{"CIMType":"Boolean","Description":"Allow cloud password validation.","Name":"AllowCloudPasswordValidation","Option":"Write"},{"CIMType":"MSFT_AADHomeRealDiscoveryPolicyDefinitionAlternateIdLogin","Description":"AlternateIdLogin complex object.","Name":"AlternateIdLogin","Option":"Write"},{"CIMType":"String","Description":"Preffered Domain value.","Name":"PreferredDomain","Option":"Write"}],"Description":"Azure AD Home Realm Discovery Policy"},{"ClassName":"MSFT_AADHomeRealDiscoveryPolicyDefinitionAlternateIdLogin","Parameters":[{"CIMType":"Boolean","Description":"Boolean for whether AlternateIdLogin is enabled.","Name":"Enabled","Option":"Write"}],"Description":"Azure AD Home Realm Discovery Policy"},{"ClassName":"MSFT_AADHomeRealmDiscoveryPolicy","Parameters":[{"CIMType":"String","Description":"Display name for this policy. Required.","Name":"DisplayName","Option":"Key"},{"CIMType":"MSFT_AADHomeRealDiscoveryPolicyDefinition[]","Description":"A string collection containing a complex object array that defines the rules and settings for a policy. The syntax for the definition differs for each derived policy type. Required.","Name":"Definition","Option":"Write"},{"CIMType":"Boolean","Description":"If set to true, activates this policy. There can be many policies for the same policy type, but only one can be activated as the organization default. Optional, default value is false.","Name":"IsOrganizationDefault","Option":"Write"},{"CIMType":"String","Description":"Description for this policy. Required.","Name":"Description","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Azure AD Home Realm Discovery Policy"},{"ClassName":"MSFT_AADIdentityAPIConnectionCertificate","Parameters":[{"CIMType":"MSFT_Credential","Description":"Pkcs12Value of the certificate as a secure string in Base64 encoding","Name":"Pkcs12Value","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the certificate in Base64 encoding","Name":"Thumbprint","Option":"Key"},{"CIMType":"MSFT_Credential","Description":"Password of the certificate as a secure string","Name":"Password","Option":"Write"},{"CIMType":"Boolean","Description":"Tells if the certificate is in use or not","Name":"IsActive","Option":"Write"}],"Description":"Azure AD Identity API Connector"},{"ClassName":"MSFT_AADIdentityAPIConnector","Parameters":[{"CIMType":"String","Description":"The name of the API connector.","Name":"DisplayName","Option":"Required"},{"CIMType":"String","Description":"The URL of the API endpoint to call.","Name":"TargetUrl","Option":"Write"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Key"},{"CIMType":"String","Description":"The username of the password","Name":"Username","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"The password of certificate/basic auth","Name":"Password","Option":"Write"},{"CIMType":"MSFT_AADIdentityAPIConnectionCertificate[]","Description":"List of certificates to be used in the API connector","Name":"Certificates","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Azure AD Identity API Connector"},{"ClassName":"MSFT_MicrosoftGraphUserFlowApiConnectorConfiguration","Parameters":[{"CIMType":"String","Description":"The name of the connector used for post federation signup step.","Name":"postFederationSignupConnectorName","Option":"Write"},{"CIMType":"String","Description":"The name of the connector used for post attribute collection step.","Name":"postAttributeCollectionConnectorName","Option":"Write"}],"Description":"Azure AD Identity B2 X User Flow"},{"ClassName":"MSFT_MicrosoftGraphuserFlowUserAttributeAssignmentUserAttributeValues","Parameters":[{"CIMType":"String","Description":"The display name of the property displayed to the end user in the user flow.","Name":"Name","Option":"Key"},{"CIMType":"String","Description":"The value that is set when this item is selected.","Name":"Value","Option":"Write"},{"CIMType":"Boolean","Description":"Used to set the value as the default.","Name":"IsDefault","Option":"Write"}],"Description":"Azure AD Identity B2 X User Flow"},{"ClassName":"MSFT_MicrosoftGraphuserFlowUserAttributeAssignment","Parameters":[{"CIMType":"String","Description":"The unique identifier of identityUserFlowAttributeAssignment.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"The display name of the identityUserFlowAttribute within a user flow.","Name":"DisplayName","Option":"Write"},{"CIMType":"Boolean","Description":"Determines whether the identityUserFlowAttribute is optional.","Name":"IsOptional","Option":"Write"},{"CIMType":"String","Description":"User Flow Attribute Input Type.","Name":"UserInputType","Option":"Write","ValueMap":["textBox","dateTimeDropdown","radioSingleSelect","dropdownSingleSelect","emailBox","checkboxMultiSelect"],"Values":["textBox","dateTimeDropdown","radioSingleSelect","dropdownSingleSelect","emailBox","checkboxMultiSelect"]},{"CIMType":"MSFT_MicrosoftGraphuserFlowUserAttributeAssignmentUserAttributeValues[]","Description":"The list of user attribute values for this assignment.","Name":"UserAttributeValues","Option":"Write"}],"Description":"Azure AD Identity B2 X User Flow"},{"ClassName":"MSFT_AADIdentityB2XUserFlow","Parameters":[{"CIMType":"MSFT_MicrosoftGraphuserFlowApiConnectorConfiguration","Description":"Configuration for enabling an API connector for use as part of the self-service sign-up user flow. You can only obtain the value of this object using Get userFlowApiConnectorConfiguration.","Name":"ApiConnectorConfiguration","Option":"Write"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Key"},{"CIMType":"String[]","Description":"The identity providers included in the user flow.","Name":"IdentityProviders","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphuserFlowUserAttributeAssignment[]","Description":"The user attribute assignments included in the user flow.","Name":"UserAttributeAssignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Azure AD Identity B2 X User Flow"},{"ClassName":"MSFT_IdentityGovernanceScope","Parameters":[{"CIMType":"String","Description":"The @odata.type for the Scope.","Name":"OdataType","Option":"Write"},{"CIMType":"String","Description":"The rule associated with the Scope.","Name":"Rule","Option":"Write"}],"Description":"Use this resource to manage Lifecycle workflows."},{"ClassName":"MSFT_IdentityGovernanceTrigger","Parameters":[{"CIMType":"String","Description":"The @odata.type for the Trigger.","Name":"OdataType","Option":"Write"},{"CIMType":"String","Description":"The time-based attribute for the Trigger.","Name":"TimeBasedAttribute","Option":"Write"},{"CIMType":"SInt32","Description":"The offset in days for the Trigger.","Name":"OffsetInDays","Option":"Write"}],"Description":"Use this resource to manage Lifecycle workflows."},{"ClassName":"MSFT_IdentityGovernanceWorkflowExecutionConditions","Parameters":[{"CIMType":"String","Description":"The @odata.type for the Workflow Execution Conditions.","Name":"OdataType","Option":"Write"},{"CIMType":"MSFT_IdentityGovernanceScope","Description":"The scope for the Workflow Execution Conditions.","Name":"ScopeValue","Option":"Write"},{"CIMType":"MSFT_IdentityGovernanceTrigger","Description":"The trigger for the Workflow Execution Conditions.","Name":"TriggerValue","Option":"Write"}],"Description":"Use this resource to manage Lifecycle workflows."},{"ClassName":"MSFT_AADIdentityGovernanceTaskArguments","Parameters":[{"CIMType":"String","Description":"The name of the key","Name":"Name","Option":"Key"},{"CIMType":"String","Description":"The value associated with the key","Name":"Value","Option":"Write"}],"Description":"Use this resource to manage Lifecycle workflows."},{"ClassName":"MSFT_AADIdentityGovernanceTask","Parameters":[{"CIMType":"String","Description":"Specifies the display name of the Workflow Task","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"Description of the Workflow Task","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Category of the Workflow Task","Name":"Category","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates if the Workflow Task is enabled or not","Name":"IsEnabled","Option":"Write"},{"CIMType":"SInt32","Description":"The sequence in which the task is executed","Name":"ExecutionSequence","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies whether the task should continue on error","Name":"ContinueOnError","Option":"Write"},{"CIMType":"String","Description":"ID of the task definition associated with this Workflow Task","Name":"TaskDefinitionId","Option":"Write"},{"CIMType":"MSFT_AADIdentityGovernanceTaskArguments[]","Description":"Arguments for the Workflow Task","Name":"Arguments","Option":"Write"}],"Description":"Use this resource to manage Lifecycle workflows."},{"ClassName":"MSFT_AADIdentityGovernanceLifecycleWorkflow","Parameters":[{"CIMType":"String","Description":"Specifies the Display Name of the Workflow","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"Description of the Workflow","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Category of the Workflow","Name":"Category","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates if the Workflow is enabled","Name":"IsEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates if scheduling is enabled for the Workflow","Name":"IsSchedulingEnabled","Option":"Write"},{"CIMType":"MSFT_AADIdentityGovernanceTask[]","Description":"Tasks associated with this workflow","Name":"Tasks","Option":"Write"},{"CIMType":"MSFT_IdentityGovernanceWorkflowExecutionConditions","Description":"ExecutionConditions for this workflow","Name":"ExecutionConditions","Option":"Write"},{"CIMType":"string","Description":"Present ensures the instance exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Absent","Present"],"Values":["Absent","Present"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Use this resource to manage Lifecycle workflows."},{"ClassName":"MSFT_AADIdentityGovernanceLifecycleWorkflowCustomTaskExtensionClientConfiguration","Parameters":[{"CIMType":"UInt32","Description":"The max duration in milliseconds that Microsoft Entra ID waits for a response from the external app before it shuts down the connection. The valid range is between 200 and 2000 milliseconds. Default duration is 1000.","Name":"timeoutInMilliseconds","Option":"Write"},{"CIMType":"UInt32","Description":"The max number of retries that Microsoft Entra ID makes to the external API. Values of 0 or 1 are supported. If null, the default for the service applies.","Name":"maximumRetries","Option":"Write"}],"Description":"Configures custom extensions for Lifecycle workflows in Entra id."},{"ClassName":"MSFT_AADIdentityGovernanceLifecycleWorkflowCustomTaskExtensionEndpointConfiguration","Parameters":[{"CIMType":"String","Description":"The name of the logic app.","Name":"logicAppWorkflowName","Option":"Write"},{"CIMType":"String","Description":"The Azure resource group name for the logic app.","Name":"resourceGroupName","Option":"Write"},{"CIMType":"String","Description":"Identifier of the Azure subscription for the logic app.","Name":"subscriptionId","Option":"Write"},{"CIMType":"String","Description":"Url of the logic app.","Name":"url","Option":"Write"}],"Description":"Configures custom extensions for Lifecycle workflows in Entra id."},{"ClassName":"MSFT_AADIdentityGovernanceLifecycleWorkflowCustomTaskExtensionCallbackConfiguration","Parameters":[{"CIMType":"String","Description":"Callback time out in ISO 8601 time duration. Accepted time durations are between five minutes to three hours. For example, PT5M for five minutes and PT3H for three hours. Inherited from customExtensionCallbackConfiguration.","Name":"timeoutDuration","Option":"Write"},{"CIMType":"String[]","Description":"List of apps names that are allowed to resume a task processing result.","Name":"authorizedApps","Option":"Write"}],"Description":"Configures custom extensions for Lifecycle workflows in Entra id."},{"ClassName":"MSFT_AADIdentityGovernanceLifecycleWorkflowCustomTaskExtension","Parameters":[{"CIMType":"String","Description":"Display name of the custom extension.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"Unique Id of the extension.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"Description of the extension.","Name":"Description","Option":"Write"},{"CIMType":"MSFT_AADIdentityGovernanceLifecycleWorkflowCustomTaskExtensionClientConfiguration","Description":"Client configuration for the extension","Name":"ClientConfiguration","Option":"Write"},{"CIMType":"MSFT_AADIdentityGovernanceLifecycleWorkflowCustomTaskExtensionEndpointConfiguration","Description":"Endpoint configuration for the extension","Name":"EndpointConfiguration","Option":"Write"},{"CIMType":"MSFT_AADIdentityGovernanceLifecycleWorkflowCustomTaskExtensionCallbackConfiguration","Description":"Callback configuration for the extension","Name":"CallbackConfiguration","Option":"Write"},{"CIMType":"string","Description":"Present ensures the instance exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Absent","Present"],"Values":["Absent","Present"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Configures custom extensions for Lifecycle workflows in Entra id."},{"ClassName":"MSFT_AADIdentityGovernanceProgram","Parameters":[{"CIMType":"String","Description":"A description for this identity governance program.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"The display name for this identity governance program.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Azure AD Identity Governance Program."},{"ClassName":"MSFT_AADIdentityProtectionPolicySettings","Parameters":[{"CIMType":"String","Description":"Only valid value is 'Yes'.","Name":"IsSingleInstance","Option":"Key","ValueMap":["Yes"],"Values":["Yes"]},{"CIMType":"Boolean","Description":"If true, user risk is cleared on password reset.","Name":"IsUserRiskClearedOnPasswordReset","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Use this resource to monitor the identity protection policy settings in AAD."},{"ClassName":"MSFT_AADLifecycleWorkflowSettings","Parameters":[{"CIMType":"String","Description":"Only valid value is 'Yes'.","Name":"IsSingleInstance","Option":"Key","ValueMap":["Yes"],"Values":["Yes"]},{"CIMType":"String","Description":"Specifies the domain that should be used when sending email notifications. This domain must be verified in order to be used. We recommend that you use a domain that has the appropriate DNS records to facilitate email validation, like SPF, DKIM, DMARC, and MX, because this then complies with the RFC compliance for sending and receiving email. For details, see Learn more about Exchange Online Email Routing.","Name":"SenderDomain","Option":"Write"},{"CIMType":"UInt32","Description":"The interval in hours at which all workflows running in the tenant should be scheduled for execution. This interval has a minimum value of 1 and a maximum value of 24. The default value is 3 hours.","Name":"WorkflowScheduleIntervalInHours","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies if the organization's banner logo should be included in email notifications. The banner logo will replace the Microsoft logo at the top of the email notification. If true the banner logo will be taken from the tenant's branding settings. This value can only be set to true if the organizationalBranding bannerLogo property is set.","Name":"UseCompanyBranding","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Update the properties of a lifecycleManagementSettings object."},{"ClassName":"MSFT_AADMultiTenantOrganizationIdentitySyncPolicyTemplateUserSyncInbound","Parameters":[{"CIMType":"Boolean","Description":"Defines whether user objects should be synchronized from the partner tenant. false causes any current user synchronization from the source tenant to the target tenant to stop. This property has no impact on existing users who have already been synchronized.","Name":"isSyncAllowed","Option":"Write"}],"Description":"Defines an optional cross-tenant access policy template with user synchronization settings for multitenant organization tenants."},{"ClassName":"MSFT_AADMultiTenantOrganizationIdentitySyncPolicyTemplate","Parameters":[{"CIMType":"String","Description":"Only valid value is 'Yes'.","Name":"IsSingleInstance","Option":"Key","ValueMap":["Yes"],"Values":["Yes"]},{"CIMType":"String","Description":"Specifies whether the template will be applied to user synchronization settings of certain tenants. The possible values are: none, newPartners, existingPartners, unknownFutureValue. You can also specify multiple values like newPartners,existingPartners (default). none indicates the template is not applied to any new or existing partner tenants. newPartners indicates the template is applied to new partner tenants. existingPartners indicates the template is applied to existing partner tenants, those who already had partner-specific user synchronization settings in place.","Name":"TemplateApplicationLevel","Option":"Write"},{"CIMType":"MSFT_AADMultiTenantOrganizationIdentitySyncPolicyTemplateUserSyncInbound","Description":"Determines whether users can be synchronized from the partner tenant. false causes any current user synchronization from the source tenant to the target tenant to stop. This property has no impact on existing users who have already been synchronized.","Name":"UserSyncInbound","Option":"Write"},{"CIMType":"string","Description":"Present ensures the instance exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Absent","Present"],"Values":["Absent","Present"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Defines an optional cross-tenant access policy template with user synchronization settings for multitenant organization tenants."},{"ClassName":"MSFT_AADNamedLocationPolicy","Parameters":[{"CIMType":"string","Description":"Specifies the Odata Type of a Named Location object in Azure Active Directory","Name":"OdataType","Option":"Write","ValueMap":["#microsoft.graph.CountryNamedLocation","#microsoft.graph.ipNamedLocation","#microsoft.graph.compliantNetworkNamedLocation"],"Values":["#microsoft.graph.CountryNamedLocation","#microsoft.graph.ipNamedLocation","#microsoft.graph.compliantNetworkNamedLocation"]},{"CIMType":"String","Description":"Specifies the ID of a Named Location in Azure Active Directory.","Name":"Id","Option":"Write"},{"CIMType":"string","Description":"Specifies the Display Name of a Named Location in Azure Active Directory","Name":"DisplayName","Option":"Key"},{"CIMType":"String[]","Description":"Specifies the IP ranges of the Named Location in Azure Active Directory","Name":"IpRanges","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies the isTrusted value for the Named Location (IP ranges only) in Azure Active Directory","Name":"IsTrusted","Option":"Write"},{"CIMType":"String[]","Description":"Specifies the countries and regions for the Named Location in Azure Active Directory","Name":"CountriesAndRegions","Option":"Write"},{"CIMType":"String","Description":"Determines what method is used to decide which country the user is located in. Possible values are clientIpAddress(default) and authenticatorAppGps.","Name":"CountryLookupMethod","Option":"Write","ValueMap":["clientIpAddress","authenticatorAppGps"],"Values":["clientIpAddress","authenticatorAppGps"]},{"CIMType":"Boolean","Description":"Specifies the includeUnknownCountriesAndRegions value for the Named Location in Azure Active Directory","Name":"IncludeUnknownCountriesAndRegions","Option":"Write"},{"CIMType":"String","Description":"Specify if the Azure AD Named Location should exist or not.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials for the Microsoft Graph delegated permissions.","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory application to authenticate with.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures the Azure AD Named Location Policies in Azure Active Directory"},{"ClassName":"MSFT_MicrosoftGraphNetworkAccessForwardingPolicyRule","Parameters":[{"CIMType":"String","Description":"Policy Rule Name. Required","Name":"Name","Option":"Key"},{"CIMType":"String","Description":"Action value.","Name":"ActionValue","Option":"Write"},{"CIMType":"String","Description":"Type of Rule","Name":"RuleType","Option":"Write"},{"CIMType":"UInt32[]","Description":"List of Ports.","Name":"Ports","Option":"Write"},{"CIMType":"String","Description":"Protocol Value","Name":"Protocol","Option":"Write"},{"CIMType":"String[]","Description":"List of destinations.","Name":"Destinations","Option":"Write"}],"Description":"Use this resource to monitor the forwarding policy rules associated with the forwarding policies."},{"ClassName":"MSFT_AADNetworkAccessForwardingPolicy","Parameters":[{"CIMType":"String","Description":"Name of the forwarding policy","Name":"Name","Option":"Key"},{"CIMType":"MSFT_MicrosoftGraphNetworkAccessForwardingPolicyRule[]","Description":"List of rules associated to this forwarding policy.","Name":"PolicyRules","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Use this resource to monitor the forwarding policy rules associated with the forwarding policies."},{"ClassName":"MSFT_MicrosoftGraphNetworkaccessPolicyLink","Parameters":[{"CIMType":"String","Description":"Policy Name. Required","Name":"Name","Option":"Key"},{"CIMType":"String","Description":"Policy Link Id","Name":"PolicyLinkId","Option":"Write"},{"CIMType":"String","Description":"status","Name":"state","Option":"Write"}],"Description":"This resource configure the Azure AD Network Access Forwarding Profile"},{"ClassName":"MSFT_AADNetworkAccessForwardingProfile","Parameters":[{"CIMType":"String","Description":"Profile Name. Required.","Name":"Name","Option":"Key"},{"CIMType":"String","Description":"Id of the profile. Unique Identifier","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"status of the profile","Name":"State","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphNetworkaccessPolicyLink[]","Description":"Traffic forwarding policies associated with this profile.","Name":"Policies","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configure the Azure AD Network Access Forwarding Profile"},{"ClassName":"MSFT_AADNetworkAccessSettingConditionalAccess","Parameters":[{"CIMType":"String","Description":"Only valid value is 'Yes'.","Name":"IsSingleInstance","Option":"Key","ValueMap":["Yes"],"Values":["Yes"]},{"CIMType":"String","Description":"Enable CA Signaling for Entra ID (covering all cloud apps). Accepted values are enabled or disabled.","Name":"SignalingStatus","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Configures the adaptive access settings in Entra Id"},{"ClassName":"MSFT_AADNetworkAccessSettingCrossTenantAccess","Parameters":[{"CIMType":"String","Description":"Only valid value is 'Yes'.","Name":"IsSingleInstance","Option":"Key","ValueMap":["Yes"],"Values":["Yes"]},{"CIMType":"String","Description":"Enable Tenant Restrictions for Entra ID (covering all cloud apps). Accepted values are enabled or disabled.","Name":"NetworkPacketTaggingStatus","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Configures the universal tenant restrictions in Entra Id"},{"ClassName":"MSFT_AADOnPremisesPublishingProfilesSettings","Parameters":[{"CIMType":"String","Description":"Only valid value is 'Yes'.","Name":"IsSingleInstance","Option":"Key","ValueMap":["Yes"],"Values":["Yes"]},{"CIMType":"Boolean","Description":"Enables of disables private net work connectors in Entra Id.","Name":"IsEnabled","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Configures the settings for the on-premises publishing profiles in Entra Id."},{"ClassName":"MSFT_MicrosoftGraphCertificateAuthority","Parameters":[{"CIMType":"String","Description":"Required. The base64 encoded string representing the public certificate.","Name":"Certificate","Option":"Key"},{"CIMType":"String","Description":"The URL of the certificate revocation list.","Name":"CertificateRevocationListUrl","Option":"Write"},{"CIMType":"String","Description":"The URL contains the list of all revoked certificates since the last time a full certificate revocaton list was created.","Name":"DeltaCertificateRevocationListUrl","Option":"Write"},{"CIMType":"Boolean","Description":"Required. true if the trusted certificate is a root authority, false if the trusted certificate is an intermediate authority.","Name":"IsRootAuthority","Option":"Write"}],"Description":"Azure AD Organization Certificate Based Auth Configuration"},{"ClassName":"MSFT_AADOrganizationCertificateBasedAuthConfiguration","Parameters":[{"CIMType":"MSFT_MicrosoftGraphcertificateAuthority[]","Description":"Collection of certificate authorities which creates a trusted certificate chain.","Name":"CertificateAuthorities","Option":"Write"},{"CIMType":"String","Description":"The Organization ID. Read-only.","Name":"OrganizationId","Option":"Key"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Azure AD Organization Certificate Based Auth Configuration"},{"ClassName":"MSFT_AADPasswordRuleSettings","Parameters":[{"CIMType":"String","Description":"Only valid value is 'Yes'.","Name":"IsSingleInstance","Option":"Key","ValueMap":["Yes"],"Values":["Yes"]},{"CIMType":"UInt32","Description":"The number of failed login attempts before the first lockout period begins.","Name":"LockoutThreshold","Option":"Write"},{"CIMType":"UInt32","Description":"The duration in seconds of the initial lockout period.","Name":"LockoutDurationInSeconds","Option":"Write"},{"CIMType":"Boolean","Description":"Boolean indicating if the banned password check for tenant specific banned password list is turned on or not.","Name":"EnableBannedPasswordCheck","Option":"Write"},{"CIMType":"String[]","Description":"A list of banned words in passwords.","Name":"BannedPasswordList","Option":"Write"},{"CIMType":"String","Description":"How should we enforce password policy check in on-premises system.","Name":"BannedPasswordCheckOnPremisesMode","Option":"Write","ValueMap":["Enforce","Audit"],"Values":["Enforce","Audit"]},{"CIMType":"Boolean","Description":"Boolean indicating if the banned password check is turned on or not for on-premises system.","Name":"EnableBannedPasswordCheckOnPremises","Option":"Write"},{"CIMType":"String","Description":"Specify if the Azure AD Password Rule Settings should exist or not.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials for the Microsoft Graph delegated permissions.","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory application to authenticate with.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures the Azure Active Directory Password Rule Settings."},{"ClassName":"MSFT_AADPermissionGrantConditionSet","Parameters":[{"CIMType":"String","Description":"The unique identifier for the condition set.","Name":"Id","Option":"Write"},{"CIMType":"Boolean","Description":"Set to true to only match on client applications that are from a Microsoft Partner Network verified publisher. Set to false to match on any client app.","Name":"CertifiedClientApplicationsOnly","Option":"Write"},{"CIMType":"String[]","Description":"A list of appId values for the client applications to match with, or a list with the single value all to match any client application.","Name":"ClientApplicationIds","Option":"Write"},{"CIMType":"String[]","Description":"A list of Microsoft Partner Network (MPN) IDs for verified publishers of the client application, or a list with the single value all to match with client apps from any publisher.","Name":"ClientApplicationPublisherIds","Option":"Write"},{"CIMType":"String[]","Description":"A list of Entra ID tenant IDs in which the client application is registered, or a list with the single value all to match with client apps registered in any tenant.","Name":"ClientApplicationTenantIds","Option":"Write"},{"CIMType":"Boolean","Description":"Set to true to only match on client applications with a verified publisher. Set to false to match on any client app. Default is false.","Name":"ClientApplicationsFromVerifiedPublisherOnly","Option":"Write"},{"CIMType":"String","Description":"The permission classification for the permission being granted, or all to match with any permission classification (including permissions which are not classified). Default is all.","Name":"PermissionClassification","Option":"Write"},{"CIMType":"String[]","Description":"The list of permission display names to match with (e.g. 'User.Read', 'Mail.Send'), or a list with the single value all to match with any permission. Do not use permission GUIDs.","Name":"Permissions","Option":"Write"},{"CIMType":"String","Description":"The permission type of the permission being granted. Possible values: application for application permissions, or delegated for delegated permissions.","Name":"PermissionType","Option":"Write"},{"CIMType":"String","Description":"The appId of the resource application (e.g. '00000003-0000-0000-c000-000000000000' for Microsoft Graph) for which a permission is being granted, or 'any' to match any resource application. Use the AppId GUID, not the display name.","Name":"ResourceApplication","Option":"Write"}],"Description":"This resource configures an Entra Permission Grant Policy with its associated include and exclude condition sets.\n\nPermission Grant Policies allow organizations to delegate admin consent capabilities for specific Microsoft Graph permissions to non-Global Administrator users and groups.\n\nThis resource combines the parent policy and its condition sets into a single configuration, managing:\n- The parent permission grant policy properties (Id, DisplayName, Description)\n- Include condition sets as an embedded CIM instance array\n- Exclude condition sets as an embedded CIM instance array\n\n## Example\n\n```powershell\nAADPermissionGrantPolicy 'CustomConsentPolicy'\n{\n    Id           = \"my-custom-consent-policy\"\n    DisplayName  = \"My Custom Consent Policy\"\n    Description  = \"Custom policy for app consent with specific conditions\"\n    Includes     = @(\n        MSFT_AADPermissionGrantConditionSet {\n            Id                              = \"include-low-risk-delegated\"\n            PermissionType                  = \"delegated\"\n            PermissionClassification        = \"low\"\n            ClientApplicationIds            = @(\"all\")\n            ClientApplicationTenantIds      = @($TenantId)\n            ClientApplicationPublisherIds   = @(\"all\")\n            ClientApplicationsFromVerifiedPublisherOnly = $false\n            ResourceApplication             = \"00000003-0000-0000-c000-000000000000\"\n            Permissions                     = @(\"User.Read\", \"openid\", \"profile\")\n        }\n    )\n    Excludes     = @(\n        MSFT_AADPermissionGrantConditionSet {\n            Id                       = \"exclude-high-risk-permissions\"\n            PermissionType           = \"delegated\"\n            PermissionClassification = \"high\"\n            ClientApplicationIds     = @(\"all\")\n            ResourceApplication      = \"any\"\n            Permissions              = @(\"all\")\n        }\n    )\n    Ensure                = \"Present\"\n    ApplicationId         = $ApplicationId\n    TenantId              = $TenantId\n    CertificateThumbprint = $CertificateThumbprint\n}\n```"},{"ClassName":"MSFT_AADPermissionGrantPolicy","Parameters":[{"CIMType":"String","Description":"The unique identifier for the permission grant policy.","Name":"Id","Option":"Key"},{"CIMType":"String","Description":"The display name for the permission grant policy.","Name":"DisplayName","Option":"Write"},{"CIMType":"String","Description":"The description for the permission grant policy.","Name":"Description","Option":"Write"},{"CIMType":"MSFT_AADPermissionGrantConditionSet[]","Description":"Condition sets which are included in this permission grant policy. Automatically constructed as part of the permission grant policy.","Name":"Includes","Option":"Write"},{"CIMType":"MSFT_AADPermissionGrantConditionSet[]","Description":"Condition sets which are excluded in this permission grant policy. Automatically constructed as part of the permission grant policy.","Name":"Excludes","Option":"Write"},{"CIMType":"String","Description":"Specify if the policy should exist.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials for the Microsoft Graph delegated permissions.","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Entra ID application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Entra ID tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Entra ID application to authenticate with.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Entra ID application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures an Entra Permission Grant Policy with its associated include and exclude condition sets.\n\nPermission Grant Policies allow organizations to delegate admin consent capabilities for specific Microsoft Graph permissions to non-Global Administrator users and groups.\n\nThis resource combines the parent policy and its condition sets into a single configuration, managing:\n- The parent permission grant policy properties (Id, DisplayName, Description)\n- Include condition sets as an embedded CIM instance array\n- Exclude condition sets as an embedded CIM instance array\n\n## Example\n\n```powershell\nAADPermissionGrantPolicy 'CustomConsentPolicy'\n{\n    Id           = \"my-custom-consent-policy\"\n    DisplayName  = \"My Custom Consent Policy\"\n    Description  = \"Custom policy for app consent with specific conditions\"\n    Includes     = @(\n        MSFT_AADPermissionGrantConditionSet {\n            Id                              = \"include-low-risk-delegated\"\n            PermissionType                  = \"delegated\"\n            PermissionClassification        = \"low\"\n            ClientApplicationIds            = @(\"all\")\n            ClientApplicationTenantIds      = @($TenantId)\n            ClientApplicationPublisherIds   = @(\"all\")\n            ClientApplicationsFromVerifiedPublisherOnly = $false\n            ResourceApplication             = \"00000003-0000-0000-c000-000000000000\"\n            Permissions                     = @(\"User.Read\", \"openid\", \"profile\")\n        }\n    )\n    Excludes     = @(\n        MSFT_AADPermissionGrantConditionSet {\n            Id                       = \"exclude-high-risk-permissions\"\n            PermissionType           = \"delegated\"\n            PermissionClassification = \"high\"\n            ClientApplicationIds     = @(\"all\")\n            ResourceApplication      = \"any\"\n            Permissions              = @(\"all\")\n        }\n    )\n    Ensure                = \"Present\"\n    ApplicationId         = $ApplicationId\n    TenantId              = $TenantId\n    CertificateThumbprint = $CertificateThumbprint\n}\n```"},{"ClassName":"MSFT_AADPIMGroupSetting","Parameters":[{"CIMType":"String","Description":"RuleDefinition DisplayName","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"The identifier of the membership or ownership eligibility to the group that is governed by PIM. Required. The possible values are: owner, member. Supports $filter (eq).","Name":"RoleDefinitionId","Option":"Key","ValueMap":["owner","member"],"Values":["owner","member"]},{"CIMType":"String","Description":"Specifies the Group Policy Id.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"Activation maximum duration (hours).","Name":"ActivationMaxDuration","Option":"Write"},{"CIMType":"Boolean","Description":"Require justification on activation (True/False)","Name":"ActivationReqJustification","Option":"Write"},{"CIMType":"Boolean","Description":"Require ticket information on activation (True/False)","Name":"ActivationReqTicket","Option":"Write"},{"CIMType":"Boolean","Description":"Require MFA on activation (True/False)","Name":"ActivationReqMFA","Option":"Write"},{"CIMType":"Boolean","Description":"Require approval to activate (True/False)","Name":"ApprovaltoActivate","Option":"Write"},{"CIMType":"String[]","Description":"Approver User UPN and/or Group Displayname","Name":"ActivateApprover","Option":"Write"},{"CIMType":"Boolean","Description":"Allow permanent eligible assignment (True/False)","Name":"PermanentEligibleAssignmentisExpirationRequired","Option":"Write"},{"CIMType":"String","Description":"Expire eligible assignments after (Days)","Name":"ExpireEligibleAssignment","Option":"Write"},{"CIMType":"Boolean","Description":"Allow permanent active assignment (True/False)","Name":"PermanentActiveAssignmentisExpirationRequired","Option":"Write"},{"CIMType":"String","Description":"Expire active assignments after (Days)","Name":"ExpireActiveAssignment","Option":"Write"},{"CIMType":"Boolean","Description":"Require Azure Multi-Factor Authentication on active assignment (True/False)","Name":"AssignmentReqMFA","Option":"Write"},{"CIMType":"Boolean","Description":"Require justification on active assignment (True/False)","Name":"AssignmentReqJustification","Option":"Write"},{"CIMType":"Boolean","Description":"Require Azure Multi-Factor Authentication on eligible assignment (True/False)","Name":"ElegibilityAssignmentReqMFA","Option":"Write"},{"CIMType":"Boolean","Description":"Require justification on eligible assignment (True/False)","Name":"ElegibilityAssignmentReqJustification","Option":"Write"},{"CIMType":"Boolean","Description":"Send notifications when members are assigned as eligible to this group: Group assignment alert, default recipient (True/False)","Name":"EligibleAlertNotificationDefaultRecipient","Option":"Write"},{"CIMType":"String[]","Description":"Send notifications when members are assigned as eligible to this group: Group assignment alert, additional recipient (UPN)","Name":"EligibleAlertNotificationAdditionalRecipient","Option":"Write"},{"CIMType":"Boolean","Description":"Send notifications when members are assigned as eligible to this group: Group assignment alert, only critical Email (True/False)","Name":"EligibleAlertNotificationOnlyCritical","Option":"Write"},{"CIMType":"Boolean","Description":"Send notifications when members are assigned as eligible to this group: Notification to the assigned user (assignee), default recipient (True/False)","Name":"EligibleAssigneeNotificationDefaultRecipient","Option":"Write"},{"CIMType":"String[]","Description":"Send notifications when members are assigned as eligible to this group: Notification to the assigned user (assignee), additional recipient (UPN)","Name":"EligibleAssigneeNotificationAdditionalRecipient","Option":"Write"},{"CIMType":"Boolean","Description":"Send notifications when members are assigned as eligible to this group: Notification to the assigned user (assignee), only critical Email (True/False)","Name":"EligibleAssigneeNotificationOnlyCritical","Option":"Write"},{"CIMType":"Boolean","Description":"Send notifications when members are assigned as eligible to this group: Request to approve a group assignment renewal/extension, default recipient (True/False)","Name":"EligibleApproveNotificationDefaultRecipient","Option":"Write"},{"CIMType":"String[]","Description":"Send notifications when members are assigned as eligible to this group: Request to approve a group assignment renewal/extension, additional recipient (UPN)","Name":"EligibleApproveNotificationAdditionalRecipient","Option":"Write"},{"CIMType":"Boolean","Description":"Send notifications when members are assigned as eligible to this group: Request to approve a group assignment renewal/extension, only critical Email (True/False)","Name":"EligibleApproveNotificationOnlyCritical","Option":"Write"},{"CIMType":"Boolean","Description":"Send notifications when members are assigned as active to this group: Group assignment alert, default recipient (True/False)","Name":"ActiveAlertNotificationDefaultRecipient","Option":"Write"},{"CIMType":"String[]","Description":"Send notifications when members are assigned as active to this group: Group assignment alert, additional recipient (UPN)","Name":"ActiveAlertNotificationAdditionalRecipient","Option":"Write"},{"CIMType":"Boolean","Description":"Send notifications when members are assigned as active to this group: Group assignment alert, only critical Email (True/False)","Name":"ActiveAlertNotificationOnlyCritical","Option":"Write"},{"CIMType":"Boolean","Description":"Send notifications when members are assigned as active to this group: Notification to the assigned user (assignee), default recipient (True/False)","Name":"ActiveAssigneeNotificationDefaultRecipient","Option":"Write"},{"CIMType":"String[]","Description":"Send notifications when members are assigned as active to this group: Notification to the assigned user (assignee), additional recipient (UPN)","Name":"ActiveAssigneeNotificationAdditionalRecipient","Option":"Write"},{"CIMType":"Boolean","Description":"Send notifications when members are assigned as active to this group: Notification to the assigned user (assignee), only critical Email (True/False)","Name":"ActiveAssigneeNotificationOnlyCritical","Option":"Write"},{"CIMType":"Boolean","Description":"Send notifications when members are assigned as active to this group: Request to approve a group assignment renewal/extension, default recipient (True/False)","Name":"ActiveApproveNotificationDefaultRecipient","Option":"Write"},{"CIMType":"String[]","Description":"Send notifications when members are assigned as active to this group: Request to approve a group assignment renewal/extension, additional recipient (UPN)","Name":"ActiveApproveNotificationAdditionalRecipient","Option":"Write"},{"CIMType":"Boolean","Description":"Send notifications when members are assigned as active to this group: Request to approve a group assignment renewal/extension, only critical Email (True/False)","Name":"ActiveApproveNotificationOnlyCritical","Option":"Write"},{"CIMType":"Boolean","Description":"Send notifications when eligible members activate this group: Group assignment alert, default recipient (True/False)","Name":"EligibleAssignmentAlertNotificationDefaultRecipient","Option":"Write"},{"CIMType":"String[]","Description":"Send notifications when eligible members activate this group: Group assignment alert, additional recipient (UPN)","Name":"EligibleAssignmentAlertNotificationAdditionalRecipient","Option":"Write"},{"CIMType":"Boolean","Description":"Send notifications when eligible members activate this group: Group assignment alert, only critical Email (True/False)","Name":"EligibleAssignmentAlertNotificationOnlyCritical","Option":"Write"},{"CIMType":"Boolean","Description":"Send notifications when eligible members activate this group: Notification to activated user (requestor), default recipient (True/False)","Name":"EligibleAssignmentAssigneeNotificationDefaultRecipient","Option":"Write"},{"CIMType":"String[]","Description":"Send notifications when eligible members activate this group: Notification to activated user (requestor), additional recipient (UPN)","Name":"EligibleAssignmentAssigneeNotificationAdditionalRecipient","Option":"Write"},{"CIMType":"Boolean","Description":"Send notifications when eligible members activate this group: Notification to activated user (requestor), only critical Email (True/False)","Name":"EligibleAssignmentAssigneeNotificationOnlyCritical","Option":"Write"},{"CIMType":"Boolean","Description":"Authorization context is required (True/False)","Name":"AuthenticationContextRequired","Option":"Write"},{"CIMType":"String","Description":"Descriptive name of associated authorization context","Name":"AuthenticationContextName","Option":"Write"},{"CIMType":"String","Description":"Authorization context id","Name":"AuthenticationContextId","Option":"Write"},{"CIMType":"String","Description":"Specify if the Azure AD group setting should exist or not.","Name":"Ensure","Option":"Write","ValueMap":["Present"],"Values":["Present"]},{"CIMType":"MSFT_Credential","Description":"Credentials for the Microsoft Graph delegated permissions.","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory application to authenticate with.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures AAD PIM Group Settings."},{"ClassName":"MSFT_AADRemoteNetworkDeviceLinkbgpConfiguration","Parameters":[{"CIMType":"String","Description":"LocalIpAddress.","Name":"LocalIPAddress","Option":"Write"},{"CIMType":"String","Description":"PeerIpAddress.","Name":"PeerIPAddress","Option":"Write"},{"CIMType":"UInt32","Description":"Asn.","Name":"Asn","Option":"Write"}],"Description":"Use this resource to manage the Entra's Network Access Remote Networks, and related Device links."},{"ClassName":"MSFT_AADRemoteNetworkDeviceLinkRedundancyConfiguration","Parameters":[{"CIMType":"String","Description":"ZoneLocalIpAddress.","Name":"ZoneLocalIPAddress","Option":"Write"},{"CIMType":"String","Description":"RedundancyTier.","Name":"RedundancyTier","Option":"Write"}],"Description":"Use this resource to manage the Entra's Network Access Remote Networks, and related Device links."},{"ClassName":"MSFT_AADRemoteNetworkDeviceLinkTunnelConfiguration","Parameters":[{"CIMType":"String","Description":"PreSharedKey","Name":"PreSharedKey","Option":"Write"},{"CIMType":"String","Description":"ZoneRedundancyPreSharedKey","Name":"ZoneRedundancyPreSharedKey","Option":"Write"},{"CIMType":"UInt32","Description":"SaLifeTimeSeconds","Name":"SaLifeTimeSeconds","Option":"Write"},{"CIMType":"String","Description":"IpSecEncryption","Name":"IPSecEncryption","Option":"Write"},{"CIMType":"String","Description":"IpSecIntegrity","Name":"IPSecIntegrity","Option":"Write"},{"CIMType":"String","Description":"IkeEncryption","Name":"IKEEncryption","Option":"Write"},{"CIMType":"String","Description":"IkeIntegrity","Name":"IKEIntegrity","Option":"Write"},{"CIMType":"String","Description":"DhGroup","Name":"DHGroup","Option":"Write"},{"CIMType":"String","Description":"PfsGroup","Name":"PFSGroup","Option":"Write"},{"CIMType":"String","Description":"ODataType","Name":"ODataType","Option":"Write"}],"Description":"Use this resource to manage the Entra's Network Access Remote Networks, and related Device links."},{"ClassName":"MSFT_AADRemoteNetworkDeviceLink","Parameters":[{"CIMType":"String","Description":"Name of the Device Link","Name":"Name","Option":"Key"},{"CIMType":"String","Description":"IP Address","Name":"IPAddress","Option":"Write"},{"CIMType":"String","Description":"Bandwidth Capacity in Mbps","Name":"BandwidthCapacityInMbps","Option":"Write"},{"CIMType":"String","Description":"Device Vendor","Name":"DeviceVendor","Option":"Write"},{"CIMType":"MSFT_AADRemoteNetworkDeviceLinkbgpConfiguration","Description":"BgpConfiguration.","Name":"BgpConfiguration","Option":"Write"},{"CIMType":"MSFT_AADRemoteNetworkDeviceLinkRedundancyConfiguration","Description":"redundancyConfiguration.","Name":"RedundancyConfiguration","Option":"Write"},{"CIMType":"MSFT_AADRemoteNetworkDeviceLinkTunnelConfiguration","Description":"tunnelConfiguration","Name":"TunnelConfiguration","Option":"Write"}],"Description":"Use this resource to manage the Entra's Network Access Remote Networks, and related Device links."},{"ClassName":"MSFT_AADRemoteNetwork","Parameters":[{"CIMType":"String","Description":"Name of the remote network.","Name":"Name","Option":"Key"},{"CIMType":"String","Description":"Id of the remote network","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"Region","Name":"Region","Option":"Write"},{"CIMType":"String[]","Description":"List of the forwarding profile names associated to this remote network","Name":"ForwardingProfiles","Option":"Write"},{"CIMType":"MSFT_AADRemoteNetworkDeviceLink[]","Description":"Device Links associated to this remote network","Name":"DeviceLinks","Option":"Write"},{"CIMType":"string","Description":"Present ensures the instance exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Absent","Present"],"Values":["Absent","Present"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Use this resource to manage the Entra's Network Access Remote Networks, and related Device links."},{"ClassName":"MSFT_AADRoleAssignmentScheduleRequestScheduleRecurrenceRange","Parameters":[{"CIMType":"DATETIME","Description":"The date to stop applying the recurrence pattern. Depending on the recurrence pattern of the event, the last occurrence of the meeting may not be this date.","Name":"endDate","Option":"Required"},{"CIMType":"UInt32","Description":"The number of times to repeat the event. Required and must be positive if type is numbered.","Name":"numberOfOccurrences","Option":"Write"},{"CIMType":"String","Description":"Time zone for the startDate and endDate properties.","Name":"recurrenceTimeZone","Option":"Write"},{"CIMType":"DATETIME","Description":"The date to start applying the recurrence pattern. The first occurrence of the meeting may be this date or later, depending on the recurrence pattern of the event. Must be the same value as the start property of the recurring event.","Name":"startDate","Option":"Required"},{"CIMType":"String","Description":"The recurrence range. The possible values are: endDate, noEnd, numbered.","Name":"type","Option":"Required","ValueMap":["endDate","noEnd","numbered"],"Values":["endDate","noEnd","numbered"]}],"Description":"This resource configures an Azure Active Directory Privilege Identity Management assignment.\n\n**Please note:** The difference between start and end times of assignments must be at least 5 minutes. Lower assignment times will result in an error.\nAlso, if you attempt to remove or update an assignment less than 5 minutes after the last modification, it will fail as well."},{"ClassName":"MSFT_AADRoleAssignmentScheduleRequestScheduleRecurrencePattern","Parameters":[{"CIMType":"UInt32","Description":"The day of the month on which the event occurs.","Name":"dayOfMonth","Option":"Write"},{"CIMType":"String[]","Description":"A collection of the days of the week on which the event occurs. The possible values are: sunday, monday, tuesday, wednesday, thursday, friday, saturday","Name":"daysOfWeek","Option":"Write","ValueMap":["sunday","monday","tuesday","wednesday","thursday","friday","saturday"],"Values":["sunday","monday","tuesday","wednesday","thursday","friday","saturday"]},{"CIMType":"String","Description":"The first day of the week.","Name":"firstDayOfWeek","Option":"Write","ValueMap":["sunday","monday","tuesday","wednesday","thursday","friday","saturday"],"Values":["sunday","monday","tuesday","wednesday","thursday","friday","saturday"]},{"CIMType":"String","Description":"Specifies on which instance of the allowed days specified in daysOfWeek the event occurs, counted from the first instance in the month. The possible values are: first, second, third, fourth, last.","Name":"index","Option":"Write","ValueMap":["first","second","third","fourth","last"],"Values":["first","second","third","fourth","last"]},{"CIMType":"UInt32","Description":"The number of units between occurrences, where units can be in days, weeks, months, or years, depending on the type.","Name":"interval","Option":"Write"},{"CIMType":"UInt32","Description":"The month in which the event occurs. This is a number from 1 to 12.","Name":"month","Option":"Write"},{"CIMType":"String","Description":"The recurrence pattern type: daily, weekly, absoluteMonthly, relativeMonthly, absoluteYearly, relativeYearly.","Name":"type","Option":"Write","ValueMap":["daily","weekly","absoluteMonthly","relativeMonthly","absoluteYearly","relativeYearly"],"Values":["daily","weekly","absoluteMonthly","relativeMonthly","absoluteYearly","relativeYearly"]}],"Description":"This resource configures an Azure Active Directory Privilege Identity Management assignment.\n\n**Please note:** The difference between start and end times of assignments must be at least 5 minutes. Lower assignment times will result in an error.\nAlso, if you attempt to remove or update an assignment less than 5 minutes after the last modification, it will fail as well."},{"ClassName":"MSFT_AADRoleAssignmentScheduleRequestScheduleRecurrence","Parameters":[{"CIMType":"MSFT_AADRoleAssignmentScheduleRequestScheduleRecurrencePattern","Description":"The frequency of an event.","Name":"pattern","Option":"Write"},{"CIMType":"MSFT_AADRoleAssignmentScheduleRequestScheduleRecurrenceRange","Description":"The duration of an event.","Name":"range","Option":"Write"}],"Description":"This resource configures an Azure Active Directory Privilege Identity Management assignment.\n\n**Please note:** The difference between start and end times of assignments must be at least 5 minutes. Lower assignment times will result in an error.\nAlso, if you attempt to remove or update an assignment less than 5 minutes after the last modification, it will fail as well."},{"ClassName":"MSFT_AADRoleAssignmentScheduleRequestScheduleExpiration","Parameters":[{"CIMType":"String","Description":"The requestor's desired duration of access represented in ISO 8601 format for durations. For example, PT3H refers to three hours. If specified in a request, endDateTime should not be present and the type property should be set to afterDuration.","Name":"duration","Option":"Write"},{"CIMType":"String","Description":"Timestamp of date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.","Name":"endDateTime","Option":"Write"},{"CIMType":"String","Description":"The requestor's desired expiration pattern type. The possible values are: notSpecified, noExpiration, afterDateTime, afterDuration.","Name":"type","Option":"Write","ValueMap":["notSpecified","noExpiration","afterDateTime","afterDuration"],"Values":["notSpecified","noExpiration","afterDateTime","afterDuration"]}],"Description":"This resource configures an Azure Active Directory Privilege Identity Management assignment.\n\n**Please note:** The difference between start and end times of assignments must be at least 5 minutes. Lower assignment times will result in an error.\nAlso, if you attempt to remove or update an assignment less than 5 minutes after the last modification, it will fail as well."},{"ClassName":"MSFT_AADRoleAssignmentScheduleRequestSchedule","Parameters":[{"CIMType":"MSFT_AADRoleAssignmentScheduleRequestScheduleExpiration","Description":"When the eligible or active assignment expires.","Name":"expiration","Option":"Write"},{"CIMType":"MSFT_AADRoleAssignmentScheduleRequestScheduleRecurrence","Description":"The frequency of the eligible or active assignment. This property is currently unsupported in PIM.","Name":"recurrence","Option":"Write"},{"CIMType":"String","Description":"When the eligible or active assignment becomes active.","Name":"startDateTime","Option":"Write"}],"Description":"This resource configures an Azure Active Directory Privilege Identity Management assignment.\n\n**Please note:** The difference between start and end times of assignments must be at least 5 minutes. Lower assignment times will result in an error.\nAlso, if you attempt to remove or update an assignment less than 5 minutes after the last modification, it will fail as well."},{"ClassName":"MSFT_AADRoleAssignmentScheduleRequestTicketInfo","Parameters":[{"CIMType":"String","Description":"The ticket number.","Name":"ticketNumber","Option":"Write"},{"CIMType":"String","Description":"The description of the ticket system.","Name":"ticketSystem","Option":"Write"}],"Description":"This resource configures an Azure Active Directory Privilege Identity Management assignment.\n\n**Please note:** The difference between start and end times of assignments must be at least 5 minutes. Lower assignment times will result in an error.\nAlso, if you attempt to remove or update an assignment less than 5 minutes after the last modification, it will fail as well."},{"ClassName":"MSFT_AADRoleAssignmentScheduleRequest","Parameters":[{"CIMType":"String","Description":"User Principal Name of the assignment request.","Name":"Principal","Option":"Key"},{"CIMType":"String","Description":"Role associated with the assignment request.","Name":"RoleDefinition","Option":"Key"},{"CIMType":"String","Description":"Represented the type of principal to assign the request to. Accepted values are: Group and User.","Name":"PrincipalType","Option":"Write","ValueMap":["Group","User","ServicePrincipal"],"Values":["Group","User","ServicePrincipal"]},{"CIMType":"String","Description":"Identifier of the directory object representing the scope of the role assignment. The scope of an role assignment determines the set of resources for which the principal has been granted access. Directory scopes are shared scopes stored in the directory that are understood by multiple applications. Use / for tenant-wide scope. Use appScopeId to limit the scope to an application only. Either directoryScopeId or appScopeId is required.","Name":"DirectoryScopeId","Option":"Key"},{"CIMType":"String","Description":"Identifier for the Role Assignment Schedule Request.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"Identifier of the app-specific scope when the role assignment is scoped to an app. The scope of a role assignment determines the set of resources for which the principal is eligible to access. App scopes are scopes that are defined and understood by this application only. Use / for tenant-wide app scopes. Use directoryScopeId to limit the scope to particular directory objects, for example, administrative units. Either directoryScopeId or appScopeId is required.","Name":"AppScopeId","Option":"Write"},{"CIMType":"String","Description":"This parameter is deprecated and will be removed in a future release. Represents the type of operation on the role assignment request.The possible values are: adminAssign, adminUpdate, adminRemove, selfActivate, selfDeactivate, adminExtend, adminRenew, selfExtend, selfRenew, unknownFutureValue.","Name":"Action","Option":"Write","ValueMap":["adminAssign","adminUpdate","adminRemove","selfActivate","selfDeactivate","adminExtend","adminRenew","selfExtend","selfRenew","unknownFutureValue"],"Values":["adminAssign","adminUpdate","adminRemove","selfActivate","selfDeactivate","adminExtend","adminRenew","selfExtend","selfRenew","unknownFutureValue"]},{"CIMType":"Boolean","Description":"This parameter is deprecated and will be removed in a future release. Determines whether the call is a validation or an actual call. Only set this property if you want to check whether an activation is subject to additional rules like MFA before actually submitting the request.","Name":"IsValidationOnly","Option":"Write"},{"CIMType":"String","Description":"A message provided by users and administrators when create they create the unifiedRoileAssignmentScheduleRequest object. Optional when action is adminRemove. Whether this property is required or optional is also dependent on the settings for the Azure AD role.","Name":"Justification","Option":"Write"},{"CIMType":"MSFT_AADRoleAssignmentScheduleRequestSchedule","Description":"The period of the role assignment. Optional when action is adminRemove. The period of assignment is dependent on the settings of the Azure AD role.","Name":"ScheduleInfo","Option":"Write"},{"CIMType":"MSFT_AADRoleAssignmentScheduleRequestTicketInfo","Description":"This parameter is deprecated and will be removed in a future release. Ticket details linked to the role assignment request including details of the ticket number and ticket system.","Name":"TicketInfo","Option":"Write"},{"CIMType":"string","Description":"Present ensures the instance exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Intune Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory application to authenticate with.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures an Azure Active Directory Privilege Identity Management assignment.\n\n**Please note:** The difference between start and end times of assignments must be at least 5 minutes. Lower assignment times will result in an error.\nAlso, if you attempt to remove or update an assignment less than 5 minutes after the last modification, it will fail as well."},{"ClassName":"MSFT_AADRoleDefinition","Parameters":[{"CIMType":"String","Description":"Specifies a display name for the role definition.","Name":"DisplayName","Option":"Key"},{"CIMType":"string","Description":"Specifies Id for the role definition.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"Specifies a description for the role definition.","Name":"Description","Option":"Write"},{"CIMType":"String[]","Description":"Specifies the resource scopes for the role definition.","Name":"ResourceScopes","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies whether the role definition is enabled.","Name":"IsEnabled","Option":"Required"},{"CIMType":"String[]","Description":"Specifies permissions for the role definition.","Name":"RolePermissions","Option":"Required"},{"CIMType":"String","Description":"Specifies template id for the role definition.","Name":"TemplateId","Option":"Write"},{"CIMType":"String","Description":"Specifies version for the role definition.","Name":"Version","Option":"Write"},{"CIMType":"String","Description":"Specify if the Azure AD Role definition should exist or not.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Azure AD Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory application to authenticate with.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures an Azure Active Directory role definition.\nTo configure custom roles you require an Azure AD Premium P1 license.\nThe account used to configure role definitions based on this resource needs either to be a\n\"Global Administrator\" or a \"Privileged role administrator\"."},{"ClassName":"MSFT_AADRoleEligibilityScheduleRequestScheduleRecurrenceRange","Parameters":[{"CIMType":"String","Description":"The date to stop applying the recurrence pattern. Depending on the recurrence pattern of the event, the last occurrence of the meeting may not be this date.","Name":"endDate","Option":"Required"},{"CIMType":"UInt32","Description":"The number of times to repeat the event. Required and must be positive if type is numbered.","Name":"numberOfOccurrences","Option":"Write"},{"CIMType":"String","Description":"Time zone for the startDate and endDate properties.","Name":"recurrenceTimeZone","Option":"Write"},{"CIMType":"String","Description":"The date to start applying the recurrence pattern. The first occurrence of the meeting may be this date or later, depending on the recurrence pattern of the event. Must be the same value as the start property of the recurring event.","Name":"startDate","Option":"Required"},{"CIMType":"String","Description":"The recurrence range. The possible values are: endDate, noEnd, numbered.","Name":"type","Option":"Required","ValueMap":["endDate","noEnd","numbered"],"Values":["endDate","noEnd","numbered"]}],"Description":"Represents a request for a role eligibility for a principal through PIM. The role eligibility can be permanently eligible without an expiry date or temporarily eligible with an expiry date.\n\n**Please note:** The difference between start and end times of assignments must be at least 5 minutes. Lower assignment times will result in an error.\nAlso, if you attempt to remove or update an assignment less than 5 minutes after the last modification, it will fail as well."},{"ClassName":"MSFT_AADRoleEligibilityScheduleRequestScheduleRecurrencePattern","Parameters":[{"CIMType":"UInt32","Description":"The day of the month on which the event occurs.","Name":"dayOfMonth","Option":"Write"},{"CIMType":"String[]","Description":"A collection of the days of the week on which the event occurs. The possible values are: sunday, monday, tuesday, wednesday, thursday, friday, saturday","Name":"daysOfWeek","Option":"Write","ValueMap":["sunday","monday","tuesday","wednesday","thursday","friday","saturday"],"Values":["sunday","monday","tuesday","wednesday","thursday","friday","saturday"]},{"CIMType":"String","Description":"The first day of the week.","Name":"firstDayOfWeek","Option":"Write","ValueMap":["sunday","monday","tuesday","wednesday","thursday","friday","saturday"],"Values":["sunday","monday","tuesday","wednesday","thursday","friday","saturday"]},{"CIMType":"String","Description":"Specifies on which instance of the allowed days specified in daysOfWeek the event occurs, counted from the first instance in the month. The possible values are: first, second, third, fourth, last.","Name":"index","Option":"Write","ValueMap":["first","second","third","fourth","last"],"Values":["first","second","third","fourth","last"]},{"CIMType":"UInt32","Description":"The number of units between occurrences, where units can be in days, weeks, months, or years, depending on the type.","Name":"interval","Option":"Write"},{"CIMType":"UInt32","Description":"The month in which the event occurs. This is a number from 1 to 12.","Name":"month","Option":"Write"},{"CIMType":"String","Description":"The recurrence pattern type: daily, weekly, absoluteMonthly, relativeMonthly, absoluteYearly, relativeYearly.","Name":"type","Option":"Write","ValueMap":["daily","weekly","absoluteMonthly","relativeMonthly","absoluteYearly","relativeYearly"],"Values":["daily","weekly","absoluteMonthly","relativeMonthly","absoluteYearly","relativeYearly"]}],"Description":"Represents a request for a role eligibility for a principal through PIM. The role eligibility can be permanently eligible without an expiry date or temporarily eligible with an expiry date.\n\n**Please note:** The difference between start and end times of assignments must be at least 5 minutes. Lower assignment times will result in an error.\nAlso, if you attempt to remove or update an assignment less than 5 minutes after the last modification, it will fail as well."},{"ClassName":"MSFT_AADRoleEligibilityScheduleRequestScheduleRecurrence","Parameters":[{"CIMType":"MSFT_AADRoleEligibilityScheduleRequestScheduleRecurrencePattern","Description":"The frequency of an event.","Name":"pattern","Option":"Write"},{"CIMType":"MSFT_AADRoleEligibilityScheduleRequestScheduleRecurrenceRange","Description":"The duration of an event.","Name":"range","Option":"Write"}],"Description":"Represents a request for a role eligibility for a principal through PIM. The role eligibility can be permanently eligible without an expiry date or temporarily eligible with an expiry date.\n\n**Please note:** The difference between start and end times of assignments must be at least 5 minutes. Lower assignment times will result in an error.\nAlso, if you attempt to remove or update an assignment less than 5 minutes after the last modification, it will fail as well."},{"ClassName":"MSFT_AADRoleEligibilityScheduleRequestScheduleExpiration","Parameters":[{"CIMType":"String","Description":"The requestor's desired duration of access represented in ISO 8601 format for durations. For example, PT3H refers to three hours. If specified in a request, endDateTime should not be present and the type property should be set to afterDuration.","Name":"duration","Option":"Write"},{"CIMType":"String","Description":"Timestamp of date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.","Name":"endDateTime","Option":"Write"},{"CIMType":"String","Description":"The requestor's desired expiration pattern type. The possible values are: notSpecified, noExpiration, afterDateTime, afterDuration.","Name":"type","Option":"Write","ValueMap":["notSpecified","noExpiration","afterDateTime","afterDuration"],"Values":["notSpecified","noExpiration","afterDateTime","afterDuration"]}],"Description":"Represents a request for a role eligibility for a principal through PIM. The role eligibility can be permanently eligible without an expiry date or temporarily eligible with an expiry date.\n\n**Please note:** The difference between start and end times of assignments must be at least 5 minutes. Lower assignment times will result in an error.\nAlso, if you attempt to remove or update an assignment less than 5 minutes after the last modification, it will fail as well."},{"ClassName":"MSFT_AADRoleEligibilityScheduleRequestSchedule","Parameters":[{"CIMType":"MSFT_AADRoleEligibilityScheduleRequestScheduleExpiration","Description":"When the eligible or active assignment expires.","Name":"expiration","Option":"Write"},{"CIMType":"MSFT_AADRoleEligibilityScheduleRequestScheduleRecurrence","Description":"The frequency of the eligible or active assignment. This property is currently unsupported in PIM.","Name":"recurrence","Option":"Write"},{"CIMType":"String","Description":"When the eligible or active assignment becomes active.","Name":"startDateTime","Option":"Write"}],"Description":"Represents a request for a role eligibility for a principal through PIM. The role eligibility can be permanently eligible without an expiry date or temporarily eligible with an expiry date.\n\n**Please note:** The difference between start and end times of assignments must be at least 5 minutes. Lower assignment times will result in an error.\nAlso, if you attempt to remove or update an assignment less than 5 minutes after the last modification, it will fail as well."},{"ClassName":"MSFT_AADRoleEligibilityScheduleRequest","Parameters":[{"CIMType":"String","Description":"User Principal Name of the eligibility request.","Name":"Principal","Option":"Key"},{"CIMType":"String","Description":"Role associated with the eligibility request.","Name":"RoleDefinition","Option":"Key"},{"CIMType":"String","Description":"Represented the type of principal to assign the request to. Accepted values are: Group and User.","Name":"PrincipalType","Option":"Write","ValueMap":["Group","User"],"Values":["Group","User"]},{"CIMType":"String","Description":"Identifier of the directory object representing the scope of the role eligibility. The scope of an role eligibility determines the set of resources for which the principal has been granted access. Directory scopes are shared scopes stored in the directory that are understood by multiple applications. Use / for tenant-wide scope. Use appScopeId to limit the scope to an application only. Either directoryScopeId or appScopeId is required.","Name":"DirectoryScopeId","Option":"Key"},{"CIMType":"String","Description":"Identifier for the Role Eligibility Schedule Request.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"Identifier of the app-specific scope when the role eligibility is scoped to an app. The scope of a role eligibility determines the set of resources for which the principal is eligible to access. App scopes are scopes that are defined and understood by this application only. Use / for tenant-wide app scopes. Use directoryScopeId to limit the scope to particular directory objects, for example, administrative units. Either directoryScopeId or appScopeId is required.","Name":"AppScopeId","Option":"Write"},{"CIMType":"String","Description":"This parameter is deprecated and will be removed in a future release. Represents the type of operation on the role eligibility request.The possible values are: adminAssign, adminUpdate, adminRemove, selfActivate, selfDeactivate, adminExtend, adminRenew, selfExtend, selfRenew, unknownFutureValue.","Name":"Action","Option":"Write","ValueMap":["adminAssign","adminUpdate","adminRemove","selfActivate","selfDeactivate","adminExtend","adminRenew","selfExtend","selfRenew","unknownFutureValue"],"Values":["adminAssign","adminUpdate","adminRemove","selfActivate","selfDeactivate","adminExtend","adminRenew","selfExtend","selfRenew","unknownFutureValue"]},{"CIMType":"Boolean","Description":"This parameter is deprecated and will be removed in a future release. Determines whether the call is a validation or an actual call. Only set this property if you want to check whether an activation is subject to additional rules like MFA before actually submitting the request.","Name":"IsValidationOnly","Option":"Write"},{"CIMType":"String","Description":"A message provided by users and administrators when create they create the unifiedRoleEligibilityScheduleRequest object. Optional when action is adminRemove. Whether this property is required or optional is also dependent on the settings for the Azure AD role.","Name":"Justification","Option":"Write"},{"CIMType":"MSFT_AADRoleEligibilityScheduleRequestSchedule","Description":"The period of the role eligibility. Optional when action is adminRemove. The period of eligibility is dependent on the settings of the Azure AD role.","Name":"ScheduleInfo","Option":"Write"},{"CIMType":"string","Description":"Present ensures the instance exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Intune Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory application to authenticate with.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Represents a request for a role eligibility for a principal through PIM. The role eligibility can be permanently eligible without an expiry date or temporarily eligible with an expiry date.\n\n**Please note:** The difference between start and end times of assignments must be at least 5 minutes. Lower assignment times will result in an error.\nAlso, if you attempt to remove or update an assignment less than 5 minutes after the last modification, it will fail as well."},{"ClassName":"MSFT_AADRoleManagementPolicyRule","Parameters":[{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Key"},{"CIMType":"String","Description":"Role display name.","Name":"RoleDisplayName","Option":"Key"},{"CIMType":"String","Description":"Rule Type.","Name":"RuleType","Option":"Write"},{"CIMType":"String","Description":"Policy Id.","Name":"PolicyId","Option":"Write"},{"CIMType":"MSFT_AADRoleManagementPolicyExpirationRule","Description":"Expiration Rule.","Name":"ExpirationRule","Option":"Write"},{"CIMType":"MSFT_AADRoleManagementPolicyNotificationRule","Description":"Notification Rule.","Name":"NotificationRule","Option":"Write"},{"CIMType":"MSFT_AADRoleManagementPolicyEnablementRule","Description":"Enablement Rule.","Name":"EnablementRule","Option":"Write"},{"CIMType":"MSFT_AADRoleManagementPolicyApprovalRule","Description":"Approval Rule.","Name":"ApprovalRule","Option":"Write"},{"CIMType":"MSFT_AADRoleManagementPolicyAuthenticationContextRule","Description":"Authentication Context Rule.","Name":"AuthenticationContextRule","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Azure AD Role Management Policy Rule"},{"ClassName":"MSFT_AADRoleSetting","Parameters":[{"CIMType":"String","Description":"RuleDefinition DisplayName","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"Specifies the RoleId.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"Activation maximum duration (hours).","Name":"ActivationMaxDuration","Option":"Write"},{"CIMType":"Boolean","Description":"Require justification on activation (True/False)","Name":"ActivationReqJustification","Option":"Write"},{"CIMType":"Boolean","Description":"Require ticket information on activation (True/False)","Name":"ActivationReqTicket","Option":"Write"},{"CIMType":"Boolean","Description":"Require MFA on activation (True/False)","Name":"ActivationReqMFA","Option":"Write"},{"CIMType":"Boolean","Description":"Require approval to activate (True/False)","Name":"ApprovaltoActivate","Option":"Write"},{"CIMType":"String[]","Description":"Approver User UPN and/or Group Displayname","Name":"ActivateApprover","Option":"Write"},{"CIMType":"Boolean","Description":"Allow permanent eligible assignment (True/False)","Name":"PermanentEligibleAssignmentisExpirationRequired","Option":"Write"},{"CIMType":"String","Description":"Expire eligible assignments after (Days)","Name":"ExpireEligibleAssignment","Option":"Write"},{"CIMType":"Boolean","Description":"Allow permanent active assignment (True/False)","Name":"PermanentActiveAssignmentisExpirationRequired","Option":"Write"},{"CIMType":"String","Description":"Expire active assignments after (Days)","Name":"ExpireActiveAssignment","Option":"Write"},{"CIMType":"Boolean","Description":"Require Azure Multi-Factor Authentication on active assignment (True/False)","Name":"AssignmentReqMFA","Option":"Write"},{"CIMType":"Boolean","Description":"Require justification on active assignment (True/False)","Name":"AssignmentReqJustification","Option":"Write"},{"CIMType":"Boolean","Description":"Require Azure Multi-Factor Authentication on eligible assignment (True/False)","Name":"ElegibilityAssignmentReqMFA","Option":"Write"},{"CIMType":"Boolean","Description":"Require justification on eligible assignment (True/False)","Name":"ElegibilityAssignmentReqJustification","Option":"Write"},{"CIMType":"Boolean","Description":"Send notifications when members are assigned as eligible to this role: Role assignment alert, default recipient (True/False)","Name":"EligibleAlertNotificationDefaultRecipient","Option":"Write"},{"CIMType":"String[]","Description":"Send notifications when members are assigned as eligible to this role: Role assignment alert, additional recipient (UPN)","Name":"EligibleAlertNotificationAdditionalRecipient","Option":"Write"},{"CIMType":"Boolean","Description":"Send notifications when members are assigned as eligible to this role: Role assignment alert, only critical Email (True/False)","Name":"EligibleAlertNotificationOnlyCritical","Option":"Write"},{"CIMType":"Boolean","Description":"Send notifications when members are assigned as eligible to this role: Notification to the assigned user (assignee), default recipient (True/False)","Name":"EligibleAssigneeNotificationDefaultRecipient","Option":"Write"},{"CIMType":"String[]","Description":"Send notifications when members are assigned as eligible to this role: Notification to the assigned user (assignee), additional recipient (UPN)","Name":"EligibleAssigneeNotificationAdditionalRecipient","Option":"Write"},{"CIMType":"Boolean","Description":"Send notifications when members are assigned as eligible to this role: Notification to the assigned user (assignee), only critical Email (True/False)","Name":"EligibleAssigneeNotificationOnlyCritical","Option":"Write"},{"CIMType":"Boolean","Description":"Send notifications when members are assigned as eligible to this role: Request to approve a role assignment renewal/extension, default recipient (True/False)","Name":"EligibleApproveNotificationDefaultRecipient","Option":"Write"},{"CIMType":"String[]","Description":"Send notifications when members are assigned as eligible to this role: Request to approve a role assignment renewal/extension, additional recipient (UPN)","Name":"EligibleApproveNotificationAdditionalRecipient","Option":"Write"},{"CIMType":"Boolean","Description":"Send notifications when members are assigned as eligible to this role: Request to approve a role assignment renewal/extension, only critical Email (True/False)","Name":"EligibleApproveNotificationOnlyCritical","Option":"Write"},{"CIMType":"Boolean","Description":"Send notifications when members are assigned as active to this role: Role assignment alert, default recipient (True/False)","Name":"ActiveAlertNotificationDefaultRecipient","Option":"Write"},{"CIMType":"String[]","Description":"Send notifications when members are assigned as active to this role: Role assignment alert, additional recipient (UPN)","Name":"ActiveAlertNotificationAdditionalRecipient","Option":"Write"},{"CIMType":"Boolean","Description":"Send notifications when members are assigned as active to this role: Role assignment alert, only critical Email (True/False)","Name":"ActiveAlertNotificationOnlyCritical","Option":"Write"},{"CIMType":"Boolean","Description":"Send notifications when members are assigned as active to this role: Notification to the assigned user (assignee), default recipient (True/False)","Name":"ActiveAssigneeNotificationDefaultRecipient","Option":"Write"},{"CIMType":"String[]","Description":"Send notifications when members are assigned as active to this role: Notification to the assigned user (assignee), additional recipient (UPN)","Name":"ActiveAssigneeNotificationAdditionalRecipient","Option":"Write"},{"CIMType":"Boolean","Description":"Send notifications when members are assigned as active to this role: Notification to the assigned user (assignee), only critical Email (True/False)","Name":"ActiveAssigneeNotificationOnlyCritical","Option":"Write"},{"CIMType":"Boolean","Description":"Send notifications when members are assigned as active to this role: Request to approve a role assignment renewal/extension, default recipient (True/False)","Name":"ActiveApproveNotificationDefaultRecipient","Option":"Write"},{"CIMType":"String[]","Description":"Send notifications when members are assigned as active to this role: Request to approve a role assignment renewal/extension, additional recipient (UPN)","Name":"ActiveApproveNotificationAdditionalRecipient","Option":"Write"},{"CIMType":"Boolean","Description":"Send notifications when members are assigned as active to this role: Request to approve a role assignment renewal/extension, only critical Email (True/False)","Name":"ActiveApproveNotificationOnlyCritical","Option":"Write"},{"CIMType":"Boolean","Description":"Send notifications when eligible members activate this role: Role assignment alert, default recipient (True/False)","Name":"EligibleAssignmentAlertNotificationDefaultRecipient","Option":"Write"},{"CIMType":"String[]","Description":"Send notifications when eligible members activate this role: Role assignment alert, additional recipient (UPN)","Name":"EligibleAssignmentAlertNotificationAdditionalRecipient","Option":"Write"},{"CIMType":"Boolean","Description":"Send notifications when eligible members activate this role: Role assignment alert, only critical Email (True/False)","Name":"EligibleAssignmentAlertNotificationOnlyCritical","Option":"Write"},{"CIMType":"Boolean","Description":"Send notifications when eligible members activate this role: Notification to activated user (requestor), default recipient (True/False)","Name":"EligibleAssignmentAssigneeNotificationDefaultRecipient","Option":"Write"},{"CIMType":"String[]","Description":"Send notifications when eligible members activate this role: Notification to activated user (requestor), additional recipient (UPN)","Name":"EligibleAssignmentAssigneeNotificationAdditionalRecipient","Option":"Write"},{"CIMType":"Boolean","Description":"Send notifications when eligible members activate this role: Notification to activated user (requestor), only critical Email (True/False)","Name":"EligibleAssignmentAssigneeNotificationOnlyCritical","Option":"Write"},{"CIMType":"Boolean","Description":"Authorization context is required (True/False)","Name":"AuthenticationContextRequired","Option":"Write"},{"CIMType":"String","Description":"Descriptive name of associated authorization context","Name":"AuthenticationContextName","Option":"Write"},{"CIMType":"String","Description":"Authorization context id","Name":"AuthenticationContextId","Option":"Write"},{"CIMType":"String","Description":"Specify if the Azure AD role setting should exist or not.","Name":"Ensure","Option":"Write","ValueMap":["Present"],"Values":["Present"]},{"CIMType":"MSFT_Credential","Description":"Credentials for the Microsoft Graph delegated permissions.","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory application to authenticate with.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures AAD Role Settings."},{"ClassName":"MSFT_AADSecurityDefaults","Parameters":[{"CIMType":"String","Description":"Only valid value is 'Yes'.","Name":"IsSingleInstance","Option":"Key","ValueMap":["Yes"],"Values":["Yes"]},{"CIMType":"String","Description":"Display name of the security defaults.","Name":"DisplayName","Option":"Write"},{"CIMType":"String","Description":"Description of the security defaults.","Name":"Description","Option":"Write"},{"CIMType":"Boolean","Description":"Represents whether or not security defaults are enabled.","Name":"IsEnabled","Option":"Write"},{"CIMType":"String","Description":"Specify if the Azure AD App should exist or not.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory application to authenticate with.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Credentials of the Azure AD Admin","Name":"Credential","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures the Security Defaults in Azure Active Directory."},{"ClassName":"MSFT_AADServicePrincipalRoleAssignment","Parameters":[{"CIMType":"String","Description":"Type of principal. Accepted values are User or Group","Name":"PrincipalType","Option":"Key","ValueMap":["Group","User"],"Values":["Group","User"]},{"CIMType":"String","Description":"Unique identity representing the principal.","Name":"Identity","Option":"Key"}],"Description":"This resource configures an Azure Active Directory ServicePrincipal."},{"ClassName":"MSFT_AADServicePrincipalDelegatedPermissionClassification","Parameters":[{"CIMType":"String","Description":"Classification of the delegated permission","Name":"Classification","Option":"Write","ValueMap":["low","medium","high"],"Values":["low","medium","high"]},{"CIMType":"String","Description":"Name of the permission","Name":"PermissionName","Option":"Key"}],"Description":"This resource configures an Azure Active Directory ServicePrincipal."},{"ClassName":"MSFT_AADServicePrincipalAttributeValue","Parameters":[{"CIMType":"String","Description":"Name of the Attribute","Name":"AttributeName","Option":"Key"},{"CIMType":"String[]","Description":"If the attribute has a string array value","Name":"StringArrayValue","Option":"Write"},{"CIMType":"UInt32[]","Description":"If the attribute has a int array value","Name":"IntArrayValue","Option":"Write"},{"CIMType":"String","Description":"If the attribute has a string value","Name":"StringValue","Option":"Write"},{"CIMType":"UInt32","Description":"If the attribute has a int value","Name":"IntValue","Option":"Write"},{"CIMType":"Boolean","Description":"If the attribute has a boolean value","Name":"BoolValue","Option":"Write"}],"Description":"This resource configures an Azure Active Directory ServicePrincipal."},{"ClassName":"MSFT_AADServicePrincipalAttributeSet","Parameters":[{"CIMType":"String","Description":"Attribute Set Name.","Name":"AttributeSetName","Option":"Key"},{"CIMType":"MSFT_AADServicePrincipalAttributeValue[]","Description":"List of attribute values.","Name":"AttributeValues","Option":"Write"}],"Description":"This resource configures an Azure Active Directory ServicePrincipal."},{"ClassName":"MSFT_AADServicePrincipal","Parameters":[{"CIMType":"String","Description":"The unique identifier for the associated application.","Name":"AppId","Option":"Key"},{"CIMType":"MSFT_AADServicePrincipalRoleAssignment[]","Description":"App role assignments for this app or service, granted to users, groups, and other service principals.","Name":"AppRoleAssignedTo","Option":"Write"},{"CIMType":"String","Description":"The ObjectID of the ServicePrincipal","Name":"ObjectID","Option":"Write"},{"CIMType":"String","Description":"Displayname of the ServicePrincipal.","Name":"DisplayName","Option":"Write"},{"CIMType":"String[]","Description":"The alternative names for this service principal","Name":"AlternativeNames","Option":"Write"},{"CIMType":"Boolean","Description":"True if the service principal account is enabled; otherwise, false.","Name":"AccountEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether an application role assignment is required.","Name":"AppRoleAssignmentRequired","Option":"Write"},{"CIMType":"String","Description":"Specifies the error URL of the ServicePrincipal.","Name":"ErrorUrl","Option":"Write"},{"CIMType":"String","Description":"Specifies the homepage of the ServicePrincipal.","Name":"Homepage","Option":"Write"},{"CIMType":"String","Description":"Specifies the LogoutURL of the ServicePrincipal.","Name":"LogoutUrl","Option":"Write"},{"CIMType":"String","Description":"Notes associated with the ServicePrincipal.","Name":"Notes","Option":"Write"},{"CIMType":"String","Description":"Specifies the PublisherName of the ServicePrincipal.","Name":"PublisherName","Option":"Write"},{"CIMType":"String[]","Description":"List of the owners of the service principal.","Name":"Owners","Option":"Write"},{"CIMType":"String","Description":"Specifies the signle sign-on mode configured for this application.","Name":"PreferredSingleSignOnMode","Option":"Write"},{"CIMType":"String[]","Description":"The URLs that user tokens are sent to for sign in with the associated application, or the redirect URIs that OAuth 2.0 authorization codes and access tokens are sent to for the associated application.","Name":"ReplyUrls","Option":"Write"},{"CIMType":"String","Description":"The URL for the SAML metadata of the ServicePrincipal.","Name":"SamlMetadataUrl","Option":"Write"},{"CIMType":"String[]","Description":"Specifies an array of service principal names. Based on the identifierURIs collection, plus the application's appId property, these URIs are used to reference an application's service principal.","Name":"ServicePrincipalNames","Option":"Write"},{"CIMType":"String","Description":"The type of the service principal.","Name":"ServicePrincipalType","Option":"Write"},{"CIMType":"String[]","Description":"Tags linked to this service principal.Note that if you intend for this service principal to show up in the All Applications list in the admin portal, you need to set this value to {WindowsAzureActiveDirectoryIntegratedApp}","Name":"Tags","Option":"Write"},{"CIMType":"MSFT_AADServicePrincipalDelegatedPermissionClassification[]","Description":"The permission classifications for delegated permissions exposed by the app that this service principal represents.","Name":"DelegatedPermissionClassifications","Option":"Write"},{"CIMType":"MSFT_AADServicePrincipalAttributeSet[]","Description":"The list of custom security attributes attached to this SPN","Name":"CustomSecurityAttributes","Option":"Write"},{"CIMType":"String","Description":"Specify if the Azure AD App should exist or not.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory application to authenticate with.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Credentials of the Azure AD Admin","Name":"Credential","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphpasswordCredential[]","Description":"The collection of password credentials associated with the service principal. Not nullable.","Name":"PasswordCredentials","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphkeyCredential[]","Description":"The collection of key credentials associated with the service principal. Not nullable. Supports $filter (eq, NOT, ge, le).","Name":"KeyCredentials","Option":"Write"}],"Description":"This resource configures an Azure Active Directory ServicePrincipal."},{"ClassName":"MSFT_AADSocialIdentityProvider","Parameters":[{"CIMType":"String","Description":"The client identifier for the application obtained when registering the application with the identity provider.","Name":"ClientId","Option":"Key"},{"CIMType":"String","Description":"The client secret for the application that is obtained when the application is registered with the identity provider. This is write-only. A read operation returns ****.","Name":"ClientSecret","Option":"Write"},{"CIMType":"String","Description":"The display name of the identity provider.","Name":"DisplayName","Option":"Write"},{"CIMType":"String","Description":"For a B2B scenario, possible values: Google, Facebook. For a B2C scenario, possible values: Microsoft, Google, Amazon, LinkedIn, Facebook, GitHub, Twitter, Weibo, QQ, WeChat.","Name":"IdentityProviderType","Option":"Write","ValueMap":["AADSignup","EmailOTP","Microsoft","MicrosoftAccount","Google","Amazon","LinkedIn","Facebook","GitHub","Twitter","Weibo","QQ","WeChat"],"Values":["AADSignup","EmailOTP","Microsoft","MicrosoftAccount","Google","Amazon","LinkedIn","Facebook","GitHub","Twitter","Weibo","QQ","WeChat"]},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Represents identity providers with External Identities for both Microsoft Entra ID and Azure AD B2C tenants. For Microsoft Entra B2B scenarios in a Microsoft Entra tenant, the identity provider type can be Google or Facebook."},{"ClassName":"MSFT_AADTenantAppManagementPolicyRestrictionsCredential","Parameters":[{"CIMType":"string[]","Description":"Collection of GUIDs of certificateBasedApplicationConfiguration objects that represent trusted certificate authorities. Used when restrictionType is set to trustedCertificateAuthority for keyCredentials.","Name":"CertificateBasedApplicationConfigurationIds","Option":"Write"},{"CIMType":"string","Description":"String value that indicates the maximum lifetime for password expiration, defined as an ISO 8601 duration. For example, P4DT12H30M5S represents four days, 12 hours, 30 minutes, and five seconds. This property is required when restrictionType is set to passwordLifetime.","Name":"MaxLifetime","Option":"Write"},{"CIMType":"string","Description":"Specifies the date from which the policy restriction applies to newly created applications. For existing applications, the enforcement date can be retroactively applied.","Name":"RestrictForAppsCreatedAfterDateTime","Option":"Write"},{"CIMType":"string","Description":"The type of restriction being applied. The possible values are: passwordAddition, passwordLifetime, symmetricKeyAddition, symmetricKeyLifetime, customPasswordAddition, asymmetricKeyLifetime, trustedCertificateAuthority, and unknownFutureValue. Each value of restrictionType can be used only once per policy.","Name":"RestrictionType","Option":"Key"},{"CIMType":"string","Description":"Indicates whether the restriction is evaluated. The possible values are: enabled, disabled, unknownFutureValue. If enabled, the restriction is evaluated. If disabled, the restriction isn't evaluated or enforced.","Name":"State","Option":"Write"}],"Description":"Tenant-wide application authentication method policy to enforce app management restrictions for all applications and service principals."},{"ClassName":"MSFT_AADTenantAppManagementPolicyRestrictions","Parameters":[{"CIMType":"MSFT_AADTenantAppManagementPolicyRestrictionsCredential[]","Description":"Collection of keyCredential restrictions settings to be applied to an application or service principal.","Name":"KeyCredentials","Option":"Write"},{"CIMType":"MSFT_AADTenantAppManagementPolicyRestrictionsCredential[]","Description":"Collection of password restrictions settings to be applied to an application or service principal.","Name":"PasswordCredentials","Option":"Write"}],"Description":"Tenant-wide application authentication method policy to enforce app management restrictions for all applications and service principals."},{"ClassName":"MSFT_AADTenantAppManagementPolicy","Parameters":[{"CIMType":"String","Description":"The display name of the policy.","Name":"DisplayName","Option":"Write"},{"CIMType":"String","Description":"Only valid value is 'Yes'.","Name":"IsSingleInstance","Option":"Key","ValueMap":["Yes"],"Values":["Yes"]},{"CIMType":"String","Description":"The description of the policy.","Name":"Description","Option":"Write"},{"CIMType":"Boolean","Description":"Denotes whether the policy is enabled.","Name":"IsEnabled","Option":"Write"},{"CIMType":"MSFT_AADTenantAppManagementPolicyRestrictions","Description":"Restrictions that apply to an application  object.","Name":"ApplicationRestrictions","Option":"Write"},{"CIMType":"MSFT_AADTenantAppManagementPolicyRestrictions","Description":"Restrictions that apply to a service principal  object.","Name":"ServicePrincipalRestrictions","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Tenant-wide application authentication method policy to enforce app management restrictions for all applications and service principals."},{"ClassName":"MSFT_AADTenantDetails","Parameters":[{"CIMType":"String","Description":"Only valid value is 'Yes'.","Name":"IsSingleInstance","Option":"Key","ValueMap":["Yes"],"Values":["Yes"]},{"CIMType":"String[]","Description":"Email-addresses from the people who should receive Marketing Notifications","Name":"MarketingNotificationEmails","Option":"Write"},{"CIMType":"String[]","Description":"Email-addresses from the people who should receive Security Compliance Notifications","Name":"SecurityComplianceNotificationMails","Option":"Write"},{"CIMType":"String[]","Description":"Phone Numbers from the people who should receive Security Notifications","Name":"SecurityComplianceNotificationPhones","Option":"Write"},{"CIMType":"String[]","Description":"Email-addresses from the people who should receive Technical Notifications","Name":"TechnicalNotificationMails","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Credentials of the Azure Active Directory Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory application to authenticate with.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures the Azure AD Tenant Details"},{"ClassName":"MSFT_AADTokenIssuancePolicy","Parameters":[{"CIMType":"String","Description":"Display name for this policy. Required.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"Unique identifier for this policy. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"Boolean","Description":"The token-issuance policy can only be applied to service principals and can't be set globally for the organization.","Name":"IsOrganizationDefault","Option":"Write"},{"CIMType":"String","Description":"Description for this policy.","Name":"Description","Option":"Write"},{"CIMType":"String[]","Description":"A string collection containing a JSON string that defines the rules and settings for this policy. See below for more details about the JSON schema for this property. Required.","Name":"Definition","Option":"Write"},{"CIMType":"string","Description":"Present ensures the instance exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Absent","Present"],"Values":["Absent","Present"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Represents the policy to specify the characteristics of SAML tokens issued by Microsoft Entra ID."},{"ClassName":"MSFT_AADTokenLifetimePolicy","Parameters":[{"CIMType":"string","Description":"DisplayName of the Policy","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"ObjectID of the Policy.","Name":"Id","Option":"Write"},{"CIMType":"string","Description":"Description of the Policy.","Name":"Description","Option":"Write"},{"CIMType":"String[]","Description":"Definition of the Policy.","Name":"Definition","Option":"Write"},{"CIMType":"Boolean","Description":"IsOrganizationDefault of the Policy.","Name":"IsOrganizationDefault","Option":"Write"},{"CIMType":"String","Description":"Specify if the Azure AD Policy should exist or not.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials for the Microsoft Graph delegated permissions.","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory application to authenticate with.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures the Azure AD Token Lifetime Policies"},{"ClassName":"MSFT_AADUser","Parameters":[{"CIMType":"String","Description":"The login name of the user","Name":"UserPrincipalName","Option":"Key"},{"CIMType":"Boolean","Description":"Specifies whether the user account is enabled or not. Required when a user is created.","Name":"AccountEnabled","Option":"Write"},{"CIMType":"String","Description":"The display name for the user","Name":"DisplayName","Option":"Write"},{"CIMType":"String","Description":"The first name of the user","Name":"FirstName","Option":"Write"},{"CIMType":"String","Description":"The last name of the user","Name":"LastName","Option":"Write"},{"CIMType":"String[]","Description":"The list of Azure Active Directory roles assigned to the user.","Name":"Roles","Option":"Write"},{"CIMType":"String","Description":"The country code the user will be assigned to","Name":"UsageLocation","Option":"Write"},{"CIMType":"String[]","Description":"The account SKU Id for the license to be assigned to the user","Name":"LicenseAssignment","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"The password for the account. The parameter is a PSCredential object, but only the Password component will be used. If Password is not supplied for a new resource a new random password will be generated. Property will only be used when creating the user and not on subsequent updates.","Name":"Password","Option":"Write"},{"CIMType":"String","Description":"The City name of the user","Name":"City","Option":"Write"},{"CIMType":"String","Description":"The Country name of the user","Name":"Country","Option":"Write"},{"CIMType":"String","Description":"The Department name of the user","Name":"Department","Option":"Write"},{"CIMType":"String","Description":"The Fax Number of the user","Name":"Fax","Option":"Write"},{"CIMType":"String[]","Description":"The Groups that the user is a direct member of","Name":"MemberOf","Option":"Write"},{"CIMType":"String","Description":"The Mobile Phone Number of the user","Name":"MobilePhone","Option":"Write"},{"CIMType":"String","Description":"The Office Name of the user","Name":"Office","Option":"Write"},{"CIMType":"String","Description":"The mail address of the user","Name":"Mail","Option":"Write"},{"CIMType":"String[]","Description":"The other mails assigned to the user","Name":"OtherMails","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies whether the user password expires periodically. Default value is false","Name":"PasswordNeverExpires","Option":"Write"},{"CIMType":"String","Description":"Specifies password policies for the user.","Name":"PasswordPolicies","Option":"Write"},{"CIMType":"String","Description":"The Phone Number of the user","Name":"PhoneNumber","Option":"Write"},{"CIMType":"String","Description":"The Postal Code of the user","Name":"PostalCode","Option":"Write"},{"CIMType":"String","Description":"The Preferred Language of the user","Name":"PreferredLanguage","Option":"Write"},{"CIMType":"String","Description":"Specifies the state or province where the user is located","Name":"State","Option":"Write"},{"CIMType":"String","Description":"Specifies the street address of the user","Name":"StreetAddress","Option":"Write"},{"CIMType":"String","Description":"Specifies the title of the user","Name":"Title","Option":"Write"},{"CIMType":"String","Description":"Specifies the title of the user","Name":"UserType","Option":"Write","ValueMap":["Guest","Member","Other","Viral"],"Values":["Guest","Member","Other","Viral"]},{"CIMType":"String","Description":"Present ensures the user exists, absent ensures it is removed","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Name of the Azure Active Directory tenant used for authentication. Format contoso.onmicrosoft.com","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory application used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource allows users to create Azure AD Users and assign them licenses, roles and/or groups.\n\nIf using with AADGroup, be aware that if AADUser->MemberOf is being specified and the referenced group is configured with AADGroup->Member then a conflict may arise if the two don't match. It is usually best to choose only one of them. See AADGroup"},{"ClassName":"MSFT_AADUserFlowAttribute","Parameters":[{"CIMType":"String","Description":"User flow attribute Id.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"Display name of the user flow attribute.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"Description of the user flow attribute.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Defines the user flow attribute data type.","Name":"DataType","Option":"Write"},{"CIMType":"String","Description":"Specify if the Azure AD role setting should exist or not.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials for the Microsoft Graph delegated permissions.","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory application to authenticate with.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configure User flow attributes which are custom attributes that you can define and use in your user flows, which are predefined, configurable policies that control the user experience during sign-up, sign-in, and profile editing processes."},{"ClassName":"MSFT_AADVerifiedIdAuthorityKeyVaultMetadata","Parameters":[{"CIMType":"String","Description":"Subscription ID of the Key Vault.","Name":"SubscriptionId","Option":"Write"},{"CIMType":"String","Description":"Resource group of the Key Vault.","Name":"ResourceGroup","Option":"Write"},{"CIMType":"String","Description":"Resource name of the Key Vault.","Name":"ResourceName","Option":"Write"},{"CIMType":"String","Description":"Resource URL of the Key Vault.","Name":"ResourceUrl","Option":"Write"}],"Description":"Azure AD Verified Identity Authority\n\nUse the VerifiableCredential.Authority.ReadWrite permission to read and write the authority.\n\nDocumentation Link: <https://learn.microsoft.com/en-us/entra/verified-id/admin-api#authorities/>"},{"ClassName":"MSFT_AADVerifiedIdAuthority","Parameters":[{"CIMType":"String","Description":"Name of the Verified ID Authority.","Name":"Name","Option":"Write"},{"CIMType":"String","Description":"Id of the Verified ID Authority.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"URL of the linked domain.","Name":"LinkedDomainUrl","Option":"Key"},{"CIMType":"String","Description":"DID method used by the Verified ID Authority.","Name":"DidMethod","Option":"Write"},{"CIMType":"MSFT_AADVerifiedIdAuthorityKeyVaultMetadata","Description":"Key Vault metadata for the Verified ID Authority.","Name":"KeyVaultMetadata","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Azure AD Verified Identity Authority\n\nUse the VerifiableCredential.Authority.ReadWrite permission to read and write the authority.\n\nDocumentation Link: <https://learn.microsoft.com/en-us/entra/verified-id/admin-api#authorities/>"},{"ClassName":"MSFT_AADVerifiedIdAuthorityContractDisplayCredentialLogo","Parameters":[{"CIMType":"String","Description":"URI of the logo. If this is a URL, it must be reachable over the public internet anonymously.","Name":"uri","Option":"Write"},{"CIMType":"String","Description":"Description of the logo.","Name":"description","Option":"Write"}],"Description":"Azure AD Verified Identity Authority Contract\nUse the VerifiableCredential.Contract.ReadWrite permission to read and write the authority contract.\nDocumentation Link: <https://learn.microsoft.com/en-us/entra/verified-id/admin-api#contracts/>"},{"ClassName":"MSFT_AADVerifiedIdAuthorityContractDisplayCard","Parameters":[{"CIMType":"String","Description":"Title of the credential.","Name":"title","Option":"Write"},{"CIMType":"String","Description":"The name of the issuer of the credential.","Name":"issuedBy","Option":"Write"},{"CIMType":"String","Description":"Background color of the credential in hex, for example, #FFAABB.","Name":"backgroundColor","Option":"Write"},{"CIMType":"String","Description":"Text color of the credential in hex, for example, #FFAABB.","Name":"textColor","Option":"Write"},{"CIMType":"String","Description":"Supplemental text displayed alongside each credential.","Name":"description","Option":"Write"}],"Description":"Azure AD Verified Identity Authority Contract\nUse the VerifiableCredential.Contract.ReadWrite permission to read and write the authority contract.\nDocumentation Link: <https://learn.microsoft.com/en-us/entra/verified-id/admin-api#contracts/>"},{"ClassName":"MSFT_AADVerifiedIdAuthorityContractDisplayConsent","Parameters":[{"CIMType":"String","Description":"Title of the consent.","Name":"title","Option":"Write"},{"CIMType":"String","Description":"Supplemental text to use when displaying consent.","Name":"instructions","Option":"Write"}],"Description":"Azure AD Verified Identity Authority Contract\nUse the VerifiableCredential.Contract.ReadWrite permission to read and write the authority contract.\nDocumentation Link: <https://learn.microsoft.com/en-us/entra/verified-id/admin-api#contracts/>"},{"ClassName":"MSFT_AADVerifiedIdAuthorityContractDisplayClaims","Parameters":[{"CIMType":"String","Description":"The label of the claim in display.","Name":"label","Option":"Write"},{"CIMType":"String","Description":"The name of the claim to which the label applies.","Name":"claim","Option":"Write"},{"CIMType":"String","Description":"The type of the claim.","Name":"type","Option":"Write"},{"CIMType":"String","Description":"The description of the claim.","Name":"description","Option":"Write"}],"Description":"Azure AD Verified Identity Authority Contract\nUse the VerifiableCredential.Contract.ReadWrite permission to read and write the authority contract.\nDocumentation Link: <https://learn.microsoft.com/en-us/entra/verified-id/admin-api#contracts/>"},{"ClassName":"MSFT_AADVerifiedIdAuthorityContractDisplayModel","Parameters":[{"CIMType":"String","Description":"The locale of this display.","Name":"locale","Option":"Write"}],"Description":"Azure AD Verified Identity Authority Contract\nUse the VerifiableCredential.Contract.ReadWrite permission to read and write the authority contract.\nDocumentation Link: <https://learn.microsoft.com/en-us/entra/verified-id/admin-api#contracts/>"},{"ClassName":"MSFT_AADVerifiedIdAuthorityContractClaimMapping","Parameters":[{"CIMType":"String","Description":"The name of the claim to use from the input.","Name":"inputClaim","Option":"Write"},{"CIMType":"String","Description":"The name of the claim in the verifiable credential.","Name":"outputClaim","Option":"Write"},{"CIMType":"Boolean","Description":"Indicating whether the value of this claim is used for searching.","Name":"indexed","Option":"Write"},{"CIMType":"Boolean","Description":"Indicating whether this mapping is required or not.","Name":"required","Option":"Write"},{"CIMType":"String","Description":"Type of claim.","Name":"type","Option":"Write"}],"Description":"Azure AD Verified Identity Authority Contract\nUse the VerifiableCredential.Contract.ReadWrite permission to read and write the authority contract.\nDocumentation Link: <https://learn.microsoft.com/en-us/entra/verified-id/admin-api#contracts/>"},{"ClassName":"MSFT_AADVerifiedIdAuthorityContractAttestationValues","Parameters":[{"CIMType":"Boolean","Description":"Indicating whether this attestation is required or not.","Name":"required","Option":"Write"},{"CIMType":"String[]","Description":"A list of DIDs allowed to issue the verifiable credential for this contract.","Name":"trustedIssuers","Option":"Write"},{"CIMType":"String","Description":"Required credential type of the input.","Name":"credentialType","Option":"Write"},{"CIMType":"String","Description":"Location of the identity provider's configuration document.","Name":"configuration","Option":"Write"},{"CIMType":"String","Description":"Client ID to use when obtaining the ID token.","Name":"clientId","Option":"Write"},{"CIMType":"String","Description":"Redirect URI to use when obtaining the ID token. MUST BE vcclient://openid/","Name":"redirectUri","Option":"Write"},{"CIMType":"String","Description":"Space delimited list of scopes to use when obtaining the ID token.","Name":"scopeValue","Option":"Write"}],"Description":"Azure AD Verified Identity Authority Contract\nUse the VerifiableCredential.Contract.ReadWrite permission to read and write the authority contract.\nDocumentation Link: <https://learn.microsoft.com/en-us/entra/verified-id/admin-api#contracts/>"},{"ClassName":"MSFT_AADVerifiedIdAuthorityContractAttestations","Parameters":[],"Description":"Azure AD Verified Identity Authority Contract\nUse the VerifiableCredential.Contract.ReadWrite permission to read and write the authority contract.\nDocumentation Link: <https://learn.microsoft.com/en-us/entra/verified-id/admin-api#contracts/>"},{"ClassName":"MSFT_AADVerifiedIdAuthorityContractCustomStatusEndpoint","Parameters":[{"CIMType":"String","Description":"The URL of the custom status endpoint.","Name":"url","Option":"Write"},{"CIMType":"String","Description":"The type of the endpoint.","Name":"type","Option":"Write"}],"Description":"Azure AD Verified Identity Authority Contract\nUse the VerifiableCredential.Contract.ReadWrite permission to read and write the authority contract.\nDocumentation Link: <https://learn.microsoft.com/en-us/entra/verified-id/admin-api#contracts/>"},{"ClassName":"MSFT_AADVerifiedIdAuthorityContractVcType","Parameters":[{"CIMType":"String[]","Description":"The type of the vc.","Name":"type","Option":"Write"}],"Description":"Azure AD Verified Identity Authority Contract\nUse the VerifiableCredential.Contract.ReadWrite permission to read and write the authority contract.\nDocumentation Link: <https://learn.microsoft.com/en-us/entra/verified-id/admin-api#contracts/>"},{"ClassName":"MSFT_AADVerifiedIdAuthorityContractRulesModel","Parameters":[{"CIMType":"UInt32","Description":"This value shows the lifespan of the credential.","Name":"validityInterval","Option":"Write"}],"Description":"Azure AD Verified Identity Authority Contract\nUse the VerifiableCredential.Contract.ReadWrite permission to read and write the authority contract.\nDocumentation Link: <https://learn.microsoft.com/en-us/entra/verified-id/admin-api#contracts/>"},{"ClassName":"MSFT_AADVerifiedIdAuthorityContract","Parameters":[{"CIMType":"String","Description":"Id of the Verified ID Authority Contract.","Name":"id","Option":"Write"},{"CIMType":"String","Description":"URL of the linked domain of the authority.","Name":"linkedDomainUrl","Option":"Key"},{"CIMType":"String","Description":"Id of the Verified ID Authority.","Name":"authorityId","Option":"Write"},{"CIMType":"String","Description":"Name of the Verified ID Authority Contract.","Name":"name","Option":"Key"},{"CIMType":"MSFT_AADVerifiedIdAuthorityContractDisplayModel[]","Description":"Display settings of the Authority Contract.","Name":"displays","Option":"Write"},{"CIMType":"MSFT_AADVerifiedIdAuthorityContractRulesModel","Description":"Rules settings of the Authority Contract.","Name":"rules","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Azure AD Verified Identity Authority Contract\nUse the VerifiableCredential.Contract.ReadWrite permission to read and write the authority contract.\nDocumentation Link: <https://learn.microsoft.com/en-us/entra/verified-id/admin-api#contracts/>"},{"ClassName":"MSFT_ADOOrganizationOwner","Parameters":[{"CIMType":"String","Description":"NAme of the Azure DevOPS Organization","Name":"OrganizationName","Option":"Key"},{"CIMType":"String","Description":"User principal of the organization's owner","Name":"Owner","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Configures the owner of an Azure DevOPS organization."},{"ClassName":"MSFT_ADOPermissionGroup","Parameters":[{"CIMType":"String","Description":"The name of the Azure DevOPS Organization.","Name":"OrganizationName","Option":"Key"},{"CIMType":"String","Description":"Principal name to identify the group.","Name":"PrincipalName","Option":"Key"},{"CIMType":"String","Description":"Display name for the group.","Name":"DisplayName","Option":"Write"},{"CIMType":"String","Description":"Description of the group.","Name":"Description","Option":"Write"},{"CIMType":"String[]","Description":"List of principal names of the members of the group.","Name":"Members","Option":"Write"},{"CIMType":"String","Description":"Unique identifier for the group.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"Unique descriptor for the group.","Name":"Descriptor","Option":"Write"},{"CIMType":"String","Description":"Determines at what level in the hierarchy the group exists. Valid values are Project or Organization.","Name":"Level","Option":"Write","ValueMap":["Organization","Project"],"Values":["Organization","Project"]},{"CIMType":"string","Description":"Present ensures the instance exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Manages Azure DevOPS permission groups."},{"ClassName":"MSFT_ADOPermission","Parameters":[{"CIMType":"String","Description":"Id of the associate security namespace.","Name":"NamespaceId","Option":"Key"},{"CIMType":"String","Description":"Display name of the permission scope.","Name":"DisplayName","Option":"Key"},{"CIMType":"UInt32","Description":"Bit mask for the permission","Name":"Bit","Option":"Write"},{"CIMType":"String","Description":"Token value","Name":"Token","Option":"Key"}],"Description":"Manages permissions in Azure DevOPS."},{"ClassName":"MSFT_ADOPermissionGroupSettings","Parameters":[{"CIMType":"String","Description":"Name of the group.","Name":"GroupName","Option":"Key"},{"CIMType":"String","Description":"Name of the DevOPS Organization.","Name":"OrganizationName","Option":"Write"},{"CIMType":"String","Description":"Descriptor for the group.","Name":"Descriptor","Option":"Write"},{"CIMType":"MSFT_ADOPermission[]","Description":"Allow permissions.","Name":"AllowPermissions","Option":"Write"},{"CIMType":"MSFT_ADOPermission[]","Description":"Deny permissions","Name":"DenyPermissions","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Manages permissions in Azure DevOPS."},{"ClassName":"MSFT_ADOSecurityPolicy","Parameters":[{"CIMType":"String","Description":"The name of the Azure DevOPS Organization.","Name":"OrganizationName","Option":"Key"},{"CIMType":"Boolean","Description":"Controls the external guest access.","Name":"DisallowAadGuestUserAccess","Option":"Write"},{"CIMType":"Boolean","Description":"Controls the Third-party application access via OAuth.","Name":"DisallowOAuthAuthentication","Option":"Write"},{"CIMType":"Boolean","Description":"Controls SSH Authentication.","Name":"DisallowSecureShell","Option":"Write"},{"CIMType":"Boolean","Description":"Controls Log Audit Events.","Name":"LogAuditEvents","Option":"Write"},{"CIMType":"Boolean","Description":"Controls the Allow public projects setting.","Name":"AllowAnonymousAccess","Option":"Write"},{"CIMType":"Boolean","Description":"Controls the Additional protections when using public package registries setting.","Name":"ArtifactsExternalPackageProtectionToken","Option":"Write"},{"CIMType":"Boolean","Description":"Controls the Enable IP Conditional Access policy validation setting.","Name":"EnforceAADConditionalAccess","Option":"Write"},{"CIMType":"Boolean","Description":"Controls the Allow team and project administrators to invite new user setting.","Name":"AllowTeamAdminsInvitationsAccessToken","Option":"Write"},{"CIMType":"Boolean","Description":"Controls the Request access setting.","Name":"AllowRequestAccessToken","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Configures Azure DevOPS Security Policies."},{"ClassName":"MSFT_AzureBillingAccountPolicyEnterpriseAgreementPolicy","Parameters":[{"CIMType":"String","Description":"The policy that controls whether account owner can view charges.","Name":"accountOwnerViewCharges","Option":"Write"},{"CIMType":"String","Description":"The state showing the enrollment auth level.","Name":"authenticationType","Option":"Write"},{"CIMType":"String","Description":"The policy that controls whether department admin can view charges.","Name":"departmentAdminViewCharges","Option":"Write"}],"Description":"Configures policies settings for an Azure billing account."},{"ClassName":"MSFT_AzureBillingAccountPolicy","Parameters":[{"CIMType":"String","Description":"Unique identifier of the associated billing account.","Name":"BillingAccount","Option":"Key"},{"CIMType":"String","Description":"Name of the policy.","Name":"Name","Option":"Write"},{"CIMType":"MSFT_AzureBillingAccountPolicyEnterpriseAgreementPolicy","Description":"The policies for Enterprise Agreement enrollments.","Name":"EnterpriseAgreementPolicies","Option":"Write"},{"CIMType":"String","Description":"The policy that controls whether Azure marketplace purchases are allowed.","Name":"MarketplacePurchases","Option":"Write"},{"CIMType":"String","Description":"The policy that controls whether Azure reservation purchases are allowed.","Name":"ReservationPurchases","Option":"Write"},{"CIMType":"String","Description":"The policy that controls whether users with Azure savings plan purchase are allowed.","Name":"SavingsPlanPurchases","Option":"Write"},{"CIMType":"string","Description":"Present ensures the instance exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Absent","Present"],"Values":["Absent","Present"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Configures policies settings for an Azure billing account."},{"ClassName":"MSFT_AzureBillingAccountsAssociatedTenant","Parameters":[{"CIMType":"String","Description":"The ID that uniquely identifies a tenant.","Name":"AssociatedTenantId","Option":"Key"},{"CIMType":"String","Description":"The name of the associated tenant.","Name":"DisplayName","Option":"Write"},{"CIMType":"String","Description":"Name of the billing account.","Name":"BillingAccount","Option":"Write"},{"CIMType":"String","Description":"The state determines whether users from the associated tenant can be assigned roles for commerce activities like viewing and downloading invoices, managing payments, and making purchases.","Name":"BillingManagementState","Option":"Write"},{"CIMType":"String","Description":"The state determines whether subscriptions and licenses can be provisioned in the associated tenant. It can be set to 'Pending' to initiate a billing request.","Name":"ProvisioningManagementState","Option":"Write"},{"CIMType":"string","Description":"Present ensures the instance exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Absent","Present"],"Values":["Absent","Present"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Configures associated tenants to billing accounts in the Microsoft Admin Center."},{"ClassName":"MSFT_AzureBillingAccountScheduledActionNotification","Parameters":[{"CIMType":"String","Description":"Subject of the email. Length is limited to 70 characters.","Name":"subject","Option":"Write"},{"CIMType":"String","Description":"Optional message to be added in the email. Length is limited to 250 characters.","Name":"message","Option":"Write"},{"CIMType":"String[]","Description":"Array of email addresses.","Name":"to","Option":"Write"}],"Description":"Manages scheduled actions for Azure billing accounts."},{"ClassName":"MSFT_AzureBillingAccountScheduledActionSchedule","Parameters":[{"CIMType":"UInt32","Description":"UTC day on which cost analysis data will be emailed. Must be between 1 and 31. This property is applicable when frequency is Monthly and overrides weeksOfMonth or daysOfWeek.","Name":"dayOfMonth","Option":"Write"},{"CIMType":"String[]","Description":"Day names in english on which cost analysis data will be emailed. This property is applicable when frequency is Weekly or Monthly.","Name":"daysOfWeek","Option":"Write"},{"CIMType":"String","Description":"The start date and time of the scheduled action (UTC).","Name":"startDate","Option":"Write"},{"CIMType":"String","Description":"The end date and time of the scheduled action (UTC).","Name":"endDate","Option":"Write"},{"CIMType":"String[]","Description":"Weeks in which cost analysis data will be emailed. This property is applicable when frequency is Monthly and used in combination with daysOfWeek.","Name":"weeksOfMonth","Option":"Write"},{"CIMType":"String","Description":"Frequency of the schedule.","Name":"frequency","Option":"Write"},{"CIMType":"UInt32","Description":"UTC time at which cost analysis data will be emailed.","Name":"hourOfDay","Option":"Write"}],"Description":"Manages scheduled actions for Azure billing accounts."},{"ClassName":"MSFT_AzureBillingAccountScheduledAction","Parameters":[{"CIMType":"String","Description":"Display name of the scheduled action.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"Associated billing account id.","Name":"BillingAccount","Option":"Write"},{"CIMType":"String","Description":"Status of the scheduled action.","Name":"Status","Option":"Write"},{"CIMType":"String","Description":"Associated view id.","Name":"View","Option":"Write"},{"CIMType":"MSFT_AzureBillingAccountScheduledActionNotification","Description":"Notification properties based on scheduled action kind.","Name":"Notification","Option":"Write"},{"CIMType":"String","Description":"Email address of the point of contact that should get the unsubscribe requests and notification emails.","Name":"NotificationEmail","Option":"Write"},{"CIMType":"MSFT_AzureBillingAccountScheduledActionSchedule","Description":"Schedule of the scheduled action.","Name":"Schedule","Option":"Write"},{"CIMType":"string","Description":"Present ensures the instance exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Absent","Present"],"Values":["Absent","Present"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Manages scheduled actions for Azure billing accounts."},{"ClassName":"MSFT_AzureBillingaccountsRoleAssignment","Parameters":[{"CIMType":"String","Description":"Name of the principal associated to the role assignment.","Name":"PrincipalName","Option":"Key"},{"CIMType":"String","Description":"Name of the role assigned to the principal.","Name":"RoleDefinition","Option":"Key"},{"CIMType":"String","Description":"Principal type. Can be User, Group or ServicePrincipal.","Name":"PrincipalType","Option":"Write"},{"CIMType":"String","Description":"Name of the billing account.","Name":"BillingAccount","Option":"Write"},{"CIMType":"String","Description":"The principal tenant id of the user to whom the role was assigned.","Name":"PrincipalTenantId","Option":"Write"},{"CIMType":"string","Description":"Present ensures the instance exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Absent","Present"],"Values":["Absent","Present"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Manages roles on billing accounts."},{"ClassName":"MSFT_AzureDiagnosticSettingsCategory","Parameters":[{"CIMType":"String","Description":"Name of the category.","Name":"Category","Option":"Key"},{"CIMType":"Boolean","Description":"Is the log category enabled or not.","Name":"enabled","Option":"Write"}],"Description":"Configures Diagnostics settings in Azure.\n\nUsers will need to grant permissions to the associated scope by running the following command in Azure Cloud Shell:\n\n```powershell\nNew-AzRoleAssignment -ObjectId \"<Service Principal Object ID>\" -Scope \"/providers/Microsoft.aadiam\" -RoleDefinitionName 'Contributor' -ObjectType 'ServicePrincipal'\n```"},{"ClassName":"MSFT_AzureDiagnosticSettings","Parameters":[{"CIMType":"String","Description":"Diagnostic setting name.","Name":"Name","Option":"Key"},{"CIMType":"MSFT_AzureDiagnosticSettingsCategory[]","Description":"List of log categories.","Name":"Categories","Option":"Write"},{"CIMType":"String","Description":"Storage account id.","Name":"StorageAccountId","Option":"Write"},{"CIMType":"String","Description":"Service bus id.","Name":"ServiceBusRuleId","Option":"Write"},{"CIMType":"String","Description":"Event hub id.","Name":"EventHubAuthorizationRuleId","Option":"Write"},{"CIMType":"String","Description":"Event hub name.","Name":"EventHubName","Option":"Write"},{"CIMType":"String","Description":"Workspace id.","Name":"WorkspaceId","Option":"Write"},{"CIMType":"string","Description":"Present ensures the instance exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Absent","Present"],"Values":["Absent","Present"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Configures Diagnostics settings in Azure.\n\nUsers will need to grant permissions to the associated scope by running the following command in Azure Cloud Shell:\n\n```powershell\nNew-AzRoleAssignment -ObjectId \"<Service Principal Object ID>\" -Scope \"/providers/Microsoft.aadiam\" -RoleDefinitionName 'Contributor' -ObjectType 'ServicePrincipal'\n```"},{"ClassName":"MSFT_AzureDiagnosticSettingsCustomSecurityAttributeCategory","Parameters":[{"CIMType":"String","Description":"Name of the category.","Name":"Category","Option":"Key"},{"CIMType":"Boolean","Description":"Is the log category enabled or not.","Name":"enabled","Option":"Write"}],"Description":"Configures Diagnostics settings custom security attributes in Azure.\n\nUsers will need to grant permissions to the associated scope by running the following command in Azure Cloud Shell:\n\n```powershell\nNew-AzRoleAssignment -ObjectId \"<Service Principal Object ID>\" -Scope \"/providers/microsoft.AadCustomSecurityAttributesDiagnosticSettings\" -RoleDefinitionName 'Contributor' -ObjectType 'ServicePrincipal'\n```"},{"ClassName":"MSFT_AzureDiagnosticSettingsCustomSecurityAttribute","Parameters":[{"CIMType":"String","Description":"Diagnostic setting name.","Name":"Name","Option":"Key"},{"CIMType":"MSFT_AzureDiagnosticSettingsCustomSecurityAttributeCategory[]","Description":"List of log categories.","Name":"Categories","Option":"Write"},{"CIMType":"String","Description":"Storage account id.","Name":"StorageAccountId","Option":"Write"},{"CIMType":"String","Description":"Service bus id.","Name":"ServiceBusRuleId","Option":"Write"},{"CIMType":"String","Description":"Event hub id.","Name":"EventHubAuthorizationRuleId","Option":"Write"},{"CIMType":"String","Description":"Event hub name.","Name":"EventHubName","Option":"Write"},{"CIMType":"String","Description":"Workspace id.","Name":"WorkspaceId","Option":"Write"},{"CIMType":"string","Description":"Present ensures the instance exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Absent","Present"],"Values":["Absent","Present"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Configures Diagnostics settings custom security attributes in Azure.\n\nUsers will need to grant permissions to the associated scope by running the following command in Azure Cloud Shell:\n\n```powershell\nNew-AzRoleAssignment -ObjectId \"<Service Principal Object ID>\" -Scope \"/providers/microsoft.AadCustomSecurityAttributesDiagnosticSettings\" -RoleDefinitionName 'Contributor' -ObjectType 'ServicePrincipal'\n```"},{"ClassName":"MSFT_AzureRoleAssignmentScheduleRequestScheduleRecurrenceRange","Parameters":[{"CIMType":"String","Description":"The date to stop applying the recurrence pattern. Depending on the recurrence pattern of the event, the last occurrence of the meeting may not be this date.","Name":"endDate","Option":"Required"},{"CIMType":"UInt32","Description":"The number of times to repeat the event. Required and must be positive if type is numbered.","Name":"numberOfOccurrences","Option":"Write"},{"CIMType":"String","Description":"Time zone for the startDate and endDate properties.","Name":"recurrenceTimeZone","Option":"Write"},{"CIMType":"String","Description":"The date to start applying the recurrence pattern. The first occurrence of the meeting may be this date or later, depending on the recurrence pattern of the event. Must be the same value as the start property of the recurring event.","Name":"startDate","Option":"Required"},{"CIMType":"String","Description":"The recurrence range. The possible values are: endDate, noEnd, numbered.","Name":"type","Option":"Required","ValueMap":["endDate","noEnd","numbered"],"Values":["endDate","noEnd","numbered"]}],"Description":"This resource manages Azure PIM (Privileged Identity Management) role assignment schedule requests for Azure RBAC roles. It supports role assignments at all scope levels including subscription, management group, resource group, and resource-specific scopes.\n\n## Key Differences from AADRoleAssignmentScheduleRequest\n\n- **AADRoleAssignmentScheduleRequest**: Manages Entra ID (Azure AD) directory roles via Microsoft Graph API\n- **AzureRoleAssignmentScheduleRequest**: Manages Azure RBAC roles via Azure Resource Manager API\n\n## Key Differences from AzureRoleEligibilityScheduleRequest\n\n- **AzureRoleEligibilityScheduleRequest**: Manages role eligibility (makes principal eligible to activate the role via PIM)\n- **AzureRoleAssignmentScheduleRequest**: Manages active role assignments (principal has the role actively assigned)\n\n## Supported Scope Levels\n\n### Subscription Scope\nFormat: `/subscriptions/{subscriptionId}`\n\nExample: Assign \"Owner\" role on subscription\n\n### Management Group Scope\nFormat: `/providers/Microsoft.Management/managementGroups/{managementGroupId}`\n\nExample: Assign \"Reader\" role on management group\n\n### Resource Group Scope\nFormat: `/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}`\n\nExample: Assign \"Contributor\" role on resource group\n\n### Resource Scope\nFormat: `/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}`\n\nExample: Assign \"Key Vault Administrator\" role on specific key vault\n\n## Azure Government Cloud Support\n\nThis resource automatically detects the tenant region and uses the appropriate Azure Management endpoint:\n\n- **Global Azure**: `https://management.azure.com`\n- **Azure US Government**: `https://management.usgovcloudapi.net`\n- **Azure US Government DoD**: `https://management.usgovcloudapi.net`\n\n## Required Permissions\n\nTo manage Azure PIM role assignment schedules, you need one of the following:\n\n- **Privileged Role Administrator** role in Azure AD\n- **Owner** or **User Access Administrator** role at the appropriate Azure scope\n- Custom role with permissions:\n  - `Microsoft.Authorization/roleAssignmentScheduleRequests/write`\n  - `Microsoft.Authorization/roleAssignmentSchedules/read`\n  - `Microsoft.Authorization/roleDefinitions/read`\n\n## Known Limitations\n\n- The resource creates new schedule requests rather than directly modifying existing schedules\n- Schedule changes may take a few minutes to propagate\n- Some built-in roles may have restrictions on assignments\n- Management group scope requires appropriate permissions at the management group level\n\n## Examples\n\nSee the Examples folder for comprehensive usage scenarios."},{"ClassName":"MSFT_AzureRoleAssignmentScheduleRequestScheduleRecurrencePattern","Parameters":[{"CIMType":"UInt32","Description":"The day of the month on which the event occurs.","Name":"dayOfMonth","Option":"Write"},{"CIMType":"String[]","Description":"A collection of the days of the week on which the event occurs. The possible values are: sunday, monday, tuesday, wednesday, thursday, friday, saturday","Name":"daysOfWeek","Option":"Write","ValueMap":["sunday","monday","tuesday","wednesday","thursday","friday","saturday"],"Values":["sunday","monday","tuesday","wednesday","thursday","friday","saturday"]},{"CIMType":"String","Description":"The first day of the week.","Name":"firstDayOfWeek","Option":"Write","ValueMap":["sunday","monday","tuesday","wednesday","thursday","friday","saturday"],"Values":["sunday","monday","tuesday","wednesday","thursday","friday","saturday"]},{"CIMType":"String","Description":"Specifies on which instance of the allowed days specified in daysOfWeek the event occurs, counted from the first instance in the month. The possible values are: first, second, third, fourth, last.","Name":"index","Option":"Write","ValueMap":["first","second","third","fourth","last"],"Values":["first","second","third","fourth","last"]},{"CIMType":"UInt32","Description":"The number of units between occurrences, where units can be in days, weeks, months, or years, depending on the type.","Name":"interval","Option":"Write"},{"CIMType":"UInt32","Description":"The month in which the event occurs. This is a number from 1 to 12.","Name":"month","Option":"Write"},{"CIMType":"String","Description":"The recurrence pattern type: daily, weekly, absoluteMonthly, relativeMonthly, absoluteYearly, relativeYearly.","Name":"type","Option":"Write","ValueMap":["daily","weekly","absoluteMonthly","relativeMonthly","absoluteYearly","relativeYearly"],"Values":["daily","weekly","absoluteMonthly","relativeMonthly","absoluteYearly","relativeYearly"]}],"Description":"This resource manages Azure PIM (Privileged Identity Management) role assignment schedule requests for Azure RBAC roles. It supports role assignments at all scope levels including subscription, management group, resource group, and resource-specific scopes.\n\n## Key Differences from AADRoleAssignmentScheduleRequest\n\n- **AADRoleAssignmentScheduleRequest**: Manages Entra ID (Azure AD) directory roles via Microsoft Graph API\n- **AzureRoleAssignmentScheduleRequest**: Manages Azure RBAC roles via Azure Resource Manager API\n\n## Key Differences from AzureRoleEligibilityScheduleRequest\n\n- **AzureRoleEligibilityScheduleRequest**: Manages role eligibility (makes principal eligible to activate the role via PIM)\n- **AzureRoleAssignmentScheduleRequest**: Manages active role assignments (principal has the role actively assigned)\n\n## Supported Scope Levels\n\n### Subscription Scope\nFormat: `/subscriptions/{subscriptionId}`\n\nExample: Assign \"Owner\" role on subscription\n\n### Management Group Scope\nFormat: `/providers/Microsoft.Management/managementGroups/{managementGroupId}`\n\nExample: Assign \"Reader\" role on management group\n\n### Resource Group Scope\nFormat: `/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}`\n\nExample: Assign \"Contributor\" role on resource group\n\n### Resource Scope\nFormat: `/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}`\n\nExample: Assign \"Key Vault Administrator\" role on specific key vault\n\n## Azure Government Cloud Support\n\nThis resource automatically detects the tenant region and uses the appropriate Azure Management endpoint:\n\n- **Global Azure**: `https://management.azure.com`\n- **Azure US Government**: `https://management.usgovcloudapi.net`\n- **Azure US Government DoD**: `https://management.usgovcloudapi.net`\n\n## Required Permissions\n\nTo manage Azure PIM role assignment schedules, you need one of the following:\n\n- **Privileged Role Administrator** role in Azure AD\n- **Owner** or **User Access Administrator** role at the appropriate Azure scope\n- Custom role with permissions:\n  - `Microsoft.Authorization/roleAssignmentScheduleRequests/write`\n  - `Microsoft.Authorization/roleAssignmentSchedules/read`\n  - `Microsoft.Authorization/roleDefinitions/read`\n\n## Known Limitations\n\n- The resource creates new schedule requests rather than directly modifying existing schedules\n- Schedule changes may take a few minutes to propagate\n- Some built-in roles may have restrictions on assignments\n- Management group scope requires appropriate permissions at the management group level\n\n## Examples\n\nSee the Examples folder for comprehensive usage scenarios."},{"ClassName":"MSFT_AzureRoleAssignmentScheduleRequestScheduleRecurrence","Parameters":[{"CIMType":"MSFT_AzureRoleAssignmentScheduleRequestScheduleRecurrencePattern","Description":"The frequency of an event.","Name":"pattern","Option":"Write"},{"CIMType":"MSFT_AzureRoleAssignmentScheduleRequestScheduleRecurrenceRange","Description":"The duration of an event.","Name":"range","Option":"Write"}],"Description":"This resource manages Azure PIM (Privileged Identity Management) role assignment schedule requests for Azure RBAC roles. It supports role assignments at all scope levels including subscription, management group, resource group, and resource-specific scopes.\n\n## Key Differences from AADRoleAssignmentScheduleRequest\n\n- **AADRoleAssignmentScheduleRequest**: Manages Entra ID (Azure AD) directory roles via Microsoft Graph API\n- **AzureRoleAssignmentScheduleRequest**: Manages Azure RBAC roles via Azure Resource Manager API\n\n## Key Differences from AzureRoleEligibilityScheduleRequest\n\n- **AzureRoleEligibilityScheduleRequest**: Manages role eligibility (makes principal eligible to activate the role via PIM)\n- **AzureRoleAssignmentScheduleRequest**: Manages active role assignments (principal has the role actively assigned)\n\n## Supported Scope Levels\n\n### Subscription Scope\nFormat: `/subscriptions/{subscriptionId}`\n\nExample: Assign \"Owner\" role on subscription\n\n### Management Group Scope\nFormat: `/providers/Microsoft.Management/managementGroups/{managementGroupId}`\n\nExample: Assign \"Reader\" role on management group\n\n### Resource Group Scope\nFormat: `/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}`\n\nExample: Assign \"Contributor\" role on resource group\n\n### Resource Scope\nFormat: `/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}`\n\nExample: Assign \"Key Vault Administrator\" role on specific key vault\n\n## Azure Government Cloud Support\n\nThis resource automatically detects the tenant region and uses the appropriate Azure Management endpoint:\n\n- **Global Azure**: `https://management.azure.com`\n- **Azure US Government**: `https://management.usgovcloudapi.net`\n- **Azure US Government DoD**: `https://management.usgovcloudapi.net`\n\n## Required Permissions\n\nTo manage Azure PIM role assignment schedules, you need one of the following:\n\n- **Privileged Role Administrator** role in Azure AD\n- **Owner** or **User Access Administrator** role at the appropriate Azure scope\n- Custom role with permissions:\n  - `Microsoft.Authorization/roleAssignmentScheduleRequests/write`\n  - `Microsoft.Authorization/roleAssignmentSchedules/read`\n  - `Microsoft.Authorization/roleDefinitions/read`\n\n## Known Limitations\n\n- The resource creates new schedule requests rather than directly modifying existing schedules\n- Schedule changes may take a few minutes to propagate\n- Some built-in roles may have restrictions on assignments\n- Management group scope requires appropriate permissions at the management group level\n\n## Examples\n\nSee the Examples folder for comprehensive usage scenarios."},{"ClassName":"MSFT_AzureRoleAssignmentScheduleRequestScheduleExpiration","Parameters":[{"CIMType":"String","Description":"The requestor's desired duration of access represented in ISO 8601 format for durations. For example, PT3H refers to three hours. If specified in a request, endDateTime should not be present and the type property should be set to afterDuration.","Name":"duration","Option":"Write"},{"CIMType":"String","Description":"Timestamp of date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.","Name":"endDateTime","Option":"Write"},{"CIMType":"String","Description":"The requestor's desired expiration pattern type. The possible values are: notSpecified, noExpiration, afterDateTime, afterDuration.","Name":"type","Option":"Write","ValueMap":["notSpecified","noExpiration","afterDateTime","afterDuration"],"Values":["notSpecified","noExpiration","afterDateTime","afterDuration"]}],"Description":"This resource manages Azure PIM (Privileged Identity Management) role assignment schedule requests for Azure RBAC roles. It supports role assignments at all scope levels including subscription, management group, resource group, and resource-specific scopes.\n\n## Key Differences from AADRoleAssignmentScheduleRequest\n\n- **AADRoleAssignmentScheduleRequest**: Manages Entra ID (Azure AD) directory roles via Microsoft Graph API\n- **AzureRoleAssignmentScheduleRequest**: Manages Azure RBAC roles via Azure Resource Manager API\n\n## Key Differences from AzureRoleEligibilityScheduleRequest\n\n- **AzureRoleEligibilityScheduleRequest**: Manages role eligibility (makes principal eligible to activate the role via PIM)\n- **AzureRoleAssignmentScheduleRequest**: Manages active role assignments (principal has the role actively assigned)\n\n## Supported Scope Levels\n\n### Subscription Scope\nFormat: `/subscriptions/{subscriptionId}`\n\nExample: Assign \"Owner\" role on subscription\n\n### Management Group Scope\nFormat: `/providers/Microsoft.Management/managementGroups/{managementGroupId}`\n\nExample: Assign \"Reader\" role on management group\n\n### Resource Group Scope\nFormat: `/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}`\n\nExample: Assign \"Contributor\" role on resource group\n\n### Resource Scope\nFormat: `/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}`\n\nExample: Assign \"Key Vault Administrator\" role on specific key vault\n\n## Azure Government Cloud Support\n\nThis resource automatically detects the tenant region and uses the appropriate Azure Management endpoint:\n\n- **Global Azure**: `https://management.azure.com`\n- **Azure US Government**: `https://management.usgovcloudapi.net`\n- **Azure US Government DoD**: `https://management.usgovcloudapi.net`\n\n## Required Permissions\n\nTo manage Azure PIM role assignment schedules, you need one of the following:\n\n- **Privileged Role Administrator** role in Azure AD\n- **Owner** or **User Access Administrator** role at the appropriate Azure scope\n- Custom role with permissions:\n  - `Microsoft.Authorization/roleAssignmentScheduleRequests/write`\n  - `Microsoft.Authorization/roleAssignmentSchedules/read`\n  - `Microsoft.Authorization/roleDefinitions/read`\n\n## Known Limitations\n\n- The resource creates new schedule requests rather than directly modifying existing schedules\n- Schedule changes may take a few minutes to propagate\n- Some built-in roles may have restrictions on assignments\n- Management group scope requires appropriate permissions at the management group level\n\n## Examples\n\nSee the Examples folder for comprehensive usage scenarios."},{"ClassName":"MSFT_AzureRoleAssignmentScheduleRequestSchedule","Parameters":[{"CIMType":"MSFT_AzureRoleAssignmentScheduleRequestScheduleExpiration","Description":"When the eligible or active assignment expires.","Name":"expiration","Option":"Write"},{"CIMType":"MSFT_AzureRoleAssignmentScheduleRequestScheduleRecurrence","Description":"The frequency of the eligible or active assignment. This property is currently unsupported in PIM.","Name":"recurrence","Option":"Write"},{"CIMType":"String","Description":"When the eligible or active assignment becomes active.","Name":"startDateTime","Option":"Write"}],"Description":"This resource manages Azure PIM (Privileged Identity Management) role assignment schedule requests for Azure RBAC roles. It supports role assignments at all scope levels including subscription, management group, resource group, and resource-specific scopes.\n\n## Key Differences from AADRoleAssignmentScheduleRequest\n\n- **AADRoleAssignmentScheduleRequest**: Manages Entra ID (Azure AD) directory roles via Microsoft Graph API\n- **AzureRoleAssignmentScheduleRequest**: Manages Azure RBAC roles via Azure Resource Manager API\n\n## Key Differences from AzureRoleEligibilityScheduleRequest\n\n- **AzureRoleEligibilityScheduleRequest**: Manages role eligibility (makes principal eligible to activate the role via PIM)\n- **AzureRoleAssignmentScheduleRequest**: Manages active role assignments (principal has the role actively assigned)\n\n## Supported Scope Levels\n\n### Subscription Scope\nFormat: `/subscriptions/{subscriptionId}`\n\nExample: Assign \"Owner\" role on subscription\n\n### Management Group Scope\nFormat: `/providers/Microsoft.Management/managementGroups/{managementGroupId}`\n\nExample: Assign \"Reader\" role on management group\n\n### Resource Group Scope\nFormat: `/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}`\n\nExample: Assign \"Contributor\" role on resource group\n\n### Resource Scope\nFormat: `/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}`\n\nExample: Assign \"Key Vault Administrator\" role on specific key vault\n\n## Azure Government Cloud Support\n\nThis resource automatically detects the tenant region and uses the appropriate Azure Management endpoint:\n\n- **Global Azure**: `https://management.azure.com`\n- **Azure US Government**: `https://management.usgovcloudapi.net`\n- **Azure US Government DoD**: `https://management.usgovcloudapi.net`\n\n## Required Permissions\n\nTo manage Azure PIM role assignment schedules, you need one of the following:\n\n- **Privileged Role Administrator** role in Azure AD\n- **Owner** or **User Access Administrator** role at the appropriate Azure scope\n- Custom role with permissions:\n  - `Microsoft.Authorization/roleAssignmentScheduleRequests/write`\n  - `Microsoft.Authorization/roleAssignmentSchedules/read`\n  - `Microsoft.Authorization/roleDefinitions/read`\n\n## Known Limitations\n\n- The resource creates new schedule requests rather than directly modifying existing schedules\n- Schedule changes may take a few minutes to propagate\n- Some built-in roles may have restrictions on assignments\n- Management group scope requires appropriate permissions at the management group level\n\n## Examples\n\nSee the Examples folder for comprehensive usage scenarios."},{"ClassName":"MSFT_AzureRoleAssignmentScheduleRequest","Parameters":[{"CIMType":"String","Description":"User Principal Name of the Azure role assignment request.","Name":"Principal","Option":"Key"},{"CIMType":"String","Description":"Azure role associated with the assignment request (e.g., 'Owner', 'Contributor').","Name":"RoleDefinition","Option":"Key"},{"CIMType":"String","Description":"Represented the type of principal to assign the request to. Accepted values are: Group, User and ServicePrincipal.","Name":"PrincipalType","Option":"Write","ValueMap":["Group","User","ServicePrincipal"],"Values":["Group","User","ServicePrincipal"]},{"CIMType":"String","Description":"Identifier of the scope representing the Azure resource (e.g., /subscriptions/{id}, /providers/Microsoft.Management/managementGroups/{id}). The scope determines the set of Azure resources for which the principal has been granted access.","Name":"DirectoryScopeId","Option":"Key"},{"CIMType":"String","Description":"Identifier for the Role Assignment Schedule Request.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"Identifier of the app-specific scope when the role assignment is scoped to an app. Not commonly used for Azure RBAC roles.","Name":"AppScopeId","Option":"Write"},{"CIMType":"String","Description":"A message provided by users and administrators when they create the role assignment schedule request.","Name":"Justification","Option":"Write"},{"CIMType":"MSFT_AzureRoleAssignmentScheduleRequestSchedule","Description":"The period of the role assignment. The period of assignment is dependent on the settings of the Azure role.","Name":"ScheduleInfo","Option":"Write"},{"CIMType":"string","Description":"Present ensures the instance exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory application to authenticate with.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource manages Azure PIM (Privileged Identity Management) role assignment schedule requests for Azure RBAC roles. It supports role assignments at all scope levels including subscription, management group, resource group, and resource-specific scopes.\n\n## Key Differences from AADRoleAssignmentScheduleRequest\n\n- **AADRoleAssignmentScheduleRequest**: Manages Entra ID (Azure AD) directory roles via Microsoft Graph API\n- **AzureRoleAssignmentScheduleRequest**: Manages Azure RBAC roles via Azure Resource Manager API\n\n## Key Differences from AzureRoleEligibilityScheduleRequest\n\n- **AzureRoleEligibilityScheduleRequest**: Manages role eligibility (makes principal eligible to activate the role via PIM)\n- **AzureRoleAssignmentScheduleRequest**: Manages active role assignments (principal has the role actively assigned)\n\n## Supported Scope Levels\n\n### Subscription Scope\nFormat: `/subscriptions/{subscriptionId}`\n\nExample: Assign \"Owner\" role on subscription\n\n### Management Group Scope\nFormat: `/providers/Microsoft.Management/managementGroups/{managementGroupId}`\n\nExample: Assign \"Reader\" role on management group\n\n### Resource Group Scope\nFormat: `/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}`\n\nExample: Assign \"Contributor\" role on resource group\n\n### Resource Scope\nFormat: `/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}`\n\nExample: Assign \"Key Vault Administrator\" role on specific key vault\n\n## Azure Government Cloud Support\n\nThis resource automatically detects the tenant region and uses the appropriate Azure Management endpoint:\n\n- **Global Azure**: `https://management.azure.com`\n- **Azure US Government**: `https://management.usgovcloudapi.net`\n- **Azure US Government DoD**: `https://management.usgovcloudapi.net`\n\n## Required Permissions\n\nTo manage Azure PIM role assignment schedules, you need one of the following:\n\n- **Privileged Role Administrator** role in Azure AD\n- **Owner** or **User Access Administrator** role at the appropriate Azure scope\n- Custom role with permissions:\n  - `Microsoft.Authorization/roleAssignmentScheduleRequests/write`\n  - `Microsoft.Authorization/roleAssignmentSchedules/read`\n  - `Microsoft.Authorization/roleDefinitions/read`\n\n## Known Limitations\n\n- The resource creates new schedule requests rather than directly modifying existing schedules\n- Schedule changes may take a few minutes to propagate\n- Some built-in roles may have restrictions on assignments\n- Management group scope requires appropriate permissions at the management group level\n\n## Examples\n\nSee the Examples folder for comprehensive usage scenarios."},{"ClassName":"MSFT_AzureRoleEligibilityScheduleRequestScheduleRecurrenceRange","Parameters":[{"CIMType":"String","Description":"The date to stop applying the recurrence pattern. Depending on the recurrence pattern of the event, the last occurrence of the meeting may not be this date.","Name":"endDate","Option":"Required"},{"CIMType":"UInt32","Description":"The number of times to repeat the event. Required and must be positive if type is numbered.","Name":"numberOfOccurrences","Option":"Write"},{"CIMType":"String","Description":"Time zone for the startDate and endDate properties.","Name":"recurrenceTimeZone","Option":"Write"},{"CIMType":"String","Description":"The date to start applying the recurrence pattern. The first occurrence of the meeting may be this date or later, depending on the recurrence pattern of the event. Must be the same value as the start property of the recurring event.","Name":"startDate","Option":"Required"},{"CIMType":"String","Description":"The recurrence range. The possible values are: endDate, noEnd, numbered.","Name":"type","Option":"Required","ValueMap":["endDate","noEnd","numbered"],"Values":["endDate","noEnd","numbered"]}],"Description":"This resource manages Azure PIM (Privileged Identity Management) role eligibility schedule requests for Azure RBAC roles. It supports role assignments and eligibility at all scope levels including subscription, management group, resource group, and resource-specific scopes.\n\n## Key Differences from AADRoleEligibilityScheduleRequest\n\n- **AADRoleEligibilityScheduleRequest**: Manages Entra ID (Azure AD) directory roles via Microsoft Graph API\n- **AzureRoleEligibilityScheduleRequest**: Manages Azure RBAC roles via Azure Resource Manager API\n\n## Supported Scope Levels\n\n### Subscription Scope\nFormat: `/subscriptions/{subscriptionId}`\n\nExample: Assign \"Owner\" eligibility on subscription\n\n### Management Group Scope\nFormat: `/providers/Microsoft.Management/managementGroups/{managementGroupId}`\n\nExample: Assign \"Reader\" eligibility on management group\n\n### Resource Group Scope\nFormat: `/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}`\n\nExample: Assign \"Contributor\" eligibility on resource group\n\n### Resource Scope\nFormat: `/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}`\n\nExample: Assign \"Key Vault Administrator\" eligibility on specific key vault\n\n## Azure Government Cloud Support\n\nThis resource automatically detects the tenant region and uses the appropriate Azure Management endpoint:\n\n- **Global Azure**: `https://management.azure.com`\n- **Azure US Government**: `https://management.usgovcloudapi.net`\n- **Azure US Government DoD**: `https://management.usgovcloudapi.net`\n\n## Required Permissions\n\nTo manage Azure PIM role eligibility schedules, you need one of the following:\n\n- **Privileged Role Administrator** role in Azure AD\n- **Owner** or **User Access Administrator** role at the appropriate Azure scope\n- Custom role with permissions:\n  - `Microsoft.Authorization/roleEligibilityScheduleRequests/write`\n  - `Microsoft.Authorization/roleEligibilitySchedules/read`\n  - `Microsoft.Authorization/roleDefinitions/read`\n\n## Known Limitations\n\n- The resource creates new schedule requests rather than directly modifying existing schedules\n- Schedule changes may take a few minutes to propagate\n- Some built-in roles may have restrictions on eligibility assignments\n- Management group scope requires appropriate permissions at the management group level\n\n## Examples\n\nSee the Examples folder for comprehensive usage scenarios."},{"ClassName":"MSFT_AzureRoleEligibilityScheduleRequestScheduleRecurrencePattern","Parameters":[{"CIMType":"UInt32","Description":"The day of the month on which the event occurs.","Name":"dayOfMonth","Option":"Write"},{"CIMType":"String[]","Description":"A collection of the days of the week on which the event occurs. The possible values are: sunday, monday, tuesday, wednesday, thursday, friday, saturday","Name":"daysOfWeek","Option":"Write","ValueMap":["sunday","monday","tuesday","wednesday","thursday","friday","saturday"],"Values":["sunday","monday","tuesday","wednesday","thursday","friday","saturday"]},{"CIMType":"String","Description":"The first day of the week.","Name":"firstDayOfWeek","Option":"Write","ValueMap":["sunday","monday","tuesday","wednesday","thursday","friday","saturday"],"Values":["sunday","monday","tuesday","wednesday","thursday","friday","saturday"]},{"CIMType":"String","Description":"Specifies on which instance of the allowed days specified in daysOfWeek the event occurs, counted from the first instance in the month. The possible values are: first, second, third, fourth, last.","Name":"index","Option":"Write","ValueMap":["first","second","third","fourth","last"],"Values":["first","second","third","fourth","last"]},{"CIMType":"UInt32","Description":"The number of units between occurrences, where units can be in days, weeks, months, or years, depending on the type.","Name":"interval","Option":"Write"},{"CIMType":"UInt32","Description":"The month in which the event occurs. This is a number from 1 to 12.","Name":"month","Option":"Write"},{"CIMType":"String","Description":"The recurrence pattern type: daily, weekly, absoluteMonthly, relativeMonthly, absoluteYearly, relativeYearly.","Name":"type","Option":"Write","ValueMap":["daily","weekly","absoluteMonthly","relativeMonthly","absoluteYearly","relativeYearly"],"Values":["daily","weekly","absoluteMonthly","relativeMonthly","absoluteYearly","relativeYearly"]}],"Description":"This resource manages Azure PIM (Privileged Identity Management) role eligibility schedule requests for Azure RBAC roles. It supports role assignments and eligibility at all scope levels including subscription, management group, resource group, and resource-specific scopes.\n\n## Key Differences from AADRoleEligibilityScheduleRequest\n\n- **AADRoleEligibilityScheduleRequest**: Manages Entra ID (Azure AD) directory roles via Microsoft Graph API\n- **AzureRoleEligibilityScheduleRequest**: Manages Azure RBAC roles via Azure Resource Manager API\n\n## Supported Scope Levels\n\n### Subscription Scope\nFormat: `/subscriptions/{subscriptionId}`\n\nExample: Assign \"Owner\" eligibility on subscription\n\n### Management Group Scope\nFormat: `/providers/Microsoft.Management/managementGroups/{managementGroupId}`\n\nExample: Assign \"Reader\" eligibility on management group\n\n### Resource Group Scope\nFormat: `/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}`\n\nExample: Assign \"Contributor\" eligibility on resource group\n\n### Resource Scope\nFormat: `/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}`\n\nExample: Assign \"Key Vault Administrator\" eligibility on specific key vault\n\n## Azure Government Cloud Support\n\nThis resource automatically detects the tenant region and uses the appropriate Azure Management endpoint:\n\n- **Global Azure**: `https://management.azure.com`\n- **Azure US Government**: `https://management.usgovcloudapi.net`\n- **Azure US Government DoD**: `https://management.usgovcloudapi.net`\n\n## Required Permissions\n\nTo manage Azure PIM role eligibility schedules, you need one of the following:\n\n- **Privileged Role Administrator** role in Azure AD\n- **Owner** or **User Access Administrator** role at the appropriate Azure scope\n- Custom role with permissions:\n  - `Microsoft.Authorization/roleEligibilityScheduleRequests/write`\n  - `Microsoft.Authorization/roleEligibilitySchedules/read`\n  - `Microsoft.Authorization/roleDefinitions/read`\n\n## Known Limitations\n\n- The resource creates new schedule requests rather than directly modifying existing schedules\n- Schedule changes may take a few minutes to propagate\n- Some built-in roles may have restrictions on eligibility assignments\n- Management group scope requires appropriate permissions at the management group level\n\n## Examples\n\nSee the Examples folder for comprehensive usage scenarios."},{"ClassName":"MSFT_AzureRoleEligibilityScheduleRequestScheduleRecurrence","Parameters":[{"CIMType":"MSFT_AzureRoleEligibilityScheduleRequestScheduleRecurrencePattern","Description":"The frequency of an event.","Name":"pattern","Option":"Write"},{"CIMType":"MSFT_AzureRoleEligibilityScheduleRequestScheduleRecurrenceRange","Description":"The duration of an event.","Name":"range","Option":"Write"}],"Description":"This resource manages Azure PIM (Privileged Identity Management) role eligibility schedule requests for Azure RBAC roles. It supports role assignments and eligibility at all scope levels including subscription, management group, resource group, and resource-specific scopes.\n\n## Key Differences from AADRoleEligibilityScheduleRequest\n\n- **AADRoleEligibilityScheduleRequest**: Manages Entra ID (Azure AD) directory roles via Microsoft Graph API\n- **AzureRoleEligibilityScheduleRequest**: Manages Azure RBAC roles via Azure Resource Manager API\n\n## Supported Scope Levels\n\n### Subscription Scope\nFormat: `/subscriptions/{subscriptionId}`\n\nExample: Assign \"Owner\" eligibility on subscription\n\n### Management Group Scope\nFormat: `/providers/Microsoft.Management/managementGroups/{managementGroupId}`\n\nExample: Assign \"Reader\" eligibility on management group\n\n### Resource Group Scope\nFormat: `/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}`\n\nExample: Assign \"Contributor\" eligibility on resource group\n\n### Resource Scope\nFormat: `/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}`\n\nExample: Assign \"Key Vault Administrator\" eligibility on specific key vault\n\n## Azure Government Cloud Support\n\nThis resource automatically detects the tenant region and uses the appropriate Azure Management endpoint:\n\n- **Global Azure**: `https://management.azure.com`\n- **Azure US Government**: `https://management.usgovcloudapi.net`\n- **Azure US Government DoD**: `https://management.usgovcloudapi.net`\n\n## Required Permissions\n\nTo manage Azure PIM role eligibility schedules, you need one of the following:\n\n- **Privileged Role Administrator** role in Azure AD\n- **Owner** or **User Access Administrator** role at the appropriate Azure scope\n- Custom role with permissions:\n  - `Microsoft.Authorization/roleEligibilityScheduleRequests/write`\n  - `Microsoft.Authorization/roleEligibilitySchedules/read`\n  - `Microsoft.Authorization/roleDefinitions/read`\n\n## Known Limitations\n\n- The resource creates new schedule requests rather than directly modifying existing schedules\n- Schedule changes may take a few minutes to propagate\n- Some built-in roles may have restrictions on eligibility assignments\n- Management group scope requires appropriate permissions at the management group level\n\n## Examples\n\nSee the Examples folder for comprehensive usage scenarios."},{"ClassName":"MSFT_AzureRoleEligibilityScheduleRequestScheduleExpiration","Parameters":[{"CIMType":"String","Description":"The requestor's desired duration of access represented in ISO 8601 format for durations. For example, PT3H refers to three hours. If specified in a request, endDateTime should not be present and the type property should be set to afterDuration.","Name":"duration","Option":"Write"},{"CIMType":"String","Description":"Timestamp of date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.","Name":"endDateTime","Option":"Write"},{"CIMType":"String","Description":"The requestor's desired expiration pattern type. The possible values are: notSpecified, noExpiration, afterDateTime, afterDuration.","Name":"type","Option":"Write","ValueMap":["notSpecified","noExpiration","afterDateTime","afterDuration"],"Values":["notSpecified","noExpiration","afterDateTime","afterDuration"]}],"Description":"This resource manages Azure PIM (Privileged Identity Management) role eligibility schedule requests for Azure RBAC roles. It supports role assignments and eligibility at all scope levels including subscription, management group, resource group, and resource-specific scopes.\n\n## Key Differences from AADRoleEligibilityScheduleRequest\n\n- **AADRoleEligibilityScheduleRequest**: Manages Entra ID (Azure AD) directory roles via Microsoft Graph API\n- **AzureRoleEligibilityScheduleRequest**: Manages Azure RBAC roles via Azure Resource Manager API\n\n## Supported Scope Levels\n\n### Subscription Scope\nFormat: `/subscriptions/{subscriptionId}`\n\nExample: Assign \"Owner\" eligibility on subscription\n\n### Management Group Scope\nFormat: `/providers/Microsoft.Management/managementGroups/{managementGroupId}`\n\nExample: Assign \"Reader\" eligibility on management group\n\n### Resource Group Scope\nFormat: `/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}`\n\nExample: Assign \"Contributor\" eligibility on resource group\n\n### Resource Scope\nFormat: `/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}`\n\nExample: Assign \"Key Vault Administrator\" eligibility on specific key vault\n\n## Azure Government Cloud Support\n\nThis resource automatically detects the tenant region and uses the appropriate Azure Management endpoint:\n\n- **Global Azure**: `https://management.azure.com`\n- **Azure US Government**: `https://management.usgovcloudapi.net`\n- **Azure US Government DoD**: `https://management.usgovcloudapi.net`\n\n## Required Permissions\n\nTo manage Azure PIM role eligibility schedules, you need one of the following:\n\n- **Privileged Role Administrator** role in Azure AD\n- **Owner** or **User Access Administrator** role at the appropriate Azure scope\n- Custom role with permissions:\n  - `Microsoft.Authorization/roleEligibilityScheduleRequests/write`\n  - `Microsoft.Authorization/roleEligibilitySchedules/read`\n  - `Microsoft.Authorization/roleDefinitions/read`\n\n## Known Limitations\n\n- The resource creates new schedule requests rather than directly modifying existing schedules\n- Schedule changes may take a few minutes to propagate\n- Some built-in roles may have restrictions on eligibility assignments\n- Management group scope requires appropriate permissions at the management group level\n\n## Examples\n\nSee the Examples folder for comprehensive usage scenarios."},{"ClassName":"MSFT_AzureRoleEligibilityScheduleRequestSchedule","Parameters":[{"CIMType":"MSFT_AzureRoleEligibilityScheduleRequestScheduleExpiration","Description":"When the eligible or active assignment expires.","Name":"expiration","Option":"Write"},{"CIMType":"MSFT_AzureRoleEligibilityScheduleRequestScheduleRecurrence","Description":"The frequency of the eligible or active assignment. This property is currently unsupported in PIM.","Name":"recurrence","Option":"Write"},{"CIMType":"String","Description":"When the eligible or active assignment becomes active.","Name":"startDateTime","Option":"Write"}],"Description":"This resource manages Azure PIM (Privileged Identity Management) role eligibility schedule requests for Azure RBAC roles. It supports role assignments and eligibility at all scope levels including subscription, management group, resource group, and resource-specific scopes.\n\n## Key Differences from AADRoleEligibilityScheduleRequest\n\n- **AADRoleEligibilityScheduleRequest**: Manages Entra ID (Azure AD) directory roles via Microsoft Graph API\n- **AzureRoleEligibilityScheduleRequest**: Manages Azure RBAC roles via Azure Resource Manager API\n\n## Supported Scope Levels\n\n### Subscription Scope\nFormat: `/subscriptions/{subscriptionId}`\n\nExample: Assign \"Owner\" eligibility on subscription\n\n### Management Group Scope\nFormat: `/providers/Microsoft.Management/managementGroups/{managementGroupId}`\n\nExample: Assign \"Reader\" eligibility on management group\n\n### Resource Group Scope\nFormat: `/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}`\n\nExample: Assign \"Contributor\" eligibility on resource group\n\n### Resource Scope\nFormat: `/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}`\n\nExample: Assign \"Key Vault Administrator\" eligibility on specific key vault\n\n## Azure Government Cloud Support\n\nThis resource automatically detects the tenant region and uses the appropriate Azure Management endpoint:\n\n- **Global Azure**: `https://management.azure.com`\n- **Azure US Government**: `https://management.usgovcloudapi.net`\n- **Azure US Government DoD**: `https://management.usgovcloudapi.net`\n\n## Required Permissions\n\nTo manage Azure PIM role eligibility schedules, you need one of the following:\n\n- **Privileged Role Administrator** role in Azure AD\n- **Owner** or **User Access Administrator** role at the appropriate Azure scope\n- Custom role with permissions:\n  - `Microsoft.Authorization/roleEligibilityScheduleRequests/write`\n  - `Microsoft.Authorization/roleEligibilitySchedules/read`\n  - `Microsoft.Authorization/roleDefinitions/read`\n\n## Known Limitations\n\n- The resource creates new schedule requests rather than directly modifying existing schedules\n- Schedule changes may take a few minutes to propagate\n- Some built-in roles may have restrictions on eligibility assignments\n- Management group scope requires appropriate permissions at the management group level\n\n## Examples\n\nSee the Examples folder for comprehensive usage scenarios."},{"ClassName":"MSFT_AzureRoleEligibilityScheduleRequest","Parameters":[{"CIMType":"String","Description":"User Principal Name of the Azure role eligibility request.","Name":"Principal","Option":"Key"},{"CIMType":"String","Description":"Azure role associated with the eligibility request (e.g., 'Owner', 'Contributor').","Name":"RoleDefinition","Option":"Key"},{"CIMType":"String","Description":"Represented the type of principal to assign the request to. Accepted values are: Group, User and ServicePrincipal.","Name":"PrincipalType","Option":"Write","ValueMap":["Group","User","ServicePrincipal"],"Values":["Group","User","ServicePrincipal"]},{"CIMType":"String","Description":"Identifier of the scope representing the Azure resource (e.g., /subscriptions/{id}, /providers/Microsoft.Management/managementGroups/{id}). The scope determines the set of Azure resources for which the principal is eligible to access.","Name":"DirectoryScopeId","Option":"Key"},{"CIMType":"String","Description":"Identifier for the Role Eligibility Schedule Request.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"Identifier of the app-specific scope when the role eligibility is scoped to an app. Not commonly used for Azure RBAC roles.","Name":"AppScopeId","Option":"Write"},{"CIMType":"String","Description":"A message provided by users and administrators when they create the role eligibility schedule request.","Name":"Justification","Option":"Write"},{"CIMType":"MSFT_AzureRoleEligibilityScheduleRequestSchedule","Description":"The period of the role eligibility. The period of eligibility is dependent on the settings of the Azure role.","Name":"ScheduleInfo","Option":"Write"},{"CIMType":"string","Description":"Present ensures the instance exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory application to authenticate with.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource manages Azure PIM (Privileged Identity Management) role eligibility schedule requests for Azure RBAC roles. It supports role assignments and eligibility at all scope levels including subscription, management group, resource group, and resource-specific scopes.\n\n## Key Differences from AADRoleEligibilityScheduleRequest\n\n- **AADRoleEligibilityScheduleRequest**: Manages Entra ID (Azure AD) directory roles via Microsoft Graph API\n- **AzureRoleEligibilityScheduleRequest**: Manages Azure RBAC roles via Azure Resource Manager API\n\n## Supported Scope Levels\n\n### Subscription Scope\nFormat: `/subscriptions/{subscriptionId}`\n\nExample: Assign \"Owner\" eligibility on subscription\n\n### Management Group Scope\nFormat: `/providers/Microsoft.Management/managementGroups/{managementGroupId}`\n\nExample: Assign \"Reader\" eligibility on management group\n\n### Resource Group Scope\nFormat: `/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}`\n\nExample: Assign \"Contributor\" eligibility on resource group\n\n### Resource Scope\nFormat: `/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}`\n\nExample: Assign \"Key Vault Administrator\" eligibility on specific key vault\n\n## Azure Government Cloud Support\n\nThis resource automatically detects the tenant region and uses the appropriate Azure Management endpoint:\n\n- **Global Azure**: `https://management.azure.com`\n- **Azure US Government**: `https://management.usgovcloudapi.net`\n- **Azure US Government DoD**: `https://management.usgovcloudapi.net`\n\n## Required Permissions\n\nTo manage Azure PIM role eligibility schedules, you need one of the following:\n\n- **Privileged Role Administrator** role in Azure AD\n- **Owner** or **User Access Administrator** role at the appropriate Azure scope\n- Custom role with permissions:\n  - `Microsoft.Authorization/roleEligibilityScheduleRequests/write`\n  - `Microsoft.Authorization/roleEligibilitySchedules/read`\n  - `Microsoft.Authorization/roleDefinitions/read`\n\n## Known Limitations\n\n- The resource creates new schedule requests rather than directly modifying existing schedules\n- Schedule changes may take a few minutes to propagate\n- Some built-in roles may have restrictions on eligibility assignments\n- Management group scope requires appropriate permissions at the management group level\n\n## Examples\n\nSee the Examples folder for comprehensive usage scenarios."},{"ClassName":"MSFT_AzureSubscription","Parameters":[{"CIMType":"String","Description":"The display name of the subscription.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"The unique identifier of the subscription.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"The unique identifier of the invoice section associated with the subscription.","Name":"InvoiceSectionId","Option":"Write"},{"CIMType":"String","Description":"Status of the subscription.","Name":"Status","Option":"Write"},{"CIMType":"string","Description":"Present ensures the instance exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource controls the properties of an Azure subscription.\n\nTo grant permissions, go to the Cost Management + Billing blade in Azure Portal --> Billing Scopes --> Select your desired billing account --> then Access Control (IAM) to grant 'Billing Account Contributor' permissions to manage billing accounts.\nIf the resource is only used for backup, the `Billing Account Reader` role is sufficient."},{"ClassName":"MSFT_AzureVerifiedIdFaceCheck","Parameters":[{"CIMType":"String","Description":"Id of the Azure subscription.","Name":"SubscriptionId","Option":"Key"},{"CIMType":"String","Description":"Name of the associated resource group.","Name":"ResourceGroupName","Option":"Key"},{"CIMType":"String","Description":"Id of the verified ID authority.","Name":"VerifiedIdAuthorityId","Option":"Key"},{"CIMType":"Boolean","Description":"Represents whether or not FaceCheck is enabled for the authrotiy.","Name":"FaceCheckEnabled","Option":"Write"},{"CIMType":"String","Description":"Location of the Verified ID Authority.","Name":"VerifiedIdAuthorityLocation","Option":"Write"},{"CIMType":"string","Description":"Present ensures the instance exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Absent","Present"],"Values":["Absent","Present"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Configures Azure Verified Id FaceCheck."},{"ClassName":"MSFT_CommerceSelfServicePurchase","Parameters":[{"CIMType":"String","Description":"Unique ID of the product.","Name":"ProductId","Option":"Key"},{"CIMType":"String","Description":"Name of the product","Name":"ProductName","Option":"Write"},{"CIMType":"String","Description":"Can be Enabled or Disabled.","Name":"PolicyValue","Option":"Write","ValueMap":["Enabled","Disabled","OnlyTrialsWithoutPaymentMethod"],"Values":["Enabled","Disabled","OnlyTrialsWithoutPaymentMethod"]},{"CIMType":"string","Description":"Present ensures the instance exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Absent","Present"],"Values":["Absent","Present"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Manages the Self Purchase policies in commerce."},{"ClassName":"MSFT_DefenderDeviceAuthenticatedScanDefinitionAuthenticationParams","Parameters":[{"CIMType":"String","Description":"Odata type associated with the request.","Name":"DataType","Option":"Write"},{"CIMType":"String","Description":"Type of scan.","Name":"Type","Option":"Write"},{"CIMType":"String","Description":"An optional property that specifies from which KeyVault the scanner should retrieve credentials. If KeyVault is specified there's no need to specify username, password.","Name":"KeyVaultUrl","Option":"Write"},{"CIMType":"String","Description":"An optional property that specifies KeyVault secret name from which the scanner should retrieve credentials. If KeyVault is specified there's no need to specify username, password.","Name":"KeyVaultSecretName","Option":"Write"},{"CIMType":"String","Description":"Domain name when using WindowsAuthParams.","Name":"Domain","Option":"Write"},{"CIMType":"String","Description":"Username when using WindowsAuthParams or the username when choosing SnmpAuthParams with any type other than CommunityString.","Name":"Username","Option":"Write"},{"CIMType":"Boolean","Description":"Must be set to true when choosing WindowsAuthParams.","Name":"IsGMSAUser","Option":"Write"},{"CIMType":"String","Description":"Community string to use when choosing SnmpAuthParams with CommunityString.","Name":"CommunityString","Option":"Write"},{"CIMType":"String","Description":"Auth protocol to use with SnmpAuthParams and AuthNoPriv or AuthPriv. Possible values are MD5, SHA1.","Name":"AuthProtocol","Option":"Write"},{"CIMType":"String","Description":"Auth password to use with SnmpAuthParams and AuthNoPriv or AuthPriv.","Name":"AuthPassword","Option":"Write"},{"CIMType":"String","Description":"Priv protocol to use with SnmpAuthParams and AuthPriv. Possible values are DES, 3DES, AES.","Name":"PrivProtocol","Option":"Write"},{"CIMType":"String","Description":"Priv password to use with SnmpAuthParams and AuthPriv.","Name":"PrivPassword","Option":"Write"}],"Description":"Configures device authenticated scan definitions in Defender."},{"ClassName":"MSFT_DefenderDeviceAuthenticatedScanDefinitionScanAgent","Parameters":[{"CIMType":"String","Description":"Unique identified for the scan agent.","Name":"id","Option":"Write"},{"CIMType":"String","Description":"Id of the machine associated with the agent.","Name":"machineId","Option":"Write"},{"CIMType":"String","Description":"Name of the machine associated with the agent.","Name":"machineName","Option":"Write"}],"Description":"Configures device authenticated scan definitions in Defender."},{"ClassName":"MSFT_DefenderDeviceAuthenticatedScanDefinition","Parameters":[{"CIMType":"String","Description":"Name of the scan definition.","Name":"Name","Option":"Key"},{"CIMType":"String","Description":"Unique identified for the scan definition.","Name":"Id","Option":"Write"},{"CIMType":"UInt32","Description":"Interval in hours to run the scan.","Name":"IntervalInHours","Option":"Write"},{"CIMType":"String","Description":"Target of the scan definition.","Name":"Target","Option":"Write"},{"CIMType":"Boolean","Description":"Determines if the scan definition is active or not.","Name":"IsActive","Option":"Write"},{"CIMType":"String","Description":"Type of scan.","Name":"ScanType","Option":"Write"},{"CIMType":"MSFT_DefenderDeviceAuthenticatedScanDefinitionScanAgent","Description":"Information about the associated scan agent.","Name":"ScannerAgent","Option":"Write"},{"CIMType":"MSFT_DefenderDeviceAuthenticatedScanDefinitionAuthenticationParams","Description":"Authentication parameters.","Name":"ScanAuthenticationParams","Option":"Write"},{"CIMType":"string","Description":"Present ensures the instance exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Absent","Present"],"Values":["Absent","Present"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Configures device authenticated scan definitions in Defender."},{"ClassName":"MSFT_DefenderRoleDefinitionRolePermissions","Parameters":[{"CIMType":"String[]","Description":"Set of tasks that can be performed on a resource.","Name":"allowedResourceActions","Option":"Write"}],"Description":"## Managed custom roles in Defender"},{"ClassName":"MSFT_DefenderRoleDefinition","Parameters":[{"CIMType":"String","Description":"The display name for the role definition.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"The id of the role definition.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"The description of the role definition.","Name":"Description","Option":"Write"},{"CIMType":"MSFT_DefenderRoleDefinitionRolePermissions[]","Description":"List of permissions included in the role.","Name":"RolePermissions","Option":"Write"},{"CIMType":"string","Description":"Present ensures the instance exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Absent","Present"],"Values":["Absent","Present"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"## Managed custom roles in Defender"},{"ClassName":"MSFT_DefenderSubscriptionPlan","Parameters":[{"CIMType":"String","Description":"The display name of the subscription.","Name":"SubscriptionName","Option":"Key"},{"CIMType":"String","Description":"The Defender plan name, for the list all of possible Defender plans refer to Defender for Cloud documentation","Name":"PlanName","Option":"Key"},{"CIMType":"String","Description":"The unique identifier of the Azure subscription.","Name":"SubscriptionId","Option":"Write"},{"CIMType":"String","Description":"The pricing tier ('Standard' or 'Free')","Name":"PricingTier","Option":"Write"},{"CIMType":"String","Description":"The Defender sub plan name, for the list all of possible sub plans refer to Defender for Cloud documentation","Name":"SubPlanName","Option":"Write"},{"CIMType":"String","Description":"The extensions offered under the plan, for more information refer to Defender for Cloud documentation","Name":"Extensions","Option":"Write"},{"CIMType":"string","Description":"Present ensures the instance exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present"],"Values":["Present"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Enables or disables Microsoft Defender plans for a subscription in Microsoft Defender for Cloud.\nFor more information about the available Defender plans, sub plans and plan extensions refer to Defender for Cloud onboarding API documentation.\n<https://learn.microsoft.com/en-us/rest/api/defenderforcloud/pricings/update?view=rest-defenderforcloud-2024-01-01&tabs=HTTP/>\n\nTo have all security features enabled during plan enablement, make sure to assign the required Azure RBAC permissions to the application running this module.\nFor more information about the required permissions refer to the documentation <https://learn.microsoft.com/en-us/azure/defender-for-cloud/permissions/>."},{"ClassName":"MSFT_EXOAcceptedDomain","Parameters":[{"CIMType":"String","Description":"Specify the Fully Qualified Domain Name for the AcceptedDomain.","Name":"Identity","Option":"Key"},{"CIMType":"String","Description":"Specify if the AcceptedDomain should exist or not.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"String","Description":"The type of AcceptedDomain. Currently the EXOAcceptedDomain DSC Resource accepts a value of 'Authoritative' and 'InternalRelay'.","Name":"DomainType","Option":"Write","ValueMap":["Authoritative","InternalRelay"],"Values":["Authoritative","InternalRelay"]},{"CIMType":"Boolean","Description":"The MatchSubDomains parameter must be false on Authoritative domains. The default value is false.","Name":"MatchSubDomains","Option":"Write"},{"CIMType":"Boolean","Description":"OutboundOnly can only be enabled if the DomainType parameter is set to Authoritative or InternalRelay. The default value is false.","Name":"OutboundOnly","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures the Accepted Email Domains in Exchange Online."},{"ClassName":"MSFT_EXOActiveSyncDeviceAccessRule","Parameters":[{"CIMType":"String","Description":"The Identity parameter specifies the identity of the device access rule.","Name":"Identity","Option":"Key"},{"CIMType":"String","Description":"The AccessLevel parameter specifies whether the devices are allowed, blocked or quarantined.","Name":"AccessLevel","Option":"Write","ValueMap":["Allow","Block","Quarantine"],"Values":["Allow","Block","Quarantine"]},{"CIMType":"String","Description":"The Characteristic parameter specifies the device characteristic or category that's used by the rule.","Name":"Characteristic","Option":"Write","ValueMap":["DeviceModel","DeviceType","DeviceOS","UserAgent","XMSWLHeader"],"Values":["DeviceModel","DeviceType","DeviceOS","UserAgent","XMSWLHeader"]},{"CIMType":"String","Description":"The QueryString parameter specifies the device identifier that's used by the rule. This parameter uses a text value that's used with Characteristic parameter value to define the device.","Name":"QueryString","Option":"Write"},{"CIMType":"String","Description":"Specify if the Active Sync Device Access Rule should exist or not.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures Active Sync Device Access Rules in Exchange Online."},{"ClassName":"MSFT_EXOActiveSyncMailboxPolicy","Parameters":[{"CIMType":"String","Description":"Specifies the name of the policy.","Name":"Name","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies whether push notifications are allowed for Apple mobile devices.","Name":"AllowApplePushNotifications","Option":"Write"},{"CIMType":"String","Description":"Specifies whether the Bluetooth capabilities of the mobile phone are allowed.","Name":"AllowBluetooth","Option":"Write","ValueMap":["Disable","HandsfreeOnly","Allow"],"Values":["Disable","HandsfreeOnly","Allow"]},{"CIMType":"Boolean","Description":"Specifies whether Microsoft Pocket Internet Explorer is allowed on the mobile phone.","Name":"AllowBrowser","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies whether the mobile phone's camera is allowed.","Name":"AllowCamera","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies whether the mobile phone user can configure a personal email account on the device.","Name":"AllowConsumerEmail","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies whether the mobile phone can synchronize with a desktop computer through a cable.","Name":"AllowDesktopSync","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies whether an external device management program is allowed to manage the device.","Name":"AllowExternalDeviceManagement","Option":"Write"},{"CIMType":"Boolean","Description":"The AllowGooglePushNotifications parameter controls whether the user can receive push notifications from Google for Outlook on the web for devices. Valid input for this parameter is $true or $false. The default value is $true.","Name":"AllowGooglePushNotifications","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies whether HTML email is enabled on the device.","Name":"AllowHTMLEmail","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies whether the mobile phone can be used as a modem to connect a computer to the Internet.","Name":"AllowInternetSharing","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies whether infrared connections are allowed to the mobile phone.","Name":"AllowIrDA","Option":"Write"},{"CIMType":"Boolean","Description":"The AllowMicrosoftPushNotifications parameter specifies whether push notifications are enabled on the mobile device. Valid input for this parameter is $true or $false. The default value is $true.","Name":"AllowMicrosoftPushNotifications","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies whether certain updates are seen by devices that implemented support for this restricting functionality.","Name":"AllowMobileOTAUpdate","Option":"Write"},{"CIMType":"Boolean","Description":"Enables all devices to synchronize with the computer running Exchange, regardless of whether the device can enforce all the specific settings established in the Mobile Device mailbox policy.","Name":"AllowNonProvisionableDevices","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies whether the user can configure a POP3 or IMAP4 email account on the device.","Name":"AllowPOPIMAPEmail","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies whether the mobile phone can initiate a remote desktop connection.","Name":"AllowRemoteDesktop","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies whether a simple device password is allowed.","Name":"AllowSimplePassword","Option":"Write"},{"CIMType":"String","Description":"Specifies whether the messaging application on the device can negotiate the encryption algorithm in case a recipient's certificate doesn't support the specified encryption algorithm.","Name":"AllowSMIMEEncryptionAlgorithmNegotiation","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies whether S/MIME software certificates are allowed.","Name":"AllowSMIMESoftCerts","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies whether the device can access information stored on a storage card.","Name":"AllowStorageCard","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies whether text messaging is allowed from the device.","Name":"AllowTextMessaging","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies whether unsigned applications can be installed on the device.","Name":"AllowUnsignedApplications","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies whether unsigned installation packages can be run on the device.","Name":"AllowUnsignedInstallationPackages","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies whether wireless Internet access is allowed on the device.","Name":"AllowWiFi","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies whether the device password must be alphanumeric.","Name":"AlphanumericPasswordRequired","Option":"Write"},{"CIMType":"String[]","Description":"Specifies a list of approved applications for the device.","Name":"ApprovedApplicationList","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies whether the user can download attachments.","Name":"AttachmentsEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"Enables device encryption on the mobile phone.","Name":"DeviceEncryptionEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies that the user set a password for the device.","Name":"PasswordEnabled","Option":"Write"},{"CIMType":"String","Description":"Specifies the length of time, in days, that a password can be used.","Name":"PasswordExpiration","Option":"Write"},{"CIMType":"Sint32","Description":"Specifies the number of previously used passwords to store.","Name":"PasswordHistory","Option":"Write"},{"CIMType":"String","Description":"Specifies how often the policy is sent from the server to the mobile phone","Name":"DevicePolicyRefreshInterval","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies whether Information Rights Management (IRM) is enabled for the mailbox policy.","Name":"IrmEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies whether this policy is the default Mobile Device mailbox policy.","Name":"IsDefault","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies whether this policy is the default Mobile Device mailbox policy.","Name":"IsDefaultPolicy","Option":"Write"},{"CIMType":"String","Description":"Specifies the maximum size of attachments that can be downloaded to the mobile phone.","Name":"MaxAttachmentSize","Option":"Write"},{"CIMType":"String","Description":"Specifies the maximum range of calendar days that can be synchronized to the device.","Name":"MaxCalendarAgeFilter","Option":"Write","ValueMap":["All","TwoWeeks","OneMonth","ThreeMonths","SixMonths"],"Values":["All","TwoWeeks","OneMonth","ThreeMonths","SixMonths"]},{"CIMType":"String","Description":"Specifies the number of attempts a user can make to enter the correct password for the device.","Name":"MaxPasswordFailedAttempts","Option":"Write"},{"CIMType":"String","Description":"Specifies the maximum number of days of email items to synchronize to the device.","Name":"MaxEmailAgeFilter","Option":"Write","ValueMap":["All","OneDay","ThreeDays","OneWeek","TwoWeeks","OneMonth","ThreeMonths","SixMonths"],"Values":["All","OneDay","ThreeDays","OneWeek","TwoWeeks","OneMonth","ThreeMonths","SixMonths"]},{"CIMType":"String","Description":"Specifies the maximum size at which email messages are truncated when synchronized to the device.","Name":"MaxEmailBodyTruncationSize","Option":"Write"},{"CIMType":"String","Description":"Specifies the maximum size at which HTML-formatted email messages are synchronized to the device.","Name":"MaxEmailHTMLBodyTruncationSize","Option":"Write"},{"CIMType":"String","Description":"Specifies the length of time that the device can be inactive before the password is required to reactivate the device.","Name":"MaxInactivityTimeLock","Option":"Write"},{"CIMType":"Sint32","Description":"Specifies the minimum number of complex characters required in a device password.","Name":"MinPasswordComplexCharacters","Option":"Write"},{"CIMType":"Sint32","Description":"Specifies the minimum number of characters in the device password.","Name":"MinPasswordLength","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies whether you can store the recovery password for the device on an Exchange server.","Name":"PasswordRecoveryEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies whether encryption is required on the device.","Name":"RequireDeviceEncryption","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies whether you must encrypt S/MIME messages.","Name":"RequireEncryptedSMIMEMessages","Option":"Write"},{"CIMType":"String","Description":"Specifies what required algorithm must be used when encrypting a message.","Name":"RequireEncryptionSMIMEAlgorithm","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies whether the device must synchronize manually while roaming.","Name":"RequireManualSyncWhenRoaming","Option":"Write"},{"CIMType":"String","Description":"Specifies what required algorithm must be used when signing a message.","Name":"RequireSignedSMIMEAlgorithm","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies whether the device must send signed S/MIME messages.","Name":"RequireSignedSMIMEMessages","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies whether encryption of a storage card is required.","Name":"RequireStorageCardEncryption","Option":"Write"},{"CIMType":"String[]","Description":"Specifies a list of applications that can't be run in ROM.","Name":"UnapprovedInROMApplicationList","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies whether access to Microsoft Windows file shares is enabled.","Name":"UNCAccessEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies whether access to Microsoft Windows SharePoint Services is enabled.","Name":"WSSAccessEnabled","Option":"Write"},{"CIMType":"String","Description":"Specifies the Mobile Device mailbox policy.","Name":"Identity","Option":"Key"},{"CIMType":"String","Description":"Specifies if this AddressList should exist.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource manages Mobile Device mailbox policy for mailboxes accessed by mobile devices."},{"ClassName":"MSFT_EXOAddressBookPolicy","Parameters":[{"CIMType":"String","Description":"The Name parameter specifies the name that you want this address book policy to be called.","Name":"Name","Option":"Key"},{"CIMType":"String[]","Description":"The AddressLists parameter specifies the address lists that will be used by mailbox users who are assigned this address book policy. This parameter accepts multiple values.","Name":"AddressLists","Option":"Write"},{"CIMType":"String","Description":"The GlobalAddressList parameter specifies the identity of the global address list (GAL) that will be used by mailbox users who are assigned this address book policy. You can specify only one GAL for each address book policy.","Name":"GlobalAddressList","Option":"Write"},{"CIMType":"String","Description":"The OfflineAddressBook parameter specifies the identity of the offline address book (OAB) that will be used by mailbox users who are assigned this address book policy. You can specify only one OAB for each address book policy.","Name":"OfflineAddressBook","Option":"Write"},{"CIMType":"String","Description":"The RoomList parameter specifies the name of the room address list.","Name":"RoomList","Option":"Write"},{"CIMType":"String","Description":"Specify if the Address Book Policy should exist or not.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures Address Book Policies in Exchange Online."},{"ClassName":"MSFT_EXOAddressList","Parameters":[{"CIMType":"String","Description":"The Name parameter specifies a unique name for the address list.","Name":"Name","Option":"Key"},{"CIMType":"String[]","Description":"The ConditionalCompany parameter specifies a precanned filter that's based on the value of the recipient's Company property.","Name":"ConditionalCompany","Option":"Write"},{"CIMType":"String[]","Description":"The ConditionalCustomAttribute1 parameter specifies a precanned filter that's based on the value of the recipient's CustomAttribute1 property.","Name":"ConditionalCustomAttribute1","Option":"Write"},{"CIMType":"String[]","Description":"The ConditionalCustomAttribute10 parameter specifies a precanned filter that's based on the value of the recipient's CustomAttribute10 property.","Name":"ConditionalCustomAttribute10","Option":"Write"},{"CIMType":"String[]","Description":"The ConditionalCustomAttribute11 parameter specifies a precanned filter that's based on the value of the recipient's CustomAttribute11 property.","Name":"ConditionalCustomAttribute11","Option":"Write"},{"CIMType":"String[]","Description":"The ConditionalCustomAttribute12 parameter specifies a precanned filter that's based on the value of the recipient's CustomAttribute12 property.","Name":"ConditionalCustomAttribute12","Option":"Write"},{"CIMType":"String[]","Description":"The ConditionalCustomAttribute13 parameter specifies a precanned filter that's based on the value of the recipient's CustomAttribute13 property.","Name":"ConditionalCustomAttribute13","Option":"Write"},{"CIMType":"String[]","Description":"The ConditionalCustomAttribute14 parameter specifies a precanned filter that's based on the value of the recipient's CustomAttribute14 property.","Name":"ConditionalCustomAttribute14","Option":"Write"},{"CIMType":"String[]","Description":"The ConditionalCustomAttribute15 parameter specifies a precanned filter that's based on the value of the recipient's CustomAttribute15 property.","Name":"ConditionalCustomAttribute15","Option":"Write"},{"CIMType":"String[]","Description":"The ConditionalCustomAttribute2 parameter specifies a precanned filter that's based on the value of the recipient's CustomAttribute2 property.","Name":"ConditionalCustomAttribute2","Option":"Write"},{"CIMType":"String[]","Description":"The ConditionalCustomAttribute3 parameter specifies a precanned filter that's based on the value of the recipient's CustomAttribute3 property.","Name":"ConditionalCustomAttribute3","Option":"Write"},{"CIMType":"String[]","Description":"The ConditionalCustomAttribute4 parameter specifies a precanned filter that's based on the value of the recipient's CustomAttribute4 property.","Name":"ConditionalCustomAttribute4","Option":"Write"},{"CIMType":"String[]","Description":"The ConditionalCustomAttribute5 parameter specifies a precanned filter that's based on the value of the recipient's CustomAttribute5 property.","Name":"ConditionalCustomAttribute5","Option":"Write"},{"CIMType":"String[]","Description":"The ConditionalCustomAttribute6 parameter specifies a precanned filter that's based on the value of the recipient's CustomAttribute6 property.","Name":"ConditionalCustomAttribute6","Option":"Write"},{"CIMType":"String[]","Description":"The ConditionalCustomAttribute7 parameter specifies a precanned filter that's based on the value of the recipient's CustomAttribute7 property.","Name":"ConditionalCustomAttribute7","Option":"Write"},{"CIMType":"String[]","Description":"The ConditionalCustomAttribute8 parameter specifies a precanned filter that's based on the value of the recipient's CustomAttribute8 property.","Name":"ConditionalCustomAttribute8","Option":"Write"},{"CIMType":"String[]","Description":"The ConditionalCustomAttribute9 parameter specifies a precanned filter that's based on the value of the recipient's CustomAttribute9 property.","Name":"ConditionalCustomAttribute9","Option":"Write"},{"CIMType":"String[]","Description":"The ConditionalDepartment parameter specifies a precanned filter that's based on the value of the recipient's Department property.","Name":"ConditionalDepartment","Option":"Write"},{"CIMType":"String[]","Description":"The ConditionalStateOrProvince parameter specifies a precanned filter that's based on the value of the recipient's StateOrProvince property.","Name":"ConditionalStateOrProvince","Option":"Write"},{"CIMType":"String","Description":"The DisplayName parameter specifies the display name of the address list.","Name":"DisplayName","Option":"Write"},{"CIMType":"String[]","Description":"The IncludedRecipients parameter specifies a precanned filter that's based on the recipient type.","Name":"IncludedRecipients","Option":"Write","ValueMap":["AllRecipients","MailboxUsers","MailContacts","MailGroups","MailUsers","Resources"],"Values":["AllRecipients","MailboxUsers","MailContacts","MailGroups","MailUsers","Resources"]},{"CIMType":"String","Description":"The RecipientFilter parameter specifies a custom OPath filter that's based on the value of any available recipient property.","Name":"RecipientFilter","Option":"Write"},{"CIMType":"String","Description":"Specifies if this AddressList should exist.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures Exchange Online address lists."},{"ClassName":"MSFT_EXOAntiPhishPolicy","Parameters":[{"CIMType":"String","Description":"The Identity parameter specifies the name of the antiphishing policy that you want to modify.","Name":"Identity","Option":"Key"},{"CIMType":"String","Description":"Specify if this policy should exist or not.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"String","Description":"The AdminDisplayName parameter specifies a description for the policy.","Name":"AdminDisplayName","Option":"Write"},{"CIMType":"UInt32","Description":"The PhishThresholdLevel parameter specifies the tolerance level that's used by machine learning in the handling of phishing messages.","Name":"PhishThresholdLevel","Option":"Write","ValueMap":[1,2,3,4],"Values":[1,2,3,4]},{"CIMType":"String","Description":"The AuthenticationFailAction parameter specifies the action to take when the message fails composite authentication.","Name":"AuthenticationFailAction","Option":"Write","ValueMap":["MoveToJmf","Quarantine"],"Values":["MoveToJmf","Quarantine"]},{"CIMType":"String","Description":"The TargetedUserProtectionAction parameter specifies the action to take on detected user impersonation messages for the users specified by the TargetedUsersToProtect parameter.","Name":"TargetedUserProtectionAction","Option":"Write","ValueMap":["BccMessage","Delete","MoveToJmf","NoAction","Quarantine","Redirect"],"Values":["BccMessage","Delete","MoveToJmf","NoAction","Quarantine","Redirect"]},{"CIMType":"Boolean","Description":"Specify if this policy should be enabled. Default is $true.","Name":"Enabled","Option":"Write"},{"CIMType":"Boolean","Description":"The EnableFirstContactSafetyTips parameter specifies whether to enable or disable the safety tip that's shown when recipients first receive an email from a sender or do not often receive email from a sender.","Name":"EnableFirstContactSafetyTips","Option":"Write"},{"CIMType":"Boolean","Description":"The EnableMailboxIntelligence parameter specifies whether to enable or disable mailbox intelligence (the first contact graph) in domain and user impersonation protection.","Name":"EnableMailboxIntelligence","Option":"Write"},{"CIMType":"Boolean","Description":"The EnableMailboxIntelligenceProtection specifies whether to enable or disable enhanced impersonation results based on each user's individual sender map. This intelligence allows Microsoft 365 to customize user impersonation detection and better handle false positives.","Name":"EnableMailboxIntelligenceProtection","Option":"Write"},{"CIMType":"Boolean","Description":"The EnableOrganizationDomainsProtection parameter specifies whether to enable domain impersonation protection for all registered domains in the Office 365 organization.","Name":"EnableOrganizationDomainsProtection","Option":"Write"},{"CIMType":"Boolean","Description":"The EnableSimilarDomainsSafetyTips parameter specifies whether to enable safety tips that are shown to recipients in messages for domain impersonation detections.","Name":"EnableSimilarDomainsSafetyTips","Option":"Write"},{"CIMType":"Boolean","Description":"The EnableSimilarUsersSafetyTips parameter specifies whether to enable safety tips that are shown to recipients in messages for user impersonation detections.","Name":"EnableSimilarUsersSafetyTips","Option":"Write"},{"CIMType":"Boolean","Description":"The EnableSpoofIntelligence parameter specifies whether to enable or disable antispoofing protection for the policy.","Name":"EnableSpoofIntelligence","Option":"Write"},{"CIMType":"Boolean","Description":"The EnableTargetedDomainsProtection parameter specifies whether to enable domain impersonation protection for a list of specified domains.","Name":"EnableTargetedDomainsProtection","Option":"Write"},{"CIMType":"Boolean","Description":"The EnableTargetedUserProtection parameter specifies whether to enable user impersonation protection for the users specified by the TargetedUsersToProtect parameter","Name":"EnableTargetedUserProtection","Option":"Write"},{"CIMType":"Boolean","Description":"The EnableUnauthenticatedSender parameter enables or disables unauthenticated sender identification in Outlook.","Name":"EnableUnauthenticatedSender","Option":"Write"},{"CIMType":"Boolean","Description":"The EnableUnusualCharactersSafetyTips parameter specifies whether to enable safety tips that are shown to recipients in messages for unusual characters in domain and user impersonation detections.","Name":"EnableUnusualCharactersSafetyTips","Option":"Write"},{"CIMType":"Boolean","Description":"This setting is part of spoof protection. The EnableViaTag parameter enables or disables adding the via tag to the From address in Outlook.","Name":"EnableViaTag","Option":"Write"},{"CIMType":"Boolean","Description":"Make this the default antiphishing policy","Name":"MakeDefault","Option":"Write"},{"CIMType":"String[]","Description":"The ExcludedDomains parameter specifies trusted domains that are excluded from scanning by antiphishing protection. You can specify multiple domains separated by commas.","Name":"ExcludedDomains","Option":"Write"},{"CIMType":"String[]","Description":"The ExcludedSenders parameter specifies a list of trusted sender email addresses that are excluded from scanning by antiphishing protection. You can specify multiple email addresses separated by commas.","Name":"ExcludedSenders","Option":"Write"},{"CIMType":"Boolean","Description":"The HonorDmarcPolicy enables or disables using the sender's DMARC policy to determine what to do to messages that fail DMARC checks.","Name":"HonorDmarcPolicy","Option":"Write"},{"CIMType":"String","Description":"The ImpersonationProtectionState parameter specifies the configuration of impersonation protection.","Name":"ImpersonationProtectionState","Option":"Write"},{"CIMType":"String","Description":"The MailboxIntelligenceProtectionAction parameter specifies what to do with messages that fail mailbox intelligence protection.","Name":"MailboxIntelligenceProtectionAction","Option":"Write"},{"CIMType":"String[]","Description":"The MailboxIntelligenceProtectionActionRecipients parameter specifies the recipients to add to detected messages when the MailboxIntelligenceProtectionAction parameter is set to the value Redirect or BccMessage.","Name":"MailboxIntelligenceProtectionActionRecipients","Option":"Write"},{"CIMType":"String","Description":"The MailboxIntelligenceQuarantineTag specifies the quarantine policy that's used on messages that are quarantined by mailbox intelligence.","Name":"MailboxIntelligenceQuarantineTag","Option":"Write"},{"CIMType":"String","Description":"The SpoofQuarantineTag specifies the quarantine policy that's used on messages that are quarantined by spoof intelligence.","Name":"SpoofQuarantineTag","Option":"Write"},{"CIMType":"String[]","Description":"The TargetedDomainActionRecipients parameter specifies the recipients to add to detected domain impersonation messages when the TargetedDomainProtectionAction parameter is set to the value Redirect or BccMessage. A valid value for this parameter is an email address. You can specify multiple email addresses separated by commas.","Name":"TargetedDomainActionRecipients","Option":"Write"},{"CIMType":"String","Description":"The TargetedDomainProtectionAction parameter specifies the action to take on detected domain impersonation messages.","Name":"TargetedDomainProtectionAction","Option":"Write","ValueMap":["BccMessage","Delete","MoveToJmf","NoAction","Quarantine","Redirect"],"Values":["BccMessage","Delete","MoveToJmf","NoAction","Quarantine","Redirect"]},{"CIMType":"String[]","Description":"The TargetedDomainsToProtect parameter specifies the domains that are included in domain impersonation protection when the EnableTargetedDomainsProtection parameter is set to $true.","Name":"TargetedDomainsToProtect","Option":"Write"},{"CIMType":"String","Description":"The TargetedDomainQuarantineTag specifies the quarantine policy that's used on messages that are quarantined by domain impersonation protection.","Name":"TargetedDomainQuarantineTag","Option":"Write"},{"CIMType":"String[]","Description":"The TargetedUserActionRecipients parameter specifies the replacement or additional recipients for detected user impersonation messages when the TargetedUserProtectionAction parameter is set to the value Redirect or BccMessage. A valid value for this parameter is an email address. You can specify multiple email addresses separated by commas.","Name":"TargetedUserActionRecipients","Option":"Write"},{"CIMType":"String[]","Description":"The TargetedUsersToProtect parameter specifies the users that are included in user impersonation protection when the EnableTargetedUserProtection parameter is set to $true.","Name":"TargetedUsersToProtect","Option":"Write"},{"CIMType":"String","Description":"The TargetedUserQuarantineTag specifies the quarantine policy that's used on messages that are quarantined by user impersonation protection.","Name":"TargetedUserQuarantineTag","Option":"Write"},{"CIMType":"String","Description":"The DmarcQuarantineAction parameter specifies the action to take when a message fails DMARC checks and the sender's DMARC policy is p=quarantine","Name":"DmarcQuarantineAction","Option":"Write","ValueMap":["MoveToJmf","Quarantine"],"Values":["MoveToJmf","Quarantine"]},{"CIMType":"String","Description":"The DmarcRejectAction parameter specifies the action to take when a message fails DMARC checks and the sender's DMARC policy is p=reject.","Name":"DmarcRejectAction","Option":"Write","ValueMap":["Quarantine","Reject"],"Values":["Quarantine","Reject"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures an Anti-Phish Policy in Exchange Online."},{"ClassName":"MSFT_EXOAntiPhishRule","Parameters":[{"CIMType":"String","Description":"The Identity parameter specifies the name of the antiphishing rule that you want to modify.","Name":"Identity","Option":"Key"},{"CIMType":"String","Description":"Specify if this rule should exist or not.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"String","Description":"The AntiPhishPolicy parameter specifies the name of the antiphishing policy that's associated with the antiphishing rule.","Name":"AntiPhishPolicy","Option":"Required"},{"CIMType":"Boolean","Description":"Specify if this rule should be enabled. Default is $true.","Name":"Enabled","Option":"Write"},{"CIMType":"uint32","Description":"The Priority parameter specifies a priority value for the rule that determines the order of rule processing. A lower integer value indicates a higher priority, the value 0 is the highest priority, and rules can't have the same priority value.","Name":"Priority","Option":"Write"},{"CIMType":"String","Description":"The Comments parameter specifies informative comments for the rule, such as what the rule is used for or how it has changed over time. The length of the comment can't exceed 1024 characters.","Name":"Comments","Option":"Write"},{"CIMType":"String[]","Description":"The ExceptIfRecipientDomainIs parameter specifies an exception that looks for recipients with email address in the specified domains. You can specify multiple domains separated by commas.","Name":"ExceptIfRecipientDomainIs","Option":"Write"},{"CIMType":"String[]","Description":"The ExceptIfSentTo parameter specifies an exception that looks for recipients in messages. You can use any value that uniquely identifies the recipient.","Name":"ExceptIfSentTo","Option":"Write"},{"CIMType":"String[]","Description":"The ExceptIfSentToMemberOf parameter specifies an exception that looks for messages sent to members of groups. You can use any value that uniquely identifies the group.","Name":"ExceptIfSentToMemberOf","Option":"Write"},{"CIMType":"String[]","Description":"The RecipientDomainIs parameter specifies a condition that looks for recipients with email address in the specified domains. You can specify multiple domains separated by commas.","Name":"RecipientDomainIs","Option":"Write"},{"CIMType":"String[]","Description":"The SentTo parameter specifies a condition that looks for recipients in messages. You can use any value that uniquely identifies the recipient.","Name":"SentTo","Option":"Write"},{"CIMType":"String[]","Description":"The SentToMemberOf parameter looks for messages sent to members of groups. You can use any value that uniquely identifies the group.","Name":"SentToMemberOf","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures an Anti-Phish Rule in Exchange Online."},{"ClassName":"MSFT_EXOApplicationAccessPolicy","Parameters":[{"CIMType":"String","Description":"The Identity parameter specifies the application access policy that you want to modify.","Name":"Identity","Option":"Key"},{"CIMType":"String","Description":"The AccessRight parameter specifies the permission that you want to assign in the application access policy.","Name":"AccessRight","Option":"Write","ValueMap":["RestrictAccess","DenyAccess"],"Values":["RestrictAccess","DenyAccess"]},{"CIMType":"String[]","Description":"The AppID parameter specifies the GUID of the apps to include in the policy.","Name":"AppID","Option":"Write"},{"CIMType":"String","Description":"The PolicyScopeGroupID parameter specifies the recipient to define in the policy. You can use any value that uniquely identifies the recipient.","Name":"PolicyScopeGroupId","Option":"Write"},{"CIMType":"String","Description":"The Description parameter specifies a description for the policy.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Specify if the Application Access Policy should exist or not.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures Applications Access Policies in Exchange Online."},{"ClassName":"MSFT_EXOArcConfig","Parameters":[{"CIMType":"String","Description":"Only valid value is 'Yes'.","Name":"IsSingleInstance","Option":"Key","ValueMap":["Yes"],"Values":["Yes"]},{"CIMType":"String[]","Description":"The domain names of the ARC sealers.","Name":"ArcTrustedSealers","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource manages the list of trusted Authenticated Received Chain (ARC) sealers that are configured in the organization."},{"ClassName":"MSFT_EXOATPBuiltInProtectionRule","Parameters":[{"CIMType":"String","Description":"The Identity parameter specifies the rule that you want to modify. You can use any value that uniquely identifies the rule. ","Name":"Identity","Option":"Key"},{"CIMType":"String","Description":"The Comments parameter specifies informative comments for the rule, such as what the rule is used for or how it has changed over time. The length of the comment can't exceed 1024 characters.","Name":"Comments","Option":"Write"},{"CIMType":"String[]","Description":"The ExceptIfRecipientDomainIs parameter specifies an exception that looks for recipients with email addresses in the specified domains. You can specify multiple domains separated by commas.","Name":"ExceptIfRecipientDomainIs","Option":"Write"},{"CIMType":"String[]","Description":"The ExceptIfSentTo parameter specifies an exception that looks for recipients in messages. You can use any value that uniquely identifies the recipient.","Name":"ExceptIfSentTo","Option":"Write"},{"CIMType":"String[]","Description":"The ExceptIfSentToMemberOf parameter specifies an exception that looks for messages sent to members of groups. You can use any value that uniquely identifies the group.","Name":"ExceptIfSentToMemberOf","Option":"Write"},{"CIMType":"string","Description":"Present ensures the instance exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Absent","Present"],"Values":["Absent","Present"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Configures Defender ATP built-in protection rules."},{"ClassName":"MSFT_EXOAtpPolicyForO365","Parameters":[{"CIMType":"String","Description":"Specifies the resource is a single instance, the value must be 'Yes'","Name":"IsSingleInstance","Option":"Key","ValueMap":["Yes"],"Values":["Yes"]},{"CIMType":"String","Description":"The Identity parameter specifies the ATP policy that you want to modify. There's only one policy named Default.","Name":"Identity","Option":"Write"},{"CIMType":"Boolean","Description":"The AllowSafeDocsOpen parameter specifies whether users can click through and bypass the Protected View container even when Safe Documents identifies a file as malicious.","Name":"AllowSafeDocsOpen","Option":"Write"},{"CIMType":"Boolean","Description":"The EnableATPForSPOTeamsODB parameter specifies whether ATP is enabled for SharePoint Online, OneDrive for Business and Microsoft Teams. Default is $false.","Name":"EnableATPForSPOTeamsODB","Option":"Write"},{"CIMType":"Boolean","Description":"The EnableSafeDocs parameter specifies whether to enable the Safe Documents feature in the organization. Default is $false.","Name":"EnableSafeDocs","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures the Advanced Threat Protection (ATP) policy in Office 365. Tenant must be subscribed to ATP."},{"ClassName":"MSFT_EXOAtpProtectionPolicyRule","Parameters":[{"CIMType":"String","Description":"Identifier for the rule","Name":"Identity","Option":"Key"},{"CIMType":"Boolean","Description":"Specifies whether the rule is enabled","Name":"Enabled","Option":"Write"},{"CIMType":"String","Description":"Informative comments for the rule, such as what the rule is used for or how it has changed over time. The length of the comment can't exceed 1024 characters.","Name":"Comments","Option":"Write"},{"CIMType":"String[]","Description":"Specifies an exception that looks for recipients with email addresses in the specified domains.","Name":"ExceptIfRecipientDomainIs","Option":"Write"},{"CIMType":"String[]","Description":"Specifies an exception that looks for recipients in messages. You can use any value that uniquely identifies the recipient","Name":"ExceptIfSentTo","Option":"Write"},{"CIMType":"String[]","Description":"Specifies an exception that looks for messages sent to members of groups. You can use any value that uniquely identifies the group.","Name":"ExceptIfSentToMemberOf","Option":"Write"},{"CIMType":"String","Description":"Unique name for the rule. The maximum length is 64 characters.","Name":"Name","Option":"Write"},{"CIMType":"UInt32","Description":"Specifies a priority value for the rule that determines the order of rule processing. A lower integer value indicates a higher priority, the value 0 is the highest priority, and rules can't have the same priority value.","Name":"Priority","Option":"Write"},{"CIMType":"String[]","Description":"Specifies a condition that looks for recipients with email addresses in the specified domains.","Name":"RecipientDomainIs","Option":"Write"},{"CIMType":"String","Description":"Specifies the existing Safe Attachments policy that's associated with the preset security policy.","Name":"SafeAttachmentPolicy","Option":"Write"},{"CIMType":"String","Description":"Specifies the existing Safe Links policy that's associated with the preset security policy.","Name":"SafeLinksPolicy","Option":"Write"},{"CIMType":"String[]","Description":"Specifies a condition that looks for recipients in messages. You can use any value that uniquely identifies the recipient.","Name":"SentTo","Option":"Write"},{"CIMType":"String[]","Description":"Specifies a condition that looks for messages sent to members of distribution groups, dynamic distribution groups, or mail-enabled security groups. ","Name":"SentToMemberOf","Option":"Write"},{"CIMType":"string","Description":"Present ensures the instance exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Manage ATP Protection policy rules that are associated with Microsoft Defender for Office 365 protections in preset security policies."},{"ClassName":"MSFT_EXOAuthenticationPolicy","Parameters":[{"CIMType":"String","Description":"The Identity parameter specifies the authentication policy you want to view or modify.","Name":"Identity","Option":"Key"},{"CIMType":"Boolean","Description":"The AllowBasicAuthActiveSync switch specifies whether to allow Basic authentication with Exchange Active Sync.","Name":"AllowBasicAuthActiveSync","Option":"write"},{"CIMType":"Boolean","Description":"The AllowBasicAuthAutodiscover switch specifies whether to allow Basic authentication with Autodiscover.","Name":"AllowBasicAuthAutodiscover","Option":"write"},{"CIMType":"Boolean","Description":"The AllowBasicAuthImap switch specifies whether to allow Basic authentication with IMAP.","Name":"AllowBasicAuthImap","Option":"write"},{"CIMType":"Boolean","Description":"The AllowBasicAuthMapi switch specifies whether to allow Basic authentication with MAPI.","Name":"AllowBasicAuthMapi","Option":"write"},{"CIMType":"Boolean","Description":"The AllowBasicAuthOfflineAddressBook switch specifies whether to allow Basic authentication with Offline Address Books.","Name":"AllowBasicAuthOfflineAddressBook","Option":"write"},{"CIMType":"Boolean","Description":"The AllowBasicAuthOutlookService switch specifies whether to allow Basic authentication with the Outlook service.","Name":"AllowBasicAuthOutlookService","Option":"write"},{"CIMType":"Boolean","Description":"The AllowBasicAuthPop switch specifies whether to allow Basic authentication with POP.","Name":"AllowBasicAuthPop","Option":"write"},{"CIMType":"Boolean","Description":"The AllowBasicAuthPowerShell switch specifies whether to allow Basic authentication with PowerShell.","Name":"AllowBasicAuthPowershell","Option":"write"},{"CIMType":"Boolean","Description":"The AllowBasicAuthReporting Web Services switch specifies whether to allow Basic authentication with reporting web services.","Name":"AllowBasicAuthReportingWebServices","Option":"write"},{"CIMType":"Boolean","Description":"The AllowBasicAuthRpc switch specifies whether to allow Basic authentication with RPC.","Name":"AllowBasicAuthRpc","Option":"write"},{"CIMType":"Boolean","Description":"The AllowBasicAuthSmtp switch specifies whether to allow Basic authentication with SMTP.","Name":"AllowBasicAuthSmtp","Option":"write"},{"CIMType":"Boolean","Description":"The AllowBasicAuthWebServices switch specifies whether to allow Basic authentication with Exchange Web Services (EWS).","Name":"AllowBasicAuthWebServices","Option":"write"},{"CIMType":"String","Description":"Specify if the authentication Policy should exist or not.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures Authentication Policies in Exchange Online."},{"ClassName":"MSFT_EXOAuthenticationPolicyAssignment","Parameters":[{"CIMType":"String","Description":"Name of the user assigned to the authentication policy.","Name":"UserName","Option":"Key"},{"CIMType":"String","Description":"Name of the authentication policy.","Name":"AuthenticationPolicyName","Option":"write"},{"CIMType":"String","Description":"Specify if the authentication Policy should exist or not.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource assigns Exchange Online Authentication Policies to users."},{"ClassName":"MSFT_EXOAvailabilityAddressSpace","Parameters":[{"CIMType":"String","Description":"The Identity parameter specifies the AvailabilityAddressSpace you want to modify.","Name":"Identity","Option":"Key"},{"CIMType":"String","Description":"The AccessMethod parameter specifies how the free/busy data is accessed. Valid values are:PerUserFB, OrgWideFB, OrgWideFBToken, OrgWideFBBasic,InternalProxy","Name":"AccessMethod","Option":"Write","ValueMap":["PerUserFB","OrgWideFB","OrgWideFBToken","OrgWideFBBasic","InternalProxy"],"Values":["PerUserFB","OrgWideFB","OrgWideFBToken","OrgWideFBBasic","InternalProxy"]},{"CIMType":"String","Description":"The Credentials parameter specifies the username and password that's used to access the Availability services in the target forest.","Name":"Credentials","Option":"Write"},{"CIMType":"String","Description":"The ForestName parameter specifies the SMTP domain name of the target forest for users whose free/busy data must be retrieved. If your users are distributed among multiple SMTP domains in the target forest, run the Add-AvailabilityAddressSpace command once for each SMTP domain.","Name":"ForestName","Option":"Write"},{"CIMType":"String","Description":"The TargetAutodiscoverEpr parameter specifies the Autodiscover URL of Exchange Web Services for the external organization. Exchange uses Autodiscover to automatically detect the correct server endpoint for external requests.","Name":"TargetAutodiscoverEpr","Option":"Write"},{"CIMType":"String","Description":"The TargetServiceEpr parameter specifies the Exchange Online Calendar Service URL of the external Microsoft 365 organization that you're trying to read free/busy information from.","Name":"TargetServiceEpr","Option":"Write"},{"CIMType":"String","Description":"The TargetTenantID parameter specifies the tenant ID of the external Microsoft 365 organization that you're trying to read free/busy information from.","Name":"TargetTenantId","Option":"Write"},{"CIMType":"String","Description":"Specifies if this AvailabilityAddressSpace should exist.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Create a new AvailabilityAddressSpace in your cloud-based organization."},{"ClassName":"MSFT_EXOAvailabilityConfig","Parameters":[{"CIMType":"String","Description":"Specify the OrgWideAccount for the AvailabilityConfig.","Name":"OrgWideAccount","Option":"Key"},{"CIMType":"String","Description":"Specify if the AvailabilityConfig should exist or not.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures the Availability Config in Exchange Online."},{"ClassName":"MSFT_EXOCalendarProcessing","Parameters":[{"CIMType":"String","Description":"The Identity parameter specifies the resource mailbox that you want to view. You can use any value that uniquely identifies the mailbox.","Name":"Identity","Option":"Key"},{"CIMType":"Boolean","Description":"The AddAdditionalResponse parameter specifies whether additional information (the value of the AdditionalResponse parameter) is added to meeting request responses","Name":"AddAdditionalResponse","Option":"Write"},{"CIMType":"String","Description":"The AdditionalResponse parameter specifies the additional information to be included in responses to meeting requests when the value of the AddAdditionalResponse parameter is $true. If the value contains spaces, enclose the value in quotation marks.","Name":"AdditionalResponse","Option":"Write"},{"CIMType":"Boolean","Description":"The AddNewRequestsTentatively parameter specifies whether new meeting requests are added to the calendar as tentative","Name":"AddNewRequestsTentatively","Option":"Write"},{"CIMType":"Boolean","Description":"The AddOrganizerToSubject parameter specifies whether the meeting organizer's name is used as the subject of the meeting request.","Name":"AddOrganizerToSubject","Option":"Write"},{"CIMType":"Boolean","Description":"The AllBookInPolicy parameter specifies whether to automatically approve in-policy requests from all users to the resource mailbox.","Name":"AllBookInPolicy","Option":"Write"},{"CIMType":"Boolean","Description":"The AllowConflicts parameter specifies whether to allow conflicting meeting requests.","Name":"AllowConflicts","Option":"Write"},{"CIMType":"Boolean","Description":"The AllowRecurringMeetings parameter specifies whether to allow recurring meetings in meeting requests.","Name":"AllowRecurringMeetings","Option":"Write"},{"CIMType":"Boolean","Description":"The AllRequestInPolicy parameter specifies whether to allow all users to submit in-policy requests to the resource mailbox.","Name":"AllRequestInPolicy","Option":"Write"},{"CIMType":"Boolean","Description":"The AllRequestOutOfPolicy parameter specifies whether to allow all users to submit out-of-policy requests to the resource mailbox.","Name":"AllRequestOutOfPolicy","Option":"Write"},{"CIMType":"String","Description":"The AutomateProcessing parameter enables or disables calendar processing on the mailbox.","Name":"AutomateProcessing","Option":"Write","ValueMap":["None","AutoUpdate","AutoAccept"],"Values":["None","AutoUpdate","AutoAccept"]},{"CIMType":"String","Description":"The BookingType parameter specifies how reservations work on the resource mailbox.","Name":"BookingType","Option":"Write","ValueMap":["Standard","Reserved"],"Values":["Standard","Reserved"]},{"CIMType":"UInt32","Description":"The BookingWindowInDays parameter specifies the maximum number of days in advance that the resource can be reserved. A valid value is an integer from 0 through 1080. The default value is 180 days. The value 0 means today.","Name":"BookingWindowInDays","Option":"Write"},{"CIMType":"String[]","Description":"The BookInPolicy parameter specifies users or groups who are allowed to submit in-policy meeting requests to the resource mailbox that are automatically approved. You can use any value that uniquely identifies the user or group.","Name":"BookInPolicy","Option":"Write"},{"CIMType":"UInt32","Description":"The ConflictPercentageAllowed parameter specifies the maximum percentage of meeting conflicts for new recurring meeting requests. A valid value is an integer from 0 through 100. The default value is 0.","Name":"ConflictPercentageAllowed","Option":"Write"},{"CIMType":"Boolean","Description":"The DeleteAttachments parameter specifies whether to remove attachments from all incoming messages.","Name":"DeleteAttachments","Option":"Write"},{"CIMType":"Boolean","Description":"The DeleteComments parameter specifies whether to remove or keep any text in the message body of incoming meeting requests.","Name":"DeleteComments","Option":"Write"},{"CIMType":"Boolean","Description":"The DeleteNonCalendarItems parameter specifies whether to remove or keep all non-calendar-related messages that are received by the resource mailbox.","Name":"DeleteNonCalendarItems","Option":"Write"},{"CIMType":"Boolean","Description":"The DeleteSubject parameter specifies whether to remove or keep the subject of incoming meeting requests. ","Name":"DeleteSubject","Option":"Write"},{"CIMType":"Boolean","Description":"N/A","Name":"EnableAutoRelease","Option":"Write"},{"CIMType":"Boolean","Description":"The EnableResponseDetails parameter specifies whether to include the reasons for accepting or declining a meeting in the response email message.","Name":"EnableResponseDetails","Option":"Write"},{"CIMType":"Boolean","Description":"The EnforceCapacity parameter specifies whether to restrict the number of attendees to the capacity of the workspace. For example, if capacity is set to 10, then only 10 people can book the workspace.","Name":"EnforceCapacity","Option":"Write"},{"CIMType":"Boolean","Description":"The EnforceSchedulingHorizon parameter controls the behavior of recurring meetings that extend beyond the date specified by the BookingWindowInDays parameter.","Name":"EnforceSchedulingHorizon","Option":"Write"},{"CIMType":"Boolean","Description":"The ForwardRequestsToDelegates parameter specifies whether to forward incoming meeting requests to the delegates that are configured for the resource mailbox.","Name":"ForwardRequestsToDelegates","Option":"Write"},{"CIMType":"UInt32","Description":"The MaximumConflictInstances parameter specifies the maximum number of conflicts for new recurring meeting requests when the AllowRecurringMeetings parameter is set to $true. A valid value is an integer from 0 through INT32 (2147483647). The default value is 0.","Name":"MaximumConflictInstances","Option":"Write"},{"CIMType":"UInt32","Description":"The MaximumDurationInMinutes parameter specifies the maximum duration in minutes for meeting requests. A valid value is an integer from 0 through INT32 (2147483647). The default value is 1440 (24 hours).","Name":"MaximumDurationInMinutes","Option":"Write"},{"CIMType":"UInt32","Description":"The MinimumDurationInMinutes parameter specifies the minimum duration in minutes for meeting requests in workspace mailboxes. A valid value is an integer from 0 through INT32 (2147483647). The default value is 0, which means there is no minimum duration.","Name":"MinimumDurationInMinutes","Option":"Write"},{"CIMType":"Boolean","Description":"The OrganizerInfo parameter specifies whether the resource mailbox sends organizer information when a meeting request is declined because of conflicts.","Name":"OrganizerInfo","Option":"Write"},{"CIMType":"UInt32","Description":"N/A","Name":"PostReservationMaxClaimTimeInMinutes","Option":"Write"},{"CIMType":"Boolean","Description":"The ProcessExternalMeetingMessages parameter specifies whether to process meeting requests that originate outside the Exchange organization.","Name":"ProcessExternalMeetingMessages","Option":"Write"},{"CIMType":"Boolean","Description":"The RemoveCanceledMeetings parameter specifies whether to automatically delete meetings that were cancelled by the organizer from the resource mailbox's calendar. ","Name":"RemoveCanceledMeetings","Option":"Write"},{"CIMType":"Boolean","Description":"The RemoveForwardedMeetingNotifications parameter specifies whether forwarded meeting notifications are moved to the Deleted Items folder after they're processed by the Calendar Attendant. ","Name":"RemoveForwardedMeetingNotifications","Option":"Write"},{"CIMType":"Boolean","Description":"The RemoveOldMeetingMessages parameter specifies whether the Calendar Attendant removes old and redundant updates and responses.","Name":"RemoveOldMeetingMessages","Option":"Write"},{"CIMType":"Boolean","Description":"The RemovePrivateProperty parameter specifies whether to clear the private flag for incoming meetings that were sent by the organizer in the original requests. ","Name":"RemovePrivateProperty","Option":"Write"},{"CIMType":"String[]","Description":"The RemovePrivateProperty parameter specifies whether to clear the private flag for incoming meetings that were sent by the organizer in the original requests. ","Name":"RequestInPolicy","Option":"Write"},{"CIMType":"String[]","Description":"The RequestOutOfPolicy parameter specifies users who are allowed to submit out-of-policy requests that require approval by a resource mailbox delegate. You can use any value that uniquely identifies the user. ","Name":"RequestOutOfPolicy","Option":"Write"},{"CIMType":"String[]","Description":"The ResourceDelegates parameter specifies users can approve or reject requests that are sent to the resource mailbox. You can use any value that uniquely identifies the user. ","Name":"ResourceDelegates","Option":"Write"},{"CIMType":"Boolean","Description":"The ScheduleOnlyDuringWorkHours parameter specifies whether to allow meetings to be scheduled outside of the working hours that are defined for the resource mailbox.","Name":"ScheduleOnlyDuringWorkHours","Option":"Write"},{"CIMType":"Boolean","Description":"The TentativePendingApproval parameter specifies whether to mark pending requests as tentative on the calendar.","Name":"TentativePendingApproval","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Determines whether or not the instance exist.","Name":"Ensure","Option":"Write","ValueMap":["Present"],"Values":["Present"]},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures the Calendar Processing settings Exchange Online."},{"ClassName":"MSFT_EXOCASMailboxPlan","Parameters":[{"CIMType":"String","Description":"The Identity parameter specifies the CAS Mailbox Plan that you want to modify.","Name":"Identity","Option":"Key"},{"CIMType":"String","Description":"The display name of the CAS Mailbox Plan.","Name":"DisplayName","Option":"Write"},{"CIMType":"String","Description":"CASMailboxPlans cannot be created/removed in O365.  This must be set to 'Present'","Name":"Ensure","Option":"Write","ValueMap":["Present"],"Values":["Present"]},{"CIMType":"Boolean","Description":"The ActiveSyncEnabled parameter enables or disables access to the mailbox by using Exchange Active Sync. Default is $true.","Name":"ActiveSyncEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The ImapEnabled parameter enables or disables access to the mailbox by using IMAP4 clients. The default value is $true for all CAS mailbox plans except ExchangeOnlineDeskless which is $false by default.","Name":"ImapEnabled","Option":"Write"},{"CIMType":"String","Description":"The OwaMailboxPolicy parameter specifies the Outlook on the web (formerly known as Outlook Web App) mailbox policy for the mailbox plan. The default value is OwaMailboxPolicy-Default. You can use the Get-OwaMailboxPolicy cmdlet to view the available Outlook on the web mailbox policies.","Name":"OwaMailboxPolicy","Option":"Write"},{"CIMType":"Boolean","Description":"The PopEnabled parameter enables or disables access to the mailbox by using POP3 clients. Default is $true.","Name":"PopEnabled","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures Client Access services (CAS) mailbox plans in cloud-based organizations."},{"ClassName":"MSFT_EXOCASMailboxSettings","Parameters":[{"CIMType":"String","Description":"The Identity parameter specifies the mailbox that you want to configure.","Name":"Identity","Option":"Key"},{"CIMType":"String[]","Description":"TheActiveSyncAllowedDeviceIDs parameter specifies one or more Exchange ActiveSync device IDs that are allowed to synchronize with the mailbox.","Name":"ActiveSyncAllowedDeviceIDs","Option":"Write"},{"CIMType":"String[]","Description":"The ActiveSyncBlockedDeviceIDs parameter specifies one or more Exchange ActiveSync device IDs that aren't allowed to synchronize with the mailbox.","Name":"ActiveSyncBlockedDeviceIDs","Option":"Write"},{"CIMType":"Boolean","Description":"The ActiveSyncDebugLogging parameter enables or disables Exchange ActiveSync debug logging for the mailbox.","Name":"ActiveSyncDebugLogging","Option":"Write"},{"CIMType":"Boolean","Description":"The ActiveSyncEnabled parameter enables or disables access to the mailbox using Exchange ActiveSync.","Name":"ActiveSyncEnabled","Option":"Write"},{"CIMType":"String","Description":"The ActiveSyncMailboxPolicy parameter specifies the Exchange ActiveSync mailbox policy for the mailbox.","Name":"ActiveSyncMailboxPolicy","Option":"Write"},{"CIMType":"Boolean","Description":"The ActiveSyncSuppressReadReceipt parameter controls the behavior of read receipts for Exchange ActiveSync clients that access the mailbox.","Name":"ActiveSyncSuppressReadReceipt","Option":"Write"},{"CIMType":"Boolean","Description":"The EwsAllowEntourage parameter enables or disables access to the mailbox by Microsoft Entourage clients that use Exchange Web Services.","Name":"EwsAllowEntourage","Option":"Write"},{"CIMType":"String[]","Description":"The EwsAllowList parameter specifies the Exchange Web Services applications (user agent strings) that are allowed to access the mailbox.","Name":"EwsAllowList","Option":"Write"},{"CIMType":"Boolean","Description":"The EwsAllowMacOutlook parameter enables or disables access to the mailbox by Outlook for Mac clients that use Exchange Web Services.","Name":"EwsAllowMacOutlook","Option":"Write"},{"CIMType":"Boolean","Description":"The EwsAllowOutlook parameter enables or disables access to the mailbox by Outlook clients that use Exchange Web Services.","Name":"EwsAllowOutlook","Option":"Write"},{"CIMType":"String","Description":"The EwsApplicationAccessPolicy parameter controls access to the mailbox using Exchange Web Services applications.","Name":"EwsApplicationAccessPolicy","Option":"Write"},{"CIMType":"String[]","Description":"The EwsBlockList parameter specifies the Exchange Web Services applications (user agent strings) that aren't allowed to access the mailbox using Exchange Web Services.","Name":"EwsBlockList","Option":"Write"},{"CIMType":"Boolean","Description":"The EwsEnabled parameter enables or disables access to the mailbox using Exchange Web Services clients.","Name":"EwsEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The ImapEnabled parameter enables or disables access to the mailbox using IMAP4 clients.","Name":"ImapEnabled","Option":"Write"},{"CIMType":"String","Description":"The ImapMessagesRetrievalMimeFormat parameter specifies the message format for IMAP4 clients that access the mailbox.","Name":"ImapMessagesRetrievalMimeFormat","Option":"Write"},{"CIMType":"Boolean","Description":"The ImapForceICalForCalendarRetrievalOption parameter specifies how meeting requests are presented to IMAP4 clients that access the mailbox.","Name":"ImapForceICalForCalendarRetrievalOption","Option":"Write"},{"CIMType":"Boolean","Description":"The ImapSuppressReadReceipt parameter controls the behavior of read receipts for IMAP4 clients that access the mailbox.","Name":"ImapSuppressReadReceipt","Option":"Write"},{"CIMType":"Boolean","Description":"The ImapUseProtocolDefaults parameter specifies whether to use the IMAP4 protocol defaults for the mailbox.","Name":"ImapUseProtocolDefaults","Option":"Write"},{"CIMType":"Boolean","Description":"The MacOutlookEnabled parameter enables or disables access to the mailbox using Outlook for Mac clients that use Microsoft Sync technology.","Name":"MacOutlookEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The MAPIEnabled parameter enables or disables access to the mailbox using MAPI clients (for example, Outlook).","Name":"MAPIEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The OneWinNativeOutlookEnabled parameter enables or disables access to the mailbox using the new Outlook for Windows.","Name":"OneWinNativeOutlookEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The OutlookMobileEnabled parameter enables or disables access to the mailbox using Outlook for iOS and Android.","Name":"OutlookMobileEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The OWAEnabled parameter enables or disables access to the mailbox using Outlook on the web (formerly known as Outlook Web App or OWA).","Name":"OWAEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The OWAforDevicesEnabled parameter enables or disables access to the mailbox using the older Outlook Web App (OWA) app on iOS and Android devices.","Name":"OWAforDevicesEnabled","Option":"Write"},{"CIMType":"String","Description":"The OwaMailboxPolicy parameter specifies the Outlook on the web mailbox policy for the mailbox.","Name":"OwaMailboxPolicy","Option":"Write"},{"CIMType":"Boolean","Description":"The PopEnabled parameter enables or disables access to the mailbox using POP3 clients.","Name":"PopEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The PopForceICalForCalendarRetrievalOption parameter specifies how meeting requests are presented to POP3 clients that access the mailbox.","Name":"PopForceICalForCalendarRetrievalOption","Option":"Write"},{"CIMType":"String","Description":"The PopMessagesRetrievalMimeFormat parameter specifies the message format for POP3 clients that access the mailbox.","Name":"PopMessagesRetrievalMimeFormat","Option":"Write"},{"CIMType":"Boolean","Description":"The PopSuppressReadReceipt parameter controls the behavior of read receipts for POP3 clients that access the mailbox.","Name":"PopSuppressReadReceipt","Option":"Write"},{"CIMType":"Boolean","Description":"The PopUseProtocolDefaults parameter specifies whether to use the POP3 protocol defaults for the mailbox.","Name":"PopUseProtocolDefaults","Option":"Write"},{"CIMType":"Boolean","Description":"The PublicFolderClientAccess parameter enables or disables access to public folders in Microsoft Outlook.","Name":"PublicFolderClientAccess","Option":"Write"},{"CIMType":"Boolean","Description":"The ShowGalAsDefaultView parameter specifies whether the global address list (GAL) is the default recipient picker for messages.","Name":"ShowGalAsDefaultView","Option":"Write"},{"CIMType":"Boolean","Description":"The SmtpClientAuthenticationDisabled parameter specifies whether to disable authenticated SMTP (SMTP AUTH) for the mailbox.","Name":"SmtpClientAuthenticationDisabled","Option":"Write"},{"CIMType":"Boolean","Description":"The UniversalOutlookEnabled parameter enables or disables access to the mailbox using Windows 10 Mail and Calendar.","Name":"UniversalOutlookEnabled","Option":"Write"},{"CIMType":"string","Description":"Present ensures the Mailbox CAS settings are applied.","Name":"Ensure","Option":"Write","ValueMap":["Present"],"Values":["Present"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures CAS mailbox settings."},{"ClassName":"MSFT_EXODataAtRestEncryptionPolicy","Parameters":[{"CIMType":"String","Description":"The Identity parameter specifies the data-at-rest encryption policy that you want to modify.","Name":"Identity","Option":"Key"},{"CIMType":"String","Description":"The Name parameter specifies a unique name for the Microsoft 365 data-at-rest encryption policy.","Name":"Name","Option":"Write"},{"CIMType":"String","Description":"The Description parameter specifies an optional description for the policy.","Name":"Description","Option":"Write"},{"CIMType":"Boolean","Description":"The Enabled parameter specifies whether the policy is enabled or disabled. ","Name":"Enabled","Option":"Write"},{"CIMType":"String[]","Description":"The AzureKeyIDs parameter specifies the URL of the encryption key in the Azure Key Vault that's used for encryption.","Name":"AzureKeyIDs","Option":"Write"},{"CIMType":"string","Description":"Present ensures the instance exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Absent","Present"],"Values":["Absent","Present"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Microsoft 365 data-at-rest encryption policy for multi-workload usage."},{"ClassName":"MSFT_EXODataAtRestEncryptionPolicyAssignment","Parameters":[{"CIMType":"String","Description":"Only valid value is 'Yes'.","Name":"IsSingleInstance","Option":"Key","ValueMap":["Yes"],"Values":["Yes"]},{"CIMType":"String","Description":"The DataEncryptionPolicy parameter specifies the Microsoft 365 data-at-rest encryption policy.","Name":"DataEncryptionPolicy","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Use the Set-M365DataAtRestEncryptionPolicyAssignment cmdlet to assign a Microsoft 365 data-at-rest encryption policy at the tenant level."},{"ClassName":"MSFT_EXODataClassification","Parameters":[{"CIMType":"String","Description":"The Identity parameter specifies the data classification rule that you want to modify.","Name":"Identity","Option":"Key"},{"CIMType":"String","Description":"The Description parameter specifies a description for the data classification rule. You use the Description parameter with the Locale and Name parameters to specify descriptions for the data classification rule in different languages. ","Name":"Description","Option":"Write"},{"CIMType":"String[]","Description":"The Fingerprints parameter specifies the byte-encoded document files that are used as fingerprints by the data classification rule.","Name":"Fingerprints","Option":"Write"},{"CIMType":"Boolean","Description":"IsDefault is used with the Locale parameter to specify the default language for the data classification rule.","Name":"IsDefault","Option":"Write"},{"CIMType":"String","Description":"The Locale parameter adds or removes languages that are associated with the data classification rule.","Name":"Locale","Option":"Write"},{"CIMType":"String","Description":"The Name parameter specifies a name for the data classification rule. The value must be less than 256 characters.","Name":"Name","Option":"Write"},{"CIMType":"String","Description":"Specifies if this policy should exist.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Create a new data classification policy in your cloud-based organization."},{"ClassName":"MSFT_EXODataEncryptionPolicy","Parameters":[{"CIMType":"String","Description":"The Identity parameter specifies the data encryption policy that you want to modify.","Name":"Identity","Option":"Key"},{"CIMType":"String[]","Description":"The AzureKeyIDs parameter specifies the URI values of the Azure Key Vault keys to associate with the data encryption policy.","Name":"AzureKeyIDs","Option":"Write"},{"CIMType":"String","Description":"The Description parameter specifies an optional description for the data encryption policy","Name":"Description","Option":"Write"},{"CIMType":"Boolean","Description":"The Enabled parameter enables or disable the data encryption policy.","Name":"Enabled","Option":"Write"},{"CIMType":"String","Description":"The Name parameter specifies the unique name for the data encryption policy.","Name":"Name","Option":"Write"},{"CIMType":"String","Description":"The PermanentDataPurgeContact parameter specifies a contact for the purge of all data that's encrypted by the data encryption policy.","Name":"PermanentDataPurgeContact","Option":"Write"},{"CIMType":"String","Description":"The PermanentDataPurgeReason parameter specifies a descriptive reason for the purge of all data that's encrypted by the data encryption policy","Name":"PermanentDataPurgeReason","Option":"Write"},{"CIMType":"String","Description":"Specifies if this policy should exist.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Create a new Data Encryption policy in your cloud-based organization."},{"ClassName":"MSFT_EXODistributionGroup","Parameters":[{"CIMType":"String","Description":"The Identity parameter specifies the distribution group or mail-enabled security group that you want to modify. You can use any value that uniquely identifies the group.","Name":"Identity","Option":"Key"},{"CIMType":"String","Description":"The Name parameter specifies a unique name for the address list.","Name":"Name","Option":"Required"},{"CIMType":"String","Description":"Exchange alias (also known as the mail nickname) for the recipient","Name":"Alias","Option":"Write"},{"CIMType":"Boolean","Description":"Is Bcc blocked for the distribution group.","Name":"BccBlocked","Option":"Write"},{"CIMType":"String[]","Description":"The BypassModerationFromSendersOrMembers parameter specifies who is allowed to send messages to this moderated recipient without approval from a moderator. Valid values for this parameter are individual senders and groups in your organization. Specifying a group means all members of the group are allowed to send messages to this recipient without approval from a moderator.","Name":"BypassModerationFromSendersOrMembers","Option":"Write"},{"CIMType":"Boolean","Description":"The ByPassNestedModerationEnabled parameter specifies how to handle message approval when a moderated group contains other moderated groups as members.","Name":"BypassNestedModerationEnabled","Option":"Write"},{"CIMType":"String","Description":"Description of the distribution group.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"The DisplayName parameter specifies the display name of the group. The display name is visible in the Exchange admin center and in address lists. The maximum length is 256 characters.","Name":"DisplayName","Option":"Write"},{"CIMType":"Boolean","Description":"The HiddenGroupMembershipEnabled switch specifies whether to hide the members of the distribution group from members of the group and users who aren't members of the group.","Name":"HiddenGroupMembershipEnabled","Option":"Write"},{"CIMType":"String[]","Description":"The ManagedBy parameter specifies an owner for the group. A group must have at least one owner.","Name":"ManagedBy","Option":"Write"},{"CIMType":"String","Description":"The MemberDepartRestriction parameter specifies the restrictions that you put on requests to leave the group. Valid values are: Open & Closed","Name":"MemberDepartRestriction","Option":"Write","ValueMap":["Open","Closed"],"Values":["Open","Closed"]},{"CIMType":"String","Description":"The MemberJoinRestriction parameter specifies the restrictions that you put on requests to join the group. Valid values are: Open, Closed & ApprovalRequired","Name":"MemberJoinRestriction","Option":"Write","ValueMap":["Open","Closed","ApprovalRequired"],"Values":["Open","Closed","ApprovalRequired"]},{"CIMType":"String[]","Description":"The Members parameter specifies the recipients (mail-enabled objects) that are members of the group. You can use any value that uniquely identifies the recipient.","Name":"Members","Option":"Write"},{"CIMType":"String[]","Description":"The ModeratedBy parameter specifies one or more moderators for this group. A moderator approves messages sent to the group before the messages are delivered. A moderator must be a mailbox, mail user, or mail contact in your organization. You can use any value that uniquely identifies the moderator.","Name":"ModeratedBy","Option":"Write"},{"CIMType":"Boolean","Description":"The ModerationEnabled parameter specifies whether moderation is enabled for this recipient.","Name":"ModerationEnabled","Option":"Write"},{"CIMType":"String","Description":"The Notes parameters specifies additional information about the object.","Name":"Notes","Option":"Write"},{"CIMType":"String","Description":"The OrganizationalUnit parameter specifies the location in Active Directory where the group is created.","Name":"OrganizationalUnit","Option":"Write"},{"CIMType":"String","Description":"The PrimarySmtpAddress parameter specifies the primary return email address that's used for the recipient.","Name":"PrimarySmtpAddress","Option":"Write"},{"CIMType":"Boolean","Description":"The RequireSenderAuthenticationEnabled parameter specifies whether to accept messages only from authenticated (internal) senders.","Name":"RequireSenderAuthenticationEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The RoomList switch specifies that all members of this distribution group are room mailboxes. You don't need to specify a value with this switch.","Name":"RoomList","Option":"Write"},{"CIMType":"String[]","Description":"The AcceptMessagesOnlyFrom parameter specifies who is allowed to send messages to this recipient. Messages from other senders are rejected.","Name":"AcceptMessagesOnlyFrom","Option":"Write"},{"CIMType":"String[]","Description":"The AcceptMessagesOnlyFromDLMembers parameter specifies who is allowed to send messages to this recipient. Messages from other senders are rejected.","Name":"AcceptMessagesOnlyFromDLMembers","Option":"Write"},{"CIMType":"String[]","Description":"The AcceptMessagesOnlyFromSendersOrMembers parameter specifies who is allowed to send messages to this recipient. Messages from other senders are rejected.","Name":"AcceptMessagesOnlyFromSendersOrMembers","Option":"Write"},{"CIMType":"String","Description":"This parameter specifies a value for the CustomAttribute1 property on the recipient. You can use this property to store custom information about the recipient, and to identify the recipient in filters. The maximum length is 1024 characters. If the value contains spaces, enclose the value in quotation marks.","Name":"CustomAttribute1","Option":"Write"},{"CIMType":"String","Description":"This parameter specifies a value for the CustomAttribute2 property on the recipient. You can use this property to store custom information about the recipient, and to identify the recipient in filters. The maximum length is 1024 characters. If the value contains spaces, enclose the value in quotation marks.","Name":"CustomAttribute2","Option":"Write"},{"CIMType":"String","Description":"This parameter specifies a value for the CustomAttribute3 property on the recipient. You can use this property to store custom information about the recipient, and to identify the recipient in filters. The maximum length is 1024 characters. If the value contains spaces, enclose the value in quotation marks.","Name":"CustomAttribute3","Option":"Write"},{"CIMType":"String","Description":"This parameter specifies a value for the CustomAttribute4 property on the recipient. You can use this property to store custom information about the recipient, and to identify the recipient in filters. The maximum length is 1024 characters. If the value contains spaces, enclose the value in quotation marks.","Name":"CustomAttribute4","Option":"Write"},{"CIMType":"String","Description":"This parameter specifies a value for the CustomAttribute5 property on the recipient. You can use this property to store custom information about the recipient, and to identify the recipient in filters. The maximum length is 1024 characters. If the value contains spaces, enclose the value in quotation marks.","Name":"CustomAttribute5","Option":"Write"},{"CIMType":"String","Description":"This parameter specifies a value for the CustomAttribute6 property on the recipient. You can use this property to store custom information about the recipient, and to identify the recipient in filters. The maximum length is 1024 characters. If the value contains spaces, enclose the value in quotation marks.","Name":"CustomAttribute6","Option":"Write"},{"CIMType":"String","Description":"This parameter specifies a value for the CustomAttribute7 property on the recipient. You can use this property to store custom information about the recipient, and to identify the recipient in filters. The maximum length is 1024 characters. If the value contains spaces, enclose the value in quotation marks.","Name":"CustomAttribute7","Option":"Write"},{"CIMType":"String","Description":"This parameter specifies a value for the CustomAttribute8 property on the recipient. You can use this property to store custom information about the recipient, and to identify the recipient in filters. The maximum length is 1024 characters. If the value contains spaces, enclose the value in quotation marks.","Name":"CustomAttribute8","Option":"Write"},{"CIMType":"String","Description":"This parameter specifies a value for the CustomAttribute9 property on the recipient. You can use this property to store custom information about the recipient, and to identify the recipient in filters. The maximum length is 1024 characters. If the value contains spaces, enclose the value in quotation marks.","Name":"CustomAttribute9","Option":"Write"},{"CIMType":"String","Description":"This parameter specifies a value for the CustomAttribute10 property on the recipient. You can use this property to store custom information about the recipient, and to identify the recipient in filters. The maximum length is 1024 characters. If the value contains spaces, enclose the value in quotation marks.","Name":"CustomAttribute10","Option":"Write"},{"CIMType":"String","Description":"This parameter specifies a value for the CustomAttribute11 property on the recipient. You can use this property to store custom information about the recipient, and to identify the recipient in filters. The maximum length is 1024 characters. If the value contains spaces, enclose the value in quotation marks.","Name":"CustomAttribute11","Option":"Write"},{"CIMType":"String","Description":"This parameter specifies a value for the CustomAttribute12 property on the recipient. You can use this property to store custom information about the recipient, and to identify the recipient in filters. The maximum length is 1024 characters. If the value contains spaces, enclose the value in quotation marks.","Name":"CustomAttribute12","Option":"Write"},{"CIMType":"String","Description":"This parameter specifies a value for the CustomAttribute13 property on the recipient. You can use this property to store custom information about the recipient, and to identify the recipient in filters. The maximum length is 1024 characters. If the value contains spaces, enclose the value in quotation marks.","Name":"CustomAttribute13","Option":"Write"},{"CIMType":"String","Description":"This parameter specifies a value for the CustomAttribute14 property on the recipient. You can use this property to store custom information about the recipient, and to identify the recipient in filters. The maximum length is 1024 characters. If the value contains spaces, enclose the value in quotation marks.","Name":"CustomAttribute14","Option":"Write"},{"CIMType":"String","Description":"This parameter specifies a value for the CustomAttribute15 property on the recipient. You can use this property to store custom information about the recipient, and to identify the recipient in filters. The maximum length is 1024 characters. If the value contains spaces, enclose the value in quotation marks.","Name":"CustomAttribute15","Option":"Write"},{"CIMType":"String[]","Description":"The EmailAddresses parameter specifies all email addresses (proxy addresses) for the recipient, including the primary SMTP address. In on-premises Exchange organizations, the primary SMTP address and other proxy addresses are typically set by email address policies. However, you can use this parameter to configure other proxy addresses for the recipient.","Name":"EmailAddresses","Option":"Write"},{"CIMType":"String[]","Description":"The GrantSendOnBehalfTo parameter specifies who can send on behalf of this group. Although messages send on behalf of the group clearly show the sender in the From field (<Sender> on behalf of <Group>), replies to these messages are delivered to the group, not the sender.","Name":"GrantSendOnBehalfTo","Option":"Write"},{"CIMType":"Boolean","Description":"The HiddenFromAddressListsEnabled parameter specifies whether this recipient is visible in address lists.","Name":"HiddenFromAddressListsEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The SendOofMessageToOriginatorEnabled parameter specifies how to handle out of office (OOF) messages for members of the group.","Name":"SendOofMessageToOriginatorEnabled","Option":"Write"},{"CIMType":"String","Description":"The SendModerationNotifications parameter specifies when moderation notification messages are sent. Valid values are: Always, Internal, Never.","Name":"SendModerationNotifications","Option":"Write","ValueMap":["Always","Internal","Never"],"Values":["Always","Internal","Never"]},{"CIMType":"String","Description":"The Type parameter specifies the type of group that you want to create. Valid values are: Distribution, Security","Name":"Type","Option":"Write","ValueMap":["Distribution","Security"],"Values":["Distribution","Security"]},{"CIMType":"String","Description":"Specifies if this AddressList should exist.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures Exchange Online distribution groups."},{"ClassName":"MSFT_EXODkimSigningConfig","Parameters":[{"CIMType":"String","Description":"The Identity parameter specifies the DKIM signing policy that you want to modify.  This should be the FQDN. ","Name":"Identity","Option":"Key"},{"CIMType":"String","Description":"The AdminDisplayName parameter specifies a description for the policy.","Name":"AdminDisplayName","Option":"Write"},{"CIMType":"String","Description":"The BodyCanonicalization parameter specifies the canonicalization algorithm that's used to create and verify the message body part of the DKIM signature. This value effectively controls the sensitivity of DKIM to changes to the message body in transit. Valid values are 'Simple' or 'Relaxed'.  'Relaxed' is the default.","Name":"BodyCanonicalization","Option":"Write","ValueMap":["Simple","Relaxed"],"Values":["Simple","Relaxed"]},{"CIMType":"String","Description":"The HeaderCanonicalization parameter specifies the canonicalization algorithm that's used to create and verify the message header part of the DKIM signature. This value effectively controls the sensitivity of DKIM to changes to the message headers in transit. Valid values are 'Simple' or 'Relaxed'.  'Relaxed' is the default.","Name":"HeaderCanonicalization","Option":"Write","ValueMap":["Simple","Relaxed"],"Values":["Simple","Relaxed"]},{"CIMType":"Uint16","Description":"The KeySize parameter specifies the size in bits of the public key that's used in the DKIM signing policy. Valid values are 1024 and 2048","Name":"KeySize","Option":"Write","ValueMap":[1024,2048],"Values":[1024,2048]},{"CIMType":"Boolean","Description":"The Enabled parameter specifies whether the DKIM Signing Configuration is enabled or disabled. Default is $true.","Name":"Enabled","Option":"Write"},{"CIMType":"String","Description":"Specifies if this Client Access Rule should exist.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures the DomainKeys Identified Mail (DKIM) signing policy settings for domains in a cloud-based organization."},{"ClassName":"MSFT_EXODnssecForVerifiedDomain","Parameters":[{"CIMType":"String","Description":"DomainName parameter specifies the accepted domain in the Exchange Online organization where you want to view information about DNSSEC","Name":"DomainName","Option":"Key"},{"CIMType":"string","Description":"Status of the DnsSec for the given Domain Name.","Name":"DnssecFeatureStatus","Option":"Write","ValueMap":["Enabled","Disabled","Unknown"],"Values":["Enabled","Disabled","Unknown"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"DNSSec status for a verified domain."},{"ClassName":"MSFT_EXOEmailAddressPolicy","Parameters":[{"CIMType":"String","Description":"The Name parameter specifies the unique name of the email address policy. The maximum length is 64 characters.","Name":"Name","Option":"Key"},{"CIMType":"String","Description":"The Priority parameter specifies the order that the email address policies are evaluated. By default, every time that you add a new email address policy, the policy is assigned a priority of N+1, where N is the number of email address policies that you've created.","Name":"Priority","Option":"Write"},{"CIMType":"String[]","Description":"The EnabledEmailAddressTemplates parameter specifies the rules in the email address policy that are used to generate email addresses for recipients.","Name":"EnabledEmailAddressTemplates","Option":"Write"},{"CIMType":"String[]","Description":"The EnabledPrimarySMTPAddressTemplate parameter specifies the specifies the rule in the email address policy that's used to generate the primary SMTP email addresses for recipients. You can use this parameter instead of the EnabledEmailAddressTemplates if the policy only applies the primary email address and no additional proxy addresses.","Name":"EnabledPrimarySMTPAddressTemplate","Option":"Write"},{"CIMType":"String","Description":"The ManagedByFilter parameter specifies the email address policies to apply to Office 365 groups based on the properties of the users who create the Office 365 groups.","Name":"ManagedByFilter","Option":"Write"},{"CIMType":"String","Description":"Specify if the Email Address Policy should exist or not.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures Email address policies in Exchange Online."},{"ClassName":"MSFT_EXOEmailTenantSettings","Parameters":[{"CIMType":"String","Description":"Only valid value is 'Yes'.","Name":"IsSingleInstance","Option":"Key","ValueMap":["Yes"],"Values":["Yes"]},{"CIMType":"String","Description":"Identity which indicates the organization name.","Name":"Identity","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies whether priority account protection is enabled.","Name":"EnablePriorityAccountProtection","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies whether the migration configuration is valid.","Name":"IsValid","Option":"Write"},{"CIMType":"String","Description":"Specifies the state of the object.","Name":"ObjectState","Option":"Write"},{"CIMType":"String","Description":"Specifies the name of the object.","Name":"Name","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource allows users to manage email tenant settings."},{"ClassName":"MSFT_EXOEOPProtectionPolicyRule","Parameters":[{"CIMType":"String","Description":"The Comments parameter specifies informative comments for the rule, such as what the rule is used for or how it has changed over time. The length of the comment can't exceed 1024 characters.","Name":"Comments","Option":"Write"},{"CIMType":"String[]","Description":"The ExceptIfRecipientDomainIs parameter specifies an exception that looks for recipients with email addresses in the specified domains. You can specify multiple domains separated by commas.","Name":"ExceptIfRecipientDomainIs","Option":"Write"},{"CIMType":"String[]","Description":"The ExceptIfSentTo parameter specifies an exception that looks for recipients in messages. You can use any value that uniquely identifies the recipient.","Name":"ExceptIfSentTo","Option":"Write"},{"CIMType":"String[]","Description":"The ExceptIfSentToMemberOf parameter specifies an exception that looks for messages sent to members of groups. You can use any value that uniquely identifies the group.","Name":"ExceptIfSentToMemberOf","Option":"Write"},{"CIMType":"String","Description":"The Identity parameter specifies the rule that you want to view. You can use any value that uniquely identifies the rule. ","Name":"Identity","Option":"Key"},{"CIMType":"String","Description":"This parameter define if the rule is enabled or disabled","Name":"State","Option":"Write"},{"CIMType":"String","Description":"The Name parameter specifies a unique name for the rule. The maximum length is 64 characters.","Name":"Name","Option":"Write"},{"CIMType":"UInt32","Description":"The Priority parameter specifies a priority value for the rule that determines the order of rule processing. A lower integer value indicates a higher priority, the value 0 is the highest priority, and rules can't have the same priority value.","Name":"Priority","Option":"Write"},{"CIMType":"String[]","Description":"The RecipientDomainIs parameter specifies a condition that looks for recipients with email addresses in the specified domains. You can specify multiple domains separated by commas.","Name":"RecipientDomainIs","Option":"Write"},{"CIMType":"String[]","Description":"The SentTo parameter specifies a condition that looks for recipients in messages. You can use any value that uniquely identifies the recipient.","Name":"SentTo","Option":"Write"},{"CIMType":"String[]","Description":"The SentToMemberOf parameter specifies a condition that looks for messages sent to members of distribution groups, dynamic distribution groups, or mail-enabled security groups. You can use any value that uniquely identifies the group.","Name":"SentToMemberOf","Option":"Write"},{"CIMType":"string","Description":"Present ensures the instance exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures EOP Protection Policy Rules."},{"ClassName":"MSFT_EXOExternalInOutlook","Parameters":[{"CIMType":"string","Description":"OrganisationIDParameter, not needed for cmdlet Functionality, use 'ExternalinOutlook' to use the same configuration for multiple Tenants","Name":"Identity","Option":"Key"},{"CIMType":"Boolean","Description":"The Enabled parameter enables or disables external sender identification in supported versions of Outlook. Valid values are:$true: External sender identification in Outlook is enabled. An External icon is added in the area of the subject line of messages from external senders. To exempt specific senders or sender domains from this identification, use the AllowList parameter.$false: External sender identification in Outlook is disabled.","Name":"Enabled","Option":"Write"},{"CIMType":"String[]","Description":"The AllowList parameter specifies exceptions to external sender identification in supported versions of Outlook. Messages received from the specified senders or senders in the specified domains don't receive native External sender identification. The allow list uses the 5322.From address (also known as the From address or P2 sender). Valid values are an individual domain (contoso.com), a domain and all subdomains (*.contoso.com) or email addresses (admin@contoso.com).","Name":"AllowList","Option":"Write"},{"CIMType":"string","Description":"Present ensures the instance exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource manages the configuration of external sender identification that's available in Outlook, Outlook for Mac, Outlook on the web, and Outlook for iOS and Android."},{"ClassName":"MSFT_EXOFocusedInbox","Parameters":[{"CIMType":"String","Description":"The Identity parameter specifies the mailbox that you want to modify.","Name":"Identity","Option":"Key"},{"CIMType":"Boolean","Description":"The FocusedInboxOn parameter enables or disables Focused Inbox for the mailbox.","Name":"FocusedInboxOn","Option":"Write"},{"CIMType":"String","Description":"Specify if the AcceptedDomain should exist or not.","Name":"Ensure","Option":"Write","ValueMap":["Present"],"Values":["Present"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Manage the Focused Inbox configuration for mailboxes in your organization."},{"ClassName":"MSFT_EXOGlobalAddressList","Parameters":[{"CIMType":"String","Description":"The Name parameter specifies the unique name of the GAL. The maximum length is 64 characters.","Name":"Name","Option":"Key"},{"CIMType":"String[]","Description":"The ConditionalCompany parameter specifies a precanned filter that's based on the value of the recipient's Company property.","Name":"ConditionalCompany","Option":"Write"},{"CIMType":"String[]","Description":"The ConditionalCustomAttribute1 parameter specifies a precanned filter that's based on the value of the recipient's CustomAttribute1 property.","Name":"ConditionalCustomAttribute1","Option":"Write"},{"CIMType":"String[]","Description":"The ConditionalCustomAttribute10 parameter specifies a precanned filter that's based on the value of the recipient's CustomAttribute10 property.","Name":"ConditionalCustomAttribute10","Option":"Write"},{"CIMType":"String[]","Description":"The ConditionalCustomAttribute11 parameter specifies a precanned filter that's based on the value of the recipient's CustomAttribute11 property.","Name":"ConditionalCustomAttribute11","Option":"Write"},{"CIMType":"String[]","Description":"The ConditionalCustomAttribute12 parameter specifies a precanned filter that's based on the value of the recipient's CustomAttribute12 property.","Name":"ConditionalCustomAttribute12","Option":"Write"},{"CIMType":"String[]","Description":"The ConditionalCustomAttribute13 parameter specifies a precanned filter that's based on the value of the recipient's CustomAttribute13 property.","Name":"ConditionalCustomAttribute13","Option":"Write"},{"CIMType":"String[]","Description":"The ConditionalCustomAttribute14 parameter specifies a precanned filter that's based on the value of the recipient's CustomAttribute14 property.","Name":"ConditionalCustomAttribute14","Option":"Write"},{"CIMType":"String[]","Description":"The ConditionalCustomAttribute15 parameter specifies a precanned filter that's based on the value of the recipient's CustomAttribute15 property.","Name":"ConditionalCustomAttribute15","Option":"Write"},{"CIMType":"String[]","Description":"The ConditionalCustomAttribute2 parameter specifies a precanned filter that's based on the value of the recipient's CustomAttribute2 property.","Name":"ConditionalCustomAttribute2","Option":"Write"},{"CIMType":"String[]","Description":"The ConditionalCustomAttribute3 parameter specifies a precanned filter that's based on the value of the recipient's CustomAttribute3 property.","Name":"ConditionalCustomAttribute3","Option":"Write"},{"CIMType":"String[]","Description":"The ConditionalCustomAttribute4 parameter specifies a precanned filter that's based on the value of the recipient's CustomAttribute4 property.","Name":"ConditionalCustomAttribute4","Option":"Write"},{"CIMType":"String[]","Description":"The ConditionalCustomAttribute5 parameter specifies a precanned filter that's based on the value of the recipient's CustomAttribute5 property.","Name":"ConditionalCustomAttribute5","Option":"Write"},{"CIMType":"String[]","Description":"The ConditionalCustomAttribute6 parameter specifies a precanned filter that's based on the value of the recipient's CustomAttribute6 property.","Name":"ConditionalCustomAttribute6","Option":"Write"},{"CIMType":"String[]","Description":"The ConditionalCustomAttribute7 parameter specifies a precanned filter that's based on the value of the recipient's CustomAttribute7 property.","Name":"ConditionalCustomAttribute7","Option":"Write"},{"CIMType":"String[]","Description":"The ConditionalCustomAttribute8 parameter specifies a precanned filter that's based on the value of the recipient's CustomAttribute8 property.","Name":"ConditionalCustomAttribute8","Option":"Write"},{"CIMType":"String[]","Description":"The ConditionalCustomAttribute9 parameter specifies a precanned filter that's based on the value of the recipient's CustomAttribute9 property.","Name":"ConditionalCustomAttribute9","Option":"Write"},{"CIMType":"String[]","Description":"The ConditionalDepartment parameter specifies a precanned filter that's based on the value of the recipient's Department property.","Name":"ConditionalDepartment","Option":"Write"},{"CIMType":"String[]","Description":"The ConditionalStateOrProvince parameter specifies a precanned filter that's based on the value of the recipient's StateOrProvince property.","Name":"ConditionalStateOrProvince","Option":"Write"},{"CIMType":"String[]","Description":"The IncludedRecipients parameter specifies a precanned filter that's based on the recipient type.","Name":"IncludedRecipients","Option":"Write","ValueMap":["","AllRecipients","MailboxUsers","MailContacts","MailGroups","MailUsers","Resources"],"Values":["","AllRecipients","MailboxUsers","MailContacts","MailGroups","MailUsers","Resources"]},{"CIMType":"String","Description":"The RecipientFilter parameter specifies an OPath filter that's based on the value of any available recipient property.","Name":"RecipientFilter","Option":"Write"},{"CIMType":"String","Description":"Specify if the Global Address List should exist or not.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures Global Address Lists in Exchange Online."},{"ClassName":"MSFT_EXOGroupSettings","Parameters":[{"CIMType":"string","Description":"The DisplayName parameter specifies the name of the Microsoft 365 Group. The display name is visible in the Exchange admin center, address lists, and Outlook. The maximum length is 64 characters.","Name":"DisplayName","Option":"Key"},{"CIMType":"string","Description":"The unique Id of the group","Name":"Id","Option":"Write"},{"CIMType":"string[]","Description":"The AcceptMessagesOnlyFromSendersOrMembers parameter specifies who is allowed to send messages to this recipient. Messages from other senders are rejected.","Name":"AcceptMessagesOnlyFromSendersOrMembers","Option":"Write"},{"CIMType":"string","Description":"Private","Name":"AccessType","Option":"Write","ValueMap":["Public","Private"],"Values":["Public","Private"]},{"CIMType":"boolean","Description":"The AlwaysSubscribeMembersToCalendarEvents switch controls the default subscription settings of new members that are added to the Microsoft 365 Group. Changing this setting doesn't affect existing group members.","Name":"AlwaysSubscribeMembersToCalendarEvents","Option":"Write"},{"CIMType":"string","Description":"The AlwaysSubscribeMembersToCalendarEvents switch controls the default subscription settings of new members that are added to the Microsoft 365 Group. Changing this setting doesn't affect existing group members.","Name":"AuditLogAgeLimit","Option":"Write"},{"CIMType":"boolean","Description":"The AutoSubscribeNewMembers switch specifies whether to automatically subscribe new members that are added to the Microsoft 365 Group to conversations and calendar events. Only users that are added to the group after you enable this setting are automatically subscribed to the group.","Name":"AutoSubscribeNewMembers","Option":"Write"},{"CIMType":"boolean","Description":"The CalendarMemberReadOnly parameter specifies whether to set read-only Calendar permissions to the Microsoft 365 Group for members of the group.","Name":"CalendarMemberReadOnly","Option":"Write"},{"CIMType":"string","Description":"The CalendarMemberReadOnly switch specifies whether to set read-only Calendar permissions to the Microsoft 365 Group for members of the group.","Name":"Classification","Option":"Write"},{"CIMType":"boolean","Description":"The CalendarMemberReadOnly switch specifies whether to set read-only Calendar permissions to the Microsoft 365 Group for members of the group.","Name":"ConnectorsEnabled","Option":"Write"},{"CIMType":"string","Description":"This parameter specifies a value for the CustomAttribute1 property on the recipient. You can use this property to store custom information about the recipient, and to identify the recipient in filters. The maximum length is 1024 characters.","Name":"CustomAttribute1","Option":"Write"},{"CIMType":"string","Description":"This parameter specifies a value for the CustomAttribute2 property on the recipient. You can use this property to store custom information about the recipient, and to identify the recipient in filters. The maximum length is 1024 characters.","Name":"CustomAttribute2","Option":"Write"},{"CIMType":"string","Description":"This parameter specifies a value for the CustomAttribute3 property on the recipient. You can use this property to store custom information about the recipient, and to identify the recipient in filters. The maximum length is 1024 characters.","Name":"CustomAttribute3","Option":"Write"},{"CIMType":"string","Description":"This parameter specifies a value for the CustomAttribute4 property on the recipient. You can use this property to store custom information about the recipient, and to identify the recipient in filters. The maximum length is 1024 characters.","Name":"CustomAttribute4","Option":"Write"},{"CIMType":"string","Description":"This parameter specifies a value for the CustomAttribute5 property on the recipient. You can use this property to store custom information about the recipient, and to identify the recipient in filters. The maximum length is 1024 characters.","Name":"CustomAttribute5","Option":"Write"},{"CIMType":"string","Description":"This parameter specifies a value for the CustomAttribute6 property on the recipient. You can use this property to store custom information about the recipient, and to identify the recipient in filters. The maximum length is 1024 characters.","Name":"CustomAttribute6","Option":"Write"},{"CIMType":"string","Description":"This parameter specifies a value for the CustomAttribute7 property on the recipient. You can use this property to store custom information about the recipient, and to identify the recipient in filters. The maximum length is 1024 characters.","Name":"CustomAttribute7","Option":"Write"},{"CIMType":"string","Description":"This parameter specifies a value for the CustomAttribute8 property on the recipient. You can use this property to store custom information about the recipient, and to identify the recipient in filters. The maximum length is 1024 characters.","Name":"CustomAttribute8","Option":"Write"},{"CIMType":"string","Description":"This parameter specifies a value for the CustomAttribute9 property on the recipient. You can use this property to store custom information about the recipient, and to identify the recipient in filters. The maximum length is 1024 characters.","Name":"CustomAttribute9","Option":"Write"},{"CIMType":"string","Description":"This parameter specifies a value for the CustomAttribute10 property on the recipient. You can use this property to store custom information about the recipient, and to identify the recipient in filters. The maximum length is 1024 characters.","Name":"CustomAttribute10","Option":"Write"},{"CIMType":"string","Description":"This parameter specifies a value for the CustomAttribute11 property on the recipient. You can use this property to store custom information about the recipient, and to identify the recipient in filters. The maximum length is 1024 characters.","Name":"CustomAttribute11","Option":"Write"},{"CIMType":"string","Description":"This parameter specifies a value for the CustomAttribute12 property on the recipient. You can use this property to store custom information about the recipient, and to identify the recipient in filters. The maximum length is 1024 characters.","Name":"CustomAttribute12","Option":"Write"},{"CIMType":"string","Description":"This parameter specifies a value for the CustomAttribute13 property on the recipient. You can use this property to store custom information about the recipient, and to identify the recipient in filters. The maximum length is 1024 characters.","Name":"CustomAttribute13","Option":"Write"},{"CIMType":"string","Description":"This parameter specifies a value for the CustomAttribute14 property on the recipient. You can use this property to store custom information about the recipient, and to identify the recipient in filters. The maximum length is 1024 characters.","Name":"CustomAttribute14","Option":"Write"},{"CIMType":"string","Description":"This parameter specifies a value for the CustomAttribute15 property on the recipient. You can use this property to store custom information about the recipient, and to identify the recipient in filters. The maximum length is 1024 characters.","Name":"CustomAttribute15","Option":"Write"},{"CIMType":"string","Description":"The DataEncryptionPolicy parameter specifies the data encryption policy that's applied to the Microsoft 365 Group. ","Name":"DataEncryptionPolicy","Option":"Write"},{"CIMType":"string[]","Description":"The EmailAddresses parameter specifies all the email addresses (proxy addresses) for the recipient, including the primary SMTP address.","Name":"EmailAddresses","Option":"Write"},{"CIMType":"string[]","Description":"This parameter specifies a value for the ExtensionCustomAttribute1 property on the recipient. You can use this property to store custom information about the recipient, and to identify the recipient in filters. You can specify up to 1300 values separated by commas.","Name":"ExtensionCustomAttribute1","Option":"Write"},{"CIMType":"string[]","Description":"This parameter specifies a value for the ExtensionCustomAttribute2 property on the recipient. You can use this property to store custom information about the recipient, and to identify the recipient in filters. You can specify up to 1300 values separated by commas.","Name":"ExtensionCustomAttribute2","Option":"Write"},{"CIMType":"string[]","Description":"This parameter specifies a value for the ExtensionCustomAttribute3 property on the recipient. You can use this property to store custom information about the recipient, and to identify the recipient in filters. You can specify up to 1300 values separated by commas.","Name":"ExtensionCustomAttribute3","Option":"Write"},{"CIMType":"string[]","Description":"This parameter specifies a value for the ExtensionCustomAttribute4 property on the recipient. You can use this property to store custom information about the recipient, and to identify the recipient in filters. You can specify up to 1300 values separated by commas.","Name":"ExtensionCustomAttribute4","Option":"Write"},{"CIMType":"string[]","Description":"This parameter specifies a value for the ExtensionCustomAttribute5 property on the recipient. You can use this property to store custom information about the recipient, and to identify the recipient in filters. You can specify up to 1300 values separated by commas.","Name":"ExtensionCustomAttribute5","Option":"Write"},{"CIMType":"string[]","Description":"The GrantSendOnBehalfTo parameter specifies who can send on behalf of this Microsoft 365 Group.","Name":"GrantSendOnBehalfTo","Option":"Write"},{"CIMType":"boolean","Description":"The GrantSendOnBehalfTo parameter specifies who can send on behalf of this Microsoft 365 Group.","Name":"HiddenFromAddressListsEnabled","Option":"Write"},{"CIMType":"boolean","Description":"The HiddenFromExchangeClientsEnabled switch specifies whether the Microsoft 365 Group is hidden from Outlook clients connected to Microsoft 365.","Name":"HiddenFromExchangeClientsEnabled","Option":"Write"},{"CIMType":"string","Description":"The InformationBarrierMode parameter specifies the information barrier mode for the Microsoft 365 Group.","Name":"InformationBarrierMode","Option":"Write","ValueMap":["Explicit","Implicit","Open","OwnerModerated"],"Values":["Explicit","Implicit","Open","OwnerModerated"]},{"CIMType":"boolean","Description":"This parameter specifies whether or not members are allow to edit content.","Name":"IsMemberAllowedToEditContent","Option":"Write"},{"CIMType":"string","Description":"The Language parameter specifies language preference for the Microsoft 365 Group.","Name":"Language","Option":"Write"},{"CIMType":"string","Description":"The MailboxRegion parameter specifies the preferred data location (PDL) for the Microsoft 365 Group in multi-geo environments.","Name":"MailboxRegion","Option":"Write"},{"CIMType":"string","Description":"The MailTip parameter specifies the custom MailTip text for this recipient. The MailTip is shown to senders when they start drafting an email message to this recipient. ","Name":"MailTip","Option":"Write"},{"CIMType":"string[]","Description":"The MailTipTranslations parameter specifies additional languages for the custom MailTip text that's defined by the MailTip parameter.","Name":"MailTipTranslations","Option":"Write"},{"CIMType":"string","Description":"The MaxReceiveSize parameter specifies the maximum size of an email message that can be sent to this group. Messages that exceed the maximum size are rejected by the group.","Name":"MaxReceiveSize","Option":"Write"},{"CIMType":"string","Description":"The MaxSendSize parameter specifies the maximum size of an email message that can be sent by this group.","Name":"MaxSendSize","Option":"Write"},{"CIMType":"string[]","Description":"The ModeratedBy parameter specifies one or more moderators for this recipient. A moderator approves messages sent to the recipient before the messages are delivered. A moderator must be a mailbox, mail user, or mail contact in your organization. You can use any value that uniquely identifies the moderator. ","Name":"ModeratedBy","Option":"Write"},{"CIMType":"boolean","Description":"The ModerationEnabled parameter specifies whether moderation is enabled for this recipient.","Name":"ModerationEnabled","Option":"Write"},{"CIMType":"string","Description":"The Notes parameter specifies the description of the Microsoft 365 Group. If the value contains spaces, enclose the value in quotation marks.","Name":"Notes","Option":"Write"},{"CIMType":"string","Description":"The PrimarySmtpAddress parameter specifies the primary return email address that's used for the recipient. You can't use the EmailAddresses and PrimarySmtpAddress parameters in the same command.","Name":"PrimarySmtpAddress","Option":"Write"},{"CIMType":"string[]","Description":"The RejectMessagesFromSendersOrMembers parameter specifies who isn't allowed to send messages to this recipient. Messages from these senders are rejected.","Name":"RejectMessagesFromSendersOrMembers","Option":"Write"},{"CIMType":"boolean","Description":"The RequireSenderAuthenticationEnabled parameter specifies whether to accept messages only from authenticated (internal) senders. ","Name":"RequireSenderAuthenticationEnabled","Option":"Write"},{"CIMType":"string","Description":"The SensitivityLabelId parameter specifies the GUID value of the sensitivity label that's assigned to the Microsoft 365 Group.","Name":"SensitivityLabelId","Option":"Write"},{"CIMType":"boolean","Description":"The SubscriptionEnabled switch specifies whether the group owners can enable subscription to conversations and calendar events on the groups they own. ","Name":"SubscriptionEnabled","Option":"Write"},{"CIMType":"boolean","Description":"The WelcomeMessageEnabled switch specifies whether to enable or disable sending system-generated welcome messages to users who are added as members to the Microsoft 365 Group.","Name":"WelcomeMessageEnabled","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures settings on groups such as the custom attributes and language."},{"ClassName":"MSFT_EXOHostedConnectionFilterPolicy","Parameters":[{"CIMType":"String","Description":"The Identity parameter specifies the Hosted Connection Filter Policy that you want to modify.","Name":"Identity","Option":"Key"},{"CIMType":"String","Description":"The AdminDisplayName parameter specifies a description for the policy.","Name":"AdminDisplayName","Option":"Write"},{"CIMType":"Boolean","Description":"The EnableSafeList parameter enables or disables use of the safe list. The safe list is a dynamic allow list in the Microsoft datacenter that requires no customer configuration. Valid input for this parameter is $true or $false. The default value is $false.","Name":"EnableSafeList","Option":"Write"},{"CIMType":"String[]","Description":"The IPAllowList parameter specifies IP addresses from which messages are always allowed. Messages from the IP addresses you specify won't be identified as spam, despite any other spam characteristics of the messages. Valid values for this parameter are: A single IP address, an IP address range, a CIDR IP.","Name":"IPAllowList","Option":"Write"},{"CIMType":"String[]","Description":"The IPBlockList parameter specifies IP addresses from which messages are never allowed. Messages from the IP addresses you specify are blocked without any further spam scanning. Valid values for this parameter are: A single IP address, an IP address range, a CIDR IP.","Name":"IPBlockList","Option":"Write"},{"CIMType":"Boolean","Description":"The MakeDefault parameter makes the specified policy the default connection filter policy. Default is $false.","Name":"MakeDefault","Option":"Write"},{"CIMType":"String","Description":"Specifies if this Hosted Connection Filter Policy should exist.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures the settings of connection filter policies in your cloud-based organization."},{"ClassName":"MSFT_EXOHostedContentFilterPolicy","Parameters":[{"CIMType":"String","Description":"The Identity parameter specifies the name of the Hosted Content Filter Policy that you want to modify.","Name":"Identity","Option":"Key"},{"CIMType":"String","Description":"The AddXHeaderValue parameter specifies the X-header value to add to spam messages when an action parameter is set to the value AddXHeader.","Name":"AddXHeaderValue","Option":"Write"},{"CIMType":"String","Description":"The AdminDisplayName parameter specifies a description for the policy.","Name":"AdminDisplayName","Option":"Write"},{"CIMType":"String[]","Description":"The AllowedSenderDomains parameter specifies trusted domains that aren't processed by the spam filter.","Name":"AllowedSenderDomains","Option":"Write"},{"CIMType":"String[]","Description":"The AllowedSenders parameter specifies a list of trusted senders that aren't processed by the spam filter.","Name":"AllowedSenders","Option":"Write"},{"CIMType":"String[]","Description":"The BlockedSenderDomains parameter specifies domains that are always marked as spam sources.","Name":"BlockedSenderDomains","Option":"Write"},{"CIMType":"String[]","Description":"The BlockedSenders parameter specifies senders that are always marked as spam sources.","Name":"BlockedSenders","Option":"Write"},{"CIMType":"String","Description":"The BulkQuarantineTag parameter specifies the quarantine policy that's used on messages that are quarantined as bulk email.","Name":"BulkQuarantineTag","Option":"Write"},{"CIMType":"String","Description":"The BulkSpamAction parameter specifies the action to take on messages that are classified as bulk email.","Name":"BulkSpamAction","Option":"Write","ValueMap":["MoveToJmf","AddXHeader","ModifySubject","Redirect","Delete","Quarantine","NoAction"],"Values":["MoveToJmf","AddXHeader","ModifySubject","Redirect","Delete","Quarantine","NoAction"]},{"CIMType":"UInt32","Description":"The BulkThreshold parameter specifies the Bulk Complaint Level (BCL) threshold setting. Valid values are from 1 - 9, where 1 marks most bulk email as spam, and 9 allows the most bulk email to be delivered. The default value is 7.","Name":"BulkThreshold","Option":"Write"},{"CIMType":"Boolean","Description":"The EnableLanguageBlockList parameter enables or disables blocking email messages that are written in specific languages, regardless of the message contents. Valid input for this parameter is $true or $false. The default value is $false.","Name":"EnableLanguageBlockList","Option":"Write"},{"CIMType":"Boolean","Description":"The EnableRegionBlockList parameter enables or disables blocking email messages that are sent from specific countries or regions, regardless of the message contents. Valid input for this parameter is $true or $false. The default value is $false.","Name":"EnableRegionBlockList","Option":"Write"},{"CIMType":"String","Description":"The HighConfidencePhishAction parameter specifies the action to take on messages that are marked as high confidence phishing","Name":"HighConfidencePhishAction","Option":"Write","ValueMap":["MoveToJmf","Redirect","Quarantine"],"Values":["MoveToJmf","Redirect","Quarantine"]},{"CIMType":"String","Description":"The HighConfidencePhishQuarantineTag parameter specifies the quarantine policy that's used on messages that are quarantined as high confidence phishing.","Name":"HighConfidencePhishQuarantineTag","Option":"Write"},{"CIMType":"String","Description":"The HighConfidenceSpamAction parameter specifies the action to take on messages that are classified as high confidence spam.","Name":"HighConfidenceSpamAction","Option":"Write","ValueMap":["MoveToJmf","AddXHeader","ModifySubject","Redirect","Delete","Quarantine","NoAction"],"Values":["MoveToJmf","AddXHeader","ModifySubject","Redirect","Delete","Quarantine","NoAction"]},{"CIMType":"String","Description":"The HighConfidenceSpamQuarantineTag parameter specifies the quarantine policy that's used on messages that are quarantined as high confidence spam.","Name":"HighConfidenceSpamQuarantineTag","Option":"Write"},{"CIMType":"String","Description":"The IncreaseScoreWithBizOrInfoUrls parameter increases the spam score of messages that contain links to .biz or .info domains. Valid values for this parameter are Off, On or Test. The default value is Off.","Name":"IncreaseScoreWithBizOrInfoUrls","Option":"Write","ValueMap":["Off","On","Test"],"Values":["Off","On","Test"]},{"CIMType":"String","Description":"The IncreaseScoreWithImageLinks parameter increases the spam score of messages that contain image links to remote websites. Valid values for this parameter are Off, On or Test. The default value is Off.","Name":"IncreaseScoreWithImageLinks","Option":"Write","ValueMap":["Off","On","Test"],"Values":["Off","On","Test"]},{"CIMType":"String","Description":"The IncreaseScoreWithNumericIps parameter increases the spam score of messages that contain links to IP addresses. Valid values for this parameter are Off, On or Test. The default value is Off.","Name":"IncreaseScoreWithNumericIps","Option":"Write","ValueMap":["Off","On","Test"],"Values":["Off","On","Test"]},{"CIMType":"String","Description":"The IncreaseScoreWithRedirectToOtherPort parameter increases the spam score of messages that contain links that redirect to other TCP ports. Valid values for this parameter are Off, On or Test. The default value is Off.","Name":"IncreaseScoreWithRedirectToOtherPort","Option":"Write","ValueMap":["Off","On","Test"],"Values":["Off","On","Test"]},{"CIMType":"Boolean","Description":"The InlineSafetyTipsEnabled parameter specifies whether to enable or disable safety tips that are shown to recipients in messages. The default is $true","Name":"InlineSafetyTipsEnabled","Option":"Write"},{"CIMType":"String","Description":"The IntraOrgFilterState parameter specifies whether to enable anti-spam filtering for messages sent between internal users (users in the same organization).","Name":"IntraOrgFilterState","Option":"Write","ValueMap":["Default","HighConfidencePhish","Phish","HighConfidenceSpam","Spam","Disabled"],"Values":["Default","HighConfidencePhish","Phish","HighConfidenceSpam","Spam","Disabled"]},{"CIMType":"String[]","Description":"The LanguageBlockList parameter specifies the languages to block when messages are blocked based on their language. Valid input for this parameter is a supported ISO 639-1 lowercase two-letter language code. You can specify multiple values separated by commas. This parameter is only use when the EnableRegionBlockList parameter is set to $true.","Name":"LanguageBlockList","Option":"Write"},{"CIMType":"Boolean","Description":"The MakeDefault parameter makes the specified content filter policy the default content filter policy. The default value is $false","Name":"MakeDefault","Option":"Write"},{"CIMType":"String","Description":"The MarkAsSpamBulkMail parameter classifies the message as spam when the message is identified as a bulk email message. Valid values for this parameter are Off, On or Test. The default value is On.","Name":"MarkAsSpamBulkMail","Option":"Write","ValueMap":["Off","On","Test"],"Values":["Off","On","Test"]},{"CIMType":"String","Description":"The MarkAsSpamEmbedTagsInHtml parameter classifies the message as spam when the message contains HTML <embed> tags. Valid values for this parameter are Off, On or Test. The default value is Off.","Name":"MarkAsSpamEmbedTagsInHtml","Option":"Write","ValueMap":["Off","On","Test"],"Values":["Off","On","Test"]},{"CIMType":"String","Description":"The MarkAsSpamEmptyMessages parameter classifies the message as spam when the message is empty. Valid values for this parameter are Off, On or Test. The default value is Off.","Name":"MarkAsSpamEmptyMessages","Option":"Write","ValueMap":["Off","On","Test"],"Values":["Off","On","Test"]},{"CIMType":"String","Description":"The MarkAsSpamFormTagsInHtml parameter classifies the message as spam when the message contains HTML <form> tags. Valid values for this parameter are Off, On or Test. The default value is Off.","Name":"MarkAsSpamFormTagsInHtml","Option":"Write","ValueMap":["Off","On","Test"],"Values":["Off","On","Test"]},{"CIMType":"String","Description":"The MarkAsSpamFramesInHtml parameter classifies the message as spam when the message contains HTML <frame> or <iframe> tags. Valid values for this parameter are Off, On or Test. The default value is Off.","Name":"MarkAsSpamFramesInHtml","Option":"Write","ValueMap":["Off","On","Test"],"Values":["Off","On","Test"]},{"CIMType":"String","Description":"The MarkAsSpamFromAddressAuthFail parameter classifies the message as spam when Sender ID filtering encounters a hard fail. Valid values for this parameter are Off or On. The default value is Off.","Name":"MarkAsSpamFromAddressAuthFail","Option":"Write","ValueMap":["Off","On","Test"],"Values":["Off","On","Test"]},{"CIMType":"String","Description":"The MarkAsSpamJavaScriptInHtml parameter classifies the message as spam when the message contains JavaScript or VBScript. Valid values for this parameter are Off, On or Test. The default value is Off.","Name":"MarkAsSpamJavaScriptInHtml","Option":"Write","ValueMap":["Off","On","Test"],"Values":["Off","On","Test"]},{"CIMType":"String","Description":"The MarkAsSpamNdrBackscatter parameter classifies the message as spam when the message is a non-delivery report (NDR) to a forged sender. Valid values for this parameter are Off or On. The default value is Off.","Name":"MarkAsSpamNdrBackscatter","Option":"Write","ValueMap":["Off","On","Test"],"Values":["Off","On","Test"]},{"CIMType":"String","Description":"The MarkAsSpamObjectTagsInHtml parameter classifies the message as spam when the message contains HTML <object> tags. Valid values for this parameter are Off, On or Test. The default value is Off.","Name":"MarkAsSpamObjectTagsInHtml","Option":"Write","ValueMap":["Off","On","Test"],"Values":["Off","On","Test"]},{"CIMType":"String","Description":"The MarkAsSpamSensitiveWordList parameter classifies the message as spam when the message contains words from the sensitive words list. Valid values for this parameter are Off, On or Test. The default value is Off.","Name":"MarkAsSpamSensitiveWordList","Option":"Write","ValueMap":["Off","On","Test"],"Values":["Off","On","Test"]},{"CIMType":"String","Description":"The MarkAsSpamSpfRecordHardFail parameter classifies the message as spam when Sender Policy Framework (SPF) record checking encounters a hard fail. Valid values for this parameter are Off or On. The default value is Off.","Name":"MarkAsSpamSpfRecordHardFail","Option":"Write","ValueMap":["Off","On","Test"],"Values":["Off","On","Test"]},{"CIMType":"String","Description":"The MarkAsSpamWebBugsInHtml parameter classifies the message as spam when the message contains web bugs. Valid values for this parameter are Off, On or Test. The default value is Off.","Name":"MarkAsSpamWebBugsInHtml","Option":"Write","ValueMap":["Off","On","Test"],"Values":["Off","On","Test"]},{"CIMType":"String","Description":"The ModifySubjectValue parameter specifies the text to prepend to the existing subject of spam messages when an action parameter is set to the value ModifySubject.","Name":"ModifySubjectValue","Option":"Write"},{"CIMType":"String","Description":"The PhishSpamAction parameter specifies the action to take on messages that are classified as phishing","Name":"PhishSpamAction","Option":"Write","ValueMap":["MoveToJmf","AddXHeader","ModifySubject","Redirect","Delete","Quarantine","NoAction"],"Values":["MoveToJmf","AddXHeader","ModifySubject","Redirect","Delete","Quarantine","NoAction"]},{"CIMType":"String","Description":"The PhishQuarantineTag parameter specifies the quarantine policy that's used on messages that are quarantined as phishing.","Name":"PhishQuarantineTag","Option":"Write"},{"CIMType":"String","Description":"The SpamQuarantineTag parameter specifies the quarantine policy that's used on messages that are quarantined as spam.","Name":"SpamQuarantineTag","Option":"Write"},{"CIMType":"UInt32","Description":"The QuarantineRetentionPeriod parameter specifies the length of time in days that spam messages remain in the quarantine. Valid input for this parameter is an integer between 1 and 30. The default value is 15.","Name":"QuarantineRetentionPeriod","Option":"Write"},{"CIMType":"String[]","Description":"The RedirectToRecipients parameter specifies the replacement recipients in spam messages when an action parameter is set to the value Redirect. The action parameters that use the value of RedirectToRecipients are BulkSpamAction, HighConfidencePhishAction, HighConfidenceSpamAction, PhishSpamAction and SpamAction.","Name":"RedirectToRecipients","Option":"Write"},{"CIMType":"String[]","Description":"The RegionBlockList parameter specifies the region to block when messages are blocked based on their source region. Valid input for this parameter is a supported ISO 3166-1 uppercase two-letter country code. You can specify multiple values separated by commas. This parameter is only used when the EnableRegionBlockList parameter is set to $true.","Name":"RegionBlockList","Option":"Write"},{"CIMType":"String","Description":"The SpamAction parameter specifies the action to take on messages that are classified as spam (not high confidence spam, bulk email, or phishing). ","Name":"SpamAction","Option":"Write","ValueMap":["MoveToJmf","AddXHeader","ModifySubject","Redirect","Delete","Quarantine","NoAction"],"Values":["MoveToJmf","AddXHeader","ModifySubject","Redirect","Delete","Quarantine","NoAction"]},{"CIMType":"String","Description":"The TestModeAction parameter specifies the additional action to take on messages that match any of the IncreaseScoreWith or MarkAsSpam parameters that are set to the value Test. ","Name":"TestModeAction","Option":"Write","ValueMap":["None","AddXHeader","BccMessage"],"Values":["None","AddXHeader","BccMessage"]},{"CIMType":"String[]","Description":"The TestModeBccToRecipients parameter specifies the blind carbon copy recipients to add to spam messages when the TestModeAction action parameter is set to the value BccMessage.","Name":"TestModeBccToRecipients","Option":"Write"},{"CIMType":"Boolean","Description":"The PhishZapEnabled parameter enables or disables zero-hour auto purge (ZAP) to detect phishing messages in delivered messages in Exchange Online mailboxes.","Name":"PhishZapEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The SpamZapEnabled parameter enables or disables zero-hour auto purge (ZAP) to detect spam in delivered messages in Exchange Online mailboxes.","Name":"SpamZapEnabled","Option":"Write"},{"CIMType":"String","Description":"Specify if this policy should exist or not.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures the settings of connection filter policies in your cloud-based organization."},{"ClassName":"MSFT_EXOHostedContentFilterRule","Parameters":[{"CIMType":"String","Description":"The Identity parameter specifies the name of the HostedContentFilter rule that you want to modify.","Name":"Identity","Option":"Key"},{"CIMType":"String","Description":"The HostedContentFilterPolicy parameter specifies the name of the HostedContentFilter policy that's associated with the HostedContentFilter rule.","Name":"HostedContentFilterPolicy","Option":"Required"},{"CIMType":"Boolean","Description":"Specify if this rule should be enabled. Default is $true.","Name":"Enabled","Option":"Write"},{"CIMType":"uint32","Description":"The Priority parameter specifies a priority value for the rule that determines the order of rule processing. A lower integer value indicates a higher priority, the value 0 is the highest priority, and rules can't have the same priority value.","Name":"Priority","Option":"Write"},{"CIMType":"String","Description":"The Comments parameter specifies informative comments for the rule, such as what the rule is used for or how it has changed over time. The length of the comment can't exceed 1024 characters.","Name":"Comments","Option":"Write"},{"CIMType":"String[]","Description":"The ExceptIfRecipientDomainIs parameter specifies an exception that looks for recipients with email address in the specified domains. You can specify multiple domains separated by commas.","Name":"ExceptIfRecipientDomainIs","Option":"Write"},{"CIMType":"String[]","Description":"The ExceptIfSentTo parameter specifies an exception that looks for recipients in messages. You can use any value that uniquely identifies the recipient.","Name":"ExceptIfSentTo","Option":"Write"},{"CIMType":"String[]","Description":"The ExceptIfSentToMemberOf parameter specifies an exception that looks for messages sent to members of groups. You can use any value that uniquely identifies the group.","Name":"ExceptIfSentToMemberOf","Option":"Write"},{"CIMType":"String[]","Description":"The RecipientDomainIs parameter specifies a condition that looks for recipients with email address in the specified domains. You can specify multiple domains separated by commas.","Name":"RecipientDomainIs","Option":"Write"},{"CIMType":"String[]","Description":"The SentTo parameter specifies a condition that looks for recipients in messages. You can use any value that uniquely identifies the recipient.","Name":"SentTo","Option":"Write"},{"CIMType":"String[]","Description":"The SentToMemberOf parameter looks for messages sent to members of groups. You can use any value that uniquely identifies the group.","Name":"SentToMemberOf","Option":"Write"},{"CIMType":"String","Description":"Specify if this rule should exist or not.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures an Hosted Content Filter Rule in Exchange Online."},{"ClassName":"MSFT_EXOHostedOutboundSpamFilterPolicy","Parameters":[{"CIMType":"String","Description":"The Identity parameter specifies the name of the policy that you want to modify. There is only one policy named 'Default'","Name":"Identity","Option":"Key"},{"CIMType":"String","Description":"The AdminDisplayName parameter specifies a description for the policy.","Name":"AdminDisplayName","Option":"Write"},{"CIMType":"String[]","Description":"The BccSuspiciousOutboundAdditionalRecipients parameter specifies the recipients to add to the Bcc field of outgoing spam messages. Valid input for this parameter is an email address. Separate multiple email addresses with commas.","Name":"BccSuspiciousOutboundAdditionalRecipients","Option":"Write"},{"CIMType":"Boolean","Description":"The BccSuspiciousOutboundMail parameter enables or disables adding recipients to the Bcc field of outgoing spam messages. Valid input for this parameter is $true or $false. The default value is $false. You specify the additional recipients using the BccSuspiciousOutboundAdditionalRecipients parameter.","Name":"BccSuspiciousOutboundMail","Option":"Write"},{"CIMType":"Boolean","Description":"The NotifyOutboundSpam parameter enables or disables sending notification messages to administrators when an outgoing message is determined to be spam. Valid input for this parameter is $true or $false. The default value is $false. You specify the administrators to notify by using the NotifyOutboundSpamRecipients parameter.","Name":"NotifyOutboundSpam","Option":"Write"},{"CIMType":"String[]","Description":"The NotifyOutboundSpamRecipients parameter specifies the administrators to notify when an outgoing message is determined to be spam. Valid input for this parameter is an email address. Separate multiple email addresses with commas.","Name":"NotifyOutboundSpamRecipients","Option":"Write"},{"CIMType":"UInt32","Description":"The RecipientLimitInternalPerHour parameter specifies the maximum number of internal recipients that a user can send to within an hour. A valid value is 0 to 10000. The default value is 0, which means the service defaults are used.","Name":"RecipientLimitInternalPerHour","Option":"Write"},{"CIMType":"UInt32","Description":"The RecipientLimitPerDay parameter specifies the maximum number of recipients that a user can send to within a day. A valid value is 0 to 10000. The default value is 0, which means the service defaults are used.","Name":"RecipientLimitPerDay","Option":"Write"},{"CIMType":"UInt32","Description":"The RecipientLimitExternalPerHour parameter specifies the maximum number of external recipients that a user can send to within an hour. A valid value is 0 to 10000. The default value is 0, which means the service defaults are used.","Name":"RecipientLimitExternalPerHour","Option":"Write"},{"CIMType":"String","Description":"The ActionWhenThresholdReached parameter specifies the action to take when any of the limits specified in the policy are reached. Valid values are: Alert, BlockUser, BlockUserForToday. BlockUserForToday is the default value.","Name":"ActionWhenThresholdReached","Option":"Write"},{"CIMType":"String","Description":"The AutoForwardingMode specifies how the policy controls automatic email forwarding to outbound recipients. Valid values are: Automatic, On, Off.","Name":"AutoForwardingMode","Option":"Write"},{"CIMType":"String","Description":"Specify if this policy should exist or not.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures the settings of the outbound spam filter policy in your cloud-based organization."},{"ClassName":"MSFT_EXOHostedOutboundSpamFilterRule","Parameters":[{"CIMType":"String","Description":"The Identity parameter specifies the name of the HostedOutboundSpamFilter rule that you want to modify.","Name":"Identity","Option":"Key"},{"CIMType":"String","Description":"The HostedOutboundSpamFilterPolicy parameter specifies the name of the HostedOutboundSpamFilter policy that's associated with the HostedOutboundSpamFilter rule.","Name":"HostedOutboundSpamFilterPolicy","Option":"Required"},{"CIMType":"Boolean","Description":"Specify if this rule should be enabled. Default is $true.","Name":"Enabled","Option":"Write"},{"CIMType":"uint32","Description":"The Priority parameter specifies a priority value for the rule that determines the order of rule processing. A lower integer value indicates a higher priority, the value 0 is the highest priority, and rules can't have the same priority value.","Name":"Priority","Option":"Write"},{"CIMType":"String","Description":"The Comments parameter specifies informative comments for the rule, such as what the rule is used for or how it has changed over time. The length of the comment can't exceed 1024 characters.","Name":"Comments","Option":"Write"},{"CIMType":"String[]","Description":"The ExceptIfSenderDomainIs parameter specifies an exception that looks for senders with email address in the specified domains. You can specify multiple domains separated by commas.","Name":"ExceptIfSenderDomainIs","Option":"Write"},{"CIMType":"String[]","Description":"The ExceptIfFrom parameter specifies an exception that looks for messages from specific senders. You can use any value that uniquely identifies the sender.","Name":"ExceptIfFrom","Option":"Write"},{"CIMType":"String[]","Description":"The ExceptIfFromMemberOf parameter specifies an exception that looks for messages sent by group members. You can use any value that uniquely identifies the group.","Name":"ExceptIfFromMemberOf","Option":"Write"},{"CIMType":"String[]","Description":"The SenderDomainIs parameter specifies a condition that looks for senders with email address in the specified domains. You can specify multiple domains separated by commas.","Name":"SenderDomainIs","Option":"Write"},{"CIMType":"String[]","Description":"The From parameter specifies a condition that looks for messages from specific senders. You can use any value that uniquely identifies the sender.","Name":"From","Option":"Write"},{"CIMType":"String[]","Description":"The FromMemberOf parameter specifies a condition that looks for messages sent by group members. You can use any value that uniquely identifies the group.","Name":"FromMemberOf","Option":"Write"},{"CIMType":"String","Description":"Specify if this rule should exist or not.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures an Hosted Content Filter Rule in Exchange Online."},{"ClassName":"MSFT_EXOInboundConnector","Parameters":[{"CIMType":"String","Description":"The Identity parameter specifies the outbound connector that you want to modify.","Name":"Identity","Option":"Key"},{"CIMType":"String[]","Description":"The AssociatedAcceptedDomains parameter specifies the accepted domains that the connector applies to, thereby limiting its scope. For example, you can apply the connector to a specific accepted domain in your organization, such as contoso.com.","Name":"AssociatedAcceptedDomains","Option":"Write"},{"CIMType":"Boolean","Description":"The CloudServicesMailEnabled parameter specifies whether the connector is used for hybrid mail flow between an on-premises Exchange environment and Microsoft Office 365. Specifically, this parameter controls how certain internal X-MS-Exchange-Organization-* message headers are handled in messages that are sent between accepted domains in the on-premises and cloud organizations. These headers are collectively known as cross-premises headers. DO NOT USE MANUALLY!","Name":"CloudServicesMailEnabled","Option":"Write"},{"CIMType":"String","Description":"The Comment parameter specifies an optional comment.","Name":"Comment","Option":"Write"},{"CIMType":"String","Description":"The ConnectorSource parameter specifies how the connector is created. DO NOT CHANGE THIS!","Name":"ConnectorSource","Option":"Write","ValueMap":["Default","Migrated","HybridWizard"],"Values":["Default","Migrated","HybridWizard"]},{"CIMType":"String","Description":"The ConnectorType parameter specifies a category for the domains that are serviced by the connector. Valid values are Partner and OnPremises","Name":"ConnectorType","Option":"Write","ValueMap":["Partner","OnPremises"],"Values":["Partner","OnPremises"]},{"CIMType":"String[]","Description":"The EFSkipIPs parameter specifies the source IP addresses to skip in Enhanced Filtering for Connectors when the EFSkipLastIP parameter value is $false.","Name":"EFSkipIPs","Option":"Write"},{"CIMType":"Boolean","Description":"The EFSkipLastIP parameter specifies the behavior of Enhanced Filtering for Connectors.","Name":"EFSkipLastIP","Option":"Write"},{"CIMType":"String[]","Description":"The EFUsers parameter specifies the recipients that Enhanced Filtering for Connectors applies to.","Name":"EFUsers","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies whether connector is enabled.","Name":"Enabled","Option":"Write"},{"CIMType":"Boolean","Description":"The RequireTLS parameter specifies that all messages received by this connector require TLS transmission. Valid values for this parameter are $true or $false. The default value is $false. When the RequireTLS parameter is set to $true, all messages received by this connector require TLS transmission.","Name":"RequireTls","Option":"Write"},{"CIMType":"Boolean","Description":"The RestrictDomainsToCertificate parameter specifies that Office 365 should identify incoming messages that are eligible for this connector by verifying that the remote server authenticates using a TLS certificate that has the TlsSenderCertificateName in the Subject.","Name":"RestrictDomainsToCertificate","Option":"Write"},{"CIMType":"Boolean","Description":"The RestrictDomainsToIPAddresses parameter, when set to $true, automatically rejects mail from the domains specified by the SenderDomains parameter if the mail originates from an IP address that isn't specified by the SenderIPAddresses parameter.","Name":"RestrictDomainsToIPAddresses","Option":"Write"},{"CIMType":"String[]","Description":"The SenderDomains parameter specifies the remote domains from which this connector accepts messages, thereby limiting its scope. You can use a wildcard character to specify all subdomains of a specified domain, as shown in the following example: *.contoso.com. However, you can't embed a wildcard character, as shown in the following example: domain.*.contoso.com.","Name":"SenderDomains","Option":"Write"},{"CIMType":"String[]","Description":"The SenderIPAddresses parameter specifies the remote IP addresses from which this connector accepts messages.","Name":"SenderIPAddresses","Option":"Write"},{"CIMType":"String","Description":"The TlsSenderCertificateName parameter specifies the certificate used by the sender's domain when the RequireTls parameter is set to $true. Valid input for the TlsSenderCertificateName parameter is an SMTP domain. ","Name":"TlsSenderCertificateName","Option":"Write"},{"CIMType":"Boolean","Description":"The TreatMessagesAsInternal parameter specifies an alternative method to identify messages sent from an on-premises organization as internal messages. You should only consider using this parameter when your on-premises organization doesn't use Exchange.","Name":"TreatMessagesAsInternal","Option":"Write"},{"CIMType":"String","Description":"Specifies if this Outbound connector should exist.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures an Inbound connector in your cloud-based organization."},{"ClassName":"MSFT_EXOIntraOrganizationConnector","Parameters":[{"CIMType":"String","Description":"The Identity parameter specifies the intraorg connector that you want to modify.","Name":"Identity","Option":"Key"},{"CIMType":"String","Description":"The DiscoveryEndpoint parameter specifies the externally-accessible URL that's used for the Autodiscover service for the domain that's configured in the Intra-Organization connector.","Name":"DiscoveryEndpoint","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies whether connector is enabled.","Name":"Enabled","Option":"Write"},{"CIMType":"String[]","Description":"The TargetAddressDomains parameter specifies the domain namespaces that will be used in the Intra-organization connector. These domains must have valid Autodiscover endpoints defined in their organizations. The domains and their associated Autodiscover endpoints are used by the Intra-Organization connector for feature and service connectivity. You can specify multiple domains separated by commas.","Name":"TargetAddressDomains","Option":"Write"},{"CIMType":"String","Description":"The TargetSharingEpr parameter specifies the URL of the target Exchange Web Services that will be used in the Intra-Organization connector.","Name":"TargetSharingEpr","Option":"Write"},{"CIMType":"String","Description":"Specifies if this Intra-Organization connector should exist.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Create a new EXOIntraOrganizationConnector in your cloud-based organization."},{"ClassName":"MSFT_EXOIRMConfiguration","Parameters":[{"CIMType":"String","Description":"Only valid value is 'Yes'.","Name":"IsSingleInstance","Option":"Key","ValueMap":["Yes"],"Values":["Yes"]},{"CIMType":"Boolean","Description":"The AutomaticServiceUpdateEnabled parameter specifies whether to allow the automatic addition of new features within Azure Information Protection for your cloud-based organization.","Name":"AutomaticServiceUpdateEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The AzureRMSLicensingEnabled parameter specifies whether the Exchange Online organization can to connect directly to Azure Rights Management.","Name":"AzureRMSLicensingEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The DecryptAttachmentForEncryptOnly parameter specifies whether mail recipients have unrestricted rights on the attachment or not for Encrypt-only mails sent using Microsoft Purview Message Encryption.","Name":"DecryptAttachmentForEncryptOnly","Option":"Write"},{"CIMType":"Boolean","Description":"The EDiscoverySuperUserEnabled parameter specifies whether members of the Discovery Management role group can access IRM-protected messages in a discovery mailbox that were returned by a discovery search.","Name":"EDiscoverySuperUserEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The EnablePdfEncryption parameter specifies whether to enable the encryption of PDF attachments using Microsoft Purview Message Encryption. ","Name":"EnablePdfEncryption","Option":"Write"},{"CIMType":"Boolean","Description":"The EnablePortalTrackingLogs parameter specifies whether to enable portal message tracking logs.","Name":"EnablePortalTrackingLogs","Option":"Write"},{"CIMType":"Boolean","Description":"The InternalLicensingEnabled parameter specifies whether to enable IRM features for messages that are sent to internal and external recipients.","Name":"InternalLicensingEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The JournalReportDecryptionEnabled parameter specifies whether to enable journal report decryption.","Name":"JournalReportDecryptionEnabled","Option":"Write"},{"CIMType":"String[]","Description":"The LicensingLocation parameter specifies the RMS licensing URLs. You can specify multiple URL values separated by commas.","Name":"LicensingLocation","Option":"Write"},{"CIMType":"Boolean","Description":"This parameter is available only in the cloud-based service.","Name":"RejectIfRecipientHasNoRights","Option":"Write"},{"CIMType":"String","Description":"The RMSOnlineKeySharingLocation parameter specifies the Azure Rights Management URL that's used to get the trusted publishing domain (TPD) for the Exchange Online organization.","Name":"RMSOnlineKeySharingLocation","Option":"Write"},{"CIMType":"Boolean","Description":"The SearchEnabled parameter specifies whether to enable searching of IRM-encrypted messages in Outlook on the web (formerly known as Outlook Web App).","Name":"SearchEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The SimplifiedClientAccessDoNotForwardDisabled parameter specifies whether to disable Do not forward in Outlook on the web.","Name":"SimplifiedClientAccessDoNotForwardDisabled","Option":"Write"},{"CIMType":"Boolean","Description":"The SimplifiedClientAccessEnabled parameter specifies whether to enable the Protect button in Outlook on the web.","Name":"SimplifiedClientAccessEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The SimplifiedClientAccessEncryptOnlyDisabled parameter specifies whether to disable Encrypt only in Outlook on the web. ","Name":"SimplifiedClientAccessEncryptOnlyDisabled","Option":"Write"},{"CIMType":"String","Description":"The TransportDecryptionSetting parameter specifies the transport decryption configuration.","Name":"TransportDecryptionSetting","Option":"Write","ValueMap":["Disabled","Mandatory","Optional"],"Values":["Disabled","Mandatory","Optional"]},{"CIMType":"String","Description":"Specifies if this Outbound connector should exist.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Modify the resource Configuration policy in your cloud-based organization."},{"ClassName":"MSFT_EXOJournalRule","Parameters":[{"CIMType":"String","Description":"Name of the Journal Rule","Name":"Name","Option":"Key"},{"CIMType":"String","Description":"The JournalEmailAddress parameter specifies a recipient object to which journal reports are sent. You can use any value that uniquely identifies the recipient.","Name":"JournalEmailAddress","Option":"Key"},{"CIMType":"String","Description":"The Recipient parameter specifies the SMTP address of a mailbox, contact, or distribution group to journal. If you specify a distribution group, all recipients in that distribution group are journaled. All messages sent to or from a recipient are journaled.","Name":"Recipient","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies whether the Journal Rule is enabled or not.","Name":"Enabled","Option":"Write"},{"CIMType":"String","Description":"The Scope parameter specifies the scope of email messages to which the journal rule is applied","Name":"RuleScope","Option":"Write","ValueMap":["Global","Internal","External"],"Values":["Global","Internal","External"]},{"CIMType":"String","Description":"Present ensures the rule exists, Absent that it does not.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource allows to configure Journal Rules in Exchange Online."},{"ClassName":"MSFT_EXOMailboxAuditBypassAssociation","Parameters":[{"CIMType":"String","Description":"The Identity parameter specifies the user account or computer account where you want to view the value of the AuditBypassEnabled property.","Name":"Identity","Option":"Key"},{"CIMType":"Boolean","Description":"The AuditBypassEnabled parameter specifies whether audit bypass is enabled for the user or computer.","Name":"AuditBypassEnabled","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Use the Set-MailboxAuditBypassAssociation cmdlet to configure mailbox audit logging bypass for user or computer accounts such as service accounts for applications that access mailboxes frequently."},{"ClassName":"MSFT_EXOMailboxAutoReplyConfiguration","Parameters":[{"CIMType":"String","Description":"The Identity parameter specifies the mailbox that you want to modify. You can use any value that uniquely identifies the mailbox.","Name":"Identity","Option":"Key"},{"CIMType":"String","Description":"User Principal Name of the mailbox owner","Name":"Owner","Option":"Write"},{"CIMType":"Boolean","Description":"The AutoDeclineFutureRequestsWhenOOF parameter specifies whether to automatically decline new meeting requests that are sent to the mailbox during the scheduled time period when Automatic Replies are being sent. ","Name":"AutoDeclineFutureRequestsWhenOOF","Option":"Write"},{"CIMType":"String","Description":"The AutoReplyState parameter specifies whether the mailbox is enabled for Automatic Replies. Valid values are: Enabled, Disabled, Scheduled","Name":"AutoReplyState","Option":"Write","ValueMap":["Enabled","Disabled","Scheduled"],"Values":["Enabled","Disabled","Scheduled"]},{"CIMType":"Boolean","Description":"The CreateOOFEvent parameter specifies whether to create a calendar event that corresponds to the scheduled time period when Automatic Replies are being sent for the mailbox.","Name":"CreateOOFEvent","Option":"Write"},{"CIMType":"Boolean","Description":"The DeclineAllEventsForScheduledOOF parameter specifies whether to decline all existing calendar events in the mailbox during the scheduled time period when Automatic Replies are being sent.","Name":"DeclineAllEventsForScheduledOOF","Option":"Write"},{"CIMType":"Boolean","Description":"The DeclineEventsForScheduledOOF parameter specifies whether it's possible to decline existing calendar events in the mailbox during the scheduled time period when Automatic Replies are being sent. ","Name":"DeclineEventsForScheduledOOF","Option":"Write"},{"CIMType":"String","Description":"The DeclineMeetingMessage parameter specifies the text in the message when meetings requests that are sent to the mailbox are automatically declined.","Name":"DeclineMeetingMessage","Option":"Write"},{"CIMType":"String","Description":"The EndTime parameter specifies the end date and time that Automatic Replies are sent for the mailbox. You use this parameter only when the AutoReplyState parameter is set to Scheduled, and the value of this parameter is meaningful only when AutoReplyState is Scheduled.","Name":"EndTime","Option":"Write"},{"CIMType":"String[]","Description":"The EventsToDeleteIDs parameter specifies the calendar events to delete from the mailbox when the DeclineEventsForScheduledOOF parameter is set to $true.","Name":"EventsToDeleteIDs","Option":"Write"},{"CIMType":"String","Description":"The ExternalAudience parameter specifies whether Automatic Replies are sent to external senders. Valid values are: None, Known, All","Name":"ExternalAudience","Option":"Write","ValueMap":["None","Known","All"],"Values":["None","Known","All"]},{"CIMType":"String","Description":"The ExternalMessage parameter specifies the Automatic Replies message that's sent to external senders or senders outside the organization. If the value contains spaces, enclose the value in quotation marks.","Name":"ExternalMessage","Option":"Write"},{"CIMType":"String","Description":"The InternalMessage parameter specifies the Automatic Replies message that's sent to internal senders or senders within the organization. If the value contains spaces, enclose the value in quotation marks.","Name":"InternalMessage","Option":"Write"},{"CIMType":"String","Description":"The OOFEventSubject parameter specifies the subject for the calendar event that's automatically created when the CreateOOFEvent parameter is set to $true.","Name":"OOFEventSubject","Option":"Write"},{"CIMType":"String","Description":"The StartTime parameter specifies the start date and time that Automatic Replies are sent for the specified mailbox. You use this parameter only when the AutoReplyState parameter is set to Scheduled, and the value of this parameter is meaningful only when AutoReplyState is Scheduled.","Name":"StartTime","Option":"Write"},{"CIMType":"String","Description":"Represents the existence of the instance. This must be set to 'Present'","Name":"Ensure","Option":"Write","ValueMap":["Present"],"Values":["Present"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures the Auto Reply settings of mailboxes."},{"ClassName":"MSFT_EXOMailboxCalendarConfiguration","Parameters":[{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"},{"CIMType":"String","Description":"Specifies the mailbox identity.","Name":"Identity","Option":"Key"},{"CIMType":"Boolean","Description":"Enables or disables agenda mail introduction.","Name":"AgendaMailIntroductionEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"Automatically declines meeting requests when the user is busy.","Name":"AutoDeclineWhenBusy","Option":"Write"},{"CIMType":"String","Description":"Preferred language for calendar feeds.","Name":"CalendarFeedsPreferredLanguage","Option":"Write"},{"CIMType":"String","Description":"Preferred region for calendar feeds.","Name":"CalendarFeedsPreferredRegion","Option":"Write"},{"CIMType":"String","Description":"Root page ID for calendar feeds.","Name":"CalendarFeedsRootPageId","Option":"Write"},{"CIMType":"Boolean","Description":"Enables or disables conversational scheduling.","Name":"ConversationalSchedulingEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"Creates events from email as private.","Name":"CreateEventsFromEmailAsPrivate","Option":"Write"},{"CIMType":"UInt32","Description":"Default minutes to reduce long events by.","Name":"DefaultMinutesToReduceLongEventsBy","Option":"Write"},{"CIMType":"UInt32","Description":"Default minutes to reduce short events by.","Name":"DefaultMinutesToReduceShortEventsBy","Option":"Write"},{"CIMType":"String","Description":"Default online meeting provider.","Name":"DefaultOnlineMeetingProvider","Option":"Write"},{"CIMType":"String","Description":"Default reminder time.","Name":"DefaultReminderTime","Option":"Write"},{"CIMType":"Boolean","Description":"Deletes meeting request on respond.","Name":"DeleteMeetingRequestOnRespond","Option":"Write"},{"CIMType":"Boolean","Description":"Enables or disables dining events from email.","Name":"DiningEventsFromEmailEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"Enables or disables entertainment events from email.","Name":"EntertainmentEventsFromEmailEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"Enables or disables events from email.","Name":"EventsFromEmailEnabled","Option":"Write"},{"CIMType":"String","Description":"Specifies the first week of the year.","Name":"FirstWeekOfYear","Option":"Write"},{"CIMType":"Boolean","Description":"Enables or disables flight events from email.","Name":"FlightEventsFromEmailEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"Enables or disables hotel events from email.","Name":"HotelEventsFromEmailEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"Enables or disables invoice events from email.","Name":"InvoiceEventsFromEmailEnabled","Option":"Write"},{"CIMType":"String","Description":"Specifies location details in free/busy information.","Name":"LocationDetailsInFreeBusy","Option":"Write"},{"CIMType":"String","Description":"Specifies the mailbox location.","Name":"MailboxLocation","Option":"Write"},{"CIMType":"Boolean","Description":"Enables or disables online meetings by default.","Name":"OnlineMeetingsByDefaultEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"Enables or disables package delivery events from email.","Name":"PackageDeliveryEventsFromEmailEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"Preserves declined meetings.","Name":"PreserveDeclinedMeetings","Option":"Write"},{"CIMType":"Boolean","Description":"Enables or disables reminders.","Name":"RemindersEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"Enables or disables reminder sound.","Name":"ReminderSoundEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"Enables or disables rental car events from email.","Name":"RentalCarEventsFromEmailEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"Enables or disables service appointment events from email.","Name":"ServiceAppointmentEventsFromEmailEnabled","Option":"Write"},{"CIMType":"String","Description":"Specifies the default scope for shortening events.","Name":"ShortenEventScopeDefault","Option":"Write"},{"CIMType":"Boolean","Description":"Shows or hides week numbers.","Name":"ShowWeekNumbers","Option":"Write"},{"CIMType":"String","Description":"Specifies the time increment for calendar events.","Name":"TimeIncrement","Option":"Write"},{"CIMType":"Boolean","Description":"Uses a bright calendar color theme in Outlook on the web.","Name":"UseBrightCalendarColorThemeInOwa","Option":"Write"},{"CIMType":"String","Description":"Enables or disables weather information.","Name":"WeatherEnabled","Option":"Write"},{"CIMType":"UInt32","Description":"Specifies the weather location bookmark.","Name":"WeatherLocationBookmark","Option":"Write"},{"CIMType":"String[]","Description":"Specifies the weather locations.","Name":"WeatherLocations","Option":"Write"},{"CIMType":"String","Description":"Specifies the weather unit.","Name":"WeatherUnit","Option":"Write"},{"CIMType":"String","Description":"Specifies the start day of the week.","Name":"WeekStartDay","Option":"Write"},{"CIMType":"String","Description":"Specifies the work days.","Name":"WorkDays","Option":"Write"},{"CIMType":"String","Description":"Specifies the end time of working hours.","Name":"WorkingHoursEndTime","Option":"Write"},{"CIMType":"String","Description":"Specifies the start time of working hours.","Name":"WorkingHoursStartTime","Option":"Write"},{"CIMType":"String","Description":"Specifies the time zone for working hours.","Name":"WorkingHoursTimeZone","Option":"Write"},{"CIMType":"Boolean","Description":"Enables or disables workspace user.","Name":"WorkspaceUserEnabled","Option":"Write"},{"CIMType":"String","Description":"Ensures the presence or absence of the configuration.","Name":"Ensure","Option":"Write"}],"Description":"This resource allows users to manage mailbox calendar settings."},{"ClassName":"MSFT_EXOMailboxCalendarFolder","Parameters":[{"CIMType":"String","Description":"The Identity parameter specifies the calendar folder that you want to modify.","Name":"Identity","Option":"Key"},{"CIMType":"String","Description":"The DetailLevel parameter specifies the level of calendar detail that's published and available to anonymous users.","Name":"DetailLevel","Option":"Write","ValueMap":["AvailabilityOnly","LimitedDetails","FullDetails"],"Values":["AvailabilityOnly","LimitedDetails","FullDetails"]},{"CIMType":"String","Description":"The PublishDateRangeFrom parameter specifies the start date of calendar information to publish (past information).","Name":"PublishDateRangeFrom","Option":"Write","ValueMap":["OneDay","ThreeDays","OneWeek","OneMonth","ThreeMonths","SixMonths","OneYear"],"Values":["OneDay","ThreeDays","OneWeek","OneMonth","ThreeMonths","SixMonths","OneYear"]},{"CIMType":"String","Description":"The PublishDateRangeTo parameter specifies the end date of calendar information to publish (future information).","Name":"PublishDateRangeTo","Option":"Write","ValueMap":["OneDay","ThreeDays","OneWeek","OneMonth","ThreeMonths","SixMonths","OneYear"],"Values":["OneDay","ThreeDays","OneWeek","OneMonth","ThreeMonths","SixMonths","OneYear"]},{"CIMType":"Boolean","Description":"The PublishEnabled parameter specifies whether to publish the specified calendar information.","Name":"PublishEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The SearchableUrlEnabled parameter specifies whether the published calendar URL is discoverable on the web.","Name":"SearchableUrlEnabled","Option":"Write"},{"CIMType":"String","Description":"The SharedCalendarSyncStartDate parameter specifies the limit for past events in the shared calendar that are visible to delegates. A copy of the shared calendar within the specified date range is stored in the delegate's mailbox.","Name":"SharedCalendarSyncStartDate","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Determines whether or not the instance exist.","Name":"Ensure","Option":"Write","ValueMap":["Present"],"Values":["Present"]},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures calendar publishing or sharing settings on a mailbox for the visibility of calendar information to external users."},{"ClassName":"MSFT_EXOMailboxFolderUserPermission","Parameters":[{"CIMType":"String[]","Description":"The AccessRights parameter specifies the permissions that you want to add for the user on the mailbox folder.","Name":"AccessRights","Option":"Write"},{"CIMType":"String","Description":"The User parameter specifies who gets the permissions on the mailbox folder.","Name":"User","Option":"Key"},{"CIMType":"String","Description":"The SharingPermissionFlags parameter assigns calendar delegate permissions. This parameter only applies to calendar folders and can only be used when the AccessRights parameter value is Editor. Valid values are: None, Delegate, CanViewPrivateItems","Name":"SharingPermissionFlags","Option":"Write"}],"Description":"Use this resource to add/set/remove mailbox folder permissions for users in your tenant.\n\n**Please note:** This resource cannot be used with Service Principals because they don't have mailboxes assigned."},{"ClassName":"MSFT_EXOMailboxFolderPermission","Parameters":[{"CIMType":"String","Description":"The Identity parameter specifies the target mailbox and folder. The syntax is MailboxID:\\\\ParentFolder[\\\\SubFolder]. For the MailboxID you can use any value that uniquely identifies the mailbox.","Name":"Identity","Option":"Key"},{"CIMType":"MSFT_EXOMailboxFolderUserPermission[]","Description":"Mailbox Folder Permissions for the current user.","Name":"UserPermissions","Option":"Write"},{"CIMType":"String","Description":"Determines whether or not the permission should exist on the mailbox.","Name":"Ensure","Option":"Write","ValueMap":["Present"],"Values":["Present"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Use this resource to add/set/remove mailbox folder permissions for users in your tenant.\n\n**Please note:** This resource cannot be used with Service Principals because they don't have mailboxes assigned."},{"ClassName":"MSFT_EXOMailboxIRMAccess","Parameters":[{"CIMType":"String","Description":"The Identity parameter specifies the mailbox that you want to modify","Name":"Identity","Option":"Key"},{"CIMType":"String","Description":"The User parameter specifies the delegate who is blocked from reading IRM-protected messages in the mailbox.","Name":"User","Option":"Key"},{"CIMType":"string","Description":"The AccessLevel parameter specifies what delegates can do to IRM-protected messages in the mailbox that's specified by the Identity parameter.","Name":"AccessLevel","Option":"Write","ValueMap":["Block"],"Values":["Block"]},{"CIMType":"string","Description":"Present ensures the resource exists, absent ensures it is removed","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Use this resource to set MailboxIRMAccess settings"},{"ClassName":"MSFT_EXOMailboxPermission","Parameters":[{"CIMType":"String","Description":"The Identity parameter specifies the mailbox where you want to assign permissions to the user. You can use any value that uniquely identifies the mailbox.","Name":"Identity","Option":"Key"},{"CIMType":"String[]","Description":"The AccessRights parameter specifies the permission that you want to add for the user on the mailbox. Valid values are: ChangeOwner, ChangePermission, DeleteItem, ExternalAccount, FullAccess and ReadPermission.","Name":"AccessRights","Option":"Required"},{"CIMType":"String","Description":"The User parameter specifies who gets the permissions on the mailbox.","Name":"User","Option":"Key"},{"CIMType":"String","Description":"The InheritanceType parameter specifies how permissions are inherited by folders in the mailbox. Valid values are: None, All, Children, Descendents, SelfAndChildren.","Name":"InheritanceType","Option":"Key","ValueMap":["None","All","Children","Descendents","SelfAndChildren"],"Values":["None","All","Children","Descendents","SelfAndChildren"]},{"CIMType":"String","Description":"The Owner parameter specifies the owner of the mailbox object.","Name":"Owner","Option":"Write"},{"CIMType":"Boolean","Description":"The Deny switch specifies that the permissions you're adding are Deny permissions.","Name":"Deny","Option":"Write"},{"CIMType":"String","Description":"Determines whether or not the permission should exist on the mailbox.","Name":"Ensure","Option":"Write","ValueMap":["Present"],"Values":["Present"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Use this resource to modify the permissions of mailbox."},{"ClassName":"MSFT_EXOMailboxPlan","Parameters":[{"CIMType":"String","Description":"The Identity parameter specifies the Mailbox Plan that you want to modify.","Name":"Identity","Option":"Key"},{"CIMType":"String","Description":"The display name of the mailbox plan.","Name":"DisplayName","Option":"Write"},{"CIMType":"String","Description":"MailboxPlans cannot be created/removed in O365.  This must be set to 'Present'","Name":"Ensure","Option":"Write","ValueMap":["Present"],"Values":["Present"]},{"CIMType":"String","Description":"The IssueWarningQuota parameter specifies the warning threshold for the size of the mailboxes that are created or enabled using the mailbox plan.","Name":"IssueWarningQuota","Option":"Write"},{"CIMType":"String","Description":"The MaxReceiveSize parameter specifies the maximum size of a message that can be sent to the mailbox.","Name":"MaxReceiveSize","Option":"Write"},{"CIMType":"String","Description":"The MaxSendSize parameter specifies the maximum size of a message that can be sent by the mailbox.","Name":"MaxSendSize","Option":"Write"},{"CIMType":"String","Description":"The ProhibitSendQuota parameter specifies a size limit for the mailbox.","Name":"ProhibitSendQuota","Option":"Write"},{"CIMType":"String","Description":"The ProhibitSendReceiveQuota parameter specifies a size limit for the mailbox.","Name":"ProhibitSendReceiveQuota","Option":"Write"},{"CIMType":"String","Description":"The RetainDeletedItemsFor parameter specifies the length of time to keep soft-deleted items for the mailbox.","Name":"RetainDeletedItemsFor","Option":"Write"},{"CIMType":"String","Description":"The RetentionPolicy parameter specifies the retention policy that's applied to the mailbox.","Name":"RetentionPolicy","Option":"Write"},{"CIMType":"String","Description":"The RoleAssignmentPolicy parameter specifies the role assignment policy that's applied to the mailbox.","Name":"RoleAssignmentPolicy","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Use this resource to modify the settings of mailbox plans in the cloud-based service."},{"ClassName":"MSFT_EXOMailboxSettings","Parameters":[{"CIMType":"string","Description":"The display name of the Shared Mailbox","Name":"DisplayName","Option":"Key"},{"CIMType":"string","Description":"Associated retention policy.","Name":"RetentionPolicy","Option":"Write"},{"CIMType":"string","Description":"Associated address book policy.","Name":"AddressBookPolicy","Option":"Write"},{"CIMType":"string","Description":"Associated role assignment policy.","Name":"RoleAssignmentPolicy","Option":"Write"},{"CIMType":"string","Description":"Associated sharing policy.","Name":"SharingPolicy","Option":"Write"},{"CIMType":"string","Description":"The name of the Time Zone to assign to the mailbox","Name":"TimeZone","Option":"Write"},{"CIMType":"string","Description":"The code of the Locale to assign to the mailbox","Name":"Locale","Option":"Write"},{"CIMType":"boolean","Description":"The AuditEnabled parameter specifies whether to enable or disable mailbox audit logging for the mailbox. If auditing is enabled, actions specified in the AuditAdmin, AuditDelegate, and AuditOwner parameters are logged","Name":"AuditEnabled","Option":"Write"},{"CIMType":"string","Description":"Present ensures the Mailbox Settings are applied","Name":"Ensure","Option":"Write","ValueMap":["Present"],"Values":["Present"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures settings on Mailboxes such as the Regional settings and its timezone."},{"ClassName":"MSFT_EXOMailContact","Parameters":[{"CIMType":"String","Description":"The Name parameter specifies a unique name for the mail contact.","Name":"Name","Option":"Key"},{"CIMType":"String","Description":"The ExternalEmailAddress parameter specifies the target email address of the mail contact or mail user. By default, this value is used as the primary email address of the mail contact or mail user.","Name":"ExternalEmailAddress","Option":"Required"},{"CIMType":"String","Description":"The Alias parameter specifies the Exchange alias (also known as the mail nickname) for the recipient. This value identifies the recipient as a mail-enabled object, and shouldn't be confused with multiple email addresses for the same recipient (also known as proxy addresses). A recipient can have only one Alias value. The maximum length is 64 characters.","Name":"Alias","Option":"Write"},{"CIMType":"String","Description":"The DisplayName parameter specifies the display name of the mail contact. The display name is visible in the Exchange admin center and in address lists. ","Name":"DisplayName","Option":"Write"},{"CIMType":"String","Description":"The FirstName parameter specifies the user's first name.","Name":"FirstName","Option":"Write"},{"CIMType":"String","Description":"The Initials parameter specifies the user's middle initials.","Name":"Initials","Option":"Write"},{"CIMType":"String","Description":"The LastName parameter specifies the user's last name.","Name":"LastName","Option":"Write"},{"CIMType":"String","Description":"The MacAttachmentFormat parameter specifies the Apple Macintosh operating system attachment format to use for messages sent to the mail contact or mail user. Valid values are: BinHex, UuEncode, AppleSingle, AppleDouble","Name":"MacAttachmentFormat","Option":"Write","ValueMap":["BinHex","UuEncode","AppleSingle","AppleDouble"],"Values":["BinHex","UuEncode","AppleSingle","AppleDouble"]},{"CIMType":"String","Description":"The MessageBodyFormat parameter specifies the message body format for messages sent to the mail contact or mail user. Valid values are: Text, Html, TextAndHtml","Name":"MessageBodyFormat","Option":"Write","ValueMap":["Text","Html","TextAndHtml"],"Values":["Text","Html","TextAndHtml"]},{"CIMType":"String","Description":"The MessageFormat parameter specifies the message format for messages sent to the mail contact or mail user. Valid values are: Mime, Text","Name":"MessageFormat","Option":"Write","ValueMap":["Mime","Text"],"Values":["Mime","Text"]},{"CIMType":"String[]","Description":"The ModeratedBy parameter specifies one or more moderators for this mail contact. A moderator approves messages sent to the mail contact before the messages are delivered. A moderator must be a mailbox, mail user, or mail contact in your organization.","Name":"ModeratedBy","Option":"Write"},{"CIMType":"Boolean","Description":"The ModerationEnabled parameter specifies whether moderation is enabled for this recipient.","Name":"ModerationEnabled","Option":"Write"},{"CIMType":"String","Description":"The OrganizationalUnit parameter specifies the location in Active Directory where the new contact is created.","Name":"OrganizationalUnit","Option":"Write"},{"CIMType":"String","Description":"The SendModerationNotifications parameter specifies when moderation notification messages are sent. Valid values are: ALways, Internal, Never","Name":"SendModerationNotifications","Option":"Write","ValueMap":["Always","Internal","Never"],"Values":["Always","Internal","Never"]},{"CIMType":"Boolean","Description":"The UsePreferMessageFormat specifies whether the message format settings configured for the mail user or mail contact override the global settings configured for the remote domain or configured by the message sender","Name":"UsePreferMessageFormat","Option":"Write"},{"CIMType":"String","Description":"The CustomAttribute1 parameter specifies the value of the CustomAttribute1","Name":"CustomAttribute1","Option":"Write"},{"CIMType":"String","Description":"The CustomAttribute2 parameter specifies the value of the CustomAttribute2","Name":"CustomAttribute2","Option":"Write"},{"CIMType":"String","Description":"The CustomAttribute3 parameter specifies the value of the CustomAttribute3","Name":"CustomAttribute3","Option":"Write"},{"CIMType":"String","Description":"The CustomAttribute4 parameter specifies the value of the CustomAttribute4","Name":"CustomAttribute4","Option":"Write"},{"CIMType":"String","Description":"The CustomAttribute5 parameter specifies the value of the CustomAttribute5","Name":"CustomAttribute5","Option":"Write"},{"CIMType":"String","Description":"The CustomAttribute6 parameter specifies the value of the CustomAttribute6","Name":"CustomAttribute6","Option":"Write"},{"CIMType":"String","Description":"The CustomAttribute7 parameter specifies the value of the CustomAttribute7","Name":"CustomAttribute7","Option":"Write"},{"CIMType":"String","Description":"The CustomAttribute8 parameter specifies the value of the CustomAttribute8","Name":"CustomAttribute8","Option":"Write"},{"CIMType":"String","Description":"The CustomAttribute9 parameter specifies the value of the CustomAttribute9","Name":"CustomAttribute9","Option":"Write"},{"CIMType":"String","Description":"The CustomAttribute10 parameter specifies the value of the CustomAttribute10","Name":"CustomAttribute10","Option":"Write"},{"CIMType":"String","Description":"The CustomAttribute11 parameter specifies the value of the CustomAttribute11","Name":"CustomAttribute11","Option":"Write"},{"CIMType":"String","Description":"The CustomAttribute12 parameter specifies the value of the CustomAttribute12","Name":"CustomAttribute12","Option":"Write"},{"CIMType":"String","Description":"The CustomAttribute13 parameter specifies the value of the CustomAttribute13","Name":"CustomAttribute13","Option":"Write"},{"CIMType":"String","Description":"The CustomAttribute14 parameter specifies the value of the CustomAttribute14","Name":"CustomAttribute14","Option":"Write"},{"CIMType":"String","Description":"The CustomAttribute15 parameter specifies the value of the CustomAttribute15","Name":"CustomAttribute15","Option":"Write"},{"CIMType":"String[]","Description":"The ExtensionCustomAttribute1 parameter specifies the value of the ExtensionCustomAttribute1","Name":"ExtensionCustomAttribute1","Option":"Write"},{"CIMType":"String[]","Description":"The ExtensionCustomAttribute2 parameter specifies the value of the ExtensionCustomAttribute2","Name":"ExtensionCustomAttribute2","Option":"Write"},{"CIMType":"String[]","Description":"The ExtensionCustomAttribute3 parameter specifies the value of the ExtensionCustomAttribute3","Name":"ExtensionCustomAttribute3","Option":"Write"},{"CIMType":"String[]","Description":"The ExtensionCustomAttribute4 parameter specifies the value of the ExtensionCustomAttribute4","Name":"ExtensionCustomAttribute4","Option":"Write"},{"CIMType":"String[]","Description":"The ExtensionCustomAttribute5 parameter specifies the value of the ExtensionCustomAttribute5","Name":"ExtensionCustomAttribute5","Option":"Write"},{"CIMType":"String","Description":"Specifies if this Contact should exist.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures Exchange Online address lists."},{"ClassName":"MSFT_EXOMalwareFilterPolicy","Parameters":[{"CIMType":"String","Description":"The Identity parameter specifies the MalwareFilterPolicy you want to modify.","Name":"Identity","Option":"Key"},{"CIMType":"String","Description":"The AdminDisplayName parameter specifies a description for the policy. If the value contains spaces, enclose the value in quotation marks.","Name":"AdminDisplayName","Option":"Write"},{"CIMType":"String","Description":"The CustomExternalBody parameter specifies the body of the custom notification message for malware detections in messages from external senders. If the value contains spaces, enclose the value in quotation marks.","Name":"CustomExternalBody","Option":"Write"},{"CIMType":"String","Description":"The CustomExternalSubject parameter specifies the subject of the custom notification message for malware detections in messages from external senders. If the value contains spaces, enclose the value in quotation marks.","Name":"CustomExternalSubject","Option":"Write"},{"CIMType":"String","Description":"The CustomFromAddress parameter specifies the From address of the custom notification message for malware detections in messages from internal or external senders.","Name":"CustomFromAddress","Option":"Write"},{"CIMType":"String","Description":"The CustomFromName parameter specifies the From name of the custom notification message for malware detections in messages from internal or external senders. If the value contains spaces, enclose the value in quotation marks.","Name":"CustomFromName","Option":"Write"},{"CIMType":"String","Description":"The CustomInternalBody parameter specifies the body of the custom notification message for malware detections in messages from internal senders. If the value contains spaces, enclose the value in quotation marks.","Name":"CustomInternalBody","Option":"Write"},{"CIMType":"String","Description":"The CustomInternalSubject parameter specifies the subject of the custom notification message for malware detections in messages from internal senders. If the value contains spaces, enclose the value in quotation marks.","Name":"CustomInternalSubject","Option":"Write"},{"CIMType":"Boolean","Description":"The CustomNotifications parameter enables or disables custom notification messages for malware detections in messages from internal or external senders. Valid values are: $true, $false.","Name":"CustomNotifications","Option":"Write"},{"CIMType":"Boolean","Description":"The EnableExternalSenderAdminNotifications parameter enables or disables sending malware detection notification messages to an administrator for messages from external senders. Valid values are: $true, $false.","Name":"EnableExternalSenderAdminNotifications","Option":"Write"},{"CIMType":"Boolean","Description":"The EnableFileFilter parameter enables or disables common attachment blocking - also known as the Common Attachment Types Filter.Valid values are: $true, $false.","Name":"EnableFileFilter","Option":"Write"},{"CIMType":"Boolean","Description":"The EnableInternalSenderAdminNotifications parameter enables or disables sending malware detection notification messages to an administrator for messages from internal senders. Valid values are: $true, $false.","Name":"EnableInternalSenderAdminNotifications","Option":"Write"},{"CIMType":"String","Description":"The ExternalSenderAdminAddress parameter specifies the email address of the administrator who will receive notification messages for malware detections in messages from external senders.","Name":"ExternalSenderAdminAddress","Option":"Write"},{"CIMType":"String","Description":"The FileTypeAction parameter specifies what's done to messages that contain one or more attachments where the file extension is included in the FileTypes parameter (common attachment blocking). Valid values are Quarantine and Reject. The default value is Reject.","Name":"FileTypeAction","Option":"Write","ValueMap":["Quarantine","Reject"],"Values":["Quarantine","Reject"]},{"CIMType":"String[]","Description":"The FileTypes parameter specifies the file types that are automatically blocked by common attachment blocking (also known as the Common Attachment Types Filter), regardless of content.","Name":"FileTypes","Option":"Write"},{"CIMType":"String","Description":"The InternalSenderAdminAddress parameter specifies the email address of the administrator who will receive notification messages for malware detections in messages from internal senders.","Name":"InternalSenderAdminAddress","Option":"Write"},{"CIMType":"Boolean","Description":"MakeDefault makes this malware filter policy the default policy. Valid values are: $true, $false.","Name":"MakeDefault","Option":"Write"},{"CIMType":"String","Description":"The QuarantineTag specifies the quarantine policy that's used on messages that are quarantined as malware.","Name":"QuarantineTag","Option":"Write"},{"CIMType":"Boolean","Description":"The ZapEnabled parameter enables or disables zero-hour auto purge (ZAP) for malware. ZAP detects malware in unread messages that have already been delivered to the user's Inbox. Valid values are: $true, $false.","Name":"ZapEnabled","Option":"Write"},{"CIMType":"String","Description":"Specifies if this MalwareFilterPolicy should exist.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Create or modify a EXOMalwareFilterPolicy in your cloud-based organization."},{"ClassName":"MSFT_EXOMalwareFilterRule","Parameters":[{"CIMType":"String","Description":"The Identity parameter specifies the EXO resource you want to modify.","Name":"Identity","Option":"Key"},{"CIMType":"String","Description":"The Comments parameter specifies informative comments for the rule, such as what the rule is used for or how it has changed over time. The length of the comment can't exceed 1024 characters.","Name":"Comments","Option":"Write"},{"CIMType":"Boolean","Description":"The Enabled parameter enables or disables the malware filter rule. Valid input for this parameter is $true or $false. The default value is $true.","Name":"Enabled","Option":"Write"},{"CIMType":"String[]","Description":"The ExceptIfRecipientDomainIs parameter specifies an exception that looks for recipients with email address in the specified domains. You can specify multiple domains separated by commas.","Name":"ExceptIfRecipientDomainIs","Option":"Write"},{"CIMType":"String[]","Description":"The ExceptIfSentTo parameter specifies an exception that looks for recipients in messages. You can use any value that uniquely identifies the recipient.","Name":"ExceptIfSentTo","Option":"Write"},{"CIMType":"String[]","Description":"The ExceptIfSentToMemberOf parameter specifies an exception that looks for messages sent to members of groups. You can use any value that uniquely identifies the group.","Name":"ExceptIfSentToMemberOf","Option":"Write"},{"CIMType":"String","Description":"The MalwareFilterPolicy parameter specifies the malware filter policy to apply to messages that match the conditions defined by this malware filter rule.","Name":"MalwareFilterPolicy","Option":"Write"},{"CIMType":"String","Description":"The Priority parameter specifies a priority value for the rule that determines the order of rule processing. A lower integer value indicates a higher priority, the value 0 is the highest priority, and rules can't have the same priority value.","Name":"Priority","Option":"Write"},{"CIMType":"String[]","Description":"The RecipientDomainIs parameter specifies a condition that looks for recipients with email address in the specified domains. You can specify multiple domains separated by commas.","Name":"RecipientDomainIs","Option":"Write"},{"CIMType":"String[]","Description":"The SentTo parameter specifies a condition that looks for recipients in messages. You can use any value that uniquely identifies the recipient.","Name":"SentTo","Option":"Write"},{"CIMType":"String[]","Description":"The SentToMemberOf parameter specifies a condition that looks for messages sent to members of distribution groups, dynamic distribution groups, or mail-enabled security groups. You can use any value that uniquely identifies the group.","Name":"SentToMemberOf","Option":"Write"},{"CIMType":"String","Description":"Specifies if the Malware Filter Rule should exist.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Create or modify a new EXOMalwareFilterRule in your cloud-based organization."},{"ClassName":"MSFT_EXOManagementRole","Parameters":[{"CIMType":"String","Description":"The Name parameter specifies the name of the role. The maximum length of the name is 64 characters.","Name":"Name","Option":"Key"},{"CIMType":"String","Description":"The Parent parameter specifies the identity of the role to copy. Mandatory for management role creation/update or when Ensure=Present. Non-mandatory for Ensure=Absent","Name":"Parent","Option":"Key"},{"CIMType":"String","Description":"The Description parameter specifies the description that's displayed when the management role is viewed using the Get-ManagementRole cmdlet.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Specify if the Management Role should exist or not.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures RBAC Management Roles in Exchange Online."},{"ClassName":"MSFT_EXOManagementRoleAssignment","Parameters":[{"CIMType":"String","Description":"The Name parameter specifies a name for the new management role assignment. The maximum length of the name is 64 characters.","Name":"Name","Option":"Key"},{"CIMType":"String","Description":"The Role parameter specifies the existing role to assign. You can use any value that uniquely identifies the role.","Name":"Role","Option":"Key"},{"CIMType":"String","Description":"The App parameter specifies the service principal to assign the management role to. Specifically, the ServiceId GUID value from the output of the Get-ServicePrincipal cmdlet (for example, 6233fba6-0198-4277-892f-9275bf728bcc).","Name":"App","Option":"Write"},{"CIMType":"String","Description":"The Policy parameter specifies the name of the management role assignment policy to assign the management role to.","Name":"Policy","Option":"Write"},{"CIMType":"String","Description":"The SecurityGroup parameter specifies the name of the management role group or mail-enabled universal security group to assign the management role to.","Name":"SecurityGroup","Option":"Write"},{"CIMType":"String","Description":"The User parameter specifies the name or alias of the user to assign the management role to.","Name":"User","Option":"Write"},{"CIMType":"String","Description":"The CustomRecipientWriteScope parameter specifies the existing recipient-based management scope to associate with this management role assignment.","Name":"CustomRecipientWriteScope","Option":"Write"},{"CIMType":"String","Description":"The CustomResourceScope parameter specifies the custom management scope to associate with this management role assignment. You can use any value that uniquely identifies the management scope.","Name":"CustomResourceScope","Option":"Write"},{"CIMType":"String","Description":"The ExclusiveConfigWriteScope parameter specifies the exclusive configuration-based management scope to associate with the new role assignment.","Name":"ExclusiveRecipientWriteScope","Option":"Write"},{"CIMType":"String","Description":"The RecipientAdministrativeUnitScope parameter specifies the administrative unit to scope the new role assignment to.","Name":"RecipientAdministrativeUnitScope","Option":"Write"},{"CIMType":"String","Description":"The RecipientOrganizationalUnitScope parameter specifies the OU to scope the new role assignment to. If you use the RecipientOrganizationalUnitScope parameter, you can't use the CustomRecipientWriteScope or ExclusiveRecipientWriteScope parameters.","Name":"RecipientOrganizationalUnitScope","Option":"Write"},{"CIMType":"String","Description":"The RecipientRelativeWriteScope parameter specifies the type of restriction to apply to a recipient scope. The available types are None, Organization, MyGAL, Self, and MyDistributionGroups. The RecipientRelativeWriteScope parameter is automatically set when the CustomRecipientWriteScope or RecipientOrganizationalUnitScope parameters are used.","Name":"RecipientRelativeWriteScope","Option":"Write"},{"CIMType":"String","Description":"Specify if the Management Role Assignment should exist or not.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures RBAC Management Roles Assignments in Exchange Online."},{"ClassName":"MSFT_EXOManagementRoleEntry","Parameters":[{"CIMType":"String","Description":"The Identity parameter specifies the role entry that you want to modify.","Name":"Identity","Option":"Key"},{"CIMType":"String[]","Description":"The Parameters parameter specifies the parameters to be added to or removed from the role entry.","Name":"Parameters","Option":"Write"},{"CIMType":"String","Description":"The Type parameter specifies the type of role entry to return.","Name":"Type","Option":"Write","ValueMap":["Cmdlet","Script","ApplicationPermission","WebService"],"Values":["Cmdlet","Script","ApplicationPermission","WebService"]},{"CIMType":"String","Description":"Specify if the Management Role entry should exist or not.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures RBAC Management Roles Entries in Exchange Online."},{"ClassName":"MSFT_EXOManagementScope","Parameters":[{"CIMType":"String","Description":"The Identity parameter specifies the name of the management scope to modify.","Name":"Identity","Option":"Key"},{"CIMType":"String","Description":"The Name parameter specifies the name of the management scope.","Name":"Name","Option":"Write"},{"CIMType":"String","Description":"The RecipientRestrictionFilter parameter uses OPATH filter syntax to specify the recipients that are included in the scope.","Name":"RecipientRestrictionFilter","Option":"Write"},{"CIMType":"String","Description":"The RecipientRoot parameter specifies the organizational unit (OU) under which the filter specified with the RecipientRestrictionFilter parameter should be applied.","Name":"RecipientRoot","Option":"Write"},{"CIMType":"Boolean","Description":"The Exclusive switch specifies that the role should be an exclusive scope.","Name":"Exclusive","Option":"Write"},{"CIMType":"String","Description":"Specifies if this Outbound connector should exist.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Use this resource to create ManagementScopes."},{"ClassName":"MSFT_EXOMessageClassification","Parameters":[{"CIMType":"String","Description":"The Identity parameter specifies the OME Configuration policy that you want to modify.","Name":"Identity","Option":"Key"},{"CIMType":"String","Description":"The ClassificationID parameter specifies the classification ID (GUID) of an existing message classification that you want to import and use in your Exchange organization.","Name":"ClassificationID","Option":"Write"},{"CIMType":"String","Description":"The DisplayName parameter specifies the title of the message classification that's displayed in Outlook and selected by users.","Name":"DisplayName","Option":"Write"},{"CIMType":"String","Description":"The DisplayPrecedence parameter specifies the relative precedence of the message classification to other message classifications that may be applied to a specified message.","Name":"DisplayPrecedence","Option":"Write","ValueMap":["Highest","Higher","High","MediumHigh","Medium","MediumLow","Low","Lower","Lowest"],"Values":["Highest","Higher","High","MediumHigh","Medium","MediumLow","Low","Lower","Lowest"]},{"CIMType":"String","Description":"The Name parameter specifies the unique name for the message classification.","Name":"Name","Option":"Write"},{"CIMType":"Boolean","Description":"The PermissionMenuVisible parameter specifies whether the values that you entered for the DisplayName and RecipientDescription parameters are displayed in Outlook as the user composes a message. ","Name":"PermissionMenuVisible","Option":"Write"},{"CIMType":"String","Description":"The RecipientDescription parameter specifies the detailed text that's shown to Outlook recipient when they receive a message that has the message classification applied.","Name":"RecipientDescription","Option":"Write"},{"CIMType":"Boolean","Description":"The RetainClassificationEnabled parameter specifies whether the message classification should persist with the message if the message is forwarded or replied to.","Name":"RetainClassificationEnabled","Option":"Write"},{"CIMType":"String","Description":"The SenderDescription parameter specifies the detailed text that's shown to Outlook senders when they select a message classification to apply to a message before they send the message. ","Name":"SenderDescription","Option":"Write"},{"CIMType":"String","Description":"Specifies if this Outbound connector should exist.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Create a new Message Classification policy in your cloud-based organization."},{"ClassName":"MSFT_EXOMigration","Parameters":[{"CIMType":"String","Description":"The Identity parameter identifies the name of the current migration batch.","Name":"Identity","Option":"Key"},{"CIMType":"String[]","Description":"The NotificationEmails parameter specifies one or more email addresses that migration status reports are sent to.","Name":"NotificationEmails","Option":"Write"},{"CIMType":"String","Description":"The CompleteAfter parameter specifies a delay before the batch is completed.","Name":"CompleteAfter","Option":"Write"},{"CIMType":"Boolean","Description":"The AddUsers parameter controls whether additional users can be dynamically added to an existing migration batch after it has been created.","Name":"AddUsers","Option":"Write"},{"CIMType":"String","Description":"The BadItemLimit parameter specifies the maximum number of bad items that are allowed before the migration request fails.","Name":"BadItemLimit","Option":"Write"},{"CIMType":"String","Description":"The LargeItemLimit parameter specifies the maximum number of large items that are allowed before the migration request fails.","Name":"LargeItemLimit","Option":"Write"},{"CIMType":"String[]","Description":"The MoveOptions parameter specifies the stages of the migration that you want to skip for debugging purposes.","Name":"MoveOptions","Option":"Write"},{"CIMType":"String[]","Description":"The SkipMerging parameter specifies the stages of the migration that you want to skip for debugging purposes.","Name":"SkipMerging","Option":"Write"},{"CIMType":"String","Description":"The StartAfter parameter specifies a delay before the data migration for the users within the batch is started.","Name":"StartAfter","Option":"Write"},{"CIMType":"Boolean","Description":"The Update switch sets the Update flag on the migration batch.","Name":"Update","Option":"Write"},{"CIMType":"String","Description":"The Status parameter returns information about migration users that have the specified status state.","Name":"Status","Option":"Write"},{"CIMType":"String[]","Description":"Migration Users states the list of the users/mailboxes that are part of a migration batch that are to be migrated.","Name":"MigrationUsers","Option":"Write"},{"CIMType":"String","Description":"The SourceEndpoint parameter specifies the migration endpoint to use for the source of the migration batch.","Name":"SourceEndpoint","Option":"Write"},{"CIMType":"String","Description":"The TargetDeliveryDomain parameter specifies the FQDN of the external email address created in the source forest for the mail-enabled user when the migration batch is complete.","Name":"TargetDeliveryDomain","Option":"Write"},{"CIMType":"String","Description":"Specifies if the migration endpoint should exist or not.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Use the MigrationBatch cmdlets to create and update a migration request for a batch of users."},{"ClassName":"MSFT_EXOMigrationEndpoint","Parameters":[{"CIMType":"String","Description":"Identity of the migration endpoint.","Name":"Identity","Option":"Key"},{"CIMType":"Boolean","Description":"Specifies whether to accept untrusted certificates.","Name":"AcceptUntrustedCertificates","Option":"Write"},{"CIMType":"String","Description":"The Application ID used for authentication.","Name":"AppID","Option":"Write"},{"CIMType":"String","Description":"The URL of the Key Vault that stores the application secret.","Name":"AppSecretKeyVaultUrl","Option":"Write"},{"CIMType":"String","Description":"The authentication method for the migration endpoint.","Name":"Authentication","Option":"Write"},{"CIMType":"String","Description":"The type of migration endpoint.","Name":"EndpointType","Option":"Write","ValueMap":["IMAP","ExchangeRemoteMove"],"Values":["IMAP","ExchangeRemoteMove"]},{"CIMType":"String","Description":"The Exchange Server address for the migration endpoint.","Name":"ExchangeServer","Option":"Write"},{"CIMType":"String","Description":"The mailbox permission for the migration endpoint.","Name":"MailboxPermission","Option":"Write"},{"CIMType":"String","Description":"The maximum number of concurrent incremental syncs.","Name":"MaxConcurrentIncrementalSyncs","Option":"Write"},{"CIMType":"String","Description":"The maximum number of concurrent migrations.","Name":"MaxConcurrentMigrations","Option":"Write"},{"CIMType":"String","Description":"The NSPI server for the migration endpoint.","Name":"NspiServer","Option":"Write"},{"CIMType":"String","Description":"The port number for the migration endpoint.","Name":"Port","Option":"Write"},{"CIMType":"String","Description":"The remote server for the migration endpoint.","Name":"RemoteServer","Option":"Write"},{"CIMType":"String","Description":"The remote tenant for the migration endpoint.","Name":"RemoteTenant","Option":"Write"},{"CIMType":"String","Description":"The RPC proxy server for the migration endpoint.","Name":"RpcProxyServer","Option":"Write"},{"CIMType":"String","Description":"The security level for the migration endpoint.","Name":"Security","Option":"Write","ValueMap":["None","Tls","Ssl"],"Values":["None","Tls","Ssl"]},{"CIMType":"String","Description":"The legacy distinguished name of the source mailbox.","Name":"SourceMailboxLegacyDN","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies whether to use AutoDiscover.","Name":"UseAutoDiscover","Option":"Write"},{"CIMType":"String","Description":"Specifies if the migration endpoint should exist or not.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Use this resource to create and monitor migration endpoints in exchange."},{"ClassName":"MSFT_EXOMobileDeviceMailboxPolicy","Parameters":[{"CIMType":"String","Description":"The Name parameter specifies the friendly name of the mobile device mailbox policy.","Name":"Name","Option":"Key"},{"CIMType":"Boolean","Description":"The AllowApplePushNotifications parameter specifies whether push notifications are allowed to Apple mobile devices.","Name":"AllowApplePushNotifications","Option":"Write"},{"CIMType":"String","Description":"The AllowBluetooth parameter specifies whether the Bluetooth capabilities are allowed on the mobile phone. The available options are Disable, HandsfreeOnly, and Allow. The default value is Allow.","Name":"AllowBluetooth","Option":"Write","ValueMap":["Disable","HandsfreeOnly","Allow"],"Values":["Disable","HandsfreeOnly","Allow"]},{"CIMType":"Boolean","Description":"The AllowBrowser parameter indicates whether Microsoft Pocket Internet Explorer is allowed on the mobile phone. This parameter doesn't affect third-party browsers.","Name":"AllowBrowser","Option":"Write"},{"CIMType":"Boolean","Description":"The AllowCamera parameter specifies whether the mobile phone's camera is allowed.","Name":"AllowCamera","Option":"Write"},{"CIMType":"Boolean","Description":"The AllowConsumerEmail parameter specifies whether the mobile phone user can configure a personal email account on the mobile phone.","Name":"AllowConsumerEmail","Option":"Write"},{"CIMType":"Boolean","Description":"The AllowDesktopSync parameter specifies whether the mobile phone can synchronize with a desktop computer through a cable.","Name":"AllowDesktopSync","Option":"Write"},{"CIMType":"Boolean","Description":"The AllowExternalDeviceManagement parameter specifies whether an external device management program is allowed to manage the mobile phone.","Name":"AllowExternalDeviceManagement","Option":"Write"},{"CIMType":"Boolean","Description":"The AllowGooglePushNotifications parameter controls whether the user can receive push notifications from Google for Outlook on the web for devices.","Name":"AllowGooglePushNotifications","Option":"Write"},{"CIMType":"Boolean","Description":"The AllowHTMLEmail parameter specifies whether HTML email is enabled on the mobile phone.","Name":"AllowHTMLEmail","Option":"Write"},{"CIMType":"Boolean","Description":"The AllowInternetSharing parameter specifies whether the mobile phone can be used as a modem to connect a computer to the Internet.","Name":"AllowInternetSharing","Option":"Write"},{"CIMType":"Boolean","Description":"The AllowIrDA parameter specifies whether infrared connections are allowed to the mobile phone.","Name":"AllowIrDA","Option":"Write"},{"CIMType":"Boolean","Description":"The AllowMobileOTAUpdate parameter specifies whether the Exchange ActiveSync mailbox policy can be sent to the mobile phone over a cellular data connection.","Name":"AllowMobileOTAUpdate","Option":"Write"},{"CIMType":"Boolean","Description":"The AllowMicrosoftPushNotifications parameter specifies whether push notifications are enabled on the mobile device.","Name":"AllowMicrosoftPushNotifications","Option":"Write"},{"CIMType":"Boolean","Description":"The AllowNonProvisionableDevices parameter specifies whether all mobile phones can synchronize with the server running Exchange.","Name":"AllowNonProvisionableDevices","Option":"Write"},{"CIMType":"Boolean","Description":"The AllowPOPIMAPEmail parameter specifies whether the user can configure a POP3 or IMAP4 email account on the mobile phone.","Name":"AllowPOPIMAPEmail","Option":"Write"},{"CIMType":"Boolean","Description":"The AllowRemoteDesktop parameter specifies whether the mobile phone can initiate a remote desktop connection.","Name":"AllowRemoteDesktop","Option":"Write"},{"CIMType":"Boolean","Description":"The AllowSimplePassword parameter specifies whether a simple device password is allowed. A simple device password is a password that has a specific pattern, such as 1111 or 1234.","Name":"AllowSimplePassword","Option":"Write"},{"CIMType":"String","Description":"The AllowSMIMEEncryptionAlgorithmNegotiation parameter specifies whether the messaging application on the mobile device can negotiate the encryption algorithm if a recipient's certificate doesn't support the specified encryption algorithm.","Name":"AllowSMIMEEncryptionAlgorithmNegotiation","Option":"Write","ValueMap":["AllowAnyAlgorithmNegotiation","BlockNegotiation","OnlyStrongAlgorithmNegotiation"],"Values":["AllowAnyAlgorithmNegotiation","BlockNegotiation","OnlyStrongAlgorithmNegotiation"]},{"CIMType":"Boolean","Description":"The AllowSMIMESoftCerts parameter specifies whether S/MIME software certificates are allowed.","Name":"AllowSMIMESoftCerts","Option":"Write"},{"CIMType":"Boolean","Description":"The AllowStorageCard parameter specifies whether the mobile phone can access information stored on a storage card.","Name":"AllowStorageCard","Option":"Write"},{"CIMType":"Boolean","Description":"The AllowTextMessaging parameter specifies whether text messaging is allowed from the mobile phone.","Name":"AllowTextMessaging","Option":"Write"},{"CIMType":"Boolean","Description":"The AllowUnsignedApplications parameter specifies whether unsigned applications can be installed on the mobile phone.","Name":"AllowUnsignedApplications","Option":"Write"},{"CIMType":"Boolean","Description":"The AllowUnsignedInstallationPackages parameter specifies whether unsigned installation packages can be executed on the mobile phone.","Name":"AllowUnsignedInstallationPackages","Option":"Write"},{"CIMType":"Boolean","Description":"The AllowWiFi parameter specifies whether wireless Internet access is allowed on the mobile phone. ","Name":"AllowWiFi","Option":"Write"},{"CIMType":"Boolean","Description":"The AlphanumericPasswordRequired parameter specifies whether the password for the mobile phone must be alphanumeric.","Name":"AlphanumericPasswordRequired","Option":"Write"},{"CIMType":"String[]","Description":"The ApprovedApplicationList parameter specifies a list of approved applications for the mobile phone.","Name":"ApprovedApplicationList","Option":"Write"},{"CIMType":"Boolean","Description":"The AttachmentsEnabled parameter specifies whether attachments can be downloaded.","Name":"AttachmentsEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The DeviceEncryptionEnabled parameter specifies whether encryption is enabled.","Name":"DeviceEncryptionEnabled","Option":"Write"},{"CIMType":"String","Description":"The DevicePolicyRefreshInterval parameter specifies how often the policy is sent from the server to the mobile phone.","Name":"DevicePolicyRefreshInterval","Option":"Write"},{"CIMType":"Boolean","Description":"The IrmEnabled parameter specifies whether Information Rights Management (IRM) is enabled for the mailbox policy.","Name":"IrmEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The IsDefault parameter specifies whether this policy is the default Mobile Device mailbox policy.","Name":"IsDefault","Option":"Write"},{"CIMType":"String","Description":"The MaxAttachmentSize parameter specifies the maximum size of attachments that can be downloaded to the mobile phone.","Name":"MaxAttachmentSize","Option":"Write"},{"CIMType":"String","Description":"The MaxCalendarAgeFilter parameter specifies the maximum range of calendar days that can be synchronized to the device.","Name":"MaxCalendarAgeFilter","Option":"Write","ValueMap":["All","TwoWeeks","OneMonth","ThreeMonths","SixMonths"],"Values":["All","TwoWeeks","OneMonth","ThreeMonths","SixMonths"]},{"CIMType":"String","Description":"The MaxEmailAgeFilter parameter specifies the maximum number of days of email items to synchronize to the mobile phone.","Name":"MaxEmailAgeFilter","Option":"Write","ValueMap":["All","OneDay","ThreeDays","OneWeek","TwoWeeks","OneMonth"],"Values":["All","OneDay","ThreeDays","OneWeek","TwoWeeks","OneMonth"]},{"CIMType":"String","Description":"The MaxEmailBodyTruncationSize parameter specifies the maximum size at which email messages are truncated when synchronized to the mobile phone. The value is specified in kilobytes (KB).","Name":"MaxEmailBodyTruncationSize","Option":"Write"},{"CIMType":"String","Description":"The MaxEmailHTMLBodyTruncationSize parameter specifies the maximum size at which HTML-formatted email messages are synchronized to the mobile phone. The value is specified in KB.","Name":"MaxEmailHTMLBodyTruncationSize","Option":"Write"},{"CIMType":"String","Description":"The MaxInactivityTimeDeviceLock parameter specifies the length of time that the mobile phone can be inactive before the password is required to reactivate it.","Name":"MaxInactivityTimeLock","Option":"Write"},{"CIMType":"String","Description":"The MaxPasswordFailedAttempts parameter specifies the number of attempts a user can make to enter the correct password for the mobile phone. You can enter any number from 4 through 16 or the value Unlimited.","Name":"MaxPasswordFailedAttempts","Option":"Write"},{"CIMType":"SInt32","Description":"The MinPasswordComplexCharacters parameter specifies the character sets that are required in the password of the mobile device.","Name":"MinPasswordComplexCharacters","Option":"Write"},{"CIMType":"String","Description":"The MinPasswordLength parameter specifies the minimum number of characters in the mobile device password.","Name":"MinPasswordLength","Option":"Write"},{"CIMType":"Boolean","Description":"The PasswordEnabled parameter specifies whether a password is required on the mobile device.","Name":"PasswordEnabled","Option":"Write"},{"CIMType":"String","Description":"The PasswordExpiration parameter specifies how long a password can be used on a mobile device before the user is forced to change the password.","Name":"PasswordExpiration","Option":"Write"},{"CIMType":"SInt32","Description":"The PasswordHistory parameter specifies the number of unique new passwords that need to be created on the mobile device before an old password can be reused.","Name":"PasswordHistory","Option":"Write"},{"CIMType":"Boolean","Description":"The PasswordRecoveryEnabled parameter specifies whether the recovery password for the mobile device is stored in Exchange.","Name":"PasswordRecoveryEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The RequireDeviceEncryption parameter specifies whether encryption is required on the mobile device.","Name":"RequireDeviceEncryption","Option":"Write"},{"CIMType":"Boolean","Description":"The RequireEncryptedSMIMEMessages parameter specifies whether the mobile device must send encrypted S/MIME messages.","Name":"RequireEncryptedSMIMEMessages","Option":"Write"},{"CIMType":"String","Description":"The RequireEncryptionSMIMEAlgorithm parameter specifies the algorithm that's required to encrypt S/MIME messages on a mobile device.","Name":"RequireEncryptionSMIMEAlgorithm","Option":"Write","ValueMap":["DES","TripleDES","RC240bit","RC264bit","RC2128bit"],"Values":["DES","TripleDES","RC240bit","RC264bit","RC2128bit"]},{"CIMType":"Boolean","Description":"The RequireSignedSMIMEAlgorithm parameter specifies the algorithm that's used to sign S/MIME messages on the mobile device.","Name":"RequireManualSyncWhenRoaming","Option":"Write"},{"CIMType":"String","Description":"The RequireSignedSMIMEAlgorithm parameter specifies the algorithm that's used to sign S/MIME messages on the mobile device.","Name":"RequireSignedSMIMEAlgorithm","Option":"Write","ValueMap":["SHA1","MD5"],"Values":["SHA1","MD5"]},{"CIMType":"Boolean","Description":"The RequireSignedSMIMEMessages parameter specifies whether the mobile device must send signed S/MIME messages.","Name":"RequireSignedSMIMEMessages","Option":"Write"},{"CIMType":"Boolean","Description":"The RequireStorageCardEncryption parameter specifies whether storage card encryption is required on the mobile device.","Name":"RequireStorageCardEncryption","Option":"Write"},{"CIMType":"String[]","Description":"The UnapprovedInROMApplicationList parameter specifies a list of applications that can't be run in ROM on the mobile device.","Name":"UnapprovedInROMApplicationList","Option":"Write"},{"CIMType":"Boolean","Description":"The UNCAccessEnabled parameter specifies whether access to Microsoft Windows file shares is enabled from the mobile device.","Name":"UNCAccessEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The WSSAccessEnabled parameter specifies whether access to Microsoft Windows SharePoint Services is enabled from the mobile device.","Name":"WSSAccessEnabled","Option":"Write"},{"CIMType":"String","Description":"Specify if the Mobile Device Mailbox Policy should exist or not.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures Mobile Device Mailbox Policies in Exchange Online."},{"ClassName":"MSFT_EXOOfflineAddressBook","Parameters":[{"CIMType":"String","Description":"The Name parameter specifies the unique name of the Offline Address Book. The maximum length is 64 characters.","Name":"Name","Option":"Key"},{"CIMType":"String[]","Description":"The AddressLists parameter specifies the address lists or global address lists that are included in the OAB. You can use any value that uniquely identifies the address list.","Name":"AddressLists","Option":"Write"},{"CIMType":"String[]","Description":"The ConfiguredAttributes parameter specifies the recipient MAPI properties that are available in the OAB.","Name":"ConfiguredAttributes","Option":"Write"},{"CIMType":"String","Description":"The DiffRetentionPeriod parameter specifies the number of days that the OAB difference files are stored on the server.","Name":"DiffRetentionPeriod","Option":"Write"},{"CIMType":"Boolean","Description":"The IsDefault parameter specifies whether the OAB is used by all mailboxes and mailbox databases that don't have an OAB specified.","Name":"IsDefault","Option":"Write"},{"CIMType":"String","Description":"Specify if the Offline Address Book should exist or not.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures Offline Address Books in Exchange Online."},{"ClassName":"MSFT_EXOOMEConfiguration","Parameters":[{"CIMType":"String","Description":"The Identity parameter specifies the OME Configuration policy that you want to modify.","Name":"Identity","Option":"Key"},{"CIMType":"String","Description":"The BackgroundColor parameter specifies the background color","Name":"BackgroundColor","Option":"Write"},{"CIMType":"String","Description":"The DisclaimerText parameter specifies the disclaimer text in the email that contains the encrypted message","Name":"DisclaimerText","Option":"Write"},{"CIMType":"String","Description":"The EmailText parameter specifies the default text that accompanies encrypted email messages.","Name":"EmailText","Option":"Write"},{"CIMType":"UInt32","Description":"The ExternalMailExpiryInDays parameter specifies the number of days that the encrypted message is available to external recipients in the Microsoft 365 portal. A valid value is an integer from 0 to 730.","Name":"ExternalMailExpiryInDays","Option":"Write"},{"CIMType":"String","Description":"The IntroductionText parameter specifies the default text that accompanies encrypted email messages.","Name":"IntroductionText","Option":"Write"},{"CIMType":"Boolean","Description":"The OTPEnabled parameter specifies whether to allow recipients to use a one-time passcode to view encrypted messages.","Name":"OTPEnabled","Option":"Write"},{"CIMType":"String","Description":"The PortalText parameter specifies the text that appears at the top of the encrypted email viewing portal.","Name":"PortalText","Option":"Write"},{"CIMType":"String","Description":"The PrivacyStatementUrl parameter specifies the Privacy Statement link in the encrypted email notification message.","Name":"PrivacyStatementUrl","Option":"Write"},{"CIMType":"String","Description":"The ReadButtonText parameter specifies the text that appears on the 'Read the message' button. ","Name":"ReadButtonText","Option":"Write"},{"CIMType":"Boolean","Description":"The SocialIdSignIn parameter specifies whether a user is allowed to view an encrypted message in the Microsoft 365 admin center using their own social network id (Google, Yahoo, and Microsoft account).","Name":"SocialIdSignIn","Option":"Write"},{"CIMType":"String","Description":"Specifies if this Outbound connector should exist.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Create a new OME Configuration policy in your cloud-based organization."},{"ClassName":"MSFT_EXOOnPremisesOrganization","Parameters":[{"CIMType":"String","Description":"The Identity parameter specifies the identity of the on-premises organization object.","Name":"Identity","Option":"Key"},{"CIMType":"String[]","Description":"The HybridDomains parameter specifies the domains that are configured in the hybrid deployment between an Office 365 tenant and an on-premises Exchange organization. The domains specified in this parameter must match the domains listed in the HybridConfiguration Active Directory object for the on-premises Exchange organization configured by the Hybrid Configuration wizard. ","Name":"HybridDomains","Option":"Write"},{"CIMType":"String","Description":"The InboundConnector parameter specifies the name of the inbound connector configured on the Microsoft Exchange Online Protection (EOP) service for a hybrid deployment configured with an on-premises Exchange organization.","Name":"InboundConnector","Option":"Write"},{"CIMType":"String","Description":"The OutboundConnector parameter specifies the name of the outbound connector configured on the EOP service for a hybrid deployment configured with an on-premises Exchange organization.","Name":"OutboundConnector","Option":"Write"},{"CIMType":"String","Description":"The OrganizationName parameter specifies the Active Directory object name of the on-premises Exchange organization.","Name":"OrganizationName","Option":"Write"},{"CIMType":"String","Description":"The OrganizationGuid parameter specifies the globally unique identifier (GUID) of the on-premises Exchange organization object in the Office 365 tenant.","Name":"OrganizationGuid","Option":"Write"},{"CIMType":"String","Description":"The OrganizationRelationship parameter specifies the organization relationship configured by the Hybrid Configuration wizard on the Office 365 tenant as part of a hybrid deployment with an on-premises Exchange organization. This organization relationship defines the federated sharing features enabled on the Office 365 tenant.","Name":"OrganizationRelationship","Option":"Write"},{"CIMType":"String","Description":"The Comment parameter specifies an optional comment.","Name":"Comment","Option":"Write"},{"CIMType":"String","Description":"Specify if the On-Premises Organization should exist or not.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures On-Premises Organization in Exchange Online."},{"ClassName":"MSFT_EXOOrganizationConfig","Parameters":[{"CIMType":"String","Description":"Only valid value is 'Yes'.","Name":"IsSingleInstance","Option":"Key","ValueMap":["Yes"],"Values":["Yes"]},{"CIMType":"Boolean","Description":"The ActivityBasedAuthenticationTimeoutEnabled parameter specifies whether the timed logoff feature is enabled. The default value is $true","Name":"ActivityBasedAuthenticationTimeoutEnabled","Option":"Write"},{"CIMType":"String","Description":"The ActivityBasedAuthenticationTimeoutInterval parameter specifies the time span for logoff. You enter this value as a time span: hh:mm:ss where hh = hours, mm = minutes and ss = seconds. Valid values for this parameter are from 00:05:00 to 08:00:00 (5 minutes to 8 hours). The default value is 06:00:00 (6 hours).","Name":"ActivityBasedAuthenticationTimeoutInterval","Option":"Write"},{"CIMType":"Boolean","Description":"The ActivityBasedAuthenticationTimeoutWithSingleSignOnEnabled parameter specifies whether to keep single sign-on enabled. The default value is $true.","Name":"ActivityBasedAuthenticationTimeoutWithSingleSignOnEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The AppsForOfficeEnabled parameter specifies whether to enable apps for Outlook features. By default, the parameter is set to $true. If the flag is set to $false, no new apps can be activated for any user in the organization.","Name":"AppsForOfficeEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The AsyncSendEnabled parameter specifies whether to enable or disable async send in Outlook on the web.","Name":"AsyncSendEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The AuditDisabled parameter specifies whether to disable or enable mailbox auditing for the organization.","Name":"AuditDisabled","Option":"Write"},{"CIMType":"Boolean","Description":"Setting this parameter to $true will cause unknown users to be redirected to the on-premises endpoint and will allow on-premises users to discover their mailbox automatically.","Name":"AutodiscoverPartialDirSync","Option":"Write"},{"CIMType":"Boolean","Description":"The AutoExpandingArchive switch enables the unlimited archiving feature (called auto-expanding archiving) in an Exchange Online organization. You don't need to specify a value with this switch.","Name":"AutoExpandingArchive","Option":"Write"},{"CIMType":"Boolean","Description":"No description available for BlockMoveMessagesForGroupFolders","Name":"BlockMoveMessagesForGroupFolders","Option":"Write"},{"CIMType":"Boolean","Description":"The BookingsAddressEntryRestricted parameter specifies whether addresses can be collected from Bookings customers.","Name":"BookingsAddressEntryRestricted","Option":"Write"},{"CIMType":"Boolean","Description":"The BookingsAuthEnabled parameter specifies whether to enforce authentication to access all published Bookings pages.","Name":"BookingsAuthEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"No description available for BookingsBlockedWordsEnabled","Name":"BookingsBlockedWordsEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The BookingsCreationOfCustomQuestionsRestricted parameter specifies whether Bookings admins can add custom questions.","Name":"BookingsCreationOfCustomQuestionsRestricted","Option":"Write"},{"CIMType":"Boolean","Description":"The BookingsEnabled parameter specifies whether to enable Microsoft Bookings in an organization.","Name":"BookingsEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The BookingsExposureOfStaffDetailsRestricted parameter specifies whether the attributes of internal Bookings staff members are visible to external Bookings customers.","Name":"BookingsExposureOfStaffDetailsRestricted","Option":"Write"},{"CIMType":"Boolean","Description":"The BookingsMembershipApprovalRequired parameter enables a membership approval requirement when new staff members are added to Bookings calendars.","Name":"BookingsMembershipApprovalRequired","Option":"Write"},{"CIMType":"Boolean","Description":"No description available for BookingsNamingPolicyEnabled","Name":"BookingsNamingPolicyEnabled","Option":"Write"},{"CIMType":"String","Description":"No description available for BookingsNamingPolicyPrefix","Name":"BookingsNamingPolicyPrefix","Option":"Write"},{"CIMType":"Boolean","Description":"No description available for BookingsNamingPolicyPrefixEnabled","Name":"BookingsNamingPolicyPrefixEnabled","Option":"Write"},{"CIMType":"String","Description":"No description available for BookingsNamingPolicySuffix","Name":"BookingsNamingPolicySuffix","Option":"Write"},{"CIMType":"Boolean","Description":"No description available for BookingsNamingPolicySuffixEnabled","Name":"BookingsNamingPolicySuffixEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The BookingsNotesEntryRestricted parameter specifies whether appointment notes can be collected from Bookings customers.","Name":"BookingsNotesEntryRestricted","Option":"Write"},{"CIMType":"Boolean","Description":"The BookingsPaymentsEnabled parameter specifies whether to enable online payment node inside Bookings.","Name":"BookingsPaymentsEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The BookingsPhoneNumberEntryRestricted parameter specifies whether phone numbers can be collected from Bookings customers.","Name":"BookingsPhoneNumberEntryRestricted","Option":"Write"},{"CIMType":"Boolean","Description":"No description available for BookingsSearchEngineIndexDisabled","Name":"BookingsSearchEngineIndexDisabled","Option":"Write"},{"CIMType":"Boolean","Description":"No description available for BookingsSmsMicrosoftEnabled","Name":"BookingsSmsMicrosoftEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The BookingsSocialSharingRestricted parameter allows you to control whether, or not, your users can see social sharing options inside Bookings.","Name":"BookingsSocialSharingRestricted","Option":"Write"},{"CIMType":"UInt32","Description":"The ByteEncoderTypeFor7BitCharsets parameter specifies the 7-bit transfer encoding method for MIME format for messages sent to this remote domain.","Name":"ByteEncoderTypeFor7BitCharsets","Option":"Write"},{"CIMType":"Boolean","Description":"No description available for ComplianceMLBgdCrawlEnabled","Name":"ComplianceMLBgdCrawlEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The ConnectorsActionableMessagesEnabled parameter specifies whether to enable or disable actionable buttons in messages (connector cards) from connected apps on Outlook on the web.","Name":"ConnectorsActionableMessagesEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The ConnectorsEnabled parameter specifies whether to enable or disable all connected apps in organization.","Name":"ConnectorsEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The ConnectorsEnabledForOutlook parameter specifies whether to enable or disable connected apps in Outlook on the web. ","Name":"ConnectorsEnabledForOutlook","Option":"Write"},{"CIMType":"Boolean","Description":"The ConnectorsEnabledForSharepoint parameter specifies whether to enable or disable connected apps on Sharepoint.","Name":"ConnectorsEnabledForSharepoint","Option":"Write"},{"CIMType":"Boolean","Description":"The ConnectorsEnabledForTeams parameter specifies whether to enable or disable connected apps on Teams.","Name":"ConnectorsEnabledForTeams","Option":"Write"},{"CIMType":"Boolean","Description":"The ConnectorsEnabledForYammer parameter specifies whether to enable or disable connected apps on Yammer.","Name":"ConnectorsEnabledForYammer","Option":"Write"},{"CIMType":"Boolean","Description":"Enable Customer Lockbox.","Name":"CustomerLockboxEnabled","Option":"Write"},{"CIMType":"String","Description":"The DefaultAuthenticationPolicy parameter specifies the authentication policy that's used for the whole organization. You can use any value that uniquely identifies the policy.","Name":"DefaultAuthenticationPolicy","Option":"Write"},{"CIMType":"String","Description":"The DefaultGroupAccessType parameter specifies the default access type for Office 365 groups.","Name":"DefaultGroupAccessType","Option":"Write","ValueMap":["Private","Public"],"Values":["Private","Public"]},{"CIMType":"UInt32","Description":"The DefaultMinutesToReduceLongEventsBy parameter specifies the number of minutes to reduce calendar events by if the events are 60 minutes or longer.","Name":"DefaultMinutesToReduceLongEventsBy","Option":"Write"},{"CIMType":"UInt32","Description":"The DefaultMinutesToReduceShortEventsBy parameter specifies the number of minutes to reduce calendar events by if the events are less than 60 minutes long.","Name":"DefaultMinutesToReduceShortEventsBy","Option":"Write"},{"CIMType":"String","Description":"The DefaultPublicFolderAgeLimit parameter specifies the default age limit for the contents of public folders across the entire organization. Content in a public folder is automatically deleted when this age limit is exceeded. This attribute applies to all public folders in the organization that don't have their own AgeLimit setting. To specify a value, enter it as a time span: dd.hh:mm:ss where d = days, h = hours, m = minutes, and s = seconds. Or, enter the value $null. The default value is blank ($null).","Name":"DefaultPublicFolderAgeLimit","Option":"Write"},{"CIMType":"String","Description":"The DefaultPublicFolderDeletedItemRetention parameter specifies the default value of the length of time to retain deleted items for public folders across the entire organization. This attribute applies to all public folders in the organization that don't have their own RetainDeletedItemsFor attribute set.","Name":"DefaultPublicFolderDeletedItemRetention","Option":"Write"},{"CIMType":"String","Description":"The DefaultPublicFolderIssueWarningQuota parameter specifies the default value across the entire organization for the public folder size at which a warning message is sent to this folder's owners, warning that the public folder is almost full. This attribute applies to all public folders within the organization that don't have their own warning quota attribute set. The default value of this attribute is unlimited. The valid input range for this parameter is from 0 through 2199023254529 bytes(2 TB). If you enter a value of unlimited, no size limit is imposed on the public folder.","Name":"DefaultPublicFolderIssueWarningQuota","Option":"Write"},{"CIMType":"String","Description":"The DefaultPublicFolderMaxItemSize parameter specifies the default maximum size for posted items within public folders across the entire organization. Items larger than the value of the DefaultPublicFolderMaxItemSize parameter are rejected. This attribute applies to all public folders within the organization that don't have their own MaxItemSize attribute set. The default value of this attribute is unlimited.","Name":"DefaultPublicFolderMaxItemSize","Option":"Write"},{"CIMType":"String","Description":"The DefaultPublicFolderMovedItemRetention parameter specifies how long items that have been moved between mailboxes are kept in the source mailbox for recovery purposes before being removed by the Public Folder Assistant.","Name":"DefaultPublicFolderMovedItemRetention","Option":"Write"},{"CIMType":"String","Description":"The DefaultPublicFolderProhibitPostQuota parameter specifies the size of a public folder at which users are notified that the public folder is full. Users can't post to a folder whose size is larger than the DefaultPublicFolderProhibitPostQuota parameter value. The default value of this attribute is unlimited.","Name":"DefaultPublicFolderProhibitPostQuota","Option":"Write"},{"CIMType":"Boolean","Description":"The DelayedDelicensingEnabled parameter enables or disables a 30 day grace period for Exchange Online license removals from mailboxes.","Name":"DelayedDelicensingEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The DirectReportsGroupAutoCreationEnabled parameter specifies whether to enable or disable the automatic creation of direct report Office 365 groups.","Name":"DirectReportsGroupAutoCreationEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The DisablePlusAddressInRecipients parameter specifies whether to enable or disable plus addressing (also known as subaddressing) for Exchange Online mailboxes.","Name":"DisablePlusAddressInRecipients","Option":"Write"},{"CIMType":"String","Description":"The DistributionGroupDefaultOU parameter specifies the container where distribution groups are created by default.","Name":"DistributionGroupDefaultOU","Option":"Write"},{"CIMType":"String[]","Description":"The DistributionGroupNameBlockedWordsList parameter specifies words that can't be included in the names of distribution groups. Separate multiple values with commas.","Name":"DistributionGroupNameBlockedWordsList","Option":"Write"},{"CIMType":"String","Description":"The DistributionGroupNamingPolicy parameter specifies the template applied to the name of distribution groups that are created in the organization. You can enforce that a prefix or suffix be applied to all distribution groups. Prefixes and suffixes can be either a string or an attribute, and you can combine strings and attributes.","Name":"DistributionGroupNamingPolicy","Option":"Write"},{"CIMType":"Boolean","Description":"The ElcProcessingDisabled parameter specifies whether to enable or disable the processing of mailboxes by the Managed Folder Assistant.","Name":"ElcProcessingDisabled","Option":"Write"},{"CIMType":"Boolean","Description":"The EnableOutlookEvents parameter specifies whether Outlook or Outlook on the web automatically discovers events from email messages and adds them to user calendars.","Name":"EnableOutlookEvents","Option":"Write"},{"CIMType":"Boolean","Description":"The EndUserDLUpgradeFlowsDisabled parameter specifies whether to prevent users from upgrading their own distribution groups to Office 365 groups in an Exchange Online organization.","Name":"EndUserDLUpgradeFlowsDisabled","Option":"Write"},{"CIMType":"Boolean","Description":"The EndUserMailNotificationForDelayedDelicensingEnabled parameter enables or disables periodic email warnings to affected users that have pending Exchange Online license removal requests on their mailboxes.","Name":"EndUserMailNotificationForDelayedDelicensingEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The EwsAllowEntourage parameter specifies whether to enable or disable Entourage 2008 to access Exchange Web Services (EWS) for the entire organization.","Name":"EwsAllowEntourage","Option":"Write"},{"CIMType":"String[]","Description":"The EwsAllowList parameter specifies the applications that are allowed to access EWS or REST when the EwsApplicationAccessPolicy parameter is set to EwsAllowList. Other applications that aren't specified by this parameter aren't allowed to access EWS or REST. You identify the application by its user agent string value. Wildcard characters (*) are supported.","Name":"EwsAllowList","Option":"Write"},{"CIMType":"Boolean","Description":"The EwsAllowMacOutlook parameter enables or disables access to mailboxes by Outlook for Mac clients that use Exchange Web Services (for example, Outlook for Mac 2011 or later).","Name":"EwsAllowMacOutlook","Option":"Write"},{"CIMType":"Boolean","Description":"The EwsAllowOutlook parameter enables or disables access to mailboxes by Outlook clients that use Exchange Web Services. Outlook uses Exchange Web Services for free/busy, out-of-office settings, and calendar sharing.","Name":"EwsAllowOutlook","Option":"Write"},{"CIMType":"String","Description":"The EwsApplicationAccessPolicy parameter specifies the client applications that have access to EWS and REST.","Name":"EwsApplicationAccessPolicy","Option":"Write","ValueMap":["EnforceAllowList","EnforceBlockList"],"Values":["EnforceAllowList","EnforceBlockList"]},{"CIMType":"String[]","Description":"The EwsBlockList parameter specifies the applications that aren't allowed to access EWS or REST when the EwsApplicationAccessPolicy parameter is set to EnforceBlockList. All other applications that aren't specified by this parameter are allowed to access EWS or REST. You identify the application by its user agent string value. Wildcard characters (*) are supported.","Name":"EwsBlockList","Option":"Write"},{"CIMType":"Boolean","Description":"The EwsEnabled parameter specifies whether to globally enable or disable EWS access for the entire organization, regardless of what application is making the request.","Name":"EwsEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The ExchangeNotificationEnabled parameter enables or disables Exchange notifications sent to administrators regarding their organizations. Valid input for this parameter is $true or $false.","Name":"ExchangeNotificationEnabled","Option":"Write"},{"CIMType":"String[]","Description":"The ExchangeNotificationRecipients parameter specifies the recipients for Exchange notifications sent to administrators regarding their organizations. If the ExchangeNotificationEnabled parameter is set to $false, no notification messages are sent. Be sure to enclose values that contain spaces in quotation marks and separate multiple values with commas. If this parameter isn't set, Exchange notifications are sent to all administrators.","Name":"ExchangeNotificationRecipients","Option":"Write"},{"CIMType":"Boolean","Description":"The FindTimeAttendeeAuthenticationEnabled parameter controls whether attendees are required to verify their identity in meeting polls using the FindTime Outlook add-in.","Name":"FindTimeAttendeeAuthenticationEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The FindTimeAutoScheduleDisabled parameter controls automatically scheduling the meeting once a consensus is reached in meeting polls using the FindTime Outlook add-in.","Name":"FindTimeAutoScheduleDisabled","Option":"Write"},{"CIMType":"Boolean","Description":"The FindTimeLockPollForAttendeesEnabled controls whether the Lock poll for attendees setting is managed by the organization.","Name":"FindTimeLockPollForAttendeesEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The FindTimeOnlineMeetingOptionDisabled parameter controls the availability of the Online meeting checkbox for Teams in meeting polls using the FindTime Outlook add-in.","Name":"FindTimeOnlineMeetingOptionDisabled","Option":"Write"},{"CIMType":"Boolean","Description":"The FocusedInboxOn parameter enables or disables Focused Inbox for the organization.","Name":"FocusedInboxOn","Option":"Write"},{"CIMType":"String","Description":"The HierarchicalAddressBookRoot parameter specifies the user, contact, or group to be used as the root organization for a hierarchical address book in the Exchange organization. You can use any value that uniquely identifies the recipient.","Name":"HierarchicalAddressBookRoot","Option":"Write"},{"CIMType":"String[]","Description":"The IPListBlocked parameter specifies the blocked IP addresses that aren't allowed to connect to Exchange Online organization. These settings affect client connections that use Basic authentication where on-premises Active Directory Federation Services (ADFS) servers federate authentication with Azure Active Directory. Note that the new settings might take up to 4 hours to fully propagate across the service.","Name":"IPListBlocked","Option":"Write"},{"CIMType":"Boolean","Description":"No description available for IsGroupFoldersAndRulesEnabled","Name":"IsGroupFoldersAndRulesEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"No description available for IsGroupMemberAllowedToEditContent","Name":"IsGroupMemberAllowedToEditContent","Option":"Write"},{"CIMType":"Boolean","Description":"The LeanPopoutEnabled parameter specifies whether to enable faster loading of pop-out messages in Outlook on the web for Internet Explorer and Microsoft Edge.","Name":"LeanPopoutEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The LinkPreviewEnabled parameter specifies whether link preview of URLs in email messages is allowed for the organization.","Name":"LinkPreviewEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The MailTipsAllTipsEnabled parameter specifies whether MailTips are enabled. The default value is $true.","Name":"MailTipsAllTipsEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The MailTipsExternalRecipientsTipsEnabled parameter specifies whether MailTips for external recipients are enabled. The default value is $false.","Name":"MailTipsExternalRecipientsTipsEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The MailTipsGroupMetricsEnabled parameter specifies whether MailTips that rely on group metrics data are enabled. The default value is $true.","Name":"MailTipsGroupMetricsEnabled","Option":"Write"},{"CIMType":"UInt32","Description":"The MailTipsLargeAudienceThreshold parameter specifies what a large audience is. The default value is 25.","Name":"MailTipsLargeAudienceThreshold","Option":"Write"},{"CIMType":"Boolean","Description":"The MailTipsMailboxSourcedTipsEnabled parameter specifies whether MailTips that rely on mailbox data (out-of-office or full mailbox) are enabled.","Name":"MailTipsMailboxSourcedTipsEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"No description available for MaskClientIpInReceivedHeadersEnabled.","Name":"MaskClientIpInReceivedHeadersEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"No description available for MatchSenderOrganizerProperties.","Name":"MatchSenderOrganizerProperties","Option":"Write"},{"CIMType":"Boolean","Description":"No description available for MessageHighlightsEnabled.","Name":"MessageHighlightsEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The MessageRecallEnabled parameter enables or disables the message recall feature in the organization.","Name":"MessageRecallEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The MessageRemindersEnabled parameter enables or disables the message reminders feature in the organization.","Name":"MessageRemindersEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The MobileAppEducationEnabled specifies whether to show or hide the Outlook for iOS and Android education reminder in Outlook on the web.","Name":"MobileAppEducationEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The OAuth2ClientProfileEnabled parameter enables or disables modern authentication in the Exchange organization.","Name":"OAuth2ClientProfileEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The OnlineMeetingsByDefaultEnabled parameter specifies whether to set all meetings as Teams by default during meeting creation.","Name":"OnlineMeetingsByDefaultEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The OutlookGifPickerDisabled parameter disables the GIF Search (powered by Bing) feature that's built into the Compose page in Outlook on the web.","Name":"OutlookGifPickerDisabled","Option":"Write"},{"CIMType":"Boolean","Description":"The OutlookMobileGCCRestrictionsEnabled parameter specifies whether to enable or disable features within Outlook for iOS and Android that are not FedRAMP compliant for Office 365 US Government Community Cloud (GCC) customers.","Name":"OutlookMobileGCCRestrictionsEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The OutlookPayEnabled parameter enables or disables Payments in Outlook in the Office 365 organization.","Name":"OutlookPayEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"No description available for OutlookTextPredictionDisabled.","Name":"OutlookTextPredictionDisabled","Option":"Write"},{"CIMType":"Boolean","Description":"The PublicComputersDetectionEnabled parameter specifies whether Outlook on the web will detect when a user signs from a public or private computer or network, and then enforces the attachment handling settings from public networks. The default is $false. However, if you set this parameter to $true, Outlook on the web will determine if the user is signing in from a public computer, and all public attachment handling rules will be applied and enforced.","Name":"PublicComputersDetectionEnabled","Option":"Write"},{"CIMType":"String","Description":"The PublicFoldersEnabled parameter specifies how public folders are deployed in your organization.","Name":"PublicFoldersEnabled","Option":"Write","ValueMap":["None","Local","Remote"],"Values":["None","Local","Remote"]},{"CIMType":"Boolean","Description":"The PublicFolderShowClientControl parameter enables or disables access to public folders in Microsoft Outlook.","Name":"PublicFolderShowClientControl","Option":"Write"},{"CIMType":"Boolean","Description":"The ReadTrackingEnabled parameter specifies whether the tracking for read status for messages in an organization is enabled. The default value is $false.","Name":"ReadTrackingEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"No description available for RecallReadMessagesEnabled.","Name":"RecallReadMessagesEnabled","Option":"Write"},{"CIMType":"String[]","Description":"The RemotePublicFolderMailboxes parameter specifies the identities of the public folder objects (represented as mail user objects locally) corresponding to the public folder mailboxes created in the remote forest. The public folder values set here are used only if the public folder deployment is a remote deployment.","Name":"RemotePublicFolderMailboxes","Option":"Write"},{"CIMType":"Boolean","Description":"The SendFromAliasEnabled parameter allows mailbox users to send messages using aliases (proxy addresses). It does this by disabling the rewriting of aliases to their primary SMTP address. This change is implemented in the Exchange Online service","Name":"SendFromAliasEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"No description available for SharedDomainEmailAddressFlowEnabled.","Name":"SharedDomainEmailAddressFlowEnabled","Option":"Write"},{"CIMType":"String","Description":"The ShortenEventScopeDefault parameter specifies whether calendar events start late or end early in the organization.","Name":"ShortenEventScopeDefault","Option":"Write"},{"CIMType":"String","Description":"The SiteMailboxCreationURL parameter specifies the URL that's used to create site mailboxes. Site mailboxes improve collaboration and user productivity by allowing access to both SharePoint documents and Exchange email in Outlook 2013 or later.","Name":"SiteMailboxCreationURL","Option":"Write"},{"CIMType":"Boolean","Description":"The SmtpActionableMessagesEnabled parameter specifies whether to enable or disable action buttons in email messages in Outlook on the web.","Name":"SmtpActionableMessagesEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The TenantAdminNotificationForDelayedDelicensingEnabled parameter enables or disables weekly admin Service Health advisory notifications that are sent to admins.","Name":"TenantAdminNotificationForDelayedDelicensingEnabled","Option":"Write"},{"CIMType":"String","Description":"The VisibleMeetingUpdateProperties parameter specifies whether meeting message updates will be auto-processed on behalf of attendees. Auto-processed updates are applied to the attendee's calendar item, and then the meeting message is moved to the deleted items. The attendee never sees the update in their inbox, but their calendar is updated.","Name":"VisibleMeetingUpdateProperties","Option":"Write"},{"CIMType":"Boolean","Description":"The WebPushNotificationsDisabled parameter specifies whether to enable or disable Web Push Notifications in Outlook on the Web. This feature provides web push notifications which appear on a user's desktop while the user is not using Outlook on the Web. This brings awareness of incoming messages while they are working elsewhere on their computer.","Name":"WebPushNotificationsDisabled","Option":"Write"},{"CIMType":"Boolean","Description":"The WebSuggestedRepliesDisabled parameter specifies whether to enable or disable Suggested Replies in Outlook on the web. This feature provides suggested replies to emails so users can easily and quickly respond to messages.","Name":"WebSuggestedRepliesDisabled","Option":"Write"},{"CIMType":"Boolean","Description":"The WorkspaceTenantEnabled parameter enables or disables workspace booking in the organization.","Name":"WorkspaceTenantEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"This parameter is available only in the cloud-based service.","Name":"RejectDirectSend","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures the Exchange Online organization-wide settings."},{"ClassName":"MSFT_EXOOrganizationRelationship","Parameters":[{"CIMType":"String","Description":"The Name parameter specifies the unique name of the organization relationship. The maximum length is 64 characters.","Name":"Name","Option":"Key"},{"CIMType":"Boolean","Description":"The ArchiveAccessEnabled parameter specifies whether the organization relationship has been configured to provide remote archive access.","Name":"ArchiveAccessEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The DeliveryReportEnabled parameter specifies whether Delivery Reports should be shared over the organization relationship.","Name":"DeliveryReportEnabled","Option":"Write"},{"CIMType":"String[]","Description":"The DomainNames parameter specifies the SMTP domains of the external organization. You can specify multiple domains separated by commas.","Name":"DomainNames","Option":"Write"},{"CIMType":"Boolean","Description":"The Enabled parameter specifies whether to enable the organization relationship.","Name":"Enabled","Option":"Write"},{"CIMType":"Boolean","Description":"The FreeBusyAccessEnabled parameter specifies whether the organization relationship should be used to retrieve free/busy information from the external organization.","Name":"FreeBusyAccessEnabled","Option":"Write"},{"CIMType":"String","Description":"The FreeBusyAccessLevel parameter specifies the maximum amount of detail returned to the requesting organization. Valid values are: None, AvailabilityOnly or LimitedDetails","Name":"FreeBusyAccessLevel","Option":"Write","ValueMap":["None","AvailabilityOnly","LimitedDetails"],"Values":["None","AvailabilityOnly","LimitedDetails"]},{"CIMType":"String","Description":"The FreeBusyAccessScope parameter specifies a mail-enabled security group in the internal organization that contains users whose free/busy information is accessible by an external organization. You can use any value that uniquely identifies the group.","Name":"FreeBusyAccessScope","Option":"Write"},{"CIMType":"Boolean","Description":"The MailboxMoveEnabled parameter specifies whether the organization relationship enables moving mailboxes to or from the external organization.","Name":"MailboxMoveEnabled","Option":"Write"},{"CIMType":"String","Description":"The MailboxMoveCapability parameter is used in cross-tenant mailbox migrations.","Name":"MailboxMoveCapability","Option":"Write","ValueMap":["Inbound","Outbound","RemoteInbound","RemoteOutbound","None"],"Values":["Inbound","Outbound","RemoteInbound","RemoteOutbound","None"]},{"CIMType":"String[]","Description":"The MailboxMovePublishedScopes parameter is used in cross-tenant mailbox migrations to specify the mail-enabled security groups whose members are allowed to migrate.","Name":"MailboxMovePublishedScopes","Option":"Write"},{"CIMType":"Boolean","Description":"The MailTipsAccessEnabled parameter specifies whether MailTips for users in this organization are returned over this organization relationship.","Name":"MailTipsAccessEnabled","Option":"Write"},{"CIMType":"String","Description":"The MailTipsAccessLevel parameter specifies the level of MailTips data externally shared over this organization relationship. This parameter can have the following values: All, Limited, None","Name":"MailTipsAccessLevel","Option":"Write","ValueMap":["None","All","Limited"],"Values":["None","All","Limited"]},{"CIMType":"String","Description":"The MailTipsAccessScope parameter specifies a mail-enabled security group in the internal organization that contains users whose free/busy information is accessible by an external organization. You can use any value that uniquely identifies the group.","Name":"MailTipsAccessScope","Option":"Write"},{"CIMType":"String","Description":"The OAuthApplicationId is used in cross-tenant mailbox migrations to specify the application ID of the mailbox migration app that you consented to.","Name":"OauthApplicationId","Option":"Write"},{"CIMType":"String","Description":"The OrganizationContact parameter specifies the email address that can be used to contact the external organization (for example, administrator@fourthcoffee.com).","Name":"OrganizationContact","Option":"Write"},{"CIMType":"Boolean","Description":"The PhotosEnabled parameter specifies whether photos for users in the internal organization are returned over the organization relationship.","Name":"PhotosEnabled","Option":"Write"},{"CIMType":"String","Description":"The TargetApplicationUri parameter specifies the target Uniform Resource Identifier (URI) of the external organization. The TargetApplicationUri parameter is specified by Exchange when requesting a delegated token to retrieve free and busy information, for example, mail.contoso.com.","Name":"TargetApplicationUri","Option":"Write"},{"CIMType":"String","Description":"The TargetAutodiscoverEpr parameter specifies the Autodiscover URL of Exchange Web Services for the external organization. Exchange uses Autodiscover to automatically detect the correct Exchangeserver endpoint to use for external requests.","Name":"TargetAutodiscoverEpr","Option":"Write"},{"CIMType":"String","Description":"The TargetOwaURL parameter specifies the Outlook on the web (formerly Outlook Web App) URL of the external organization that's defined in the organization relationship. It is used for Outlook on the web redirection in a cross-premise Exchange scenario. Configuring this attribute enables users in the organization to use their current Outlook on the web URL to access Outlook on the web in the external organization.","Name":"TargetOwaURL","Option":"Write"},{"CIMType":"String","Description":"The TargetSharingEpr parameter specifies the URL of the target Exchange Web Services for the external organization.","Name":"TargetSharingEpr","Option":"Write"},{"CIMType":"String","Description":"Specify if the OrganizationRelationship should exist or not.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures the Organization Relationship in Exchange Online."},{"ClassName":"MSFT_EXOOutboundConnector","Parameters":[{"CIMType":"String","Description":"The Identity parameter specifies the outbound connector that you want to modify.","Name":"Identity","Option":"Key"},{"CIMType":"Boolean","Description":"Specifies whether connector is enabled.","Name":"Enabled","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies whether connector should use MXRecords for target resolution.","Name":"UseMXRecord","Option":"Write"},{"CIMType":"String","Description":"The Comment parameter specifies an optional comment.","Name":"Comment","Option":"Write"},{"CIMType":"String","Description":"The ConnectorSource parameter specifies how the connector is created. DO NOT CHANGE THIS!","Name":"ConnectorSource","Option":"Write","ValueMap":["Default","Migrated","HybridWizard"],"Values":["Default","Migrated","HybridWizard"]},{"CIMType":"String","Description":"The ConnectorType parameter specifies a category for the domains that are serviced by the connector.","Name":"ConnectorType","Option":"Write","ValueMap":["Partner","OnPremises"],"Values":["Partner","OnPremises"]},{"CIMType":"String[]","Description":"The RecipientDomains parameter specifies the domain that the Outbound connector routes mail to. You can specify multiple domains separated by commas.","Name":"RecipientDomains","Option":"Write"},{"CIMType":"String[]","Description":"The SmartHosts parameter specifies the smart hosts the Outbound connector uses to route mail. This parameter is required if you set the UseMxRecord parameter to $false and must be specified on the same command line.","Name":"SmartHosts","Option":"Write"},{"CIMType":"String","Description":"The TlsDomain parameter specifies the domain name that the Outbound connector uses to verify the FQDN of the target certificate when establishing a TLS secured connection. This parameter is only used if the TlsSettings parameter is set to DomainValidation. Valid input for the TlsDomain parameter is an SMTP domain. You can use a wildcard character to specify all subdomains of a specified domain, as shown in the following example: *.contoso.com. However, you can't embed a wildcard character, as shown in the following example: domain.*.contoso.com","Name":"TlsDomain","Option":"Write"},{"CIMType":"String","Description":"The TlsSettings parameter specifies the TLS authentication level that's used for outbound TLS connections established by this Outbound connector.","Name":"TlsSettings","Option":"Write","ValueMap":["EncryptionOnly","CertificateValidation","DomainValidation"],"Values":["EncryptionOnly","CertificateValidation","DomainValidation"]},{"CIMType":"Boolean","Description":"The IsTransportRuleScoped parameter specifies whether the Outbound connector is associated with a transport rule (also known as a mail flow rule).","Name":"IsTransportRuleScoped","Option":"Write"},{"CIMType":"Boolean","Description":"The RouteAllMessagesViaOnPremises parameter specifies that all messages serviced by this connector are first routed through the on-premises messaging system (Centralized mailrouting).","Name":"RouteAllMessagesViaOnPremises","Option":"Write"},{"CIMType":"Boolean","Description":"The CloudServicesMailEnabled parameter specifies whether the connector is used for hybrid mail flow between an on-premises Exchange environment and Microsoft Office 365. Specifically, this parameter controls how certain internal X-MS-Exchange-Organization-* message headers are handled in messages that are sent between accepted domains in the on-premises and cloud organizations. These headers are collectively known as cross-premises headers. DO NOT USE MANUALLY!","Name":"CloudServicesMailEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The AllAcceptedDomains parameter specifies whether the Outbound connector is used in hybrid organizations where message recipients are in accepted domains of the cloud-based organization.","Name":"AllAcceptedDomains","Option":"Write"},{"CIMType":"Boolean","Description":"The SenderRewritingEnabled parameter specifies that all messages that normally qualify for SRS rewriting are rewritten for routing through the on-premises email system.","Name":"SenderRewritingEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The TestMode parameter specifies whether you want to enabled or disable test mode for the Outbound connector.","Name":"TestMode","Option":"Write"},{"CIMType":"String[]","Description":"The ValidationRecipients parameter specifies the email addresses of the validation recipients for the Outbound connector. You can specify multiple email addresses separated by commas.","Name":"ValidationRecipients","Option":"Write"},{"CIMType":"String","Description":"Specifies if this Outbound connector should exist.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Create a new Inbound connector in your cloud-based organization."},{"ClassName":"MSFT_EXOOwaMailboxPolicy","Parameters":[{"CIMType":"String","Description":"The Name parameter specifies the unique name for the policy. The maximum length is 64 characters.","Name":"Name","Option":"Key"},{"CIMType":"Boolean","Description":"The AccountTransferEnabled parameter specifies whether to enable or disable QR code sign-in. By default, QR code sign-in is enabled.","Name":"AccountTransferEnabled","Option":"Write"},{"CIMType":"String","Description":"The ActionForUnknownFileAndMIMETypes parameter specifies how to handle file types that aren't specified in the Allow, Block, and Force Save lists for file types and MIME types","Name":"ActionForUnknownFileAndMIMETypes","Option":"Write","ValueMap":["Allow","ForceSave","Block"],"Values":["Allow","ForceSave","Block"]},{"CIMType":"Boolean","Description":"The ActiveSyncIntegrationEnabled parameter specifies whether to enable or disable Exchange ActiveSync settings in Outlook on the web. ","Name":"ActiveSyncIntegrationEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"No description available.","Name":"AdditionalAccountsEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The AdditionalStorageProvidersAvailable parameter specifies whether to allow additional storage providers (for example, Box, Dropbox, Facebook, Google Drive, Egnyte, personal OneDrive) attachments in Outlook on the web.","Name":"AdditionalStorageProvidersAvailable","Option":"Write"},{"CIMType":"Boolean","Description":"The AllAddressListsEnabled parameter specifies which address lists are available in Outlook on the web.","Name":"AllAddressListsEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The AllowCopyContactsToDeviceAddressBook parameter specifies whether users can copy the contents of their Contacts folder to a mobile device's native address book when using Outlook on the web for devices.","Name":"AllowCopyContactsToDeviceAddressBook","Option":"Write"},{"CIMType":"String[]","Description":"The AllowedFileTypes parameter specifies the attachment file types (file extensions) that can be saved locally or viewed from Outlook on the web.","Name":"AllowedFileTypes","Option":"Write"},{"CIMType":"String[]","Description":"The AllowedMimeTypes parameter specifies the MIME extensions of attachments that allow the attachments to be saved locally or viewed from Outlook on the web.","Name":"AllowedMimeTypes","Option":"Write"},{"CIMType":"String[]","Description":"The BlockedFileTypes parameter specifies a list of attachment file types (file extensions) that can't be saved locally or viewed from Outlook on the web.","Name":"BlockedFileTypes","Option":"Write"},{"CIMType":"String[]","Description":"The BlockedMimeTypes parameter specifies MIME extensions in attachments that prevent the attachments from being saved locally or viewed from Outlook on the web.","Name":"BlockedMimeTypes","Option":"Write"},{"CIMType":"Boolean","Description":"No description available.","Name":"BookingsMailboxCreationEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"No description available.","Name":"ChangeSettingsAccountEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The ClassicAttachmentsEnabled parameter specifies whether users can attach local files as regular email attachments in Outlook on the web.","Name":"ClassicAttachmentsEnabled","Option":"Write"},{"CIMType":"String","Description":"The ConditionalAccessPolicy parameter specifies the Outlook on the Web Policy for limited access. For this feature to work properly, you also need to configure a Conditional Access policy in the Azure Active Directory Portal.","Name":"ConditionalAccessPolicy","Option":"Write","ValueMap":["Off","ReadOnly","ReadOnlyPlusAttachmentsBlocked"],"Values":["Off","ReadOnly","ReadOnlyPlusAttachmentsBlocked"]},{"CIMType":"String","Description":"The DefaultTheme parameter specifies the default theme that's used in Outlook on the web when the user hasn't selected a theme. The default value is blank ($null).","Name":"DefaultTheme","Option":"Write"},{"CIMType":"Boolean","Description":"The DirectFileAccessOnPrivateComputersEnabled parameter specifies the left-click options for attachments in Outlook on the web for private computer sessions. ","Name":"DirectFileAccessOnPrivateComputersEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The DirectFileAccessOnPrivateComputersEnabled parameter specifies the left-click options for attachments in Outlook on the web for public computer sessions.","Name":"DirectFileAccessOnPublicComputersEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The DisableFacebook switch specifies whether users can synchronize their Facebook contacts to their Contacts folder in Outlook on the web. By default, Facebook integration is enabled.","Name":"DisableFacebook","Option":"Write"},{"CIMType":"Boolean","Description":"The DisplayPhotosEnabled parameter specifies whether users see sender photos in Outlook on the web.","Name":"DisplayPhotosEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The ExplicitLogonEnabled parameter specifies whether to allow a user to open someone else's mailbox in Outlook on the web (provided that user has permissions to the mailbox).","Name":"ExplicitLogonEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The ExternalImageProxyEnabled parameter specifies whether to load all external images through the Outlook external image proxy.","Name":"ExternalImageProxyEnabled","Option":"Write"},{"CIMType":"String","Description":"The ExternalSPMySiteHostURL specifies the My Site Host URL for external users.","Name":"ExternalSPMySiteHostURL","Option":"Write"},{"CIMType":"Boolean","Description":"The FeedbackEnabled parameter specifies whether to enable or disable inline feedback surveys in Outlook on the web.","Name":"FeedbackEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The ForceSaveAttachmentFilteringEnabled parameter specifies whether files are filtered before they can be saved from Outlook on the web.","Name":"ForceSaveAttachmentFilteringEnabled","Option":"Write"},{"CIMType":"String[]","Description":"The ForceSaveFileTypes parameter specifies the attachment file types (file extensions) that can only be saved from Outlook on the web (not opened).","Name":"ForceSaveFileTypes","Option":"Write"},{"CIMType":"String[]","Description":"The ForceSaveMimeTypes parameter specifies the MIME extensions in attachments that only allow the attachments to be saved locally (not opened).","Name":"ForceSaveMimeTypes","Option":"Write"},{"CIMType":"Boolean","Description":"The ForceWacViewingFirstOnPrivateComputers parameter specifies whether private computers must first preview an Office file as a web page in Office Online Server (formerly known as Office Web Apps Server and Web Access Companion Server) before opening the file in the local application.","Name":"ForceWacViewingFirstOnPrivateComputers","Option":"Write"},{"CIMType":"Boolean","Description":"The ForceWacViewingFirstOnPublicComputers parameter specifies whether public computers must first preview an Office file as a web page in Office Online Server before opening the file in the local application.","Name":"ForceWacViewingFirstOnPublicComputers","Option":"Write"},{"CIMType":"Boolean","Description":"The FreCardsEnabled parameter specifies whether the theme, signature, and phone cards are available in Outlook on the web.","Name":"FreCardsEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The GlobalAddressListEnabled parameter specifies whether the global address list is available in Outlook on the web.","Name":"GlobalAddressListEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The GroupCreationEnabled parameter specifies whether Office 365 group creation is available in Outlook on the web.","Name":"GroupCreationEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The InstantMessagingEnabled parameter specifies whether instant messaging is available in Outlook on the web.","Name":"InstantMessagingEnabled","Option":"Write"},{"CIMType":"String","Description":"The InstantMessagingType parameter specifies the type of instant messaging provider in Outlook on the web.","Name":"InstantMessagingType","Option":"Write","ValueMap":["None","Ocs"],"Values":["None","Ocs"]},{"CIMType":"Boolean","Description":"The InterestingCalendarsEnabled parameter specifies whether interesting calendars are available in Outlook on the web.","Name":"InterestingCalendarsEnabled","Option":"Write"},{"CIMType":"String","Description":"The InternalSPMySiteHostURL specifies the My Site Host URL for internal users.","Name":"InternalSPMySiteHostURL","Option":"Write"},{"CIMType":"Boolean","Description":"The IRMEnabled parameter specifies whether Information Rights Management (IRM) features are available in Outlook on the web.","Name":"IRMEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"No description available.","Name":"ItemsToOtherAccountsEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The IsDefault switch specifies whether the Outlook on the web policy is the default policy that's used to configure the Outlook on the web settings for new mailboxes.","Name":"IsDefault","Option":"Write"},{"CIMType":"Boolean","Description":"The JournalEnabled parameter specifies whether the Journal folder is available in Outlook on the web.","Name":"JournalEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The LocalEventsEnabled parameter specifies whether local events calendars are available in Outlook on the web.","Name":"LocalEventsEnabled","Option":"Write"},{"CIMType":"SInt32","Description":"The LogonAndErrorLanguage parameter specifies the language that used in Outlook on the web for forms-based authentication and for error messages when a user's current language setting can't be read. A valid value is a supported Microsoft Windows Language Code Identifier (LCID). For example, 1033 is US English.","Name":"LogonAndErrorLanguage","Option":"Write"},{"CIMType":"Boolean","Description":"No description available.","Name":"MessagePreviewsDisabled","Option":"Write"},{"CIMType":"Boolean","Description":"The NotesEnabled parameter specifies whether the Notes folder is available in Outlook on the web.","Name":"NotesEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The NpsSurveysEnabled parameter specifies whether to enable or disable the Net Promoter Score (NPS) survey in Outlook on the web. The survey allows uses to rate Outlook on the web on a scale of 1 to 5, and to provide feedback and suggested improvements in free text.","Name":"NpsSurveysEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The OneWinNativeOutlookEnabled parameter controls the availability of the new Outlook for Windows App.","Name":"OneWinNativeOutlookEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"When the OrganizationEnabled parameter is set to $false, the Automatic Reply option doesn't include external and internal options, the address book doesn't show the organization hierarchy, and the Resources tab in Calendar forms is disabled.","Name":"OrganizationEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The OnSendAddinsEnabled parameter specifies whether to enable or disable on send add-ins in Outlook on the web (add-ins that support events when a user clicks Send).","Name":"OnSendAddinsEnabled","Option":"Write"},{"CIMType":"String","Description":"The OutboundCharset parameter specifies the character set that's used for outgoing messages in Outlook on the web.","Name":"OutboundCharset","Option":"Write","ValueMap":["AutoDetect","AlwaysUTF8","UserLanguageChoice"],"Values":["AutoDetect","AlwaysUTF8","UserLanguageChoice"]},{"CIMType":"Boolean","Description":"The OutlookBetaToggleEnabled parameter specifies whether to enable or disable the Outlook on the web Preview toggle. The Preview toggle allows users to try the new Outlook on the web experience.","Name":"OutlookBetaToggleEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The OWALightEnabled parameter controls the availability of the light version of Outlook on the web.","Name":"OWALightEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"No description available.","Name":"PersonalAccountsEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The PersonalAccountCalendarsEnabled parameter specifies whether to allow users to connect to their personal Outlook.com or Google Calendar in Outlook on the web.","Name":"PersonalAccountCalendarsEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The PhoneticSupportEnabled parameter specifies phonetically spelled entries in the address book. This parameter is available for use in Japan.","Name":"PhoneticSupportEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The PlacesEnabled parameter specifies whether to enable or disable Places in Outlook on the web. Places lets users search, share, and map location details by using Bing.","Name":"PlacesEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The PremiumClientEnabled parameter controls the availability of the full version of Outlook Web App.","Name":"PremiumClientEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The PrintWithoutDownloadEnabled specifies whether to allow printing of supported files without downloading the attachment in Outlook on the web.","Name":"PrintWithoutDownloadEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The ProjectMocaEnabled parameter enables or disables access to Project Moca in Outlook on the web.","Name":"ProjectMocaEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The PublicFoldersEnabled parameter specifies whether a user can browse or read items in public folders in Outlook Web App.","Name":"PublicFoldersEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The RecoverDeletedItemsEnabled parameter specifies whether a user can use Outlook Web App to view, recover, or delete permanently items that have been deleted from the Deleted Items folder.","Name":"RecoverDeletedItemsEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The ReferenceAttachmentsEnabled parameter specifies whether users can attach files from the cloud as linked attachments in Outlook on the web.","Name":"ReferenceAttachmentsEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The RemindersAndNotificationsEnabled parameter specifies whether notifications and reminders are enabled in Outlook on the web.","Name":"RemindersAndNotificationsEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The ReportJunkEmailEnabled parameter specifies whether users can report messages to Microsoft or unsubscribe from messages in Outlook on the web. ","Name":"ReportJunkEmailEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The RulesEnabled parameter specifies whether a user can view, create, or modify server-side rules in Outlook on the web.","Name":"RulesEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The SatisfactionEnabled parameter specifies whether to enable or disable the satisfaction survey.","Name":"SatisfactionEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The SaveAttachmentsToCloudEnabled parameter specifies whether users can save regular email attachments to the cloud.","Name":"SaveAttachmentsToCloudEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The SearchFoldersEnabled parameter specifies whether Search Folders are available in Outlook on the web.","Name":"SearchFoldersEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The SetPhotoEnabled parameter specifies whether users can add, change, and remove their sender photo in Outlook on the web.","Name":"SetPhotoEnabled","Option":"Write"},{"CIMType":"String","Description":"The SetPhotoURL parameter controls where users go to select their photo. Note that you can't specify a URL that contains one or more picture files, as there is no mechanism to copy a URL photo to the properties of the users' Exchange Online mailboxes.","Name":"SetPhotoURL","Option":"Write"},{"CIMType":"Boolean","Description":"No description available.","Name":"ShowOnlineArchiveEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The SignaturesEnabled parameter specifies whether to enable or disable the use of signatures in Outlook on the web.","Name":"SignaturesEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The SkipCreateUnifiedGroupCustomSharepointClassification parameter specifies whether to skip a custom SharePoint page during the creation of Office 365 Groups in Outlook web app.","Name":"SkipCreateUnifiedGroupCustomSharepointClassification","Option":"Write"},{"CIMType":"Boolean","Description":"The TeamSnapCalendarsEnabled parameter specifies whether to allow users to connect to their personal TeamSnap calendars in Outlook on the web.","Name":"TeamSnapCalendarsEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The TextMessagingEnabled parameter specifies whether users can send and receive text messages in Outlook on the web.","Name":"TextMessagingEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The ThemeSelectionEnabled parameter specifies whether users can change the theme in Outlook on the web.","Name":"ThemeSelectionEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The UMIntegrationEnabled parameter specifies whether Unified Messaging (UM) integration is enabled in Outlook on the web.","Name":"UMIntegrationEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The UseGB18030 parameter specifies whether to use the GB18030 character set instead of GB2312 in Outlook on the web.","Name":"UseGB18030","Option":"Write"},{"CIMType":"Boolean","Description":"The UseISO885915 parameter specifies whether to use the character set ISO8859-15 instead of ISO8859-1 in Outlook on the web.","Name":"UseISO885915","Option":"Write"},{"CIMType":"Boolean","Description":"The UserVoiceEnabled parameter specifies whether to enable or disable Outlook UserVoice in Outlook on the web. Outlook UserVoice is a customer feedback area that's available in Office 365.","Name":"UserVoiceEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The WacEditingEnabled parameter specifies whether to enable or disable editing documents in Outlook on the web by using Office Online Server (formerly known as Office Web Apps Server and Web Access Companion Server). ","Name":"WacEditingEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The WacExternalServicesEnabled parameter specifies whether to enable or disable external services when viewing documents in Outlook on the web (for example, machine translation) by using Office Online Server.","Name":"WacExternalServicesEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The WacOMEXEnabled parameter specifies whether to enable or disable apps for Outlook in Outlook on the web in Office Online Server.","Name":"WacOMEXEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The WacViewingOnPrivateComputersEnabled parameter specifies whether to enable or disable web viewing of supported Office documents private computer sessions in Office Online Server (formerly known as Office Web Apps Server and Web Access Companion Server). By default, all Outlook on the web sessions are considered to be on private computers.","Name":"WacViewingOnPrivateComputersEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The WacViewingOnPublicComputersEnabled parameter specifies whether to enable or disable web viewing of supported Office documents in public computer sessions in Office Online Server. ","Name":"WacViewingOnPublicComputersEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The WeatherEnabled parameter specifies whether to enable or disable weather information in the calendar in Outlook on the web.","Name":"WeatherEnabled","Option":"Write"},{"CIMType":"String","Description":"The WebPartsFrameOptionsType parameter specifies what sources can access web parts in IFRAME or FRAME elements in Outlook on the web.","Name":"WebPartsFrameOptionsType","Option":"Write","ValueMap":["None","SameOrigin","Deny"],"Values":["None","SameOrigin","Deny"]},{"CIMType":"String","Description":"Specify if the OWA Mailbox Policy should exist or not.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures OWA Mailbox Policies in Exchange Online."},{"ClassName":"MSFT_EXOPartnerApplication","Parameters":[{"CIMType":"String","Description":"The Name parameter specifies a new name for the partner application.","Name":"Name","Option":"Key"},{"CIMType":"String","Description":"The ApplicationIdentifier parameter specifies a unique application identifier for the partner application that uses an authorization server.","Name":"ApplicationIdentifier","Option":"Write"},{"CIMType":"Boolean","Description":"The AcceptSecurityIdentifierInformation parameter specifies whether Exchange should accept security identifiers (SIDs) from another trusted Active Directory forest for the partner application.","Name":"AcceptSecurityIdentifierInformation","Option":"Write"},{"CIMType":"String","Description":"The AccountType parameter specifies the type of Microsoft account that's required for the partner application.","Name":"AccountType","Option":"Write","ValueMap":["OrganizationalAccount","ConsumerAccount"],"Values":["OrganizationalAccount","ConsumerAccount"]},{"CIMType":"Boolean","Description":"The Enabled parameter specifies whether the partner application is enabled.","Name":"Enabled","Option":"Write"},{"CIMType":"String","Description":"The LinkedAccount parameter specifies a linked Active Directory user account for the application.","Name":"LinkedAccount","Option":"Write"},{"CIMType":"String","Description":"Specify if the Partner Application should exist or not.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures Partner Applications in Exchange Online."},{"ClassName":"MSFT_EXOPerimeterConfiguration","Parameters":[{"CIMType":"String","Description":"Only valid value is 'Yes'.","Name":"IsSingleInstance","Option":"Key","ValueMap":["Yes"],"Values":["Yes"]},{"CIMType":"String[]","Description":"Use the GatewayIPAddresses parameter to create or modify a list of gateway server IP addresses to add to IP safelists.","Name":"GatewayIPAddresses","Option":"Write"},{"CIMType":"String","Description":"Specifies if this Outbound connector should exist.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Modify the perimeter Configuration policy in your cloud-based organization."},{"ClassName":"MSFT_EXOPhishSimOverrideRule","Parameters":[{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"},{"CIMType":"String","Description":"The unique identifier (GUID or name) of the override rule. This parameter is mandatory.","Name":"Identity","Option":"Key"},{"CIMType":"String[]","Description":"The domains for the override rule.","Name":"Domains","Option":"Write"},{"CIMType":"String[]","Description":"The IP ranges for the override rule.","Name":"SenderIpRanges","Option":"Write"},{"CIMType":"String","Description":"An optional comment for the override rule.","Name":"Comment","Option":"Write"},{"CIMType":"String","Description":"The phishing simulation override policy that's associated with the rule.","Name":"Policy","Option":"Write"},{"CIMType":"String","Description":"Ensures the presence or absence of the configuration.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]}],"Description":"This resource allows users to manage resource to modify third-party phishing\nsimulation override rules to bypass Exchange Online Protection filtering."},{"ClassName":"MSFT_EXOPlace","Parameters":[{"CIMType":"String","Description":"The Identity parameter specifies the room mailbox that you want to modify. You can use any value that uniquely identifies the room.","Name":"Identity","Option":"Key"},{"CIMType":"String","Description":"The display name of the place.","Name":"DisplayName","Option":"Write"},{"CIMType":"String","Description":"The AudioDeviceName parameter specifies the name of the audio device in the room. If the value contains spaces, enclose the value in quotation marks.","Name":"AudioDeviceName","Option":"Write"},{"CIMType":"String","Description":"The Building parameter specifies the building name or building number that the room is in. If the value contains spaces, enclose the value in quotation marks.","Name":"Building","Option":"Write"},{"CIMType":"UInt32","Description":"The Capacity parameter specifies the capacity of the room. A valid value is an integer.","Name":"Capacity","Option":"Write"},{"CIMType":"String","Description":"The City parameter specifies the room's city. If the value contains spaces, enclose the value in quotation marks.","Name":"City","Option":"Write"},{"CIMType":"String","Description":"The CountryOrRegion parameter specifies the room's country or region. A valid value is a valid ISO 3166-1 two-letter country code (for example, AU for Australia) or the corresponding friendly name for the country (which might be different from the official ISO 3166 Maintenance Agency short name).","Name":"CountryOrRegion","Option":"Write"},{"CIMType":"String[]","Description":"N/A","Name":"Desks","Option":"Write"},{"CIMType":"String","Description":"The DisplayDeviceName parameter specifies the name of the display device in the room. If the value contains spaces, enclose the value in quotation marks.","Name":"DisplayDeviceName","Option":"Write"},{"CIMType":"String","Description":"The Floor parameter specifies the floor number that the room is on.","Name":"Floor","Option":"Write"},{"CIMType":"String","Description":"The FloorLabel parameter specifies a descriptive label for the floor that the room is on. If the value contains spaces, enclose the value in quotation marks.","Name":"FloorLabel","Option":"Write"},{"CIMType":"String","Description":"The GeoCoordinates parameter specifies the room's location in latitude, longitude and (optionally) altitude coordinates.","Name":"GeoCoordinates","Option":"Write"},{"CIMType":"Boolean","Description":"The IsWheelChairAccessible parameter specifies whether the room is wheelchair accessible.","Name":"IsWheelChairAccessible","Option":"Write"},{"CIMType":"String","Description":"The Label parameter specifies a descriptive label for the room (for example, a number or name). If the value contains spaces, enclose the value in quotation marks.","Name":"Label","Option":"Write"},{"CIMType":"Boolean","Description":"The MTREnabled parameter identifies the room as configured with a Microsoft Teams room system. You can add Teams room systems as audio sources in Teams meetings that involve the room.","Name":"MTREnabled","Option":"Write"},{"CIMType":"String","Description":"The ParentId parameter specifies the ID of a Place in the parent location hierarchy in Microsoft Places.","Name":"ParentId","Option":"Write"},{"CIMType":"String","Description":"The ParentType parameter specifies the parent type of the ParentId in Microsoft Places. Valid values are: Floor, Section","Name":"ParentType","Option":"Write","ValueMap":["Floor","Section","None"],"Values":["Floor","Section","None"]},{"CIMType":"String","Description":"The Phone parameter specifies the room's telephone number.","Name":"Phone","Option":"Write"},{"CIMType":"String","Description":"The PostalCode parameter specifies the room's postal code.","Name":"PostalCode","Option":"Write"},{"CIMType":"String","Description":"The State parameter specifies the room's state or province.","Name":"State","Option":"Write"},{"CIMType":"String","Description":"The Street parameter specifies the room's physical address.","Name":"Street","Option":"Write"},{"CIMType":"String[]","Description":"The Tags parameter specifies additional features of the room (for example, details like the type of view or furniture type).","Name":"Tags","Option":"Write"},{"CIMType":"String","Description":"The VideoDeviceName parameter specifies the name of the video device in the room. If the value contains spaces, enclose the value in quotation marks.","Name":"VideoDeviceName","Option":"Write"},{"CIMType":"String","Description":"Specifies if this Outbound connector should exist.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures a place in Exchange Online (e.g., room)."},{"ClassName":"MSFT_EXOPolicyTipConfig","Parameters":[{"CIMType":"String","Description":"The Name parameter specifies the custom Policy Tip you want to modify.","Name":"Name","Option":"Key"},{"CIMType":"String","Description":"The Value parameter specifies the text that's displayed by the Policy Tip.","Name":"Value","Option":"Write"},{"CIMType":"String","Description":"Specify if the Policy Tip Config should exist or not.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures Policy Tips in Exchange Online."},{"ClassName":"MSFT_EXOQuarantinePolicy","Parameters":[{"CIMType":"String","Description":"The Identity parameter specifies the QuarantinePolicy you want to modify.","Name":"Identity","Option":"Key"},{"CIMType":"UInt32","Description":"The EndUserQuarantinePermissionsValue parameter specifies the end-user permissions for the quarantine policy.","Name":"EndUserQuarantinePermissionsValue","Option":"Write"},{"CIMType":"Boolean","Description":"The ESNEnabled parameter specifies whether to enable quarantine notifications (formerly known as end-user spam notifications) for the policy.","Name":"ESNEnabled","Option":"Write"},{"CIMType":"String[]","Description":"The MultiLanguageCustomDisclaimer parameter specifies the custom disclaimer text to use near the bottom of quarantine notifications.","Name":"MultiLanguageCustomDisclaimer","Option":"Write"},{"CIMType":"String[]","Description":"The MultiLanguageSenderName parameter specifies the email sender's display name to use in quarantine notifications.","Name":"MultiLanguageSenderName","Option":"Write"},{"CIMType":"String[]","Description":"The MultiLanguageSetting parameter specifies the language of quarantine notifications.","Name":"MultiLanguageSetting","Option":"Write"},{"CIMType":"Boolean","Description":"The OrganizationBrandingEnabled parameter enables or disables organization branding in the end-user quarantine notification messages.","Name":"OrganizationBrandingEnabled","Option":"Write"},{"CIMType":"String","Description":"Specifies if this QuarantinePolicy should exist.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String","Description":"The EndUserSpamNotificationFrequency parameter species how often quarantine notifications are sent to users. Valid values are: 04:00:00 (4 hours),1.00:00:00 (1 day),7.00:00:00 (7 days)","Name":"EndUserSpamNotificationFrequency","Option":"Write"},{"CIMType":"String","Description":"The QuarantinePolicyType parameter filters the results by the specified quarantine policy type. Valid values are: QuarantinePolicy, GlobalQuarantinePolicy","Name":"QuarantinePolicyType","Option":"Write"},{"CIMType":"String","Description":"This parameter is reserved for internal Microsoft use.","Name":"EndUserSpamNotificationFrequencyInDays","Option":"Write"},{"CIMType":"String","Description":"This parameter is reserved for internal Microsoft use.","Name":"CustomDisclaimer","Option":"Write"},{"CIMType":"String","Description":"The EndUserSpamNotificationCustomFromAddress specifies the email address of an existing internal sender to use as the sender for quarantine notifications. To set this parameter back to the default email address quarantine@messaging.microsoft.com, use the value $null.","Name":"EndUserSpamNotificationCustomFromAddress","Option":"Write"},{"CIMType":"String[]","Description":"The EsnCustomSubject parameter specifies the text to use in the Subject field of quarantine notifications.This setting is available only in the built-in quarantine policy named DefaultGlobalTag that controls global quarantine policy settings.","Name":"EsnCustomSubject","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Create or modify a EXOQuarantinePolicy in your cloud-based organization."},{"ClassName":"MSFT_EXORecipientPermission","Parameters":[{"CIMType":"String","Description":"The mailbox the permission should be given on.","Name":"Identity","Option":"Key"},{"CIMType":"String","Description":"The account to give the permission to.","Name":"Trustee","Option":"Key"},{"CIMType":"String[]","Description":"The access rights granted to the account. Only 'SendAs' is supported.","Name":"AccessRights","Option":"Write"},{"CIMType":"string","Description":"Present ensures the group exists, absent ensures it is removed","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource allows users to retrieve Office 365 Recipient Permissions."},{"ClassName":"MSFT_EXORemoteDomain","Parameters":[{"CIMType":"String","Description":"Specify the Identity for the RemoteDomain.","Name":"Identity","Option":"Key"},{"CIMType":"String","Description":"The DomainName parameter specifies the SMTP domain that you want to establish as a remote domain. A valid value is an SMTP domain (for example, contoso.com). The maximum length is 256 characters.","Name":"DomainName","Option":"Write"},{"CIMType":"String","Description":"Specify if the RemoteDomain should exist or not.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"String","Description":"The AllowedOOFType parameter specifies the type of automatic replies or out-of-office (also known as OOF) notifications than can be sent to recipients in the remote domain. Valid values are: External, ExternalLegacy, InternalLegacy or None","Name":"AllowedOOFType","Option":"Write","ValueMap":["External","ExternalLegacy","InternalLegacy","None"],"Values":["External","ExternalLegacy","InternalLegacy","None"]},{"CIMType":"Boolean","Description":"The AutoForwardEnabled parameter specifies whether to allow messages that are auto-forwarded by client email programs in your organization.","Name":"AutoForwardEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The AutoReplyEnabled parameter specifies whether to allow messages that are automatic replies from client email programs in your organization (for example, automatic reply messages that are generated by rules in Outlook).","Name":"AutoReplyEnabled","Option":"Write"},{"CIMType":"String","Description":"The ByteEncoderTypeFor7BitCharsets parameter specifies the 7-bit transfer encoding method for MIME format for messages sent to this remote domain.","Name":"ByteEncoderTypeFor7BitCharsets","Option":"Write","ValueMap":["Use7Bit","UseQP","UseBase64","UseQPHtmlDetectTextPlain","UseBase64HtmlDetectTextPlain","UseQPHtml7BitTextPlain","UseBase64Html7BitTextPlain","Undefined"],"Values":["Use7Bit","UseQP","UseBase64","UseQPHtmlDetectTextPlain","UseBase64HtmlDetectTextPlain","UseQPHtml7BitTextPlain","UseBase64Html7BitTextPlain","Undefined"]},{"CIMType":"String","Description":"The CharacterSet parameter specifies a character set for MIME messages without defined character sets that are sent from your organization to recipients in the remote domain.","Name":"CharacterSet","Option":"Write"},{"CIMType":"String","Description":"The ContentType parameter specifies the outbound message content type and formatting.","Name":"ContentType","Option":"Write","ValueMap":["MimeHtmlText","MimeText","MimeHtml"],"Values":["MimeHtmlText","MimeText","MimeHtml"]},{"CIMType":"Boolean","Description":"The DeliveryReportEnabled parameter specifies whether to allow delivery reports from client software in your organization to recipients in the remote domain.","Name":"DeliveryReportEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The DisplaySenderName parameter specifies whether to show the sender's Display Name in the From email address for messages sent to recipients in the remote domain.","Name":"DisplaySenderName","Option":"Write"},{"CIMType":"Boolean","Description":"The IsInternal parameter specifies whether the recipients in the remote domain are considered to be internal recipients.","Name":"IsInternal","Option":"Write"},{"CIMType":"string","Description":"The LineWrapSize parameter specifies the line-wrap size for messages to recipients in the remote domain. Valid values are an integer from 0 through 132 or the value to unlimited. The default value is unlimited.","Name":"LineWrapSize","Option":"Write"},{"CIMType":"Boolean","Description":"The MeetingForwardNotificationEnabled parameter specifies whether to enable meeting forward notifications for recipients in the remote domain.","Name":"MeetingForwardNotificationEnabled","Option":"Write"},{"CIMType":"String","Description":"The Name parameter specifies a unique name for the remote domain object. The maximum length is 64 characters. If the value contains spaces, enclose the value in quotation marks.","Name":"Name","Option":"Write"},{"CIMType":"Boolean","Description":"The NDREnabled parameter specifies whether to allow non-delivery reports (also known NDRs or bounce messages) from your organization to recipients in the remote domain.","Name":"NDREnabled","Option":"Write"},{"CIMType":"String","Description":"The NonMimeCharacterSet parameter specifies a character set for plain text messages without defined character sets that are sent from your organization to recipients in the remote domain.","Name":"NonMimeCharacterSet","Option":"Write"},{"CIMType":"String","Description":"The PreferredInternetCodePageForShiftJis parameter specifies the specific code page to use for Shift JIS character encoding in messages that are sent to recipients in the remote domain.","Name":"PreferredInternetCodePageForShiftJis","Option":"Write","ValueMap":["50220","50221","50222","Undefined"],"Values":["50220","50221","50222","Undefined"]},{"CIMType":"sint32","Description":"The RequiredCharsetCoverage parameter specifies a percentage threshold for characters in a message that must match to apply your organization's preferred character set before switching to automatic character set detection.","Name":"RequiredCharsetCoverage","Option":"Write"},{"CIMType":"Boolean","Description":"The TargetDeliveryDomain parameter specifies whether the remote domain is used in cross-forest deployments to generate target email addresses for new mail users that represent users in the other organization (for example, all mailboxes hosted on Exchange Online are represented as mail users in your on-premises organization).","Name":"TargetDeliveryDomain","Option":"Write"},{"CIMType":"Boolean","Description":"The TNEFEnabled parameter specifies whether Transport Neutral Encapsulation Format (TNEF) message encoding is used on messages sent to the remote domain.","Name":"TNEFEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The TrustedMailInboundEnabled parameter specifies whether messages from senders in the remote domain are treated as trusted messages.","Name":"TrustedMailInboundEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The TrustedMailOutboundEnabled parameter specifies whether messages sent to recipients in the remote domain are treated as trusted messages.","Name":"TrustedMailOutboundEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The UseSimpleDisplayName parameter specifies whether the sender's simple display name is used for the From email address in messages sent to recipients in the remote domain.","Name":"UseSimpleDisplayName","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures the Remote Email Domains in Exchange Online."},{"ClassName":"MSFT_EXOReportSubmissionPolicy","Parameters":[{"CIMType":"String","Description":"Specifies the resource is a single instance, the value must be 'Yes'.","Name":"IsSingleInstance","Option":"Key","ValueMap":["Yes"],"Values":["Yes"]},{"CIMType":"Boolean","Description":"The DisableQuarantineReportingOption parameter allows or prevents users from reporting messages in quarantine.","Name":"DisableQuarantineReportingOption","Option":"Write"},{"CIMType":"Boolean","Description":"The EnableCustomNotificationSender parameter specifies whether a custom sender email address is used for result messages after an admin reviews and marks the reported messages as junk, not junk, or phishing.","Name":"EnableCustomNotificationSender","Option":"Write"},{"CIMType":"Boolean","Description":"The EnableOrganizationBranding parameter specifies whether to show the company logo in the footer of result messages that users receive after an admin reviews and marks the reported messages as junk, not junk, or phishing.","Name":"EnableOrganizationBranding","Option":"Write"},{"CIMType":"Boolean","Description":"The EnableReportToMicrosoft parameter specifies whether Microsoft integrated reporting experience is enabled or disabled.","Name":"EnableReportToMicrosoft","Option":"Write"},{"CIMType":"Boolean","Description":"The EnableThirdPartyAddress parameter specifies whether you're using third-party reporting tools in Outlook instead of Microsoft tools to send messages to the reporting mailbox in Exchange Online.","Name":"EnableThirdPartyAddress","Option":"Write"},{"CIMType":"Boolean","Description":"The EnableUserEmailNotification parameter species whether users receive result messages after an admin reviews and marks the reported messages as junk, not junk, or phishing.","Name":"EnableUserEmailNotification","Option":"Write"},{"CIMType":"String","Description":"The JunkReviewResultMessage parameter specifies the custom text to use in result messages after an admin reviews and marks the reported messages as junk.","Name":"JunkReviewResultMessage","Option":"Write"},{"CIMType":"String","Description":"The NotJunkReviewResultMessage parameter specifies the custom text to use in result messages after an admin reviews and marks the reported messages as not junk.","Name":"NotJunkReviewResultMessage","Option":"Write"},{"CIMType":"String","Description":"The NotificationFooterMessage parameter specifies the custom footer text to use in email notifications after an admin reviews and marks the reported messages as junk, not junk, or phishing.","Name":"NotificationFooterMessage","Option":"Write"},{"CIMType":"String","Description":"The NotificationSenderAddress parameter specifies the sender email address to use in result messages after an admin reviews and marks the reported messages as junk, not junk, or phishing.","Name":"NotificationSenderAddress","Option":"Write"},{"CIMType":"String","Description":"The PhishingReviewResultMessage parameter specifies the custom text to use in result messages after an admin reviews and marks the reported messages as phishing.","Name":"PhishingReviewResultMessage","Option":"Write"},{"CIMType":"String","Description":"The PostSubmitMessage parameter specifies the custom pop-up message text to use in Outlook notifications after users report messages.","Name":"PostSubmitMessage","Option":"Write"},{"CIMType":"Boolean","Description":"The PostSubmitMessageEnabled parameter enables or disables the pop-up Outlook notifications that users see after they report messages using Microsoft reporting tools.","Name":"PostSubmitMessageEnabled","Option":"Write"},{"CIMType":"String","Description":"The PostSubmitMessage parameter parameter specifies the custom pop-up message title to use in Outlook notifications after users report messages.","Name":"PostSubmitMessageTitle","Option":"Write"},{"CIMType":"String","Description":"The PreSubmitMessage parameter specifies the custom pop-up message text to use in Outlook notifications before users report messages. ","Name":"PreSubmitMessage","Option":"Write"},{"CIMType":"Boolean","Description":"The PreSubmitMessageEnabled parameter enables or disables the pop-up Outlook notifications that users see before they report messages using Microsoft reporting tools.","Name":"PreSubmitMessageEnabled","Option":"Write"},{"CIMType":"String","Description":"The PreSubmitMessage parameter parameter specifies the custom pop-up message title to use in Outlook notifications before users report messages.","Name":"PreSubmitMessageTitle","Option":"Write"},{"CIMType":"String[]","Description":"The ReportJunkAddresses parameter specifies the email address of the reporting mailbox in Exchange Online to receive user reported messages in reporting in Outlook using Microsoft or third-party reporting tools in Outlook.","Name":"ReportJunkAddresses","Option":"Write"},{"CIMType":"Boolean","Description":"The ReportJunkToCustomizedAddress parameter specifies whether to send user reported messages from Outlook (using Microsoft or third-party reporting tools) to the reporting mailbox as part of reporting in Outlook. ","Name":"ReportJunkToCustomizedAddress","Option":"Write"},{"CIMType":"String[]","Description":"The ReportNotJunkAddresses parameter specifies the email address of the reporting mailbox in Exchange Online to receive user reported messages in reporting in Outlook using Microsoft or third-party reporting tools in Outlook.","Name":"ReportNotJunkAddresses","Option":"Write"},{"CIMType":"Boolean","Description":"The ReportNotJunkToCustomizedAddress parameter specifies whether to send user reported messages from Outlook (using Microsoft or third-party reporting tools) to the reporting mailbox as part of reporting in Outlook.","Name":"ReportNotJunkToCustomizedAddress","Option":"Write"},{"CIMType":"String[]","Description":"The ReportPhishAddresses parameter specifies the email address of the reporting mailbox in Exchange Online to receive user reported messages in reporting in Outlook using Microsoft or third-party reporting tools in Outlook.","Name":"ReportPhishAddresses","Option":"Write"},{"CIMType":"Boolean","Description":"The ReportPhishToCustomizedAddress parameter specifies whether to send user reported messages from Outlook (using Microsoft or third-party reporting tools) to the reporting mailbox as part of reporting in Outlook.","Name":"ReportPhishToCustomizedAddress","Option":"Write"},{"CIMType":"String[]","Description":"Use the ThirdPartyReportAddresses parameter to specify the email address of the reporting mailbox when you're using a third-party product for user submissions instead of reporting in Outlook.","Name":"ThirdPartyReportAddresses","Option":"Write"},{"CIMType":"Boolean","Description":"TBD","Name":"ReportChatMessageEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"TBD","Name":"ReportChatMessageToCustomizedAddressEnabled","Option":"Write"},{"CIMType":"String","Description":"Specifies if this report submission policy should exist.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Create or modify an EXOReportSubmissionPolicy in your cloud-based organization."},{"ClassName":"MSFT_EXOReportSubmissionRule","Parameters":[{"CIMType":"String","Description":"Specifies the resource is a single instance, the value must be 'Yes'.","Name":"IsSingleInstance","Option":"Key","ValueMap":["Yes"],"Values":["Yes"]},{"CIMType":"String","Description":"The Identity parameter specifies the report submission rule that you want to modify.","Name":"Identity","Option":"Write"},{"CIMType":"String","Description":"The Comments parameter specifies informative comments for the rule, such as what the rule is used for or how it has changed over time.","Name":"Comments","Option":"Write"},{"CIMType":"String[]","Description":"The SentTo parameter specifies the email address of the reporting mailbox in Exchange Online where user reported messages are sent.","Name":"SentTo","Option":"Write"},{"CIMType":"String","Description":"Specifies if this report submission rule should exist.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Create or modify an EXOReportSubmissionRule in your cloud-based organization."},{"ClassName":"MSFT_EXOResourceConfiguration","Parameters":[{"CIMType":"String","Description":"Only valid value is 'Yes'.","Name":"IsSingleInstance","Option":"Key","ValueMap":["Yes"],"Values":["Yes"]},{"CIMType":"String[]","Description":"The ResourcePropertySchema parameter specifies the custom resource property that you want to make available to room or equipment mailboxes. This parameter uses the syntax Room/<Text> or Equipment/<Text> where the <Text> value doesn't contain spaces. For example, Room/Whiteboard or Equipment/Van.","Name":"ResourcePropertySchema","Option":"Write"},{"CIMType":"String","Description":"Specifies if this Outbound connector should exist.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Modify the resource Configuration policy in your cloud-based organization."},{"ClassName":"MSFT_EXORetentionPolicy","Parameters":[{"CIMType":"String","Description":"The Identity parameter specifies the name, distinguished name (DN), or GUID of the retention policy.","Name":"Identity","Option":"Key"},{"CIMType":"Boolean","Description":"The IsDefault switch specifies that this retention policy is the default retention policy. You don't need to specify a value with this switch.","Name":"IsDefault","Option":"Write"},{"CIMType":"Boolean","Description":"The IsDefaultArbitrationMailbox switch configures this policy as the default retention policy for arbitration mailboxes in your Exchange Online organization. You don't need to specify a value with this switch.","Name":"IsDefaultArbitrationMailbox","Option":"Write"},{"CIMType":"String","Description":"The Name parameter specifies a unique name for the retention policy.","Name":"Name","Option":"Write"},{"CIMType":"String","Description":"The RetentionId parameter specifies the identity of the retention policy to make sure mailboxes moved between two Exchange organizations continue to have the same retention policy applied to them.","Name":"RetentionId","Option":"Write"},{"CIMType":"String[]","Description":"The RetentionPolicyTagLinks parameter specifies the identity of retention policy tags to associate with the retention policy. Mailboxes that get a retention policy applied have retention tags linked with that retention policy.","Name":"RetentionPolicyTagLinks","Option":"Write"},{"CIMType":"String","Description":"Specifies if this report submission rule should exist.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures an Exchange Online Retention Policy."},{"ClassName":"MSFT_EXORetentionPolicyTag","Parameters":[{"CIMType":"String","Description":"The Identity parameter specifies the name of the tag.","Name":"Identity","Option":"Key"},{"CIMType":"String","Description":"The Description parameter specifies a comment for the tag.","Name":"Comment","Option":"Write"},{"CIMType":"UInt32","Description":"The AgeLimitForRetention parameter specifies the age at which retention is enforced on an item. The age limit corresponds to the number of days from the date the item was delivered, or the date an item was created if it wasn't delivered. If this parameter isn't present and the RetentionEnabled parameter is set to $true, an error is returned.","Name":"AgeLimitForRetention","Option":"Write"},{"CIMType":"String","Description":"The MessageClass parameter specifies the message type to which the tag applies. If not specified, the default value is set to *.","Name":"MessageClass","Option":"Write"},{"CIMType":"Boolean","Description":"The MustDisplayCommentEnabled parameter specifies whether the comment can be hidden. The default value is $true.","Name":"MustDisplayCommentEnabled","Option":"Write"},{"CIMType":"String","Description":"The RetentionAction parameter specifies the action for the retention policy.","Name":"RetentionAction","Option":"Write"},{"CIMType":"Boolean","Description":"The RetentionEnabled parameter specifies whether the tag is enabled. When set to $false, the tag is disabled, and no retention action is taken on messages that have the tag applied.","Name":"RetentionEnabled","Option":"Write"},{"CIMType":"String","Description":"The Type parameter specifies the type of retention tag being created.","Name":"Type","Option":"Write"},{"CIMType":"string","Description":"Present ensures the instance exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Absent","Present"],"Values":["Absent","Present"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Manage Exchange Online retention policy tags."},{"ClassName":"MSFT_EXORoleAssignmentPolicy","Parameters":[{"CIMType":"String","Description":"The Name parameter specifies the new name of the assignment policy. The maximum length is 64 characters.","Name":"Name","Option":"Key"},{"CIMType":"String","Description":"The Description parameter specifies the description that's displayed when the role assignment policy is viewed using the Get-RoleAssignmentPolicy cmdlet.","Name":"Description","Option":"Write"},{"CIMType":"Boolean","Description":"The IsDefault switch makes the assignment policy the default assignment policy.","Name":"IsDefault","Option":"Write"},{"CIMType":"String[]","Description":"The Roles parameter specifies the management roles to assign to the role assignment policy when it's created.","Name":"Roles","Option":"Write"},{"CIMType":"String","Description":"Specify if the Role Assignment Policy should exist or not.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures Role Assignment Policies in Exchange Online."},{"ClassName":"MSFT_EXORoleGroup","Parameters":[{"CIMType":"String","Description":"The Name parameter specifies the name of the role. The maximum length of the name is 64 characters.","Name":"Name","Option":"Key"},{"CIMType":"String","Description":"The Description parameter specifies the description that's displayed when the role group is viewed using the Get-RoleGroup cmdlet. Enclose the description in quotation marks","Name":"Description","Option":"Write"},{"CIMType":"String[]","Description":"The Members parameter specifies the mailboxes or mail-enabled USGs to add as a member of the role group. You can identify the user or group by the name, DN, or primary SMTP address value. You can specify multiple members separated by commas (Value1,Value2,...ValueN). If the value contains spaces, enclose the value in quotation marks","Name":"Members","Option":"Write"},{"CIMType":"String[]","Description":"The Roles parameter specifies the management roles to assign to the role group when it's created. If a role name contains spaces, enclose the name in quotation marks. If you want to assign more that one role, separate the role names with commas.","Name":"Roles","Option":"Write"},{"CIMType":"String","Description":"Specify if the Role Group should exist or not.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures Role Groups in Exchange Online."},{"ClassName":"MSFT_EXOSafeAttachmentPolicy","Parameters":[{"CIMType":"String","Description":"The Identity parameter specifies the name of the SafeAttachmentpolicy that you want to modify.","Name":"Identity","Option":"Key"},{"CIMType":"String","Description":"The Action parameter specifies the action for the Safe Attachments policy.","Name":"Action","Option":"Write","ValueMap":["Block","Replace","Allow","DynamicDelivery"],"Values":["Block","Replace","Allow","DynamicDelivery"]},{"CIMType":"String","Description":"The AdminDisplayName parameter specifies a description for the policy.","Name":"AdminDisplayName","Option":"Write"},{"CIMType":"Boolean","Description":"Specify if this policy should be enabled. Default is $true.","Name":"Enable","Option":"Write"},{"CIMType":"String","Description":"The QuarantineTag specifies the quarantine policy that's used on messages that are quarantined as malware by Safe Attachments.","Name":"QuarantineTag","Option":"Write"},{"CIMType":"Boolean","Description":"The Redirect parameter specifies whether to send detected malware attachments to another email address. Valid values are: $true: Malware attachments are sent to the email address specified by the RedirectAddress parameter. $false: Malware attachments aren't sent to another email address. This is the default value.","Name":"Redirect","Option":"Write"},{"CIMType":"String","Description":"The RedirectAddress parameter specifies the email address where detected malware attachments are sent when the Redirect parameter is set to the value $true.","Name":"RedirectAddress","Option":"Write"},{"CIMType":"String","Description":"Specify if this policy should exist or not.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures the settings of the Safe Attachments policies\nin your cloud-based organization."},{"ClassName":"MSFT_EXOSafeAttachmentRule","Parameters":[{"CIMType":"String","Description":"The Identity parameter specifies the name of the SafeAttachment rule that you want to modify.","Name":"Identity","Option":"Key"},{"CIMType":"String","Description":"The SafeAttachmentPolicy parameter specifies the name of the SafeAttachment policy that's associated with the SafeAttachment rule.","Name":"SafeAttachmentPolicy","Option":"Required"},{"CIMType":"Boolean","Description":"Specify if this rule should be enabled. Default is $true.","Name":"Enabled","Option":"Write"},{"CIMType":"uint32","Description":"The Priority parameter specifies a priority value for the rule that determines the order of rule processing. A lower integer value indicates a higher priority, the value 0 is the highest priority, and rules can't have the same priority value.","Name":"Priority","Option":"Write"},{"CIMType":"String","Description":"The Comments parameter specifies informative comments for the rule, such as what the rule is used for or how it has changed over time. The length of the comment can't exceed 1024 characters.","Name":"Comments","Option":"Write"},{"CIMType":"String[]","Description":"The ExceptIfRecipientDomainIs parameter specifies an exception that looks for recipients with email address in the specified domains. You can specify multiple domains separated by commas.","Name":"ExceptIfRecipientDomainIs","Option":"Write"},{"CIMType":"String[]","Description":"The ExceptIfSentTo parameter specifies an exception that looks for recipients in messages. You can use any value that uniquely identifies the recipient.","Name":"ExceptIfSentTo","Option":"Write"},{"CIMType":"String[]","Description":"The ExceptIfSentToMemberOf parameter specifies an exception that looks for messages sent to members of groups. You can use any value that uniquely identifies the group.","Name":"ExceptIfSentToMemberOf","Option":"Write"},{"CIMType":"String[]","Description":"The RecipientDomainIs parameter specifies a condition that looks for recipients with email address in the specified domains. You can specify multiple domains separated by commas.","Name":"RecipientDomainIs","Option":"Write"},{"CIMType":"String[]","Description":"The SentTo parameter specifies a condition that looks for recipients in messages. You can use any value that uniquely identifies the recipient.","Name":"SentTo","Option":"Write"},{"CIMType":"String[]","Description":"The SentToMemberOf parameter looks for messages sent to members of groups. You can use any value that uniquely identifies the group.","Name":"SentToMemberOf","Option":"Write"},{"CIMType":"String","Description":"Specify if this rule should exist or not.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures an Safe Attachment Rule in Exchange Online."},{"ClassName":"MSFT_EXOSafeLinksPolicy","Parameters":[{"CIMType":"String","Description":"The Identity parameter specifies the SafeLinks policy that you want to modify.","Name":"Identity","Option":"Key"},{"CIMType":"String","Description":"Specify if this policy should exist or not.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"String","Description":"The AdminDisplayName parameter specifies a description for the policy.","Name":"AdminDisplayName","Option":"Write"},{"CIMType":"Boolean","Description":"The AllowClickThrough parameter specifies whether to allow users to click through to the original URL on warning pages.","Name":"AllowClickThrough","Option":"Write"},{"CIMType":"String","Description":"The custom notification text specifies the customized notification text to show to users.","Name":"CustomNotificationText","Option":"Write"},{"CIMType":"Boolean","Description":"The DeliverMessageAfterScan parameter specifies whether to deliver email messages only after Safe Links scanning is complete. Valid values are: $true: Wait until Safe Links scanning is complete before delivering the message. $false: If Safe Links scanning can't complete, deliver the message anyway. This is the default value.","Name":"DeliverMessageAfterScan","Option":"Write"},{"CIMType":"String[]","Description":"The DoNotRewriteUrls parameter specifies a URL that's skipped by Safe Links scanning. You can specify multiple values separated by commas.","Name":"DoNotRewriteUrls","Option":"Write"},{"CIMType":"Boolean","Description":"The EnableForInternalSenders parameter specifies whether the Safe Links policy is applied to messages sent between internal senders and internal recipients within the same Exchange Online organization.","Name":"EnableForInternalSenders","Option":"Write"},{"CIMType":"Boolean","Description":"The EnableOrganizationBranding parameter specifies whether your organization's logo is displayed on Safe Links warning and notification pages.","Name":"EnableOrganizationBranding","Option":"Write"},{"CIMType":"Boolean","Description":"The EnableSafeLinksForOffice parameter specifies whether to enable Safe Links protection for supported Office desktop, mobile, or web apps.","Name":"EnableSafeLinksForOffice","Option":"Write"},{"CIMType":"Boolean","Description":"The EnableSafeLinksForTeams parameter specifies whether Safe Links is enabled for Microsoft Teams. Valid values are: $true: Safe Links is enabled for Teams. If a protected user clicks a malicious link in a Teams conversation, group chat, or from channels, a warning page will appear in the default web browser. $false: Safe Links isn't enabled for Teams. This is the default value.","Name":"EnableSafeLinksForTeams","Option":"Write"},{"CIMType":"Boolean","Description":"The EnableSafeLinksForEmail parameter specifies whether to enable Safe Links protection for email messages. Valid values are: $true: Safe Links is enabled for email. When a user clicks a link in an email, the link is checked by Safe Links. If the link is found to be malicious, a warning page appears in the default web browser. $false: Safe Links isn't enabled for email. This is the default value.","Name":"EnableSafeLinksForEmail","Option":"Write"},{"CIMType":"Boolean","Description":"The DisableUrlRewrite parameter specifies whether to rewrite (wrap) URLs in email messages. Valid values are: $true: URLs in messages are not rewritten, but messages are still scanned by Safe Links prior to delivery. Time of click checks on links are done using the Safe Links API in supported Outlook clients (currently, Outlook for Windows and Outlook for Mac). Typically, we don't recommend using this value. $false: URLs in messages are rewritten. API checks still occur on unwrapped URLs in supported clients if the user is in a valid Safe Links policy. This is the default value.","Name":"DisableUrlRewrite","Option":"Write"},{"CIMType":"Boolean","Description":"The ScanUrls parameter specifies whether to enable or disable the scanning of links in email messages. Valid values are: $true: Scanning links in email messages is enabled. $false: Scanning links in email messages is disabled. This is the default value.","Name":"ScanUrls","Option":"Write"},{"CIMType":"Boolean","Description":"The TrackClicks parameter specifies whether to track user clicks related to Safe Links protection of links.","Name":"TrackClicks","Option":"Write"},{"CIMType":"Boolean","Description":"The UseTranslatedNotificationText specifies whether to use Microsoft Translator to automatically localize the custom notification text that you specified with the CustomNotificationText parameter.","Name":"UseTranslatedNotificationText","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures the settings of the SafeLinks policies\nin your cloud-based organization."},{"ClassName":"MSFT_EXOSafeLinksRule","Parameters":[{"CIMType":"String","Description":"The Identity parameter specifies the name of the SafeLink rule that you want to modify.","Name":"Identity","Option":"Key"},{"CIMType":"String","Description":"Specify if this rule should exist or not.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"String","Description":"The SafeLinksPolicy parameter specifies the name of the SafeLink policy that's associated with the SafeLinksing rule.","Name":"SafeLinksPolicy","Option":"Required"},{"CIMType":"Boolean","Description":"Specify if this rule should be enabled. Default is $true.","Name":"Enabled","Option":"Write"},{"CIMType":"uint32","Description":"The Priority parameter specifies a priority value for the rule that determines the order of rule processing. A lower integer value indicates a higher priority, the value 0 is the highest priority, and rules can't have the same priority value.","Name":"Priority","Option":"Write"},{"CIMType":"String","Description":"The Comments parameter specifies informative comments for the rule, such as what the rule is used for or how it has changed over time. The length of the comment can't exceed 1024 characters.","Name":"Comments","Option":"Write"},{"CIMType":"String[]","Description":"The ExceptIfRecipientDomainIs parameter specifies an exception that looks for recipients with email address in the specified domains. You can specify multiple domains separated by commas.","Name":"ExceptIfRecipientDomainIs","Option":"Write"},{"CIMType":"String[]","Description":"The ExceptIfSentTo parameter specifies an exception that looks for recipients in messages. You can use any value that uniquely identifies the recipient.","Name":"ExceptIfSentTo","Option":"Write"},{"CIMType":"String[]","Description":"The ExceptIfSentToMemberOf parameter specifies an exception that looks for messages sent to members of groups. You can use any value that uniquely identifies the group.","Name":"ExceptIfSentToMemberOf","Option":"Write"},{"CIMType":"String[]","Description":"The RecipientDomainIs parameter specifies a condition that looks for recipients with email address in the specified domains. You can specify multiple domains separated by commas.","Name":"RecipientDomainIs","Option":"Write"},{"CIMType":"String[]","Description":"The SentTo parameter specifies a condition that looks for recipients in messages. You can use any value that uniquely identifies the recipient.","Name":"SentTo","Option":"Write"},{"CIMType":"String[]","Description":"The SentToMemberOf parameter looks for messages sent to members of groups. You can use any value that uniquely identifies the group.","Name":"SentToMemberOf","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures an SafeLinks Rule in Exchange Online."},{"ClassName":"MSFT_EXOSecOpsOverrideRule","Parameters":[{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"},{"CIMType":"String","Description":"The unique identifier (GUID or name) of the override rule. This parameter is mandatory.","Name":"Identity","Option":"Key"},{"CIMType":"String","Description":"An optional comment for the override rule.","Name":"Comment","Option":"Write"},{"CIMType":"String","Description":"The SecOps simulation override policy that's associated with the rule.","Name":"Policy","Option":"Write"},{"CIMType":"String","Description":"Ensures the presence or absence of the configuration.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]}],"Description":"This resource allows users to manage resource to modify SecOps\noverride rules to bypass Exchange Online Protection filtering."},{"ClassName":"MSFT_EXOServicePrincipal","Parameters":[{"CIMType":"string","Description":"The AppName parameter specifies the corresponding friendly name of the unique AppId GUID value for the service principal.","Name":"AppName","Option":"Key"},{"CIMType":"string","Description":"The DisplayName parameter specifies the friendly name of the service principal.","Name":"DisplayName","Option":"Write"},{"CIMType":"string","Description":"The Identity parameter specifies the service principal that you want to view.","Name":"Identity","Option":"Write"},{"CIMType":"string","Description":"The AppId parameter specifies the unique AppId GUID value for the service principal.","Name":"AppId","Option":"Write"},{"CIMType":"string","Description":"Present ensures the group exists, absent ensures it is removed","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resources configures an EXO Service Principal."},{"ClassName":"MSFT_EXOSharedMailbox","Parameters":[{"CIMType":"string","Description":"The display name of the Shared Mailbox","Name":"DisplayName","Option":"Key"},{"CIMType":"string","Description":"The unique identifier of the Shared Mailbox","Name":"Identity","Option":"Write"},{"CIMType":"string","Description":"The primary email address of the Shared Mailbox","Name":"PrimarySMTPAddress","Option":"Write"},{"CIMType":"string","Description":"The alias of the Shared Mailbox","Name":"Alias","Option":"Write"},{"CIMType":"string[]","Description":"The EmailAddresses parameter specifies all the email addresses (proxy addresses) for the Shared Mailbox","Name":"EmailAddresses","Option":"Write"},{"CIMType":"boolean","Description":"The AuditEnabled parameter specifies whether to enable or disable mailbox audit logging for the mailbox. If auditing is enabled, actions specified in the AuditAdmin, AuditDelegate, and AuditOwner parameters are logged","Name":"AuditEnabled","Option":"Write"},{"CIMType":"string","Description":"Present ensures the group exists, absent ensures it is removed","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource allows users to create Office 365 Shared Mailboxes."},{"ClassName":"MSFT_EXOSharingPolicy","Parameters":[{"CIMType":"String","Description":"The Name parameter specifies the unique name of the sharing policy. The maximum length is 64 characters.","Name":"Name","Option":"Key"},{"CIMType":"Boolean","Description":"The Default switch specifies that the sharing policy is the default sharing policy for all mailboxes.","Name":"Default","Option":"Write"},{"CIMType":"Boolean","Description":"The Enabled parameter specifies whether to enable the sharing policy. Valid values for this parameter are $true or $false.","Name":"Enabled","Option":"Write"},{"CIMType":"String[]","Description":"The Domains parameter specifies domains to which this policy applies and the sharing policy action.","Name":"Domains","Option":"Write"},{"CIMType":"String","Description":"Specify if the Sharing Policy should exist or not.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures Sharing Policies in Exchange Online."},{"ClassName":"MSFT_EXOSmtpDaneInbound","Parameters":[{"CIMType":"String","Description":"Specifies the accepted domain in the Exchange Online organization where you want to enable SMTP DANE","Name":"DomainName","Option":"Key"},{"CIMType":"string","Description":"Present ensures SmtpDaneInbound is enabled, absent ensures it is disabled.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures SmtpDaneInbound for an accepted domain in Exchange Online.\n\nNote that enabling DANE requires that the accepted domain is configured for DNSSEC and the public MX-record must be updated correspondingly."},{"ClassName":"MSFT_EXOSweepRule","Parameters":[{"CIMType":"String","Description":"The Name parameter specifies the name of the Sweep rule. If the value contains spaces, enclose the value in quotation marks.","Name":"Name","Option":"Key"},{"CIMType":"String","Description":"The Provider parameter specifies the provider for the Sweep rule. If the value contains spaces, enclose the value in quotation marks. For Sweep rules that you create in Outlook on the web, the default value is Exchange16.","Name":"Provider","Option":"Write"},{"CIMType":"String","Description":"The DestinationFolder parameter specifies an action for the Sweep rule that moves messages to the specified folder.","Name":"DestinationFolder","Option":"Write"},{"CIMType":"Boolean","Description":"The Enabled parameter specifies whether the Sweep rule is enabled or disabled.","Name":"Enabled","Option":"Write"},{"CIMType":"UInt32","Description":"The KeepForDays parameter specifies an action for the Sweep rule that specifies the number of days to keep messages that match the conditions of the rule. After the number of days have passed, the messages are moved to the location that's specified by the DestinationFolder parameter (by default, the Deleted Items folder). You can't use this parameter with the KeepLatest parameter and the Sweep rule must contain a KeepForDays or KeepLatest parameter value.","Name":"KeepForDays","Option":"Write"},{"CIMType":"UInt32","Description":"The KeepLatest parameter specifies an action for the Sweep rule that specifies the number of messages to keep that match the conditions of the rule. After the number of messages is exceeded, the oldest messages are moved to the location that's specified by the DestinationFolder parameter (by default, the Deleted Items folder). You can't use this parameter with the KeepForDays parameter and the Sweep rule must contain a KeepForDays or KeepLatest parameter value.","Name":"KeepLatest","Option":"Write"},{"CIMType":"String","Description":"The Mailbox parameter specifies the mailbox where you want to create the Sweep rule. You can use any value that uniquely identifies the mailbox.","Name":"Mailbox","Option":"Write"},{"CIMType":"String","Description":"The SenderName parameter specifies a condition for the Sweep rule that looks for the specified sender in messages. For internal senders, you can use any value that uniquely identifies the sender.","Name":"SenderName","Option":"Write"},{"CIMType":"String","Description":"The SourceFolder parameter specifies a condition for the Sweep rule that looks for messages in the specified folder.","Name":"SourceFolder","Option":"Write"},{"CIMType":"String","Description":"The SystemCategory parameter specifies a condition for the sweep rule that looks for messages with the specified system category. System categories are available to all mailboxes in the organization.","Name":"SystemCategory","Option":"Write"},{"CIMType":"String","Description":"Specify if this rule should exist or not.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Use this resource to create Sweep rules in mailboxes. Sweep rules run at regular intervals to help keep your Inbox clean."},{"ClassName":"MSFT_EXOTeamsProtectionPolicy","Parameters":[{"CIMType":"String","Description":"Only valid value is 'Yes'.","Name":"IsSingleInstance","Option":"Key","ValueMap":["Yes"],"Values":["Yes"]},{"CIMType":"String","Description":"The AdminDisplayName parameter specifies a description for the policy.","Name":"AdminDisplayName","Option":"Write"},{"CIMType":"String","Description":"The HighConfidencePhishQuarantineTag parameter specifies the quarantine policy that's used for messages that are quarantined as high confidence phishing by ZAP for Teams.","Name":"HighConfidencePhishQuarantineTag","Option":"Write","ValueMap":["AdminOnlyAccessPolicy","DefaultFullAccessPolicy","DefaultFullAccessWithNotificationPolicy"],"Values":["AdminOnlyAccessPolicy","DefaultFullAccessPolicy","DefaultFullAccessWithNotificationPolicy"]},{"CIMType":"String","Description":"The MalwareQuarantineTag parameter specifies the quarantine policy that's used for messages that are quarantined as malware by ZAP for Teams.","Name":"MalwareQuarantineTag","Option":"Write","ValueMap":["AdminOnlyAccessPolicy","DefaultFullAccessPolicy","DefaultFullAccessWithNotificationPolicy"],"Values":["AdminOnlyAccessPolicy","DefaultFullAccessPolicy","DefaultFullAccessWithNotificationPolicy"]},{"CIMType":"Boolean","Description":"The ZapEnabled parameter specifies whether to enable zero-hour auto purge (ZAP) for malware and high confidence phishing messages in Teams messages.","Name":"ZapEnabled","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Create or modify a TeamsProtectionPolicy in your cloud-based organization."},{"ClassName":"MSFT_EXOTenantAllowBlockListItems","Parameters":[{"CIMType":"String","Description":"The action (allow/block) to take for this list entry","Name":"Action","Option":"Required","ValueMap":["Allow","Block"],"Values":["Allow","Block"]},{"CIMType":"String","Description":"The value that you want to add to the Tenant Allow/Block List based on the ListType parameter value","Name":"Value","Option":"Key"},{"CIMType":"DateTime","Description":"The expiration date of the entry in Coordinated Universal Time (UTC)","Name":"ExpirationDate","Option":"Write"},{"CIMType":"String","Description":"The subtype for this entry","Name":"ListSubType","Option":"Write","ValueMap":["AdvancedDelivery","Submission","Tenant"],"Values":["AdvancedDelivery","Submission","Tenant"]},{"CIMType":"String","Description":"The type of entry to add.","Name":"ListType","Option":"Key","ValueMap":["FileHash","Sender","Url"],"Values":["FileHash","Sender","Url"]},{"CIMType":"String","Description":"Additional information about the object","Name":"Notes","Option":"Write"},{"CIMType":"UInt32","Description":"Number of days after the entry is first used for it to removed","Name":"RemoveAfter","Option":"Write"},{"CIMType":"string","Description":"Present ensures the instance exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Use this resource to manage the Exchange Online Tenant Allow/Block List items."},{"ClassName":"MSFT_EXOTenantAllowBlockListSpoofItems","Parameters":[{"CIMType":"String","Description":"The SpoofedUser parameter specifies the email address or domain for the spoofed sender entry.","Name":"SpoofedUser","Option":"Key"},{"CIMType":"String","Description":"The Action parameter specifies whether is an allowed or blocked spoofed sender entry.","Name":"Action","Option":"Write"},{"CIMType":"String","Description":"Unique identified for the blocked item.","Name":"Identity","Option":"Write"},{"CIMType":"String","Description":"The SendingInfrastructure parameter specifies the source of the messages sent by the spoofed sender that's defined in the SpoofedUser parameter..","Name":"SendingInfrastructure","Option":"Write"},{"CIMType":"String","Description":"The SpoofType parameter specifies whether this is an internal or external spoofed sender entry.","Name":"SpoofType","Option":"Write"},{"CIMType":"string","Description":"Present ensures the instance exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Absent","Present"],"Values":["Absent","Present"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Configures blocked spoofed items in Exchange Online."},{"ClassName":"MSFT_EXOTransportConfig","Parameters":[{"CIMType":"String","Description":"Specifies the resource is a single instance, the value must be 'Yes'.","Name":"IsSingleInstance","Option":"Key","ValueMap":["Yes"],"Values":["Yes"]},{"CIMType":"Boolean","Description":"The AddressBookPolicyRoutingEnabled parameter controls how recipients are resolved in an organization that uses address book policies to create separate virtual organizations within the same Exchange organization.","Name":"AddressBookPolicyRoutingEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"Allow legacy TLS clients","Name":"AllowLegacyTLSClients","Option":"Write"},{"CIMType":"Boolean","Description":"The ClearCategories parameter keeps or removes Microsoft Outlook message categories during content conversion.","Name":"ClearCategories","Option":"Write"},{"CIMType":"Boolean","Description":"The ConvertDisclaimerWrapperToEml parameter specifies whether the original message will be added as a TNEF attachment or a regular EML attachment to a disclaimer.","Name":"ConvertDisclaimerWrapperToEml","Option":"Write"},{"CIMType":"String","Description":"The DSNConversionMode parameter controls how Exchange handles delivery status notifications that are generated by earlier versions of Exchange or other messaging systems.","Name":"DSNConversionMode","Option":"Write"},{"CIMType":"Boolean","Description":"The ExternalDelayDsnEnabled parameter specifies whether a delay delivery status notification (DSN) message should be created for external messages that couldn't be immediately delivered. ","Name":"ExternalDelayDsnEnabled","Option":"Write"},{"CIMType":"String","Description":"The ExternalDsnDefaultLanguage parameter specifies which Exchange server language should be used by default when you create external DSN messages.","Name":"ExternalDsnDefaultLanguage","Option":"Write"},{"CIMType":"Boolean","Description":"The ExternalDsnLanguageDetectionEnabled parameter specifies whether the server should try to send an external DSN message in the same language as the original message that generated the notification.","Name":"ExternalDsnLanguageDetectionEnabled","Option":"Write"},{"CIMType":"String","Description":"The ExternalDsnReportingAuthority parameter specifies the domain in the machine-readable part of external DSN messages. ","Name":"ExternalDsnReportingAuthority","Option":"Write"},{"CIMType":"Boolean","Description":"The ExternalDsnSendHtml parameter specifies whether external DSN messages should be HTML or plain text.","Name":"ExternalDsnSendHtml","Option":"Write"},{"CIMType":"String","Description":"The ExternalPostmasterAddress parameter specifies the email address in the From header field of an external DSN message.","Name":"ExternalPostmasterAddress","Option":"Write"},{"CIMType":"String","Description":"The HeaderPromotionModeSetting parameter specifies whether named properties are created for custom X-headers on messages received.","Name":"HeaderPromotionModeSetting","Option":"Write"},{"CIMType":"Boolean","Description":"The InternalDelayDsnEnabled parameter specifies whether a delay DSN message should be created for messages sent to or from recipients or senders in the same Exchange organization that couldn't be immediately delivered.","Name":"InternalDelayDsnEnabled","Option":"Write"},{"CIMType":"String","Description":"The InternalDsnDefaultLanguage parameter specifies which Exchange server language should be used by default when you create internal DSN messages.","Name":"InternalDsnDefaultLanguage","Option":"Write"},{"CIMType":"Boolean","Description":"The InternalDsnLanguageDetectionEnabled parameter specifies whether the server should try to send an internal DSN message in the same language as the original message that generated the notification.","Name":"InternalDsnLanguageDetectionEnabled","Option":"Write"},{"CIMType":"String","Description":"The InternalDsnReportingAuthority parameter specifies the domain in the machine-readable part of internal DSN messages.","Name":"InternalDsnReportingAuthority","Option":"Write"},{"CIMType":"Boolean","Description":"The InternalDsnSendHtml parameter specifies whether internal DSN messages should be HTML or plain text.","Name":"InternalDsnSendHtml","Option":"Write"},{"CIMType":"SInt32","Description":"The JournalMessageExpirationDays parameter extends the number of days that undeliverable journal reports are queued before they expire.","Name":"JournalMessageExpirationDays","Option":"Write"},{"CIMType":"String","Description":"The JournalingReportNdrTo parameter specifies the email address to which journal reports are sent if the journaling mailbox is unavailable. Once set, it cannot be reset to blank again.","Name":"JournalingReportNdrTo","Option":"Write"},{"CIMType":"String","Description":"The MaxRecipientEnvelopeLimit parameter specifies the maximum number of recipients in a message.","Name":"MaxRecipientEnvelopeLimit","Option":"Write"},{"CIMType":"SInt32","Description":"Reply all storm block duration hours.","Name":"ReplyAllStormBlockDurationHours","Option":"Write"},{"CIMType":"SInt32","Description":"Reply all storm detection minimum recipients.","Name":"ReplyAllStormDetectionMinimumRecipients","Option":"Write"},{"CIMType":"SInt32","Description":"Reply all storm detection minimum replies.","Name":"ReplyAllStormDetectionMinimumReplies","Option":"Write"},{"CIMType":"Boolean","Description":"Reply all storm protection enabled.","Name":"ReplyAllStormProtectionEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The Rfc2231EncodingEnabled parameter specifies whether the RFC 2231 encoding of MIME parameters for outbound messages is enabled in your organization.","Name":"Rfc2231EncodingEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The SmtpClientAuthenticationDisabled parameter specifies whether to disable authenticated SMTP (SMTP AUTH) for the whole organization.","Name":"SmtpClientAuthenticationDisabled","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures the Exchange Online transport\nsettings."},{"ClassName":"MSFT_EXOTransportRule","Parameters":[{"CIMType":"String","Description":"The Name parameter specifies the display name of the transport rule to be created. The maximum length is 64 characters.","Name":"Name","Option":"Key"},{"CIMType":"String","Description":"This parameter specifies a condition or part of a condition for the rule. The name of the corresponding exception parameter starts with ExceptIf.","Name":"ADComparisonAttribute","Option":"Write"},{"CIMType":"String","Description":"This parameter specifies a condition or part of a condition for the rule. The name of the corresponding exception parameter starts with ExceptIf.","Name":"ADComparisonOperator","Option":"Write","ValueMap":["Equal","NotEqual"],"Values":["Equal","NotEqual"]},{"CIMType":"String","Description":"The ActivationDate parameter specifies when the rule starts processing messages. The rule won't take any action on messages until the specified date/time.","Name":"ActivationDate","Option":"Write"},{"CIMType":"String","Description":"The AddManagerAsRecipientType parameter specifies an action that delivers or redirects messages to the user that's defined in the sender's Manager attribute.","Name":"AddManagerAsRecipientType","Option":"Write","ValueMap":["To","Cc","Bcc","Redirect"],"Values":["To","Cc","Bcc","Redirect"]},{"CIMType":"String[]","Description":"The AddToRecipients parameter specifies an action that adds recipients to the To field of messages.","Name":"AddToRecipients","Option":"Write"},{"CIMType":"String[]","Description":"The AnyOfCcHeader parameter specifies a condition that looks for recipients in the Cc field of messages.","Name":"AnyOfCcHeader","Option":"Write"},{"CIMType":"String[]","Description":"The AnyOfCcHeaderMemberOf parameter specifies a condition that looks for group members in the Cc field of messages.","Name":"AnyOfCcHeaderMemberOf","Option":"Write"},{"CIMType":"String[]","Description":"The AnyOfRecipientAddressContainsWords parameter specifies a condition that looks for words in recipient email addresses.","Name":"AnyOfRecipientAddressContainsWords","Option":"Write"},{"CIMType":"String[]","Description":"The AnyOfRecipientAddressMatchesPatterns parameter specifies a condition that looks for text patterns in recipient email addresses by using regular expressions.","Name":"AnyOfRecipientAddressMatchesPatterns","Option":"Write"},{"CIMType":"String[]","Description":"The AnyOfToCcHeader parameter specifies a condition that looks for recipients in the To or Cc fields of messages.","Name":"AnyOfToCcHeader","Option":"Write"},{"CIMType":"String[]","Description":"The AnyOfToCcHeaderMemberOf parameter specifies a condition that looks for group members in the To and Cc fields of messages.","Name":"AnyOfToCcHeaderMemberOf","Option":"Write"},{"CIMType":"String[]","Description":"The AnyOfToHeader parameter specifies a condition that looks for recipients in the To field of messages.","Name":"AnyOfToHeader","Option":"Write"},{"CIMType":"String[]","Description":"The AnyOfToHeaderMemberOf parameter specifies a condition that looks for group members in the To field of messages.","Name":"AnyOfToHeaderMemberOf","Option":"Write"},{"CIMType":"String","Description":"The ApplyClassification parameter specifies an action that applies a message classification to messages. ","Name":"ApplyClassification","Option":"Write"},{"CIMType":"String","Description":"The ApplyHtmlDisclaimerFallbackAction parameter specifies what to do if the HTML disclaimer can't be added to a message.","Name":"ApplyHtmlDisclaimerFallbackAction","Option":"Write","ValueMap":["Wrap","Ignore","Reject"],"Values":["Wrap","Ignore","Reject"]},{"CIMType":"String","Description":"The ApplyHtmlDisclaimerLocation parameter specifies where to insert the HTML disclaimer text in the body of messages.","Name":"ApplyHtmlDisclaimerLocation","Option":"Write","ValueMap":["Append","Prepend"],"Values":["Append","Prepend"]},{"CIMType":"String","Description":"The ApplyHtmlDisclaimerText parameter specifies an action that adds the disclaimer text to messages.","Name":"ApplyHtmlDisclaimerText","Option":"Write"},{"CIMType":"String","Description":"The ApplyRightsProtectionCustomizationTemplate parameter specifies an action that applies a custom branding template for OME encrypted messages.","Name":"ApplyRightsProtectionCustomizationTemplate","Option":"Write"},{"CIMType":"String","Description":"The ApplyRightsProtectionTemplate parameter specifies an action that applies rights management service (RMS) templates to messages. ","Name":"ApplyRightsProtectionTemplate","Option":"Write"},{"CIMType":"String[]","Description":"The AttachmentContainsWords parameter specifies a condition that looks for words in message attachments. ","Name":"AttachmentContainsWords","Option":"Write"},{"CIMType":"String[]","Description":"The AttachmentExtensionMatchesWords parameter specifies a condition that looks for words in the file name extensions of message attachments.","Name":"AttachmentExtensionMatchesWords","Option":"Write"},{"CIMType":"Boolean","Description":"The AttachmentHasExecutableContent parameter specifies a condition that looks for executable content in message attachments.","Name":"AttachmentHasExecutableContent","Option":"Write"},{"CIMType":"Boolean","Description":"The AttachmentIsPasswordProtected parameter specifies a condition that looks for password protected files in messages (because the contents of the file can't be inspected).","Name":"AttachmentIsPasswordProtected","Option":"Write"},{"CIMType":"Boolean","Description":"The AttachmentIsUnsupported parameter specifies a condition that looks for unsupported file types in messages.","Name":"AttachmentIsUnsupported","Option":"Write"},{"CIMType":"String[]","Description":"The AttachmentMatchesPatterns parameter specifies a condition that looks for text patterns in the content of message attachments by using regular expressions.","Name":"AttachmentMatchesPatterns","Option":"Write"},{"CIMType":"String[]","Description":"The AttachmentNameMatchesPatterns parameter specifies a condition that looks for text patterns in the file name of message attachments by using regular expressions.","Name":"AttachmentNameMatchesPatterns","Option":"Write"},{"CIMType":"Boolean","Description":"The AttachmentProcessingLimitExceeded parameter specifies a condition that looks for messages where attachment scanning didn't complete.","Name":"AttachmentProcessingLimitExceeded","Option":"Write"},{"CIMType":"String[]","Description":"The AttachmentPropertyContainsWords parameter specifies a condition that looks for words in the properties of attached Office documents.","Name":"AttachmentPropertyContainsWords","Option":"Write"},{"CIMType":"String","Description":"The AttachmentSizeOver parameter specifies a condition that looks for messages where any attachment is greater than the specified size.","Name":"AttachmentSizeOver","Option":"Write"},{"CIMType":"String[]","Description":"The BetweenMemberOf1 parameter specifies a condition that looks for messages that are sent between group members.","Name":"BetweenMemberOf1","Option":"Write"},{"CIMType":"String[]","Description":"The BetweenMemberOf2 parameter specifies a condition that looks for messages that are sent between group members.","Name":"BetweenMemberOf2","Option":"Write"},{"CIMType":"String[]","Description":"The BlindCopyTo parameter specifies an action that adds recipients to the Bcc field of messages. ","Name":"BlindCopyTo","Option":"Write"},{"CIMType":"String","Description":"The Comments parameter specifies optional descriptive text for the rule. The length of the comment can't exceed 1024 characters.","Name":"Comments","Option":"Write"},{"CIMType":"String[]","Description":"The ContentCharacterSetContainsWords parameter specifies a condition that looks for character set names in messages.","Name":"ContentCharacterSetContainsWords","Option":"Write"},{"CIMType":"String[]","Description":"The CopyTo parameter specifies an action that adds recipients to the Cc field of messages.","Name":"CopyTo","Option":"Write"},{"CIMType":"Boolean","Description":"The DeleteMessage parameter specifies an action that silently drops messages without an NDR.","Name":"DeleteMessage","Option":"Write"},{"CIMType":"String","Description":"The DlpPolicy parameter specifies the data loss prevention (DLP) policy that's associated with the rule.","Name":"DlpPolicy","Option":"Write"},{"CIMType":"Boolean","Description":"The Enabled parameter specifies whether the new rule is created as enabled or disabled.","Name":"Enabled","Option":"Write"},{"CIMType":"String","Description":"The ExceptIfADComparisonAttribute parameter specifies an exception that compares an Active Directory attribute between the sender and all recipients of the message.","Name":"ExceptIfADComparisonAttribute","Option":"Write"},{"CIMType":"String","Description":"The ExceptIfADComparisonOperator parameter specifies the comparison operator for the ExceptIfADComparisonAttribute parameter.","Name":"ExceptIfADComparisonOperator","Option":"Write","ValueMap":["Equal","NotEqual"],"Values":["Equal","NotEqual"]},{"CIMType":"String[]","Description":"The ExceptIfAnyOfCcHeader parameter specifies an exception that looks for recipients in the Cc field of messages.","Name":"ExceptIfAnyOfCcHeader","Option":"Write"},{"CIMType":"String[]","Description":"The ExceptIfAnyOfCcHeaderMemberOf parameter specifies an exception that looks for group members in the Cc field of messages. You can use any value that uniquely identifies the group.","Name":"ExceptIfAnyOfCcHeaderMemberOf","Option":"Write"},{"CIMType":"String[]","Description":"The ExceptIfAnyOfRecipientAddressContainsWords parameter specifies an exception that looks for words in recipient email addresses.","Name":"ExceptIfAnyOfRecipientAddressContainsWords","Option":"Write"},{"CIMType":"String[]","Description":"The ExceptIfAnyOfRecipientAddressMatchesPatterns parameter specifies an exception that looks for text patterns in recipient email addresses by using regular expressions.","Name":"ExceptIfAnyOfRecipientAddressMatchesPatterns","Option":"Write"},{"CIMType":"String[]","Description":"The ExceptIfAnyOfToCcHeader parameter specifies an exception that looks for recipients in the To or Cc fields of messages.","Name":"ExceptIfAnyOfToCcHeader","Option":"Write"},{"CIMType":"String[]","Description":"The ExceptIfAnyOfToCcHeaderMemberOf parameter specifies an exception that looks for group members in the To and Cc fields of messages.","Name":"ExceptIfAnyOfToCcHeaderMemberOf","Option":"Write"},{"CIMType":"String[]","Description":"The ExceptIfAnyOfToHeader parameter specifies an exception that looks for recipients in the To field of messages.","Name":"ExceptIfAnyOfToHeader","Option":"Write"},{"CIMType":"String[]","Description":"The ExceptIfAnyOfToHeaderMemberOf parameter specifies an exception that looks for group members in the To field of messages.","Name":"ExceptIfAnyOfToHeaderMemberOf","Option":"Write"},{"CIMType":"String[]","Description":"The ExceptIfAttachmentContainsWords parameter specifies an exception that looks for words in message attachments.","Name":"ExceptIfAttachmentContainsWords","Option":"Write"},{"CIMType":"String[]","Description":"The ExceptIfAttachmentExtensionMatchesWords parameter specifies an exception that looks for words in the file name extensions of message attachments.","Name":"ExceptIfAttachmentExtensionMatchesWords","Option":"Write"},{"CIMType":"Boolean","Description":"The ExceptIfAttachmentHasExecutableContent parameter specifies an exception that looks for executable content in message attachments.","Name":"ExceptIfAttachmentHasExecutableContent","Option":"Write"},{"CIMType":"Boolean","Description":"The ExceptIfAttachmentIsPasswordProtected parameter specifies an exception that looks for password protected files in messages (because the contents of the file can't be inspected).","Name":"ExceptIfAttachmentIsPasswordProtected","Option":"Write"},{"CIMType":"Boolean","Description":"The ExceptIfAttachmentIsUnsupported parameter specifies an exception that looks for unsupported file types in messages.","Name":"ExceptIfAttachmentIsUnsupported","Option":"Write"},{"CIMType":"String[]","Description":"The ExceptIfAttachmentMatchesPatterns parameter specifies an exception that looks for text patterns in the content of message attachments by using regular expressions.","Name":"ExceptIfAttachmentMatchesPatterns","Option":"Write"},{"CIMType":"String[]","Description":"The ExceptIfAttachmentNameMatchesPatterns parameter specifies an exception that looks for text patterns in the file name of message attachments by using regular expressions.","Name":"ExceptIfAttachmentNameMatchesPatterns","Option":"Write"},{"CIMType":"String[]","Description":"The ExceptIfAttachmentPropertyContainsWords parameter specifies an exception that looks for words in the properties of attached Office documents. ","Name":"ExceptIfAttachmentPropertyContainsWords","Option":"Write"},{"CIMType":"Boolean","Description":"The ExceptIfAttachmentProcessingLimitExceeded parameter specifies an exception that looks for messages where attachment scanning didn't complete.","Name":"ExceptIfAttachmentProcessingLimitExceeded","Option":"Write"},{"CIMType":"String","Description":"The ExceptIfAttachmentSizeOver parameter specifies an exception that looks for messages where any attachment is greater than the specified size.","Name":"ExceptIfAttachmentSizeOver","Option":"Write"},{"CIMType":"String[]","Description":"The ExceptIfBetweenMemberOf1 parameter specifies an exception that looks for messages that are sent between group members. ","Name":"ExceptIfBetweenMemberOf1","Option":"Write"},{"CIMType":"String[]","Description":"The ExceptIfBetweenMemberOf2 parameter specifies an exception that looks for messages that are sent between group members.","Name":"ExceptIfBetweenMemberOf2","Option":"Write"},{"CIMType":"String[]","Description":"The ExceptIfContentCharacterSetContainsWords parameter specifies an exception that looks for character set names in messages.","Name":"ExceptIfContentCharacterSetContainsWords","Option":"Write"},{"CIMType":"String[]","Description":"The ExceptIfFrom parameter specifies an exception that looks for messages from specific senders.","Name":"ExceptIfFrom","Option":"Write"},{"CIMType":"String[]","Description":"The ExceptIfFromAddressContainsWords parameter specifies an exception that looks for words in the sender's email address.","Name":"ExceptIfFromAddressContainsWords","Option":"Write"},{"CIMType":"String[]","Description":"The ExceptIfFromAddressMatchesPatterns parameter specifies an exception that looks for text patterns in the sender's email address by using regular expressions.","Name":"ExceptIfFromAddressMatchesPatterns","Option":"Write"},{"CIMType":"String[]","Description":"The ExceptIfFromMemberOf parameter specifies an exception that looks for messages sent by group members.","Name":"ExceptIfFromMemberOf","Option":"Write"},{"CIMType":"String","Description":"The ExceptIfFromScope parameter specifies an exception that looks for the location of message senders.","Name":"ExceptIfFromScope","Option":"Write","ValueMap":["InOrganization","NotInOrganization"],"Values":["InOrganization","NotInOrganization"]},{"CIMType":"String","Description":"The ExceptIfHasClassification parameter specifies an exception that looks for messages with the specified message classification.","Name":"ExceptIfHasClassification","Option":"Write"},{"CIMType":"Boolean","Description":"The ExceptIfHasNoClassification parameter specifies an exception that looks for messages with or without any message classifications.","Name":"ExceptIfHasNoClassification","Option":"Write"},{"CIMType":"String","Description":"The ExceptIfHeaderContainsMessageHeader parameter specifies the name of header field in the message header when searching for the words specified by the ExceptIfHeaderContainsWords parameter.","Name":"ExceptIfHeaderContainsMessageHeader","Option":"Write"},{"CIMType":"String[]","Description":"The ExceptIfHeaderContainsWords parameter specifies an exception that looks for words in a header field.","Name":"ExceptIfHeaderContainsWords","Option":"Write"},{"CIMType":"String","Description":"The ExceptIfHeaderMatchesMessageHeader parameter specifies the name of header field in the message header when searching for the text patterns specified by the ExceptIfHeaderMatchesPatterns parameter.","Name":"ExceptIfHeaderMatchesMessageHeader","Option":"Write"},{"CIMType":"String[]","Description":"The ExceptIfHeaderMatchesPatterns parameter specifies an exception that looks for text patterns in a header field by using regular expressions.","Name":"ExceptIfHeaderMatchesPatterns","Option":"Write"},{"CIMType":"String[]","Description":"The ExceptIfManagerAddresses parameter specifies the users (managers) for the ExceptIfManagerForEvaluatedUser parameter.","Name":"ExceptIfManagerAddresses","Option":"Write"},{"CIMType":"String","Description":"The ExceptIfManagerForEvaluatedUser parameter specifies an exception that looks for users in the Manager attribute of senders or recipients.","Name":"ExceptIfManagerForEvaluatedUser","Option":"Write"},{"CIMType":"String","Description":"The ExceptIfMessageTypeMatches parameter specifies an exception that looks for messages of the specified type.","Name":"ExceptIfMessageTypeMatches","Option":"Write","ValueMap":["OOF","AutoForward","Encrypted","Calendaring","PermissionControlled","Voicemail","Signed","ApprovalRequest","ReadReceipt"],"Values":["OOF","AutoForward","Encrypted","Calendaring","PermissionControlled","Voicemail","Signed","ApprovalRequest","ReadReceipt"]},{"CIMType":"String","Description":"The ExceptIfMessageSizeOver parameter specifies an exception that looks for messages larger than the specified size. ","Name":"ExceptIfMessageSizeOver","Option":"Write"},{"CIMType":"String[]","Description":"The ExceptIfRecipientADAttributeContainsWords parameter specifies an exception that looks for words in the Active Directory attributes of recipients.","Name":"ExceptIfRecipientADAttributeContainsWords","Option":"Write"},{"CIMType":"String[]","Description":"The ExceptIfRecipientADAttributeMatchesPatterns parameter specifies an exception that looks for text patterns in the Active Directory attributes of recipients by using regular expressions.","Name":"ExceptIfRecipientADAttributeMatchesPatterns","Option":"Write"},{"CIMType":"String[]","Description":"The ExceptIfRecipientAddressContainsWords parameter specifies an exception that looks for words in recipient email addresses.","Name":"ExceptIfRecipientAddressContainsWords","Option":"Write"},{"CIMType":"String[]","Description":"The ExceptIfRecipientAddressMatchesPatterns parameter specifies an exception that looks for text patterns in recipient email addresses by using regular expressions.","Name":"ExceptIfRecipientAddressMatchesPatterns","Option":"Write"},{"CIMType":"String[]","Description":"The ExceptIfRecipientDomainIs parameter specifies an exception that looks for recipients with email address in the specified domains.","Name":"ExceptIfRecipientDomainIs","Option":"Write"},{"CIMType":"String[]","Description":"This parameter is reserved for internal Microsoft use.","Name":"ExceptIfRecipientInSenderList","Option":"Write"},{"CIMType":"String","Description":"The ExceptIfSCLOver parameter specifies an exception that looks for the SCL value of messages","Name":"ExceptIfSCLOver","Option":"Write"},{"CIMType":"String[]","Description":"The ExceptIfSenderADAttributeContainsWords parameter specifies an exception that looks for words in Active Directory attributes of message senders.","Name":"ExceptIfSenderADAttributeContainsWords","Option":"Write"},{"CIMType":"String[]","Description":"The ExceptIfSenderADAttributeMatchesPatterns parameter specifies an exception that looks for text patterns in Active Directory attributes of message senders by using regular expressions.","Name":"ExceptIfSenderADAttributeMatchesPatterns","Option":"Write"},{"CIMType":"String[]","Description":"The ExceptIfSenderDomainIs parameter specifies an exception that looks for senders with email address in the specified domains.","Name":"ExceptIfSenderDomainIs","Option":"Write"},{"CIMType":"String[]","Description":"This parameter is reserved for internal Microsoft use.","Name":"ExceptIfSenderInRecipientList","Option":"Write"},{"CIMType":"String[]","Description":"The ExceptIfSenderIpRanges parameter specifies an exception that looks for senders whose IP addresses matches the specified value, or fall within the specified ranges.","Name":"ExceptIfSenderIpRanges","Option":"Write"},{"CIMType":"String","Description":"The ExceptIfSenderManagementRelationship parameter specifies an exception that looks for the relationship between the sender and recipients in messages.","Name":"ExceptIfSenderManagementRelationship","Option":"Write","ValueMap":["Manager","DirectReport"],"Values":["Manager","DirectReport"]},{"CIMType":"String[]","Description":"The ExceptIfSentTo parameter specifies an exception that looks for recipients in messages. You can use any value that uniquely identifies the recipient.","Name":"ExceptIfSentTo","Option":"Write"},{"CIMType":"String[]","Description":"The ExceptIfSentToMemberOf parameter specifies an exception that looks for messages sent to members of groups. You can use any value that uniquely identifies the group.","Name":"ExceptIfSentToMemberOf","Option":"Write"},{"CIMType":"String","Description":"The ExceptIfSentToScope parameter specifies an exception that looks for the location of a recipient. ","Name":"ExceptIfSentToScope","Option":"Write","ValueMap":["InOrganization","NotInOrganization","ExternalPartner","ExternalNonPartner"],"Values":["InOrganization","NotInOrganization","ExternalPartner","ExternalNonPartner"]},{"CIMType":"String[]","Description":"The ExceptIfSubjectContainsWords parameter specifies an exception that looks for words in the Subject field of messages.","Name":"ExceptIfSubjectContainsWords","Option":"Write"},{"CIMType":"String[]","Description":"The ExceptIfSubjectMatchesPatterns parameter specifies an exception that looks for text patterns in the Subject field of messages by using regular expressions.","Name":"ExceptIfSubjectMatchesPatterns","Option":"Write"},{"CIMType":"String[]","Description":"The ExceptIfSubjectOrBodyContainsWords parameter specifies an exception that looks for words in the Subject field or body of messages.","Name":"ExceptIfSubjectOrBodyContainsWords","Option":"Write"},{"CIMType":"String[]","Description":"The ExceptIfSubjectOrBodyMatchesPatterns parameter specifies an exception that looks for text patterns in the Subject field or body of messages.","Name":"ExceptIfSubjectOrBodyMatchesPatterns","Option":"Write"},{"CIMType":"String","Description":"The ExceptIfWithImportance parameter specifies an exception that looks for messages with the specified importance level.","Name":"ExceptIfWithImportance","Option":"Write","ValueMap":["Low","Normal","High"],"Values":["Low","Normal","High"]},{"CIMType":"String","Description":"The ExpiryDate parameter specifies when this rule will stop processing messages. The rule won't take any action on messages after the specified date/time.","Name":"ExpiryDate","Option":"Write"},{"CIMType":"String[]","Description":"The From parameter specifies a condition that looks for messages from specific senders. You can use any value that uniquely identifies the sender.","Name":"From","Option":"Write"},{"CIMType":"String[]","Description":"The FromAddressContainsWords parameter specifies a condition that looks for words in the sender's email address. ","Name":"FromAddressContainsWords","Option":"Write"},{"CIMType":"String[]","Description":"The FromAddressMatchesPatterns parameter specifies a condition that looks for text patterns in the sender's email address by using regular expressions.","Name":"FromAddressMatchesPatterns","Option":"Write"},{"CIMType":"String[]","Description":"The FromMemberOf parameter specifies a condition that looks for messages sent by group members.","Name":"FromMemberOf","Option":"Write"},{"CIMType":"String","Description":"The FromScope parameter specifies a condition that looks for the location of message senders.","Name":"FromScope","Option":"Write","ValueMap":["InOrganization","NotInOrganization"],"Values":["InOrganization","NotInOrganization"]},{"CIMType":"String","Description":"The GenerateIncidentReport parameter specifies where to send the incident report that's defined by the IncidentReportContent parameter.","Name":"GenerateIncidentReport","Option":"Write"},{"CIMType":"String","Description":"The GenerateNotification parameter specifies an action that sends a notification message to recipients.","Name":"GenerateNotification","Option":"Write"},{"CIMType":"String","Description":"The HasClassification parameter specifies a condition that looks for messages with the specified message classification.","Name":"HasClassification","Option":"Write"},{"CIMType":"Boolean","Description":"The HasNoClassification parameter specifies a condition that looks for messages with or without any message classifications.","Name":"HasNoClassification","Option":"Write"},{"CIMType":"String","Description":"The HeaderContainsMessageHeader parameter specifies the name of header field in the message header when searching for the words specified by the HeaderContainsWords parameter.","Name":"HeaderContainsMessageHeader","Option":"Write"},{"CIMType":"String[]","Description":"The HeaderContainsWords parameter specifies a condition that looks for words in a header field.","Name":"HeaderContainsWords","Option":"Write"},{"CIMType":"String","Description":"The HeaderMatchesMessageHeader parameter specifies the name of header field in the message header when searching for the text patterns specified by the HeaderMatchesPatterns parameter.","Name":"HeaderMatchesMessageHeader","Option":"Write"},{"CIMType":"String[]","Description":"The HeaderMatchesPatterns parameter specifies a condition that looks for text patterns in a header field by using regular expressions. ","Name":"HeaderMatchesPatterns","Option":"Write"},{"CIMType":"String[]","Description":"The IncidentReportContent parameter specifies the message properties that are included in the incident report that's generated when a message violates a DLP policy. ","Name":"IncidentReportContent","Option":"Write"},{"CIMType":"String[]","Description":"The ManagerAddresses parameter specifies the users (managers) for the ExceptIfManagerForEvaluatedUser parameter.","Name":"ManagerAddresses","Option":"Write"},{"CIMType":"String","Description":"The ManagerForEvaluatedUser parameter specifies a condition that looks for users in the Manager attribute of senders or recipients.","Name":"ManagerForEvaluatedUser","Option":"Write","ValueMap":["Recipient","Sender"],"Values":["Recipient","Sender"]},{"CIMType":"String","Description":"The MessageSizeOver parameter specifies a condition that looks for messages larger than the specified size. The size includes the message and all attachments.","Name":"MessageSizeOver","Option":"Write"},{"CIMType":"String","Description":"The MessageTypeMatches parameter specifies a condition that looks for messages of the specified type.","Name":"MessageTypeMatches","Option":"Write","ValueMap":["OOF","AutoForward","Encrypted","Calendaring","PermissionControlled","Voicemail","Signed","ApprovalRequest","ReadReceipt"],"Values":["OOF","AutoForward","Encrypted","Calendaring","PermissionControlled","Voicemail","Signed","ApprovalRequest","ReadReceipt"]},{"CIMType":"String","Description":"The Mode parameter specifies how the rule operates.","Name":"Mode","Option":"Write","ValueMap":["Audit","AuditAndNotify","Enforce"],"Values":["Audit","AuditAndNotify","Enforce"]},{"CIMType":"Boolean","Description":"The ModerateMessageByManager parameter specifies an action that forwards messages for approval to the user that's specified in the sender's Manager attribute.","Name":"ModerateMessageByManager","Option":"Write"},{"CIMType":"String[]","Description":"The ModerateMessageByUser parameter specifies an action that forwards messages for approval to the specified users.","Name":"ModerateMessageByUser","Option":"Write"},{"CIMType":"String","Description":"The PrependSubject parameter specifies an action that adds text to add to the beginning of the Subject field of messages.","Name":"PrependSubject","Option":"Write"},{"CIMType":"UInt32","Description":"The Priority parameter specifies a priority value for the rule that determines the order of rule processing.","Name":"Priority","Option":"Write"},{"CIMType":"Boolean","Description":"The Quarantine parameter specifies an action that quarantines messages.","Name":"Quarantine","Option":"Write"},{"CIMType":"String[]","Description":"The RecipientADAttributeContainsWords parameter specifies a condition that looks for words in the Active Directory attributes of recipients. ","Name":"RecipientADAttributeContainsWords","Option":"Write"},{"CIMType":"String[]","Description":"The RecipientADAttributeMatchesPatterns parameter specifies a condition that looks for text patterns in the Active Directory attributes of recipients by using regular expressions.","Name":"RecipientADAttributeMatchesPatterns","Option":"Write"},{"CIMType":"String[]","Description":"The RecipientAddressContainsWords parameter specifies a condition that looks for words in recipient email addresses.","Name":"RecipientAddressContainsWords","Option":"Write"},{"CIMType":"String[]","Description":"The RecipientAddressMatchesPatterns parameter specifies a condition that looks for text patterns in recipient email addresses by using regular expressions.","Name":"RecipientAddressMatchesPatterns","Option":"Write"},{"CIMType":"String","Description":"The RecipientAddressType parameter specifies how conditions and exceptions check recipient email addresses.","Name":"RecipientAddressType","Option":"Write","ValueMap":["Original","Resolved"],"Values":["Original","Resolved"]},{"CIMType":"String[]","Description":"The RecipientDomainIs parameter specifies a condition that looks for recipients with email address in the specified domains.","Name":"RecipientDomainIs","Option":"Write"},{"CIMType":"String[]","Description":"This parameter is reserved for internal Microsoft use.","Name":"RecipientInSenderList","Option":"Write"},{"CIMType":"String[]","Description":"The RedirectMessageTo parameter specifies a rule action that redirects messages to the specified recipients.","Name":"RedirectMessageTo","Option":"Write"},{"CIMType":"String","Description":"The RejectMessageEnhancedStatusCode parameter specifies the enhanced status code that's used when the rule rejects messages.","Name":"RejectMessageEnhancedStatusCode","Option":"Write"},{"CIMType":"String","Description":"The RejectMessageReasonText parameter specifies the explanation text that's used when the rule rejects messages.","Name":"RejectMessageReasonText","Option":"Write"},{"CIMType":"String","Description":"The RemoveHeader parameter specifies an action that removes a header field from the message header.","Name":"RemoveHeader","Option":"Write"},{"CIMType":"Boolean","Description":"The RemoveOMEv2 parameter specifies an action that removes Office 365 Message Encryption from messages and their attachments.","Name":"RemoveOMEv2","Option":"Write"},{"CIMType":"Boolean","Description":"This parameter specifies an action or part of an action for the rule.","Name":"RemoveRMSAttachmentEncryption","Option":"Write"},{"CIMType":"String","Description":"The RouteMessageOutboundConnector parameter specifies an action that routes messages through the specified Outbound connector in Office 365.","Name":"RouteMessageOutboundConnector","Option":"Write"},{"CIMType":"Boolean","Description":"The RouteMessageOutboundRequireTls parameter specifies an action that uses Transport Layer Security (TLS) encryption to deliver messages outside your organization.","Name":"RouteMessageOutboundRequireTls","Option":"Write"},{"CIMType":"String","Description":"The RuleErrorAction parameter specifies what to do if rule processing can't be completed on messages.","Name":"RuleErrorAction","Option":"Write","ValueMap":["Ignore","Defer"],"Values":["Ignore","Defer"]},{"CIMType":"String","Description":"The RuleSubType parameter specifies the rule type.","Name":"RuleSubType","Option":"Write","ValueMap":["Dlp","None"],"Values":["Dlp","None"]},{"CIMType":"String","Description":"The SCLOver parameter specifies a condition that looks for the SCL value of messages","Name":"SCLOver","Option":"Write"},{"CIMType":"String[]","Description":"The SenderADAttributeContainsWords parameter specifies a condition that looks for words in Active Directory attributes of message senders.","Name":"SenderADAttributeContainsWords","Option":"Write"},{"CIMType":"String[]","Description":"The SenderADAttributeMatchesPatterns parameter specifies a condition that looks for text patterns in Active Directory attributes of message senders by using regular expressions.","Name":"SenderADAttributeMatchesPatterns","Option":"Write"},{"CIMType":"String","Description":"The SenderAddressLocation parameter specifies where to look for sender addresses in conditions and exceptions that examine sender email addresses.","Name":"SenderAddressLocation","Option":"Write","ValueMap":["Header","Envelope","HeaderOrEnvelope"],"Values":["Header","Envelope","HeaderOrEnvelope"]},{"CIMType":"String[]","Description":"The SenderDomainIs parameter specifies a condition that looks for senders with email address in the specified domains.","Name":"SenderDomainIs","Option":"Write"},{"CIMType":"String[]","Description":"This parameter is reserved for internal Microsoft use.","Name":"SenderInRecipientList","Option":"Write"},{"CIMType":"String[]","Description":"The SenderIpRanges parameter specifies a condition that looks for senders whose IP addresses matches the specified value, or fall within the specified ranges.","Name":"SenderIpRanges","Option":"Write"},{"CIMType":"String","Description":"The SenderManagementRelationship parameter specifies a condition that looks for the relationship between the sender and recipients in messages.","Name":"SenderManagementRelationship","Option":"Write","ValueMap":["Manager","DirectReport"],"Values":["Manager","DirectReport"]},{"CIMType":"String[]","Description":"The SentTo parameter specifies a condition that looks for recipients in messages.","Name":"SentTo","Option":"Write"},{"CIMType":"String[]","Description":"The SentToMemberOf parameter specifies a condition that looks for messages sent to members of distribution groups, dynamic distribution groups, or mail-enabled security groups.","Name":"SentToMemberOf","Option":"Write"},{"CIMType":"String","Description":"The SentToScope parameter specifies a condition that looks for the location of recipients.","Name":"SentToScope","Option":"Write","ValueMap":["InOrganization","NotInOrganization","ExternalPartner","ExternalNonPartner"],"Values":["InOrganization","NotInOrganization","ExternalPartner","ExternalNonPartner"]},{"CIMType":"String","Description":"The SetAuditSeverity parameter specifies an action that sets the severity level of the incident report and the corresponding entry that's written to the message tracking log when messages violate DLP policies.","Name":"SetAuditSeverity","Option":"Write","ValueMap":["DoNotAudit","Low","Medium","High"],"Values":["DoNotAudit","Low","Medium","High"]},{"CIMType":"String","Description":"The SetHeaderName parameter specifies an action that adds or modifies a header field in the message header.","Name":"SetHeaderName","Option":"Write"},{"CIMType":"String","Description":"The SetHeaderValue parameter specifies an action that adds or modifies a header field in the message header.","Name":"SetHeaderValue","Option":"Write"},{"CIMType":"String","Description":"The SetSCL parameter specifies an action that adds or modifies the SCL value of messages.","Name":"SetSCL","Option":"Write"},{"CIMType":"Boolean","Description":"The StopRuleProcessing parameter specifies an action that stops processing more rules.","Name":"StopRuleProcessing","Option":"Write"},{"CIMType":"String[]","Description":"The SubjectContainsWords parameter specifies a condition that looks for words in the Subject field of messages.","Name":"SubjectContainsWords","Option":"Write"},{"CIMType":"String[]","Description":"The SubjectMatchesPatterns parameter specifies a condition that looks for text patterns in the Subject field of messages by using regular expressions.","Name":"SubjectMatchesPatterns","Option":"Write"},{"CIMType":"String[]","Description":"The SubjectOrBodyContainsWords parameter specifies a condition that looks for words in the Subject field or body of messages.","Name":"SubjectOrBodyContainsWords","Option":"Write"},{"CIMType":"String[]","Description":"The SubjectOrBodyMatchesPatterns parameter specifies a condition that looks for text patterns in the Subject field or body of messages.","Name":"SubjectOrBodyMatchesPatterns","Option":"Write"},{"CIMType":"String","Description":"The WithImportance parameter specifies a condition that looks for messages with the specified importance level.","Name":"WithImportance","Option":"Write","ValueMap":["Low","Normal","High"],"Values":["Low","Normal","High"]},{"CIMType":"String","Description":"Specify if the Transport Rule should exist or not.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures Transport Rules in Exchange Online."},{"ClassName":"MSFT_FabricDelegatedFrom","Parameters":[{"CIMType":"String","Description":"The setting is delegated from a capacity.","Name":"Capacity","Option":"Write"},{"CIMType":"String","Description":"The setting is delegated from a domain.","Name":"Domain","Option":"Write"},{"CIMType":"String","Description":"The setting is delegated from a tenant.","Name":"Tenant","Option":"Write"}],"Description":"This resource configures the tenant settings for Microsoft Fabric.\n\n**Please note:** For a successful export, you need to use service principals. Refer to the [Authentication and Permissions](https://microsoft365dsc.com/user-guide/get-started/authentication-and-permissions/#fabric-permissions) page for further information on how to set up your service principal."},{"ClassName":"MSFT_FabricTenantSettingProperty","Parameters":[{"CIMType":"String","Description":"The name of the property.","Name":"name","Option":"Write"},{"CIMType":"String","Description":"The type of the property.","Name":"type","Option":"Write"},{"CIMType":"String","Description":"The value of the property.","Name":"value","Option":"Write"}],"Description":"This resource configures the tenant settings for Microsoft Fabric.\n\n**Please note:** For a successful export, you need to use service principals. Refer to the [Authentication and Permissions](https://microsoft365dsc.com/user-guide/get-started/authentication-and-permissions/#fabric-permissions) page for further information on how to set up your service principal."},{"ClassName":"MSFT_FabricTenantSetting","Parameters":[{"CIMType":"Boolean","Description":"Indicates if the tenant setting is enabled for a security group. 0 - The tenant setting is enabled for the entire organization.","Name":"canSpecifySecurityGroups","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether the tenant setting can be delegated to a workspace admin. False - Workspace admin cannot override the tenant setting.","Name":"delegateToWorkspace","Option":"Write"},{"CIMType":"MSFT_FabricDelegatedFrom","Description":"Tenant setting delegated from tenant, capacity or domain.","Name":"delegatedFrom","Option":"Write"},{"CIMType":"String","Description":"The name of the tenant setting.","Name":"settingName","Option":"Write"},{"CIMType":"Boolean","Description":"The status of the tenant setting.","Name":"enabled","Option":"Write"},{"CIMType":"String","Description":"Tenant setting group name.","Name":"tenantSettingGroup","Option":"Write"},{"CIMType":"String","Description":"The title of the tenant setting.","Name":"title","Option":"Write"},{"CIMType":"MSFT_FabricTenantSettingProperty[]","Description":"Tenant setting properties.","Name":"properties","Option":"Write"},{"CIMType":"String[]","Description":"A list of excluded security groups.","Name":"excludedSecurityGroups","Option":"Write"},{"CIMType":"String[]","Description":"A list of enabled security groups.","Name":"enabledSecurityGroups","Option":"Write"}],"Description":"This resource configures the tenant settings for Microsoft Fabric.\n\n**Please note:** For a successful export, you need to use service principals. Refer to the [Authentication and Permissions](https://microsoft365dsc.com/user-guide/get-started/authentication-and-permissions/#fabric-permissions) page for further information on how to set up your service principal."},{"ClassName":"MSFT_FabricAdminTenantSettings","Parameters":[{"CIMType":"String","Description":"Specifies the resource is a single instance, the value must be 'Yes'.","Name":"IsSingleInstance","Option":"Key","ValueMap":["Yes"],"Values":["Yes"]},{"CIMType":"MSFT_FabricTenantSetting","Description":"Microsoft Entra single sign-on for data gateway","Name":"AADSSOForGateway","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Enhance admin APIs responses with detailed metadata","Name":"AdminApisIncludeDetailedMetadata","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Enhance admin APIs responses with DAX and mashup expressions","Name":"AdminApisIncludeExpressions","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Show a custom message before publishing reports","Name":"AdminCustomDisclaimer","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Users can create and share AI skill item types (preview)","Name":"AISkillArtifactTenantSwitch","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Azure Private Link","Name":"AllowAccessOverPrivateLinks","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"AppSource Custom Visuals SSO","Name":"AllowCVAuthenticationTenant","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Allow access to the browser's local storage","Name":"AllowCVLocalStorageV2Tenant","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Allow downloads from custom visuals","Name":"AllowCVToExportDataToFileTenant","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Endorse master data (preview)","Name":"AllowEndorsementMasterDataSwitch","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Users can accept external data shares (preview)","Name":"AllowExternalDataSharingReceiverSwitch","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"External data sharing (preview)","Name":"AllowExternalDataSharingSwitch","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Use short-lived user-delegated SAS tokens (preview).","Name":"AllowGetOneLakeUDK","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Users can try Microsoft Fabric paid features","Name":"AllowFreeTrial","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Users can see guest users in lists of suggested people","Name":"AllowGuestLookup","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Guest users can access Microsoft Fabric","Name":"AllowGuestUserToAccessSharedContent","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"DEPRECATED","Name":"AllowMountDfCreation","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Authenticate with OneLake user-delegated SAS tokens (preview).","Name":"AllowOneLakeUDK","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Allow DirectQuery connections to Power BI semantic models","Name":"AllowPowerBIASDQOnTenant","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Data sent to Azure OpenAI can be processed outside your capacity's geographic region, compliance boundary, or national cloud instance","Name":"AllowSendAOAIDataToOtherRegions","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Allow user data to leave their geography","Name":"AllowSendNLToDaxDataToOtherRegions","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Allow service principals to create and use profiles","Name":"AllowServicePrincipalsCreateAndUseProfiles","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Service principals can access read-only admin APIs","Name":"AllowServicePrincipalsUseReadAdminAPIs","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Push apps to end users","Name":"AppPush","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Users can discover and create org apps (preview).","Name":"ArtifactOrgAppPreview","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Use global search for Power BI","Name":"ArtifactSearchTenant","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Microsoft can store query text to aid in support investigations","Name":"ASCollectQueryTextTelemetryTenantSwitch","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Enable granular access control for all data connections","Name":"ASShareableCloudConnectionBindingSecurityModeTenant","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Semantic models can export data to OneLake (preview)","Name":"ASWritethruContinuousExportTenantSwitch","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Users can store semantic model tables in OneLake (preview)","Name":"ASWritethruTenantSwitch","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Install Power BI app for Microsoft Teams automatically","Name":"AutoInstallPowerBIAppInTeamsTenant","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Show entry points for insights (preview)","Name":"AutomatedInsightsEntryPoints","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Receive notifications for top insights (preview)","Name":"AutomatedInsightsTenant","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"DEPRECATED","Name":"AzureMap","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Map and filled map visuals","Name":"BingMap","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Block Public Internet Access","Name":"BlockAccessFromPublicNetworks","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Block republish and disable package refresh","Name":"BlockAutoDiscoverAndPackageRefresh","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Restrict content with protected labels from being shared via link with everyone in your organization","Name":"BlockProtectedLabelSharingToEntireOrg","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Block ResourceKey Authentication","Name":"BlockResourceKeyAuthentication","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Create and use Gen1 dataflows","Name":"CDSAManagement","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Add and use certified visuals only (block uncertified)","Name":"CertifiedCustomVisualsTenant","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Certification","Name":"CertifyDatasets","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Define workspace retention period","Name":"ConfigureFolderRetentionPeriod","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Create workspaces","Name":"CreateAppWorkspaces","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Allow visuals created using the Power BI SDK","Name":"CustomVisualsTenant","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Create Datamarts (preview)","Name":"DatamartTenant","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Semantic Model Execute Queries REST API","Name":"DatasetExecuteQueries","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Publish template apps","Name":"DevelopServiceApps","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Discover content","Name":"DiscoverDatasetsConsumption","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Make certified content discoverable ","Name":"DiscoverDatasetsSettingsCertified","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Make promoted content discoverable","Name":"DiscoverDatasetsSettingsPromoted","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Dremio SSO","Name":"DremioSSO","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Apply sensitivity labels from data sources to their data in Power BI","Name":"EimInformationProtectionDataSourceInheritanceSetting","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Automatically apply sensitivity labels to downstream content","Name":"EimInformationProtectionDownstreamInheritanceSetting","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Allow users to apply sensitivity labels for content","Name":"EimInformationProtectionEdit","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"DEPRECATED","Name":"EimInformationProtectionLessElevated","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Allow workspace admins to override automatically applied sensitivity labels","Name":"EimInformationProtectionWorkspaceAdminsOverrideAutomaticLabelsSetting","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Guest users can browse and access Fabric content","Name":"ElevatedGuestsTenant","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Receive email notifications for service outages or incidents","Name":"EmailSecurityGroupsOnOutage","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Guest users can set up and subscribe to email subscriptions","Name":"EmailSubscriptionsToB2BUsers","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Users can send email subscriptions to guest users","Name":"EmailSubscriptionsToExternalUsers","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Users can set up email subscriptions","Name":"EmailSubscriptionTenant","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Embed content in apps","Name":"Embedding","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Users can use Copilot and other features powered by Azure OpenAI","Name":"EnableAOAI","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Allow specific users to turn on external data sharing","Name":"EnableDatasetInPlaceSharing","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Allow connections to featured tables","Name":"EnableExcelYellowIntegration","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"DEPRECATED","Name":"EnableFabricAirflow","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Allow quick measure suggestions (preview)","Name":"EnableNLToDax","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Allow tenant and domain admins to override workspace assignments (preview)","Name":"EnableReassignDataDomainSwitch","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Use ArcGIS Maps for Power BI","Name":"EsriVisual","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Help Power BI optimize your experience","Name":"ExpFlightingTenant","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Download reports","Name":"ExportReport","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Export to .csv","Name":"ExportToCsv","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Export to Excel","Name":"ExportToExcelSetting","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Export reports as image files","Name":"ExportToImage","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Export reports as MHTML documents","Name":"ExportToMHTML","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Export reports as PowerPoint presentations or PDF documents","Name":"ExportToPowerPoint","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Export reports as Word documents","Name":"ExportToWord","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Export reports as XML documents","Name":"ExportToXML","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Copy and paste visuals","Name":"ExportVisualImageTenant","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Guest users can work with shared semantic models in their own tenants","Name":"ExternalDatasetSharingTenant","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Users can invite guest users to collaborate through item sharing and permissions","Name":"ExternalSharingV2","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Capacity admins and contributors can add and remove additional workloads","Name":"FabricAddPartnerWorkload","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Product Feedback","Name":"FabricFeedbackTenantSwitch","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Users can create Fabric items","Name":"FabricGAWorkloads","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Capacity admins can develop additional workloads","Name":"FabricThirdPartyWorkloads","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Users can sync workspace items with GitHub repositories ","Name":"GitHubTenantSettings","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Users can export items to Git repositories in other geographical locations (preview)","Name":"GitIntegrationCrossGeoTenantSwitch","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Users can export workspace items with applied sensitivity labels to Git repositories (preview)","Name":"GitIntegrationSensitivityLabelsTenantSwitch","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Users can synchronize workspace items with their Git repositories (preview)","Name":"GitIntegrationTenantSwitch","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Google BigQuery SSO","Name":"GoogleBigQuerySSO","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"DEPRECATED","Name":"GraphQLTenant","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Healthcare data solutions (preview)","Name":"HealthcareSolutionsTenantSwitch","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Install template apps not listed in AppSource","Name":"InstallNonvalidatedTemplateApps","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Install template apps","Name":"InstallServiceApps","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Users can create Real-Time Dashboards (preview)","Name":"KustoDashboardTenantSwitch","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Users can work with semantic models in Excel using a live connection","Name":"LiveConnection","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Azure Log Analytics connections for workspace administrators","Name":"LogAnalyticsAttachForWorkspaceAdmins","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Users can see Microsoft Fabric metadata in Microsoft 365","Name":"M365DataSharing","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Database Mirroring (preview)","Name":"Mirroring","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Semantic model owners can choose to automatically update semantic models from files imported from OneDrive or SharePoint","Name":"ODSPRefreshEnforcementTenantAllowAutomaticUpdate","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Users can share links to Power BI files stored in OneDrive and SharePoint through Power BI Desktop (preview)","Name":"OneDriveSharePointAllowSharingTenantSetting","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Users can view Power BI files saved in OneDrive and SharePoint (preview)","Name":"OneDriveSharePointViewerIntegrationTenantSettingV2","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Users can sync data in OneLake with the OneLake File Explorer app","Name":"OneLakeFileExplorer","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Users can access data stored in OneLake with apps external to Fabric","Name":"OneLakeForThirdParty","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Allow XMLA endpoints and Analyze in Excel with on-premises semantic models","Name":"OnPremAnalyzeInExcel","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Create and use Metrics","Name":"PowerBIGoalsTenant","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"DEPRECATED","Name":"PowerPlatformSolutionsIntegrationTenant","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Print dashboards and reports","Name":"Printing","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Featured content","Name":"PromoteContent","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Publish apps to the entire organization","Name":"PublishContentPack","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Publish to web","Name":"PublishToWeb","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Review questions","Name":"QnaFeedbackLoop","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Synonym sharing","Name":"QnaLsdlSharing","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Scale out queries for large semantic models","Name":"QueryScaleOutTenant","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Redshift SSO","Name":"RedshiftSSO","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Block users from reassigning personal workspaces (My Workspace)","Name":"RestrictMyFolderCapacity","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"DEPRECATED","Name":"RetailSolutionsTenantSwitch","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Interact with and share R and Python visuals","Name":"RScriptVisual","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"DEPRECATED","Name":"ServicePrincipalAccess","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Allow shareable links to grant access to everyone in your organization","Name":"ShareLinkToEntireOrg","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Enable Microsoft Teams integration","Name":"ShareToTeamsTenant","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Snowflake SSO","Name":"SnowflakeSSO","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Enable Power BI add-in for PowerPoint","Name":"StorytellingTenant","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Sustainability solutions (preview)","Name":"SustainabilitySolutionsTenantSwitch","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Create template organizational apps","Name":"TemplatePublish","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Publish Get Help information","Name":"TenantSettingPublishGetHelpInfo","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Data Activator (preview)","Name":"TridentPrivatePreview","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Usage metrics for content creators","Name":"UsageMetrics","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Per-user data in usage metrics for content creators","Name":"UsageMetricsTrackUserLevelInfo","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Use semantic models across workspaces","Name":"UseDatasetsAcrossWorkspaces","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Integration with SharePoint and Microsoft Lists","Name":"VisualizeListInPowerBI","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Web content on dashboard tiles","Name":"WebContentTilesTenant","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Users can edit data models in the Power BI service (preview)","Name":"WebModelingTenantSwitch","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Users with view permission can launch Explore","Name":"AdminDataExploreViewPermission","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Show user data in the Fabric Capacity Metrics app and reports","Name":"AllowCapacityMetricsReportUserMask","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Allow non-Entra ID auth in Eventstream","Name":"AllowNonEntraADAuthInEventStream","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Service principals can access admin APIs used for updates","Name":"AllowServicePrincipalsUseWriteAdminAPIs","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Data sent to Azure OpenAI can be stored outside your capacity's geographic region, compliance boundary, or national cloud instance","Name":"AllowStoreAOAIDataInOtherRegions","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Users can create dbt job items (preview)","Name":"ArtifactDBTItemTenantSwitch","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"User can create Graph (preview)","Name":"ArtifactGraphPreview","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Users can create Maps (preview)","Name":"ArtifactMapTenantSwitch","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"TBD","Name":"ArtifactSnowflakeDatabasePreview","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Automatically convert and store reports using Power BI enhanced metadata format (PBIR) (preview)","Name":"AutomaticallyUsePBIR","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Users can use the Azure Maps visual","Name":"AzureMaps","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Data sent to Azure Maps can be processed outside your tenant's geographic region, compliance boundary, or national cloud instance","Name":"AzureMapsCrossRegionDataProcessing","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Users can use Azure Maps services","Name":"AzureMapsInFabric","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Data sent to Azure Maps can be processed outside your capacity's geographic region, compliance boundary or national cloud instance","Name":"AzureMapsInFabricCrossRegionDataProcessing","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Data sent to Azure Maps can be processed by Microsoft Online Services Subprocessors","Name":"AzureMapsThirdPartyDataProcessing","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Users can use Azure Maps Weather Services (Preview)","Name":"AzureMapsWeatherServices","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Configure workspace IP firewall rules (preview)","Name":"ConfigureWorkspaceLevelIPFirewallRules","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Capacities can be designated as Fabric Copilot capacities","Name":"CopilotCapacitySetupPermissionSwitch","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Allow Microsoft Purview to secure AI interactions","Name":"DataSecurityForAIInteractions","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"TBD","Name":"DeltaToIcebergTableVirtualization","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Users can create Digital Twin Builder (preview) items","Name":"DigitalOperationsPreview","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Users can create Direct Lake on OneLake semantic models (preview)","Name":"DirectLakeOnOneLakeSemanticModelCreation","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Domain admins can set default sensitivity labels for their domains (preview)","Name":"EimInformationProtectionDefaultLabelDomainSetting","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"ArcGIS GeoAnalytics for Fabric Runtime","Name":"EnableEsriLibraries","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Workspace admins can add and remove additional workloads (preview)","Name":"FabricAddWorkloadToWorkspace","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Users can be informed of upcoming conferences featuring Microsoft Fabric when they are logged in to Fabric","Name":"FabricPromotionTenantSwitch","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Users can access a standalone, cross-item Power BI Copilot experience (preview)","Name":"ImmersiveTenantAdminSwitch","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"ML models can serve real-time predictions from API endpoints (preview)","Name":"MLModelEndpointsTenantSwitch","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Include end-user identifiers in OneLake diagnostic logs","Name":"OneLakeDiagnosticLogsEUII","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Users can create Ontology (preview) items","Name":"OntologyPreview","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Workspace admins can turn on monitoring for their workspaces (preview)","Name":"PlatformMonitoringTenantSetting","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Users can use the Power BI Model Context Protocol server endpoint (preview)","Name":"PowerBIMCP","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Only show approved items in the standalone Copilot in Power BI experience (preview)","Name":"PreppedForCopilotContentDiscovery","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Detect anomalies in Real-Time Intelligence (Preview)","Name":"RTHAnomalyDetectionTenantSwitch","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Enable Operations Agents (Preview)","Name":"RTHOperationalAgentsTenantSwitch","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Service principals can create workspaces, connections, and deployment pipelines","Name":"ServicePrincipalAccessGlobalAPIs","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Service principals can call Fabric public APIs","Name":"ServicePrincipalAccessPermissionAPIs","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"All Power BI users can see Set alert button to create Fabric Activator alerts","Name":"ShowActivatorEntryPointsTenantSwitch","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Users can see and work with additional workloads not validated by Microsoft","Name":"ThirdPartyPrivateWorkloads","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Configure workspace-level inbound network rules","Name":"WorkspaceBlockInboundAccess","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Configure workspace-level outbound network rules","Name":"WorkspaceBlockOutboundAccess","Option":"Write"},{"CIMType":"MSFT_FabricTenantSetting","Description":"Apply customer-managed keys","Name":"WorkspaceCmk","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory application to authenticate with.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures the tenant settings for Microsoft Fabric.\n\n**Please note:** For a successful export, you need to use service principals. Refer to the [Authentication and Permissions](https://microsoft365dsc.com/user-guide/get-started/authentication-and-permissions/#fabric-permissions) page for further information on how to set up your service principal."},{"ClassName":"MSFT_IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicyAssignments","Parameters":[{"CIMType":"String","Description":"The type of the target assignment.","Name":"dataType","Option":"Required","ValueMap":["#microsoft.graph.groupAssignmentTarget","#microsoft.graph.allLicensedUsersAssignmentTarget","#microsoft.graph.allDevicesAssignmentTarget","#microsoft.graph.exclusionGroupAssignmentTarget","#microsoft.graph.configurationManagerCollectionAssignmentTarget"],"Values":["#microsoft.graph.groupAssignmentTarget","#microsoft.graph.allLicensedUsersAssignmentTarget","#microsoft.graph.allDevicesAssignmentTarget","#microsoft.graph.exclusionGroupAssignmentTarget","#microsoft.graph.configurationManagerCollectionAssignmentTarget"]},{"CIMType":"String","Description":"The type of filter of the target assignment i.e. Exclude or Include. Possible values are:none, include, exclude.","Name":"deviceAndAppManagementAssignmentFilterType","Option":"Write","ValueMap":["none","include","exclude"],"Values":["none","include","exclude"]},{"CIMType":"String","Description":"The Id of the filter for the target assignment.","Name":"deviceAndAppManagementAssignmentFilterId","Option":"Write"},{"CIMType":"String","Description":"The display name of the filter for the target assignment.","Name":"deviceAndAppManagementAssignmentFilterDisplayName","Option":"Write"},{"CIMType":"String","Description":"The group Id that is the target of the assignment.","Name":"groupId","Option":"Write"},{"CIMType":"String","Description":"The group Display Name that is the target of the assignment.","Name":"groupDisplayName","Option":"Write"},{"CIMType":"String","Description":"The collection Id that is the target of the assignment.(ConfigMgr)","Name":"collectionId","Option":"Write"}],"Description":"This resource configures an Intune Account Protection Local Administrator Password Solution Policy."},{"ClassName":"MSFT_IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicy","Parameters":[{"CIMType":"String","Description":"Identity of the account protection local administrator password solution policy.","Name":"Identity","Option":"Write"},{"CIMType":"String","Description":"Display name of the account protection local administrator password solution policy.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"Description of the account protection local administrator password solution policy.","Name":"Description","Option":"Write"},{"CIMType":"String[]","Description":"List of Scope Tags for this policy.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"MSFT_IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicyAssignments[]","Description":"Assignments of the account protection local administrator password solution policy.","Name":"Assignments","Option":"Write"},{"CIMType":"UInt32","Description":"Configures which directory the local admin account password is backed up to. 0 - Disabled, 1 - Azure AD, 2 - AD","Name":"BackupDirectory","Option":"Write","ValueMap":[0,1,2],"Values":[0,1,2]},{"CIMType":"UInt32","Description":"Configures the maximum password age of the managed local administrator account for Azure AD. Minimum - 7, Maximum - 365","Name":"passwordagedays_aad","Option":"Write"},{"CIMType":"UInt32","Description":"Configures the maximum password age of the managed local administrator account for Active Directory. Minimum - 1, Maximum - 365","Name":"PasswordAgeDays","Option":"Write"},{"CIMType":"Boolean","Description":"Configures additional enforcement of maximum password age for the managed local administrator account.","Name":"PasswordExpirationProtectionEnabled","Option":"Write"},{"CIMType":"UInt32","Description":"Configures how many previous encrypted passwords will be remembered in Active Directory. Minimum - 0, Maximum - 12","Name":"AdEncryptedPasswordHistorySize","Option":"Write"},{"CIMType":"Boolean","Description":"Configures whether the password is encrypted before being stored in Active Directory.","Name":"AdPasswordEncryptionEnabled","Option":"Write"},{"CIMType":"String","Description":"Configures the name or SID of a user or group that can decrypt the password stored in Active Directory.","Name":"AdPasswordEncryptionPrincipal","Option":"Write"},{"CIMType":"String","Description":"Configures the name of the managed local administrator account.","Name":"AdministratorAccountName","Option":"Write"},{"CIMType":"UInt32","Description":"Configures the password complexity of the managed local administrator account. (1: Large letters, 2: Large letters + small letters, 3: Large letters + small letters + numbers, 4: Large letters + small letters + numbers + special characters, 5: Large letters + small letters + numbers + special characters (improved readability), 6: Passphrase (long words), 7: Passphrase (short words), 8: Passphrase (short words with unique prefixes))","Name":"PasswordComplexity","Option":"Write","ValueMap":[1,2,3,4,5,6,7,8],"Values":[1,2,3,4,5,6,7,8]},{"CIMType":"SInt32","Description":"Passphrase Length (Minimum 3, Maximum 10 characters) - Depends on PasswordComplexity","Name":"PassphraseLength","Option":"Write"},{"CIMType":"UInt32","Description":"Configures the length of the password of the managed local administrator account. Minimum - 8, Maximum - 64","Name":"PasswordLength","Option":"Write"},{"CIMType":"UInt32","Description":"Specifies the actions to take upon expiration of the configured grace period. (1: Reset password, 3: Reset the password and logoff the managed account, 5: Reset the password and reboot, 11: Reset the password, logoff the managed account, and terminate any remaining processes.)","Name":"PostAuthenticationActions","Option":"Write","ValueMap":[1,3,5,11],"Values":[1,3,5,11]},{"CIMType":"UInt32","Description":"Specifies the amount of time (in hours) to wait after an authentication before executing the specified post-authentication actions. Minimum - 0, Maximum - 24","Name":"PostAuthenticationResetDelay","Option":"Write"},{"CIMType":"String","Description":"Automatic Account Management Enabled (false: The target account will not be automatically managed, true: The target account will be automatically managed)","Name":"AutomaticAccountManagementEnabled","Option":"Write","ValueMap":["true","false"],"Values":["true","false"]},{"CIMType":"String","Description":"Automatic Account Management Target - Depends on AutomaticAccountManagementEnabled (0: Manage the built-in administrator account, 1: Manage a new custom administrator account)","Name":"AutomaticAccountManagementTarget","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Automatic Account Management Randomize Name - Depends on AutomaticAccountManagementEnabled (false: The name of the target account will not use a random numeric suffix., true: The name of the target account will use a random numeric suffix.)","Name":"AutomaticAccountManagementRandomizeName","Option":"Write","ValueMap":["true","false"],"Values":["true","false"]},{"CIMType":"String","Description":"Automatic Account Management Name Or Prefix - Depends on AutomaticAccountManagementEnabled","Name":"AutomaticAccountManagementNameOrPrefix","Option":"Write"},{"CIMType":"String","Description":"Automatic Account Management Enable Account - Depends on AutomaticAccountManagementEnabled (false: The target account will be disabled, true: The target account will be enabled)","Name":"AutomaticAccountManagementEnableAccount","Option":"Write","ValueMap":["true","false"],"Values":["true","false"]},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Intune Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Name of the Azure Active Directory tenant used for authentication. Format contoso.onmicrosoft.com","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures an Intune Account Protection Local Administrator Password Solution Policy."},{"ClassName":"MSFT_IntuneAccountProtectionLocalUserGroupMembershipPolicyAssignments","Parameters":[{"CIMType":"String","Description":"The type of the target assignment.","Name":"dataType","Option":"Required","ValueMap":["#microsoft.graph.groupAssignmentTarget","#microsoft.graph.allLicensedUsersAssignmentTarget","#microsoft.graph.allDevicesAssignmentTarget","#microsoft.graph.exclusionGroupAssignmentTarget","#microsoft.graph.configurationManagerCollectionAssignmentTarget"],"Values":["#microsoft.graph.groupAssignmentTarget","#microsoft.graph.allLicensedUsersAssignmentTarget","#microsoft.graph.allDevicesAssignmentTarget","#microsoft.graph.exclusionGroupAssignmentTarget","#microsoft.graph.configurationManagerCollectionAssignmentTarget"]},{"CIMType":"String","Description":"The type of filter of the target assignment i.e. Exclude or Include. Possible values are:none, include, exclude.","Name":"deviceAndAppManagementAssignmentFilterType","Option":"Write","ValueMap":["none","include","exclude"],"Values":["none","include","exclude"]},{"CIMType":"String","Description":"The Id of the filter for the target assignment.","Name":"deviceAndAppManagementAssignmentFilterId","Option":"Write"},{"CIMType":"String","Description":"The display name of the filter for the target assignment.","Name":"deviceAndAppManagementAssignmentFilterDisplayName","Option":"Write"},{"CIMType":"String","Description":"The group Id that is the target of the assignment.","Name":"groupId","Option":"Write"},{"CIMType":"String","Description":"The group Display Name that is the target of the assignment.","Name":"groupDisplayName","Option":"Write"},{"CIMType":"String","Description":"The collection Id that is the target of the assignment.(ConfigMgr)","Name":"collectionId","Option":"Write"}],"Description":"This resource configures a Intune Account Protection Local User Group Membership policy."},{"ClassName":"MSFT_MicrosoftGraphIntuneSettingsCatalogAccessGroup","Parameters":[{"CIMType":"String","Description":"The action to use for adding / removing members. Possible values: Add (AddUpdate), Remove (RemoveUpdate), Replace (AddRestrict). Add and Remove do not update unspecified members, whereas Replace will replace all members with the ones specified.","Name":"action","Option":"Write","ValueMap":["AddUpdate","RemoveUpdate","AddRestrict"],"Values":["AddUpdate","RemoveUpdate","AddRestrict"]},{"CIMType":"String[]","Description":"The local groups to add / remove the members to / from. List of the following values: `administrators`, `users`, `guests`, `powerusers`, `remotedesktopusers`, `remotemanagementusers`","Name":"desc","Option":"Write","ValueMap":["administrators","users","guests","powerusers","remotedesktopusers","remotemanagementusers"],"Values":["administrators","users","guests","powerusers","remotedesktopusers","remotemanagementusers"]},{"CIMType":"String[]","Description":"The members to add / remove to / from the group. For AzureAD Users, use the format `AzureAD\\\\<UserPrincipalName>`. For groups, use the security identifier (SID).","Name":"member","Option":"Write"},{"CIMType":"String","Description":"The type of the selection. Either users / groups from AzureAD, or by manual identifier.","Name":"userselectiontype","Option":"Write","ValueMap":["users","manual"],"Values":["users","manual"]}],"Description":"This resource configures a Intune Account Protection Local User Group Membership policy."},{"ClassName":"MSFT_IntuneAccountProtectionLocalUserGroupMembershipPolicy","Parameters":[{"CIMType":"String","Description":"Identity of the account protection policy.","Name":"Identity","Option":"Write"},{"CIMType":"String","Description":"Display name of the account protection rules policy.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"Description of the account protection rules policy.","Name":"Description","Option":"Write"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"MSFT_IntuneAccountProtectionLocalUserGroupMembershipPolicyAssignments[]","Description":"Assignments of the Intune Policy.","Name":"Assignments","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphIntuneSettingsCatalogAccessGroup[]","Description":"Local User Group Collections of the Intune Policy.","Name":"AccessGroup","Option":"Write"},{"CIMType":"string","Description":"Present ensures the site collection exists, absent ensures it is removed","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Intune Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Name of the Azure Active Directory tenant used for authentication. Format contoso.onmicrosoft.com","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures a Intune Account Protection Local User Group Membership policy."},{"ClassName":"MSFT_DeviceManagementConfigurationPolicyAssignments","Parameters":[{"CIMType":"String","Description":"The type of the target assignment.","Name":"dataType","Option":"Required","ValueMap":["#microsoft.graph.cloudPcManagementGroupAssignmentTarget","#microsoft.graph.groupAssignmentTarget","#microsoft.graph.allLicensedUsersAssignmentTarget","#microsoft.graph.allDevicesAssignmentTarget","#microsoft.graph.exclusionGroupAssignmentTarget","#microsoft.graph.configurationManagerCollectionAssignmentTarget"],"Values":["#microsoft.graph.cloudPcManagementGroupAssignmentTarget","#microsoft.graph.groupAssignmentTarget","#microsoft.graph.allLicensedUsersAssignmentTarget","#microsoft.graph.allDevicesAssignmentTarget","#microsoft.graph.exclusionGroupAssignmentTarget","#microsoft.graph.configurationManagerCollectionAssignmentTarget"]},{"CIMType":"String","Description":"The type of filter of the target assignment i.e. Exclude or Include. Possible values are:none, include, exclude.","Name":"deviceAndAppManagementAssignmentFilterType","Option":"Write","ValueMap":["none","include","exclude"],"Values":["none","include","exclude"]},{"CIMType":"String","Description":"The Id of the filter for the target assignment.","Name":"deviceAndAppManagementAssignmentFilterId","Option":"Write"},{"CIMType":"String","Description":"The display name of the filter for the target assignment.","Name":"deviceAndAppManagementAssignmentFilterDisplayName","Option":"Write"},{"CIMType":"String","Description":"The group Id that is the target of the assignment.","Name":"groupId","Option":"Write"},{"CIMType":"String","Description":"The group Display Name that is the target of the assignment.","Name":"groupDisplayName","Option":"Write"},{"CIMType":"String","Description":"The collection Id that is the target of the assignment.(ConfigMgr)","Name":"collectionId","Option":"Write"}],"Description":"Intune Account Protection Policy for Windows10"},{"ClassName":"MSFT_MicrosoftGraphIntuneSettingsCatalogDeviceSettings_IntuneAccountProtectionPolicyWindows10","Parameters":[{"CIMType":"String","Description":"Credential Guard (0: (Disabled) Turns off Credential Guard remotely if configured previously without UEFI Lock., 1: (Enabled with UEFI lock) Turns on Credential Guard with UEFI lock., 2: (Enabled without lock) Turns on Credential Guard without UEFI lock.)","Name":"LsaCfgFlags","Option":"Write","ValueMap":["0","1","2"],"Values":["0","1","2"]},{"CIMType":"String","Description":"Facial Features Use Enhanced Anti Spoofing (false: Disabled, true: Enabled)","Name":"FacialFeaturesUseEnhancedAntiSpoofing","Option":"Write","ValueMap":["false","true"],"Values":["false","true"]},{"CIMType":"String","Description":"Enable Pin Recovery (false: Disabled, true: Enabled)","Name":"EnablePinRecovery","Option":"Write","ValueMap":["false","true"],"Values":["false","true"]},{"CIMType":"SInt32","Description":"Expiration","Name":"Expiration","Option":"Write"},{"CIMType":"SInt32","Description":"PIN History","Name":"History","Option":"Write"},{"CIMType":"String","Description":"Lowercase Letters (0: Allows the use of lowercase letters in PIN., 1: Requires the use of at least one lowercase letters in PIN., 2: Does not allow the use of lowercase letters in PIN.)","Name":"LowercaseLetters","Option":"Write","ValueMap":["0","1","2"],"Values":["0","1","2"]},{"CIMType":"SInt32","Description":"Maximum PIN Length","Name":"MaximumPINLength","Option":"Write"},{"CIMType":"SInt32","Description":"Minimum PIN Length","Name":"MinimumPINLength","Option":"Write"},{"CIMType":"String","Description":"Special Characters (0: Allows the use of special characters in PIN., 1: Requires the use of at least one special characters in PIN., 2: Does not allow the use of special characters in PIN.)","Name":"SpecialCharacters","Option":"Write","ValueMap":["0","1","2"],"Values":["0","1","2"]},{"CIMType":"String","Description":"Uppercase Letters (0: Allows the use of uppercase letters in PIN., 1: Requires the use of at least one uppercase letters in PIN., 2: Does not allow the use of uppercase letters in PIN.)","Name":"UppercaseLetters","Option":"Write","ValueMap":["0","1","2"],"Values":["0","1","2"]},{"CIMType":"String","Description":"Require Security Device (false: Disabled, true: Enabled)","Name":"RequireSecurityDevice","Option":"Write","ValueMap":["false","true"],"Values":["false","true"]},{"CIMType":"String","Description":"Use Certificate For On Prem Auth (false: Disabled, true: Enabled)","Name":"UseCertificateForOnPremAuth","Option":"Write","ValueMap":["false","true"],"Values":["false","true"]},{"CIMType":"String","Description":"Use Windows Hello For Business (Device) (false: Disabled, true: Enabled)","Name":"UsePassportForWork","Option":"Write","ValueMap":["false","true"],"Values":["false","true"]}],"Description":"Intune Account Protection Policy for Windows10"},{"ClassName":"MSFT_MicrosoftGraphIntuneSettingsCatalogUserSettings_IntuneAccountProtectionPolicyWindows10","Parameters":[{"CIMType":"String","Description":"Enable Pin Recovery (User) (false: Disabled, true: Enabled)","Name":"EnablePinRecovery","Option":"Write","ValueMap":["false","true"],"Values":["false","true"]},{"CIMType":"SInt32","Description":"Expiration (User)","Name":"Expiration","Option":"Write"},{"CIMType":"SInt32","Description":"PIN History (User)","Name":"History","Option":"Write"},{"CIMType":"String","Description":"Lowercase Letters (User) (0: Allows the use of lowercase letters in PIN., 1: Requires the use of at least one lowercase letters in PIN., 2: Does not allow the use of lowercase letters in PIN.)","Name":"LowercaseLetters","Option":"Write","ValueMap":["0","1","2"],"Values":["0","1","2"]},{"CIMType":"SInt32","Description":"Maximum PIN Length (User)","Name":"MaximumPINLength","Option":"Write"},{"CIMType":"SInt32","Description":"Minimum PIN Length (User)","Name":"MinimumPINLength","Option":"Write"},{"CIMType":"String","Description":"Special Characters (User) (0: Allows the use of special characters in PIN., 1: Requires the use of at least one special characters in PIN., 2: Does not allow the use of special characters in PIN.)","Name":"SpecialCharacters","Option":"Write","ValueMap":["0","1","2"],"Values":["0","1","2"]},{"CIMType":"String","Description":"Uppercase Letters (User) (0: Allows the use of uppercase letters in PIN., 1: Requires the use of at least one uppercase letters in PIN., 2: Does not allow the use of uppercase letters in PIN.)","Name":"UppercaseLetters","Option":"Write","ValueMap":["0","1","2"],"Values":["0","1","2"]},{"CIMType":"String","Description":"Require Security Device (User) (false: Disabled, true: Enabled)","Name":"RequireSecurityDevice","Option":"Write","ValueMap":["false","true"],"Values":["false","true"]},{"CIMType":"String","Description":"Use Windows Hello For Business (User) (false: Disabled, true: Enabled)","Name":"UsePassportForWork","Option":"Write","ValueMap":["false","true"],"Values":["false","true"]}],"Description":"Intune Account Protection Policy for Windows10"},{"ClassName":"MSFT_IntuneAccountProtectionPolicyWindows10","Parameters":[{"CIMType":"String","Description":"Policy description","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Policy name","Name":"DisplayName","Option":"Key"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphIntuneSettingsCatalogDeviceSettings_IntuneAccountProtectionPolicyWindows10","Description":"The policy settings for the device scope.","Name":"DeviceSettings","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphIntuneSettingsCatalogUserSettings_IntuneAccountProtectionPolicyWindows10","Description":"The policy settings for the user scope","Name":"UserSettings","Option":"Write"},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Account Protection Policy for Windows10"},{"ClassName":"MSFT_IntuneAlertRuleNotificationChannelReceiver","Parameters":[{"CIMType":"String","Description":"The email address of the receiver.","Name":"ContactInformation","Option":"Key"},{"CIMType":"String","Description":"The locale of the email.","Name":"Locale","Option":"Write","ValueMap":["en-us","cs-cz","de-de","es-es","fr-fr","hu-hu","it-it","ja-jp","ko-kr","nl-nl","pl-pl","pt-br","pt-pt","ru-ru","sv-se","tr-tr","zh-cn","zh-tw"],"Values":["en-us","cs-cz","de-de","es-es","fr-fr","hu-hu","it-it","ja-jp","ko-kr","nl-nl","pl-pl","pt-br","pt-pt","ru-ru","sv-se","tr-tr","zh-cn","zh-tw"]}],"Description":"Intune Alert Rule Windows365"},{"ClassName":"MSFT_IntuneAlertRuleNotificationChannel","Parameters":[{"CIMType":"String","Description":"The notification channel type.","Name":"NotificationChannelType","Option":"Key","ValueMap":["portal","email"],"Values":["portal","email"]},{"CIMType":"MSFT_IntuneAlertRuleNotificationChannelReceiver[]","Description":"The receivers of the notification. Only applicable if the NotificationChannelType is 'email'.","Name":"NotificationReceivers","Option":"Write"}],"Description":"Intune Alert Rule Windows365"},{"ClassName":"MSFT_IntuneAlertRuleCondition","Parameters":[{"CIMType":"String","Description":"The built-in aggregation method for the rule condition. The possible values are: count, percentage, affectedCloudPcCount, affectedCloudPcPercentage, durationInMinutes.","Name":"Aggregation","Option":"Write","ValueMap":["count","percentage","affectedCloudPcCount","affectedCloudPcPercentage","durationInMinutes"],"Values":["count","percentage","affectedCloudPcCount","affectedCloudPcPercentage","durationInMinutes"]},{"CIMType":"String","Description":"The property that the rule condition monitors. Possible values are: provisionFailures, imageUploadFailures, azureNetworkConnectionCheckFailures, cloudPcInGracePeriod, frontlineInsufficientLicenses, cloudPcConnectionErrors, cloudPcHostHealthCheckFailures, cloudPcZoneOutage, unknownFutureValue, frontlineBufferUsageDuration, frontlineBufferUsageThreshold, cloudPcUserSettingsPersistenceUsageThreshold, cloudPcDeprovisionedThreshold, cloudPcReserveDeprovisionFailedThreshold.","Name":"ConditionCategory","Option":"Key","ValueMap":["provisionFailures","imageUploadFailures","azureNetworkConnectionCheckFailures","cloudPcInGracePeriod","frontlineInsufficientLicenses","cloudPcConnectionErrors","cloudPcHostHealthCheckFailures","cloudPcZoneOutage","unknownFutureValue","frontlineBufferUsageDuration","frontlineBufferUsageThreshold","cloudPcUserSettingsPersistenceUsageThreshold","cloudPcDeprovisionedThreshold","cloudPcReserveDeprovisionFailedThreshold"],"Values":["provisionFailures","imageUploadFailures","azureNetworkConnectionCheckFailures","cloudPcInGracePeriod","frontlineInsufficientLicenses","cloudPcConnectionErrors","cloudPcHostHealthCheckFailures","cloudPcZoneOutage","unknownFutureValue","frontlineBufferUsageDuration","frontlineBufferUsageThreshold","cloudPcUserSettingsPersistenceUsageThreshold","cloudPcDeprovisionedThreshold","cloudPcReserveDeprovisionFailedThreshold"]},{"CIMType":"String","Description":"The built-in operator for the rule condition. The possible values are: greaterOrEqual, equal, greater, less, lessOrEqual, notEqual.","Name":"Operator","Option":"Write","ValueMap":["greaterOrEqual","greater","equal","less","lessOrEqual"],"Values":["greaterOrEqual","greater","equal","less","lessOrEqual"]},{"CIMType":"String","Description":"The relationship type. Possible values are: and, or.","Name":"RelationshipType","Option":"Write","ValueMap":["and","or"],"Values":["and","or"]},{"CIMType":"String","Description":"The threshold value of the alert condition. The threshold value can be a number in string form or string like 'WestUS'.","Name":"ThresholdValue","Option":"Write"}],"Description":"Intune Alert Rule Windows365"},{"ClassName":"MSFT_IntuneAlertRuleWindows365","Parameters":[{"CIMType":"String","Description":"The rule template of the alert event. The possible values are: cloudPcProvisionScenario, cloudPcImageUploadScenario, cloudPcOnPremiseNetworkConnectionCheckScenario, cloudPcInGracePeriodScenario, cloudPcFrontlineInsufficientLicensesScenario, cloudPcInaccessibleScenario, cloudPcFrontlineConcurrencyScenario, cloudPcUserSettingsPersistenceScenario, cloudPcDeprovisionFailedScenario.","Name":"AlertRuleTemplate","Option":"Key","ValueMap":["cloudPcProvisionScenario","cloudPcImageUploadScenario","cloudPcOnPremiseNetworkConnectionCheckScenario","cloudPcInGracePeriodScenario","cloudPcFrontlineInsufficientLicensesScenario","cloudPcInaccessibleScenario","cloudPcFrontlineConcurrencyScenario","cloudPcUserSettingsPersistenceScenario","cloudPcDeprovisionFailedScenario"],"Values":["cloudPcProvisionScenario","cloudPcImageUploadScenario","cloudPcOnPremiseNetworkConnectionCheckScenario","cloudPcInGracePeriodScenario","cloudPcFrontlineInsufficientLicensesScenario","cloudPcInaccessibleScenario","cloudPcFrontlineConcurrencyScenario","cloudPcUserSettingsPersistenceScenario","cloudPcDeprovisionFailedScenario"]},{"CIMType":"MSFT_IntuneAlertRuleCondition[]","Description":"The conditions that determine when to send alerts. For example, you can configure a condition to send an alert when provisioning fails for six or more Cloud PCs.","Name":"Conditions","Option":"Write"},{"CIMType":"Boolean","Description":"The status of the rule that indicates whether the rule is enabled or disabled. If true, the rule is enabled otherwise, the rule is disabled.","Name":"Enabled","Option":"Write"},{"CIMType":"MSFT_IntuneAlertRuleNotificationChannel[]","Description":"The notification channels of the rule selected by the user.","Name":"NotificationChannels","Option":"Write"},{"CIMType":"String","Description":"The severity of the rule. The possible values are: informational, warning, critical.","Name":"Severity","Option":"Write","ValueMap":["Critical","Warning","Informational"],"Values":["Critical","Warning","Informational"]},{"CIMType":"string","Description":"Present ensures the rule exists. Alert rules for Windows365 cannot be removed.","Name":"Ensure","Option":"Write","ValueMap":["Present"],"Values":["Present"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Alert Rule Windows365"},{"ClassName":"MSFT_androidPermissionAction","Parameters":[{"CIMType":"String","Description":"Android permission string, defined in the official Android documentation. Example 'android.permission.READ_CONTACTS'.","Name":"permission","Option":"Key"},{"CIMType":"String","Description":"Type of Android permission action. Possible values are: prompt, autoGrant, autoDeny.","Name":"action","Option":"Required","ValueMap":["prompt","autoGrant","autoDeny"],"Values":["prompt","autoGrant","autoDeny"]}],"Description":"This resource configures an Intune Android Managed Store Application Configuration Policy."},{"ClassName":"MSFT_IntuneAndroidManagedStoreAppConfiguration","Parameters":[{"CIMType":"String","Description":"Id of the Intune policy.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"Display name of the Intune policy.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"Admin provided description of the Device Configuration. Inherited from managedDeviceMobileAppConfiguration","Name":"Description","Option":"Write"},{"CIMType":"String[]","Description":"the associated app. Inherited from managedDeviceMobileAppConfiguration","Name":"targetedMobileApps","Option":"Write"},{"CIMType":"String","Description":"Android Enterprise app configuration package id.","Name":"packageId","Option":"Write"},{"CIMType":"String","Description":"Android Enterprise app configuration JSON payload.","Name":"payloadJson","Option":"Write"},{"CIMType":"MSFT_androidPermissionAction[]","Description":"List of Android app permissions and corresponding permission actions.","Name":"permissionActions","Option":"Write"},{"CIMType":"Boolean","Description":"Whether or not this AppConfig is an OEMConfig policy. This property is read-only.","Name":"appSupportsOemConfig","Option":"Write"},{"CIMType":"string","Description":"Android Enterprise profile applicability (AndroidWorkProfile, DeviceOwner, or default (applies to both)). Possible values are: default, androidWorkProfile, androidDeviceOwner.","Name":"profileApplicability","Option":"Write","ValueMap":["default","androidWorkProfile","androidDeviceOwner"],"Values":["default","androidWorkProfile","androidDeviceOwner"]},{"CIMType":"Boolean","Description":"Setting to specify whether to allow ConnectedApps experience for this app.","Name":"connectedAppsEnabled","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Credentials of the Intune Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures an Intune Android Managed Store Application Configuration Policy."},{"ClassName":"MSFT_MicrosoftGraphIntuneSettingsCatalogExclusions","Parameters":[{"CIMType":"String","Description":"Type - Depends on exclusions (excludedPath: Path, excludedFileExtension: File extension, excludedFileName: Process name)","Name":"exclusions_item_type","Option":"Key","ValueMap":["excludedPath","excludedFileExtension","excludedFileName"],"Values":["excludedPath","excludedFileExtension","excludedFileName"]},{"CIMType":"String","Description":"File extension - Depends on exclusions_item_type=excludedFileExtension","Name":"exclusions_item_extension","Option":"Write"},{"CIMType":"String","Description":"File name - exclusions_item_type=excludedFileName","Name":"exclusions_item_name","Option":"Write"},{"CIMType":"String","Description":"Path - exclusions_item_type=excludedPath","Name":"exclusions_item_path","Option":"Write"},{"CIMType":"String","Description":"Is directory (false: Disabled, true: Enabled) - Depends on exclusions_item_type=excludedPath","Name":"exclusions_item_isDirectory","Option":"Write","ValueMap":["false","true"],"Values":["false","true"]}],"Description":"Intune Antivirus Exclusions Policy Linux"},{"ClassName":"MSFT_IntuneAntivirusExclusionsPolicyLinux","Parameters":[{"CIMType":"String","Description":"Policy description","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Policy name","Name":"DisplayName","Option":"Key"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphIntuneSettingsCatalogexclusions[]","Description":"Scan exclusions","Name":"Exclusions","Option":"Write"},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Antivirus Exclusions Policy Linux"},{"ClassName":"MSFT_IntuneAntivirusExclusionsPolicyMacOS","Parameters":[{"CIMType":"String","Description":"Policy description","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Policy name","Name":"DisplayName","Option":"Key"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphIntuneSettingsCatalogexclusions[]","Description":"Scan exclusions","Name":"Exclusions","Option":"Write"},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Antivirus Exclusions Policy for macOS"},{"ClassName":"MSFT_MicrosoftGraphIntuneSettingsCatalogthreatTypeSettings","Parameters":[{"CIMType":"String","Description":"Threat type - Depends on threatTypeSettings (potentially_unwanted_application, archive_bomb)","Name":"threatTypeSettings_item_key","Option":"Key","ValueMap":["potentially_unwanted_application","archive_bomb"],"Values":["potentially_unwanted_application","archive_bomb"]},{"CIMType":"String","Description":"Action to take - Depends on threatTypeSettings (audit, block, off)","Name":"threatTypeSettings_item_value","Option":"Write","ValueMap":["audit","block","off"],"Values":["audit","block","off"]}],"Description":"Intune Antivirus Policy for Linux"},{"ClassName":"MSFT_IntuneAntivirusPolicyLinux","Parameters":[{"CIMType":"String","Description":"Policy description","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Policy name","Name":"DisplayName","Option":"Key"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"Enable cloud delivered protection (false: Disabled, true: Enabled)","Name":"enabled","Option":"Write","ValueMap":["false","true"],"Values":["false","true"]},{"CIMType":"String","Description":"Enable automatic sample submissions (none: None, safe: Safe, all: All)","Name":"automaticSampleSubmissionConsent","Option":"Write","ValueMap":["none","safe","all"],"Values":["none","safe","all"]},{"CIMType":"String","Description":"Diagnostic data collection level (0: optional, 1: required)","Name":"diagnosticLevel","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Automatic security intelligence updates (false: Disabled, true: Enabled)","Name":"automaticDefinitionUpdateEnabled","Option":"Write","ValueMap":["false","true"],"Values":["false","true"]},{"CIMType":"String","Description":"Enable real-time protection (deprecated) (false: Disabled, true: Enabled)","Name":"enableRealTimeProtection","Option":"Write","ValueMap":["false","true"],"Values":["false","true"]},{"CIMType":"String","Description":"Enable passive mode (deprecated) (false: Disabled, true: Enabled)","Name":"passiveMode","Option":"Write","ValueMap":["false","true"],"Values":["false","true"]},{"CIMType":"SInt32","Description":"Scan history size","Name":"scanHistoryMaximumItems","Option":"Write"},{"CIMType":"SInt32","Description":"Scan results retention","Name":"scanResultsRetentionDays","Option":"Write"},{"CIMType":"String","Description":"Exclusions merge (0: merge, 1: admin_only)","Name":"exclusionsMergePolicy","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"MSFT_MicrosoftGraphIntuneSettingsCatalogExclusions[]","Description":"Scan exclusions","Name":"exclusions","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphIntuneSettingsCatalogthreatTypeSettings[]","Description":"Threat type settings","Name":"threatTypeSettings","Option":"Write"},{"CIMType":"String","Description":"Threat type settings merge (0: merge, 1: admin_only)","Name":"threatTypeSettingsMergePolicy","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String[]","Description":"Allowed threats","Name":"allowedThreats","Option":"Write"},{"CIMType":"String[]","Description":"Disallowed threat actions","Name":"disallowedThreatActions","Option":"Write"},{"CIMType":"String","Description":"Enable scanning of archives (false: Disabled, true: Enabled)","Name":"scanArchives","Option":"Write","ValueMap":["false","true"],"Values":["false","true"]},{"CIMType":"String","Description":"Enable scanning after definition update (false: Disabled, true: Enabled)","Name":"scanAfterDefinitionUpdate","Option":"Write","ValueMap":["false","true"],"Values":["false","true"]},{"CIMType":"String","Description":"Enable file hash computation (false: Disabled, true: Enabled)","Name":"enableFileHashComputation","Option":"Write","ValueMap":["false","true"],"Values":["false","true"]},{"CIMType":"String","Description":"Enable behavior monitoring (0: Disabled, 1: Enabled)","Name":"behaviorMonitoring","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Configure cloud block level (normal: Normal, moderate: Moderate, high: High, plus: High_Plus, tolerance: Zero_Tolerance)","Name":"cloudBlockLevel","Option":"Write","ValueMap":["normal","moderate","high","plus","tolerance"],"Values":["normal","moderate","high","plus","tolerance"]},{"CIMType":"SInt32","Description":"maximum on demand scan threads","Name":"maximumOnDemandScanThreads","Option":"Write"},{"CIMType":"String","Description":"Enforcement Level (0: disabled, 1: audit, 2: block)","Name":"networkprotection_enforcementLevel","Option":"Write","ValueMap":["0","1","2"],"Values":["0","1","2"]},{"CIMType":"String[]","Description":"Unmonitored Filesystems","Name":"unmonitoredFilesystems","Option":"Write"},{"CIMType":"String","Description":"non execute mount mute (0: unmute, 1: mute)","Name":"nonExecMountPolicy","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Enforcement Level (0: Realtime, 1: OnDemand, 2: Passive)","Name":"antivirusengine_enforcementLevel","Option":"Write","ValueMap":["0","1","2"],"Values":["0","1","2"]},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Antivirus Policy for Linux"},{"ClassName":"MSFT_IntuneAntivirusPolicyMacOS","Parameters":[{"CIMType":"String","Description":"Policy description","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Policy name","Name":"DisplayName","Option":"Key"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"Enable / disable cloud delivered protection (false: Disabled, true: Enabled)","Name":"enabled","Option":"Write","ValueMap":["false","true"],"Values":["false","true"]},{"CIMType":"String","Description":"Enable / disable automatic sample submissions (false: Disabled, true: Enabled)","Name":"automaticSampleSubmission","Option":"Write","ValueMap":["false","true"],"Values":["false","true"]},{"CIMType":"String","Description":"Diagnostic collection level (0: optional, 1: required)","Name":"diagnosticLevel","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Automatic security intelligence updates (false: Disabled, true: Enabled)","Name":"automaticDefinitionUpdateEnabled","Option":"Write","ValueMap":["false","true"],"Values":["false","true"]},{"CIMType":"String","Description":"Enable real-time protection (deprecated) (false: Disabled, true: Enabled)","Name":"enableRealTimeProtection","Option":"Write","ValueMap":["false","true"],"Values":["false","true"]},{"CIMType":"String","Description":"Enable passive mode (deprecated) (false: Disabled, true: Enabled)","Name":"passiveMode","Option":"Write","ValueMap":["false","true"],"Values":["false","true"]},{"CIMType":"SInt32","Description":"Scan history size","Name":"scanHistoryMaximumItems","Option":"Write"},{"CIMType":"SInt32","Description":"Scan results retention","Name":"scanResultsRetentionDays","Option":"Write"},{"CIMType":"String","Description":"Exclusions merge (0: merge, 1: admin_only)","Name":"exclusionsMergePolicy","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"MSFT_MicrosoftGraphIntuneSettingsCatalogexclusions[]","Description":"Scan exclusions","Name":"exclusions","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphIntuneSettingsCatalogthreatTypeSettings[]","Description":"Threat type settings","Name":"threatTypeSettings","Option":"Write"},{"CIMType":"String","Description":"Threat type settings merge (0: merge, 1: admin_only)","Name":"threatTypeSettingsMergePolicy","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String[]","Description":"Allowed threats","Name":"allowedThreats","Option":"Write"},{"CIMType":"String[]","Description":"Disallowed threat actions","Name":"disallowedThreatActions","Option":"Write"},{"CIMType":"SInt32","Description":"Degree of parallelism for on-demand scans","Name":"maximumOnDemandScanThreads","Option":"Write"},{"CIMType":"String","Description":"Enable file hash computation (false: Disabled, true: Enabled)","Name":"enableFileHashComputation","Option":"Write","ValueMap":["false","true"],"Values":["false","true"]},{"CIMType":"String","Description":"Run a scan after definitions are updated (false: Disabled, true: Enabled)","Name":"scanAfterDefinitionUpdate","Option":"Write","ValueMap":["false","true"],"Values":["false","true"]},{"CIMType":"String","Description":"Scanning inside archive files (false: Disabled, true: Enabled)","Name":"scanArchives","Option":"Write","ValueMap":["false","true"],"Values":["false","true"]},{"CIMType":"String","Description":"Enforcement level (0: disabled, 1: audit, 2: block)","Name":"enforcementLevel","Option":"Write","ValueMap":["0","1","2"],"Values":["0","1","2"]},{"CIMType":"String","Description":"Enforcement level (0: disabled, 1: audit, 2: block)","Name":"enforcementLevel_tamperProtection","Option":"Write","ValueMap":["0","1","2"],"Values":["0","1","2"]},{"CIMType":"String","Description":"Control sign-in to consumer version (0: enabled, 1: disabled)","Name":"consumerExperience","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Show / hide status menu icon (false: Disabled, true: Enabled)","Name":"hideStatusMenuIcon","Option":"Write","ValueMap":["false","true"],"Values":["false","true"]},{"CIMType":"String","Description":"User initiated feedback (0: enabled, 1: disabled)","Name":"userInitiatedFeedback","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Enforcement level (0: passive, 1: on_demand, 2: real_time)","Name":"antivirusengine_enforcementLevel","Option":"Write","ValueMap":["0","1","2"],"Values":["0","1","2"]},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Antivirus Policy for macOS"},{"ClassName":"MSFT_IntuneAntivirusPolicySecurityExperienceWindows10ConfigMgr","Parameters":[{"CIMType":"String","Description":"Policy description","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Policy name","Name":"DisplayName","Option":"Key"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"SInt32","Description":"Disable Account Protection UI (0: (Disable) The users can see the display of the Account protection area in Windows Defender Security Center., 1: (Enable) The users cannot see the display of the Account protection area in Windows Defender Security Center.)","Name":"DisableAccountProtectionUI","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Disable App Browser UI (0: (Disable) The users can see the display of the app and browser protection area in Windows Defender Security Center., 1: (Enable) The users cannot see the display of the app and browser protection area in Windows Defender Security Center.)","Name":"DisableAppBrowserUI","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Disable Clear Tpm Button (0: (Disabled or not configured) The security processor troubleshooting page shows a button that initiates the process to clear the security processor (TPM)., 1: (Enabled) The security processor troubleshooting page will not show a button to initiate the process to clear the security processor (TPM))","Name":"DisableClearTpmButton","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Disable Device Security UI (0: (Disable) The users can see the display of the Device security area in Windows Defender Security Center., 1: (Enable) The users cannot see the display of the Device security area in Windows Defender Security Center.)","Name":"DisableDeviceSecurityUI","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Disable Family UI (0: (Disable) The users can see the display of the family options area in Windows Defender Security Center., 1: (Enable) The users cannot see the display of the family options area in Windows Defender Security Center.)","Name":"DisableFamilyUI","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Disable Health UI (0: (Disable) The users can see the display of the device performance and health area in Windows Defender Security Center., 1: (Enable) The users cannot see the display of the device performance and health area in Windows Defender Security Center.)","Name":"DisableHealthUI","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Disable Network UI (0: (Disable) The users can see the display of the firewall and network protection area in Windows Defender Security Center., 1: (Enable) The users cannot see the display of the firewall and network protection area in Windows Defender Security Center.)","Name":"DisableNetworkUI","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Disable Notifications (0: (Disable) The users can see the display of Windows Defender Security Center notifications., 1: (Enable) The users cannot see the display of Windows Defender Security Center notifications.)","Name":"DisableNotifications","Option":"Write"},{"CIMType":"SInt32","Description":"Disable Enhanced Notifications (0: (Disable) Windows Defender Security Center will display critical and non-critical notifications to users.., 1: (Enable) Windows Defender Security Center only display notifications which are considered critical on clients.)","Name":"DisableEnhancedNotifications","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Disable Tpm Firmware Update Warning (0: (Disable or Not configured) A warning will be displayed if the firmware of the security processor (TPM) should be updated for TPMs that have a vulnerability., 1: (Enabled) No warning will be displayed if the firmware of the security processor (TPM) should be updated.)","Name":"DisableTpmFirmwareUpdateWarning","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Disable Virus UI (0: (Disable) The users can see the display of the virus and threat protection area in Windows Defender Security Center., 1: (Enable) The users cannot see the display of the virus and threat protection area in Windows Defender Security Center.)","Name":"DisableVirusUI","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Hide Ransomware Data Recovery (0: (Disable or not configured) The Ransomware data recovery area will be visible., 1: (Enable) The Ransomware data recovery area is hidden.)","Name":"HideRansomwareDataRecovery","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Hide Windows Security Notification Area Control (0: , 1: Enabled)","Name":"HideWindowsSecurityNotificationAreaControl","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"String","Description":"Company Name","Name":"CompanyName","Option":"Write"},{"CIMType":"String","Description":"Email","Name":"Email","Option":"Write"},{"CIMType":"String","Description":"Phone","Name":"Phone","Option":"Write"},{"CIMType":"String","Description":"URL","Name":"URL","Option":"Write"},{"CIMType":"String","Description":"TamperProtection (Device) (1: Offboarding, 0: Onboarding)","Name":"TamperProtection","Option":"Write","ValueMap":["1","0"],"Values":["1","0"]},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Antivirus Policy Security Experience for Windows10 Config Mgr"},{"ClassName":"MSFT_IntuneAntivirusPolicyWindows10ConfigMgr","Parameters":[{"CIMType":"String","Description":"Policy description","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Policy name","Name":"DisplayName","Option":"Key"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"SInt32","Description":"Allow Archive Scanning (0: Not allowed. Turns off scanning on archived files., 1: Allowed. Scans the archive files.)","Name":"AllowArchiveScanning","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow Behavior Monitoring (0: Not allowed. Turns off behavior monitoring., 1: Allowed. Turns on real-time behavior monitoring.)","Name":"AllowBehaviorMonitoring","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow Cloud Protection (0: Not allowed. Turns off the Microsoft Active Protection Service., 1: Allowed. Turns on the Microsoft Active Protection Service.)","Name":"AllowCloudProtection","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow Email Scanning (0: Not allowed. Turns off email scanning., 1: Allowed. Turns on email scanning.)","Name":"AllowEmailScanning","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow Full Scan On Mapped Network Drives (0: Not allowed. Disables scanning on mapped network drives., 1: Allowed. Scans mapped network drives.)","Name":"AllowFullScanOnMappedNetworkDrives","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow Full Scan Removable Drive Scanning (0: Not allowed. Turns off scanning on removable drives., 1: Allowed. Scans removable drives.)","Name":"AllowFullScanRemovableDriveScanning","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"[Deprecated] Allow Intrusion Prevention System (0: Not allowed., 1: Allowed.)","Name":"AllowIntrusionPreventionSystem","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow scanning of all downloaded files and attachments (0: Not allowed., 1: Allowed.)","Name":"AllowIOAVProtection","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow Realtime Monitoring (0: Not allowed. Turns off the real-time monitoring service., 1: Allowed. Turns on and runs the real-time monitoring service.)","Name":"AllowRealtimeMonitoring","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow Scanning Network Files (0: Not allowed. Turns off scanning of network files., 1: Allowed. Scans network files.)","Name":"AllowScanningNetworkFiles","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow Script Scanning (0: Not allowed., 1: Allowed.)","Name":"AllowScriptScanning","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow User UI Access (0: Not allowed. Prevents users from accessing UI., 1: Allowed. Lets users access UI.)","Name":"AllowUserUIAccess","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Avg CPU Load Factor","Name":"AvgCPULoadFactor","Option":"Write"},{"CIMType":"SInt32","Description":"Check For Signatures Before Running Scan (0: Disabled, 1: Enabled)","Name":"CheckForSignaturesBeforeRunningScan","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Cloud Block Level (0: NotConfigured, 2: High, 4: HighPlus, 6: ZeroTolerance)","Name":"CloudBlockLevel","Option":"Write","ValueMap":[0,2,4,6],"Values":[0,2,4,6]},{"CIMType":"SInt32","Description":"Cloud Extended Timeout","Name":"CloudExtendedTimeout","Option":"Write"},{"CIMType":"SInt32","Description":"Days To Retain Cleaned Malware","Name":"DaysToRetainCleanedMalware","Option":"Write"},{"CIMType":"SInt32","Description":"Disable Catchup Full Scan (0: Enabled, 1: Disabled)","Name":"DisableCatchupFullScan","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Disable Catchup Quick Scan (0: Enabled, 1: Disabled)","Name":"DisableCatchupQuickScan","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Enable Low CPU Priority (0: Disabled, 1: Enabled)","Name":"EnableLowCPUPriority","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"String[]","Description":"Excluded Extensions","Name":"ExcludedExtensions","Option":"Write"},{"CIMType":"String[]","Description":"Excluded Paths","Name":"ExcludedPaths","Option":"Write"},{"CIMType":"String[]","Description":"Excluded Processes","Name":"ExcludedProcesses","Option":"Write"},{"CIMType":"SInt32","Description":"PUA Protection (0: PUA Protection off. Windows Defender will not protect against potentially unwanted applications., 1: PUA Protection on. Detected items are blocked. They will show in history along with other threats., 2: Audit mode. Windows Defender will detect potentially unwanted applications, but take no action. You can review information about the applications Windows Defender would have taken action against by searching for events created by Windows Defender in the Event Viewer.)","Name":"PUAProtection","Option":"Write","ValueMap":[0,1,2],"Values":[0,1,2]},{"CIMType":"SInt32","Description":"Real Time Scan Direction (0: Monitor all files (bi-directional)., 1: Monitor incoming files., 2: Monitor outgoing files.)","Name":"RealTimeScanDirection","Option":"Write","ValueMap":[0,1,2],"Values":[0,1,2]},{"CIMType":"SInt32","Description":"Scan Parameter (1: Quick scan, 2: Full scan)","Name":"ScanParameter","Option":"Write","ValueMap":[1,2],"Values":[1,2]},{"CIMType":"SInt32","Description":"Schedule Quick Scan Time","Name":"ScheduleQuickScanTime","Option":"Write"},{"CIMType":"SInt32","Description":"Schedule Scan Day (0: Every day, 1: Sunday, 2: Monday, 3: Tuesday, 4: Wednesday, 5: Thursday, 6: Friday, 7: Saturday, 8: No scheduled scan)","Name":"ScheduleScanDay","Option":"Write","ValueMap":[0,1,2,3,4,5,6,7,8],"Values":[0,1,2,3,4,5,6,7,8]},{"CIMType":"SInt32","Description":"Schedule Scan Time","Name":"ScheduleScanTime","Option":"Write"},{"CIMType":"String[]","Description":"Signature Update Fallback Order","Name":"SignatureUpdateFallbackOrder","Option":"Write"},{"CIMType":"String[]","Description":"Signature Update File Shares Sources","Name":"SignatureUpdateFileSharesSources","Option":"Write"},{"CIMType":"SInt32","Description":"Signature Update Interval","Name":"SignatureUpdateInterval","Option":"Write"},{"CIMType":"SInt32","Description":"Submit Samples Consent (0: Always prompt., 1: Send safe samples automatically., 2: Never send., 3: Send all samples automatically.)","Name":"SubmitSamplesConsent","Option":"Write","ValueMap":[0,1,2,3],"Values":[0,1,2,3]},{"CIMType":"SInt32","Description":"Allow On Access Protection (0: Not allowed., 1: Allowed.)","Name":"AllowOnAccessProtection","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"String","Description":"Remediation action for High severity threats - Depends on ThreatSeverityDefaultAction (clean: Clean, quarantine: Quarantine, remove: Remove, allow: Allow, userdefined: UserDefined, block: Block)","Name":"HighSeverityThreatDefaultAction","Option":"Write","ValueMap":["clean","quarantine","remove","allow","userdefined","block"],"Values":["clean","quarantine","remove","allow","userdefined","block"]},{"CIMType":"String","Description":"Remediation action for Severe threats - Depends on ThreatSeverityDefaultAction (clean: Clean, quarantine: Quarantine, remove: Remove, allow: Allow, userdefined: UserDefined, block: Block)","Name":"SevereThreatDefaultAction","Option":"Write","ValueMap":["clean","quarantine","remove","allow","userdefined","block"],"Values":["clean","quarantine","remove","allow","userdefined","block"]},{"CIMType":"String","Description":"Remediation action for Low severity threats - Depends on ThreatSeverityDefaultAction (clean: Clean, quarantine: Quarantine, remove: Remove, allow: Allow, userdefined: UserDefined, block: Block)","Name":"LowSeverityThreatDefaultAction","Option":"Write","ValueMap":["clean","quarantine","remove","allow","userdefined","block"],"Values":["clean","quarantine","remove","allow","userdefined","block"]},{"CIMType":"String","Description":"Remediation action for Moderate severity threats - Depends on ThreatSeverityDefaultAction (clean: Clean, quarantine: Quarantine, remove: Remove, allow: Allow, userdefined: UserDefined, block: Block)","Name":"ModerateSeverityThreatDefaultAction","Option":"Write","ValueMap":["clean","quarantine","remove","allow","userdefined","block"],"Values":["clean","quarantine","remove","allow","userdefined","block"]},{"CIMType":"SInt32","Description":"Allow users to view the full History results (0: No, 1: Yes)","Name":"DisablePrivacyMode","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Create a system restore point before computers are cleaned. (0: No, 1: Yes)","Name":"DisableRestorePoint","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Randomize scheduled scan and security intelligence update start times. (0: No, 1: Yes)","Name":"RandomizeScheduleTaskTimes","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"String","Description":"Security Intelligence Location","Name":"SecurityIntelligenceLocation","Option":"Write"},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Antivirus Policy for Windows10 Config Mgr"},{"ClassName":"MSFT_IntuneAntivirusPolicyWindows10SettingCatalog","Parameters":[{"CIMType":"String","Description":"Display name of the endpoint protection policy for Windows 10.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"Identity of the endpoint protection policy for Windows 10.","Name":"Identity","Option":"Write"},{"CIMType":"String","Description":"Description of the endpoint protection policy for Windows 10.","Name":"Description","Option":"Write"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"String","Description":"Tamper protection (Device). (Offboarding, Onboarding, ControlledConfig_Onboarding)","Name":"ControlledConfiguration","Option":"Write","ValueMap":["Onboarding","Offboarding","ControlledConfig_Onboarding"],"Values":["Onboarding","Offboarding","ControlledConfig_Onboarding"]},{"CIMType":"String","Description":"Tamper protection (Device). (Offboarding, Onboarding)","Name":"TamperProtection","Option":"Write","ValueMap":["Onboarding","Offboarding"],"Values":["Onboarding","Offboarding"]},{"CIMType":"String","Description":"Use this policy setting to specify if to display the Account protection area in Windows Defender Security Center. (0: disable feature. 1: enable feature)","Name":"DisableAccountProtectionUI","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Use this policy setting if you want to disable the display of the app and browser protection area in Windows Defender Security Center. (0: disable feature. 1: enable feature)","Name":"DisableAppBrowserUI","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Disable the Clear TPM button in Windows Security. (0: disable feature. 1: enable feature)","Name":"DisableClearTpmButton","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Use this policy setting if you want to disable the display of the Device security area in the Windows Defender Security Center. (0: disable feature. 1: enable feature)","Name":"DisableDeviceSecurityUI","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Use this policy setting if you want to disable the display of the family options area in Windows Defender Security Center. (0: disable feature. 1: enable feature)","Name":"DisableFamilyUI","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Use this policy setting if you want to disable the display of the device performance and health area in Windows Defender Security Center. (0: disable feature. 1: enable feature)","Name":"DisableHealthUI","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Use this policy setting if you want to disable the display of the firewall and network protection area in Windows Defender Security Center. (0: disable feature. 1: enable feature)","Name":"DisableNetworkUI","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Use this policy setting if you want to disable the display of Windows Defender Security Center notifications. (0: disable feature. 1: enable feature)","Name":"DisableEnhancedNotifications","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Hide the recommendation to update TPM Firmware when a vulnerable firmware is detected. (0: disable feature. 1: enable feature)","Name":"DisableTpmFirmwareUpdateWarning","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Use this policy setting if you want to disable the display of the virus and threat protection area in Windows Defender Security Center.  (0: disable feature. 1: enable feature)","Name":"DisableVirusUI","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Use this policy setting to hide the Ransomware data recovery area in Windows Defender Security Center. (0: disable feature. 1: enable feature)","Name":"HideRansomwareDataRecovery","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"This policy setting hides the Windows Security notification area control. (0: disable feature. 1: enable feature)","Name":"HideWindowsSecurityNotificationAreaControl","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Enable this policy to display your company name and contact options in the notifications. (0: disable feature. 1: enable feature)","Name":"EnableCustomizedToasts","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Enable this policy to have your company name and contact options displayed in a contact card fly out in Windows Defender Security Center. (0: disable feature. 1: enable feature)","Name":"EnableInAppCustomization","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"The company name that is displayed to the users. CompanyName is required for both EnableCustomizedToasts and EnableInAppCustomization.","Name":"CompanyName","Option":"Write"},{"CIMType":"String","Description":"The email address that is displayed to users. The default mail application is used to initiate email actions.","Name":"Email","Option":"Write"},{"CIMType":"String","Description":"The phone number or Skype ID that is displayed to users. Skype is used to initiate the call.","Name":"Phone","Option":"Write"},{"CIMType":"String","Description":"The help portal URL that is displayed to users. The default browser is used to initiate this action.","Name":"URL","Option":"Write"},{"CIMType":"String","Description":"Allows or disallows scanning of archives. (0: disable feature. 1: enable feature)","Name":"AllowArchiveScanning","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Allows or disallows Windows Defender Behavior Monitoring functionality. (0: disable feature. 1: enable feature)","Name":"AllowBehaviorMonitoring","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"To best protect your PC, Windows Defender will send information to Microsoft about any problems it finds. Microsoft will analyze that information, learn more about problems affecting you and other customers, and offer improved solutions. (0: disable feature. 1: enable feature)","Name":"AllowCloudProtection","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Allows or disallows Network Protection to enable datagram processing on Windows Server. (0: disable feature. 1: enable feature)","Name":"AllowDatagramProcessingOnWinServer","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Allows or disallows scanning of email. (0: disable feature. 1: enable feature)","Name":"AllowEmailScanning","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Allows or disallows a full scan of mapped network drives. (0: disable feature. 1: enable feature)","Name":"AllowFullScanOnMappedNetworkDrives","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Allows or disallows a full scan of removable drives. During a quick scan, removable drives may still be scanned. (0: disable feature. 1: enable feature)","Name":"AllowFullScanRemovableDriveScanning","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"https://github.com/MicrosoftDocs/memdocs/issues/2250 (0: disable feature. 1: enable feature)","Name":"AllowIntrusionPreventionSystem","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Allows or disallows Windows Defender IOAVP Protection functionality. (0: disable feature. 1: enable feature)","Name":"AllowIOAVProtection","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Allows or disallows Network Protection to be configured into block or audit mode on windows downlevel of RS3. (0: disable feature. 1: enable feature)","Name":"AllowNetworkProtectionDownLevel","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Allows or disallows Windows Defender real-time Monitoring functionality. (0: disable feature. 1: enable feature)","Name":"AllowRealtimeMonitoring","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Allows or disallows a scanning of network files. (0: disable feature. 1: enable feature)","Name":"AllowScanningNetworkFiles","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Allows or disallows Windows Defender Script Scanning functionality. (0: disable feature. 1: enable feature)","Name":"AllowScriptScanning","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Allows or disallows user access to the Windows Defender UI. I disallowed, all Windows Defender notifications will also be suppressed. (0: Prevents users from accessing UI. 1: Lets users access UI)","Name":"AllowUserUIAccess","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"sInt32","Description":"Represents the average CPU load factor for the Windows Defender scan (in percent).","Name":"AvgCPULoadFactor","Option":"Write"},{"CIMType":"sInt32","Description":"Specify the maximum folder depth to extract from archive files for scanning.","Name":"ArchiveMaxDepth","Option":"Write"},{"CIMType":"sInt32","Description":"Specify the maximum size, in KB, of archive files to be extracted and scanned.","Name":"ArchiveMaxSize","Option":"Write"},{"CIMType":"String","Description":"This policy setting allows you to manage whether a check for new virus and spyware definitions will occur before running a scan. (0: disable feature. 1: enable feature)","Name":"CheckForSignaturesBeforeRunningScan","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"This policy setting determines how aggressive Microsoft Defender Antivirus will be in blocking and scanning suspicious files. Value type is integer.(0: Default windows defender blocking level, 2: High blocking level, 4:High+ blocking level, 6:Zero tolerance blocking level)","Name":"CloudBlockLevel","Option":"Write","ValueMap":["0","2","4","6"],"Values":["0","2","4","6"]},{"CIMType":"sInt32","Description":"This feature allows Microsoft Defender Antivirus to block a suspicious file for up to 60 seconds, and scan it in the cloud to make sure it's safe. Value type is integer, range is 0 - 50.","Name":"CloudExtendedTimeout","Option":"Write"},{"CIMType":"sInt32","Description":"Time period (in days) that quarantine items will be stored on the system.","Name":"DaysToRetainCleanedMalware","Option":"Write"},{"CIMType":"String","Description":"This policy setting allows you to configure catch-up scans for scheduled full scans.  (1: disabled, 0: enabled)","Name":"DisableCatchupFullScan","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"This policy setting allows you to configure catch-up scans for scheduled quick scans.  (1: disabled, 0: enabled)","Name":"DisableCatchupQuickScan","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String[]","Description":"Disable Core Service ECS Integration.  (0: disabled, 1: enabled)","Name":"DisableCoreServiceECSIntegration","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String[]","Description":"Disable Core Service Telemetry.  (1: disabled, 0: enabled)","Name":"DisableCoreServiceTelemetry","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Disables or enables DNS over TCP Parsing for Network Protection. (0: enable feature. 1: disable feature)","Name":"DisableDnsOverTcpParsing","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Disables or enables HTTP Parsing for Network Protection. (0: enable feature. 1: disable feature)","Name":"DisableHttpParsing","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Disable Ssh Parsing (1: SSH parsing is disabled, 0: SSH parsing is enabled)","Name":"DisableSshParsing","Option":"Write","ValueMap":["1","0"],"Values":["1","0"]},{"CIMType":"String","Description":"This policy setting allows you to enable or disable low CPU priority for scheduled scans. (0: disable feature. 1: enable feature)","Name":"EnableLowCPUPriority","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"This policy allows you to turn on network protection (block/audit) or off. (0: disabled, 1: block mode, 2: audit mode)","Name":"EnableNetworkProtection","Option":"Write","ValueMap":["0","1","2"],"Values":["0","1","2"]},{"CIMType":"String[]","Description":"Allows an administrator to specify a list of file type extensions to ignore during a scan.","Name":"ExcludedExtensions","Option":"Write"},{"CIMType":"String[]","Description":"Allows an administrator to specify a list of directory paths to ignore during a scan.","Name":"ExcludedPaths","Option":"Write"},{"CIMType":"String[]","Description":"Allows an administrator to specify a list of files opened by processes to ignore during a scan.","Name":"ExcludedProcesses","Option":"Write"},{"CIMType":"String","Description":"Specifies the level of detection for potentially unwanted applications (PUAs). (0: disabled, 1: block mode, 2: audit mode)","Name":"PUAProtection","Option":"Write","ValueMap":["0","1","2"],"Values":["0","1","2"]},{"CIMType":"String","Description":"Enable this policy to specify when devices receive Microsoft Defender engine updates during the monthly gradual rollout. (0: Not configured, 2: Beta Channel, 3: Current Channel (Preview), 4: Current Channel (Staged), 5: Current Channel (Broad), 6: Critical)","Name":"EngineUpdatesChannel","Option":"Write","ValueMap":["0","2","3","4","5","6"],"Values":["0","2","3","4","5","6"]},{"CIMType":"String","Description":"Allow managed devices to update through metered connections. (0: disabled, 1: enabled)","Name":"MeteredConnectionUpdates","Option":"Write"},{"CIMType":"String","Description":"Enable this policy to specify when devices receive Microsoft Defender platform updates during the monthly gradual rollout. (0: Not configured, 2: Beta Channel, 3: Current Channel (Preview), 4: Current Channel (Staged), 5: Current Channel (Broad), 6: Critical)","Name":"PlatformUpdatesChannel","Option":"Write","ValueMap":["0","2","3","4","5","6"],"Values":["0","2","3","4","5","6"]},{"CIMType":"String","Description":"Enable this policy to specify when devices receive Microsoft Defender security intelligence updates during the daily gradual rollout. (0: Not configured, 4: Current Channel (Staged), 5: Current Channel (Broad))","Name":"SecurityIntelligenceUpdatesChannel","Option":"Write","ValueMap":["0","4","5"],"Values":["0","4","5"]},{"CIMType":"String","Description":"Controls which sets of files should be monitored. (0: Monitor all files (bi-directional), 1: Monitor incoming files, 2: Monitor outgoing files)","Name":"RealTimeScanDirection","Option":"Write","ValueMap":["0","1","2"],"Values":["0","1","2"]},{"CIMType":"String","Description":"Selects whether to perform a quick scan or full scan. (1: Quick scan, 2: Full scan)","Name":"ScanParameter","Option":"Write","ValueMap":["1","2"],"Values":["1","2"]},{"CIMType":"sInt32","Description":"Selects the time of day that the Windows Defender quick scan should run.","Name":"ScheduleQuickScanTime","Option":"Write"},{"CIMType":"String","Description":"Selects the day that the Windows Defender scan should run. (0: Every day, 1: Sunday, 2: Monday, 3: Tuesday, 4: Wednesday, 5: Thursday, 6: Friday, 7: Saturday, 8: No scheduled scan)","Name":"ScheduleScanDay","Option":"Write","ValueMap":["0","1","2","3","4","5","6","7","8"],"Values":["0","1","2","3","4","5","6","7","8"]},{"CIMType":"sInt32","Description":"Selects the time of day that the Windows Defender scan should run. Must be between 0 and 1380 minutes.","Name":"ScheduleScanTime","Option":"Write"},{"CIMType":"String","Description":"This setting disables TLS Parsing for Network Protection. (0: enabled, 1: disabled)","Name":"DisableTlsParsing","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Specifies if the start time of the scan is randomized. (0: no randomization, 1: randomized)","Name":"RandomizeScheduleTaskTimes","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"sInt32","Description":"This setting allows you to configure the scheduler randomization in hours. The randomization interval is [1 - 23] hours.","Name":"SchedulerRandomizationTime","Option":"Write"},{"CIMType":"String[]","Description":"This policy setting allows you to define the order in which different definition update sources should be contacted.","Name":"SignatureUpdateFallbackOrder","Option":"Write"},{"CIMType":"String[]","Description":"This policy setting allows you to configure UNC file share sources for downloading definition updates.","Name":"SignatureUpdateFileSharesSources","Option":"Write"},{"CIMType":"sInt32","Description":"Specifies the interval (in hours) that will be used to check for signatures, so instead of using the ScheduleDay and ScheduleTime the check for new signatures will be set according to the interval. Must be between 0 and 24 hours.","Name":"SignatureUpdateInterval","Option":"Write"},{"CIMType":"String","Description":"Checks for the user consent level in Windows Defender to send data. (0: Always prompt, 1: Send safe samples automatically, 2: Never send, 3: Send all samples automatically)","Name":"SubmitSamplesConsent","Option":"Write","ValueMap":["0","1","2","3"],"Values":["0","1","2","3"]},{"CIMType":"String","Description":"This policy setting controls whether or not complex list settings configured by a local administrator are merged with managed settings. (0: enable local admin merge, 1: disable local admin merge)","Name":"DisableLocalAdminMerge","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Allows or disallows Windows Defender On Access Protection functionality. (0: disable feature. 1: enable feature)","Name":"AllowOnAccessProtection","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Allows an administrator to specify low severity threats corresponding action ID to take.","Name":"LowSeverityThreats","Option":"Write","ValueMap":["clean","quarantine","remove","allow","userdefined","block"],"Values":["clean","quarantine","remove","allow","userdefined","block"]},{"CIMType":"String","Description":"Allows an administrator to specify moderate severity threats corresponding action ID to take.","Name":"ModerateSeverityThreats","Option":"Write","ValueMap":["clean","quarantine","remove","allow","userdefined","block"],"Values":["clean","quarantine","remove","allow","userdefined","block"]},{"CIMType":"String","Description":"Allows an administrator to specify high severity threats corresponding action ID to take.","Name":"SevereThreats","Option":"Write","ValueMap":["clean","quarantine","remove","allow","userdefined","block"],"Values":["clean","quarantine","remove","allow","userdefined","block"]},{"CIMType":"String","Description":"Allows an administrator to specify severe threats corresponding action ID to take.","Name":"HighSeverityThreats","Option":"Write","ValueMap":["clean","quarantine","remove","allow","userdefined","block"],"Values":["clean","quarantine","remove","allow","userdefined","block"]},{"CIMType":"String","Description":"Template Id of the policy. 0: Windows Security Experience, 1: Defender Update controls, 2: Microsoft Defender Antivirus exclusions, 3: Microsoft Defender Antivirus","Name":"TemplateId","Option":"Write","ValueMap":["d948ff9b-99cb-4ee0-8012-1fbc09685377_1","e3f74c5a-a6de-411d-aef6-eb15628f3a0a_1","45fea5e9-280d-4da1-9792-fb5736da0ca9_1","804339ad-1553-4478-a742-138fb5807418_1"],"Values":["d948ff9b-99cb-4ee0-8012-1fbc09685377_1","e3f74c5a-a6de-411d-aef6-eb15628f3a0a_1","45fea5e9-280d-4da1-9792-fb5736da0ca9_1","804339ad-1553-4478-a742-138fb5807418_1"]},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Intune Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Name of the Azure Active Directory tenant used for authentication. Format contoso.onmicrosoft.com","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures an Intune Endpoint Protection Antivirus policy for a Windows 10 Device.\nThis policy setting enables the management of Microsoft Defender Antivirus for Windows 10 using the settings catalog."},{"ClassName":"MSFT_IntuneAppAndBrowserIsolationPolicyWindows10","Parameters":[{"CIMType":"String","Description":"Policy description","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Policy name","Name":"DisplayName","Option":"Key"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"SInt32","Description":"Turn on Microsoft Defender Application Guard (0: Disable Microsoft Defender Application Guard, 1: Enable Microsoft Defender Application Guard for Microsoft Edge ONLY, 2: Enable Microsoft Defender Application Guard for isolated Windows environments ONLY, 3: Enable Microsoft Defender Application Guard for Microsoft Edge AND isolated Windows environments)","Name":"AllowWindowsDefenderApplicationGuard","Option":"Write","ValueMap":[0,1,2,3],"Values":[0,1,2,3]},{"CIMType":"SInt32","Description":"Clipboard behavior settings (0: Completely turns Off the clipboard functionality for the Application Guard., 1: Turns On clipboard operation from an isolated session to the host., 2: Turns On clipboard operation from the host to an isolated session., 3: Turns On clipboard operation in both the directions.)","Name":"ClipboardSettings","Option":"Write","ValueMap":[0,1,2,3],"Values":[0,1,2,3]},{"CIMType":"SInt32","Description":"Allow files to download and save to the host operating system (0: The user cannot download files from Edge in the container to the host file system. When the policy is not configured, it is the same as disabled (0)., 1: Turns on the functionality to allow users to download files from Edge in the container to the host file system.)","Name":"SaveFilesToHost","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"String","Description":"Install Windows defender application guard (install: Install)","Name":"InstallWindowsDefenderApplicationGuard","Option":"Write","ValueMap":["install"],"Values":["install"]},{"CIMType":"SInt32","Description":"Clipboard content options (1: Allow text copying., 2: Allow image copying., 3: Allow text and image copying.)","Name":"ClipboardFileType","Option":"Write","ValueMap":[1,2,3],"Values":[1,2,3]},{"CIMType":"SInt32","Description":"Allow data persistence (0: Application Guard discards user-downloaded files and other items (such as, cookies, Favorites, and so on) during machine restart or user log-off., 1: Application Guard saves user-downloaded files and other items (such as, cookies, Favorites, and so on) for use in future Application Guard sessions.)","Name":"AllowPersistence","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow hardware-accelerated rendering (0: Cannot access the vGPU and uses the CPU to support rendering graphics. When the policy is not configured, it is the same as disabled (0)., 1: Turns on the functionality to access the vGPU offloading graphics rendering from the CPU. This can create a faster experience when working with graphics intense websites or watching video within the container.)","Name":"AllowVirtualGPU","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32[]","Description":"Print Settings (0: Disables all print functionality., 1: Enables only XPS printing., 2: Enables only PDF printing., 4: Enables only local printing., 8: Enables only network printing.)","Name":"PrintingSettings","Option":"Write","ValueMap":[0,1,2,4,8],"Values":[0,1,2,4,8]},{"CIMType":"SInt32","Description":"Allow camera and microphone access (0: Microsoft Defender Application Guard cannot access the device's camera and microphone. When the policy is not configured, it is the same as disabled (0)., 1: Turns on the functionality to allow Microsoft Defender Application Guard to access the device's camera and microphone.)","Name":"AllowCameraMicrophoneRedirection","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Audit Application Guard (0: Audit event logs aren't collected for Application Guard., 1: Application Guard inherits its auditing policies from system and starts to audit security events for Application Guard container.)","Name":"AuditApplicationGuard","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"String[]","Description":"Certificate Thumbprints","Name":"CertificateThumbprints","Option":"Write"},{"CIMType":"String[]","Description":"Enterprise IP Range","Name":"EnterpriseIPRange","Option":"Write"},{"CIMType":"String[]","Description":"Enterprise Cloud Resources","Name":"EnterpriseCloudResources","Option":"Write"},{"CIMType":"String[]","Description":"Enterprise Network Domain Names","Name":"EnterpriseNetworkDomainNames","Option":"Write"},{"CIMType":"String[]","Description":"Enterprise Proxy Servers","Name":"EnterpriseProxyServers","Option":"Write"},{"CIMType":"String[]","Description":"Enterprise Internal Proxy Servers","Name":"EnterpriseInternalProxyServers","Option":"Write"},{"CIMType":"String[]","Description":"Neutral Resources","Name":"NeutralResources","Option":"Write"},{"CIMType":"SInt32","Description":"Enterprise Proxy Servers Are Authoritative (1: Enable, 0: Disable)","Name":"EnterpriseProxyServersAreAuthoritative","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Enterprise IP Ranges Are Authoritative (1: Enable, 0: Disable)","Name":"EnterpriseIPRangesAreAuthoritative","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune App And Browser Isolation Policy for Windows10"},{"ClassName":"MSFT_IntuneAppAndBrowserIsolationPolicyWindows10ConfigMgr","Parameters":[{"CIMType":"String","Description":"Policy description","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Policy name","Name":"DisplayName","Option":"Key"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"SInt32","Description":"Turn on Microsoft Defender Application Guard (0: Disable Microsoft Defender Application Guard, 1: Enable Microsoft Defender Application Guard for Microsoft Edge ONLY, 2: Enable Microsoft Defender Application Guard for isolated Windows environments ONLY, 3: Enable Microsoft Defender Application Guard for Microsoft Edge AND isolated Windows environments)","Name":"AllowWindowsDefenderApplicationGuard","Option":"Write","ValueMap":[0,1,2,3],"Values":[0,1,2,3]},{"CIMType":"SInt32","Description":"Clipboard behavior settings (0: Completely turns Off the clipboard functionality for the Application Guard., 1: Turns On clipboard operation from an isolated session to the host., 2: Turns On clipboard operation from the host to an isolated session., 3: Turns On clipboard operation in both the directions.)","Name":"ClipboardSettings","Option":"Write","ValueMap":[0,1,2,3],"Values":[0,1,2,3]},{"CIMType":"SInt32","Description":"Allow files to download and save to the host operating system (0: The user cannot download files from Edge in the container to the host file system. When the policy is not configured, it is the same as disabled (0)., 1: Turns on the functionality to allow users to download files from Edge in the container to the host file system.)","Name":"SaveFilesToHost","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"String","Description":"Install Windows defender application guard (install: Install). Required if AllowWindowsDefenderApplicationGuard is not set to 0.","Name":"InstallWindowsDefenderApplicationGuard","Option":"Write","ValueMap":["install"],"Values":["install"]},{"CIMType":"SInt32","Description":"Clipboard content options (1: Allow text copying., 2: Allow image copying., 3: Allow text and image copying.)","Name":"ClipboardFileType","Option":"Write","ValueMap":[1,2,3],"Values":[1,2,3]},{"CIMType":"SInt32","Description":"Allow data persistence (0: Application Guard discards user-downloaded files and other items (such as, cookies, Favorites, and so on) during machine restart or user log-off., 1: Application Guard saves user-downloaded files and other items (such as, cookies, Favorites, and so on) for use in future Application Guard sessions.)","Name":"AllowPersistence","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow hardware-accelerated rendering (0: Cannot access the vGPU and uses the CPU to support rendering graphics. When the policy is not configured, it is the same as disabled (0)., 1: Turns on the functionality to access the vGPU offloading graphics rendering from the CPU. This can create a faster experience when working with graphics intense websites or watching video within the container.)","Name":"AllowVirtualGPU","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32[]","Description":"Print Settings (0: Disables all print functionality., 1: Enables only XPS printing., 2: Enables only PDF printing., 4: Enables only local printing., 8: Enables only network printing.)","Name":"PrintingSettings","Option":"Write","ValueMap":[0,1,2,4,8],"Values":[0,1,2,4,8]},{"CIMType":"SInt32","Description":"Allow camera and microphone access (0: Microsoft Defender Application Guard cannot access the device's camera and microphone. When the policy is not configured, it is the same as disabled (0)., 1: Turns on the functionality to allow Microsoft Defender Application Guard to access the device's camera and microphone.)","Name":"AllowCameraMicrophoneRedirection","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Audit Application Guard (0: Audit event logs aren't collected for Application Guard., 1: Application Guard inherits its auditing policies from system and starts to audit security events for Application Guard container.)","Name":"AuditApplicationGuard","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"String[]","Description":"Certificate Thumbprints","Name":"CertificateThumbprints","Option":"Write"},{"CIMType":"String[]","Description":"Enterprise IP Range","Name":"EnterpriseIPRange","Option":"Write"},{"CIMType":"String[]","Description":"Enterprise Cloud Resources","Name":"EnterpriseCloudResources","Option":"Write"},{"CIMType":"String[]","Description":"Enterprise Network Domain Names","Name":"EnterpriseNetworkDomainNames","Option":"Write"},{"CIMType":"String[]","Description":"Enterprise Proxy Servers","Name":"EnterpriseProxyServers","Option":"Write"},{"CIMType":"String[]","Description":"Enterprise Internal Proxy Servers","Name":"EnterpriseInternalProxyServers","Option":"Write"},{"CIMType":"String[]","Description":"Neutral Resources","Name":"NeutralResources","Option":"Write"},{"CIMType":"SInt32","Description":"Enterprise Proxy Servers Are Authoritative (1: Enable, 0: Disable)","Name":"EnterpriseProxyServersAreAuthoritative","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Enterprise IP Ranges Are Authoritative (1: Enable, 0: Disable)","Name":"EnterpriseIPRangesAreAuthoritative","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune App And Browser Isolation Policy for Windows10 Config Mgr"},{"ClassName":"MSFT_IntuneAppCategory","Parameters":[{"CIMType":"String","Description":"The name of the app.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"string","Description":"Present ensures the instance exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Configures a resource for navigation property for Intune mobile app categories. Default app categories cannot be renamed."},{"ClassName":"MSFT_MicrosoftGraphAndroidPermissionAction","Parameters":[{"CIMType":"String","Description":"Type of Android permission action. Possible values are: prompt, autoGrant, autoDeny.","Name":"Action","Option":"Write","ValueMap":["prompt","autoGrant","autoDeny"],"Values":["prompt","autoGrant","autoDeny"]},{"CIMType":"String","Description":"Android permission string, defined in the official Android documentation.  Example 'android.permission.READ_CONTACTS'.","Name":"Permission","Option":"Key"}],"Description":"Intune App Configuration Device Policy.\n\nPlease note: A policy can only contain settings of its platform type and the platform type cannot be changed after creation."},{"ClassName":"MSFT_MicrosoftGraphAppConfigurationSettingItem","Parameters":[{"CIMType":"String","Description":"app configuration key.","Name":"AppConfigKey","Option":"Key"},{"CIMType":"String","Description":"app configuration key type. Possible values are: stringType, integerType, realType, booleanType, tokenType.","Name":"AppConfigKeyType","Option":"Key","ValueMap":["stringType","integerType","realType","booleanType","tokenType"],"Values":["stringType","integerType","realType","booleanType","tokenType"]},{"CIMType":"String","Description":"app configuration key value.","Name":"AppConfigKeyValue","Option":"Write"}],"Description":"Intune App Configuration Device Policy.\n\nPlease note: A policy can only contain settings of its platform type and the platform type cannot be changed after creation."},{"ClassName":"MSFT_IntuneAppConfigurationDevicePolicy","Parameters":[{"CIMType":"Boolean","Description":"Setting to specify whether to allow ConnectedApps experience for this Android app.","Name":"ConnectedAppsEnabled","Option":"Write"},{"CIMType":"String","Description":"Android Enterprise app configuration package id.","Name":"PackageId","Option":"Write"},{"CIMType":"String","Description":"Android Enterprise app configuration JSON payload.","Name":"PayloadJson","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphandroidPermissionAction[]","Description":"List of Android app permissions and corresponding permission actions.","Name":"PermissionActions","Option":"Write"},{"CIMType":"String","Description":"Android Enterprise profile applicability (AndroidWorkProfile, DeviceOwner, or default (applies to both)). Possible values are: default, androidWorkProfile, androidDeviceOwner.","Name":"ProfileApplicability","Option":"Write","ValueMap":["default","androidWorkProfile","androidDeviceOwner"],"Values":["default","androidWorkProfile","androidDeviceOwner"]},{"CIMType":"String","Description":"Mdm iOS app configuration Base64 binary. Must not be an empty string if specified.","Name":"EncodedSettingXml","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphappConfigurationSettingItem[]","Description":"iOS app configuration setting items. Must not be an empty collection if specified.","Name":"Settings","Option":"Write"},{"CIMType":"String","Description":"Admin provided description of the Device Configuration.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Admin provided name of the device configuration.","Name":"DisplayName","Option":"Required"},{"CIMType":"String[]","Description":"List of Scope Tags for this App configuration entity.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"String[]","Description":"The associated app.","Name":"TargetedMobileApps","Option":"Write"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Key"},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune App Configuration Device Policy.\n\nPlease note: A policy can only contain settings of its platform type and the platform type cannot be changed after creation."},{"ClassName":"MSFT_IntuneAppConfigurationPolicyCustomSetting","Parameters":[{"CIMType":"String","Description":"Name of the custom setting.","Name":"name","Option":"Write"},{"CIMType":"String","Description":"Value of the custom setting.","Name":"value","Option":"Write"}],"Description":"This resource configures the Intune App configuration policies."},{"ClassName":"MSFT_managedMobileApp","Parameters":[{"CIMType":"String","Description":"Key of the entity.","Name":"id","Option":"Key"},{"CIMType":"MSFT_AppIdentifier","Description":"The identifier for an app with it's operating system type.","Name":"mobileAppIdentifier","Option":"Write"}],"Description":"This resource configures the Intune App configuration policies."},{"ClassName":"MSFT_AppIdentifier","Parameters":[{"CIMType":"String","Description":"AppId iOS.","Name":"bundleID","Option":"Write"},{"CIMType":"String","Description":"AppId Android.","Name":"packageID","Option":"Write"},{"CIMType":"String","Description":"AppId Windows.","Name":"windowsAppId","Option":"Write"}],"Description":"This resource configures the Intune App configuration policies."},{"ClassName":"MSFT_IntuneAppConfigurationPolicy","Parameters":[{"CIMType":"String","Description":"Key of the entity. Read-Only.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"Display name of the app configuration policy.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"Description of the app configuration policy.","Name":"Description","Option":"Write"},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Assignments of the Intune Policy.","Name":"Assignments","Option":"Write"},{"CIMType":"MSFT_IntuneAppConfigurationPolicyCustomSetting[]","Description":"Custom settings for the app configuration policy.","Name":"CustomSettings","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Intune Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"roleScopeTagIds","Option":"Write"},{"CIMType":"String","Description":"The intended app management levels for this policy.","Name":"targetedAppManagementLevels","Option":"Write","ValueMap":["unspecified","unmanaged","mdm","androidEnterprise","androidEnterpriseDedicatedDevicesWithAzureAdSharedMode","androidOpenSourceProjectUserAssociated","androidOpenSourceProjectUserless","unknownFutureValue"],"Values":["unspecified","unmanaged","mdm","androidEnterprise","androidEnterpriseDedicatedDevicesWithAzureAdSharedMode","androidOpenSourceProjectUserAssociated","androidOpenSourceProjectUserless","unknownFutureValue"]},{"CIMType":"String","Description":"Public Apps selection: group or individual.","Name":"appGroupType","Option":"Write","ValueMap":["selectedPublicApps","allCoreMicrosoftApps","allMicrosoftApps","allApps"],"Values":["selectedPublicApps","allCoreMicrosoftApps","allMicrosoftApps","allApps"]},{"CIMType":"MSFT_managedMobileApp[]","Description":"List of apps to which the policy is deployed.","Name":"Apps","Option":"Write"}],"Description":"This resource configures the Intune App configuration policies."},{"ClassName":"MSFT_IntuneAppControlForBusinessPolicyWindows10","Parameters":[{"CIMType":"String","Description":"Policy description","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Policy name","Name":"DisplayName","Option":"Key"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"SInt32","Description":"Configuration settings format (0: Enter xml data, 1: Use built-in controls)","Name":"ConfigureApplicationControlOptions","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"String","Description":"The XML file content of the policy - Depends on ConfigureApplicationControlOptions. Can only be applied if 'ConfigureApplicationControlOptions' is set to '0'.","Name":"Enter_path_of_xml_data","Option":"Write"},{"CIMType":"SInt32[]","Description":"Select additional rules for trusting apps. Can only be applied if 'ConfigureApplicationControlOptions' is set to '1'. Allowed values: (1: Trust apps with good reputation, 2: Trust apps from managed installers)","Name":"ConfigureApplicationControlSelectAdditionalRulesForTrustingApps","Option":"Write","ValueMap":[1,2],"Values":[1,2]},{"CIMType":"SInt32","Description":"Enable App Control for Business policy to trust Windows components and Store apps. Can only be applied if 'ConfigureApplicationControlOptions' is set to '1'. Allowed values: (0: Enforce, 1: Audit only)","Name":"ConfigureApplicationControlEnableAppControlPolicy","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune App Control For Business Policy for Windows10"},{"ClassName":"MSFT_IntuneAppleMDMPushNotificationCertificate","Parameters":[{"CIMType":"String","Description":"The name of the Apple Identifier.","Name":"AppleIdentifier","Option":"Key"},{"CIMType":"String","Description":"The Apple Push notification certificate.","Name":"Certificate","Option":"Write"},{"CIMType":"Boolean","Description":"The boolean indicating DataSharing Conset agreement granted or not between Intune and Apple.","Name":"DataSharingConsetGranted","Option":"Write"},{"CIMType":"string","Description":"Present ensures the instance exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Configures a resource for Apple MDM Push notification certificate used for device enrollment."},{"ClassName":"MSFT_IntuneApplicationControlPolicyWindows10","Parameters":[{"CIMType":"String","Description":"Display name of the endpoint protection application control policy for Windows 10.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"Description of the endpoint protection application control policy for Windows 10.","Name":"Description","Option":"Write"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Assignments of the Intune Policy.","Name":"Assignments","Option":"Write"},{"CIMType":"String","Description":"App locker application control mode","Name":"AppLockerApplicationControl","Option":"Write","ValueMap":["notConfigured","enforceComponentsAndStoreApps","auditComponentsAndStoreApps","enforceComponentsStoreAppsAndSmartlocker","auditComponentsStoreAppsAndSmartlocker"],"Values":["notConfigured","enforceComponentsAndStoreApps","auditComponentsAndStoreApps","enforceComponentsStoreAppsAndSmartlocker","auditComponentsStoreAppsAndSmartlocker"]},{"CIMType":"Boolean","Description":"Indicates whether or not SmartScreen will not present an option for the user to disregard the warning and run the app.","Name":"SmartScreenBlockOverrideForFiles","Option":"Write"},{"CIMType":"Boolean","Description":"Enforce the use of SmartScreen for all users.","Name":"SmartScreenEnableInshell","Option":"Write"},{"CIMType":"string","Description":"Present ensures the site collection exists, absent ensures it is removed","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Intune Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Name of the Azure Active Directory tenant used for authentication. Format contoso.onmicrosoft.com","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures a Intune Endpoint Protection Application Control policy for an Windows 10 Device."},{"ClassName":"MSFT_IntuneAppProtectionPolicyAndroid","Parameters":[{"CIMType":"String","Description":"Display name of the Android App Protection Policy.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"Description of the Android App Protection Policy.","Name":"Description","Option":"Write"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"string[]","Description":"List of allowed Android device models.","Name":"AllowedAndroidDeviceModels","Option":"Write"},{"CIMType":"uint32","Description":"Maximum length of outbound clipboard sharing exceptions.","Name":"AllowedOutboundClipboardSharingExceptionLength","Option":"Write"},{"CIMType":"boolean","Description":"Indicates whether biometric authentication is blocked.","Name":"BiometricAuthenticationBlocked","Option":"Write"},{"CIMType":"uint32","Description":"Number of days to block access after a company portal update deferral.","Name":"BlockAfterCompanyPortalUpdateDeferralInDays","Option":"Write"},{"CIMType":"boolean","Description":"Indicates whether data ingestion into organization documents is blocked.","Name":"BlockDataIngestionIntoOrganizationDocuments","Option":"Write"},{"CIMType":"boolean","Description":"Indicates whether to connect to VPN on launch.","Name":"ConnectToVpnOnLaunch","Option":"Write"},{"CIMType":"string","Description":"Display name of the custom dialer app.","Name":"CustomDialerAppDisplayName","Option":"Write"},{"CIMType":"string","Description":"Package ID of the custom dialer app.","Name":"CustomDialerAppPackageId","Option":"Write"},{"CIMType":"boolean","Description":"Indicates whether device lock is required.","Name":"DeviceLockRequired","Option":"Write"},{"CIMType":"boolean","Description":"Indicates whether fingerprint and biometric authentication are enabled.","Name":"FingerprintAndBiometricEnabled","Option":"Write"},{"CIMType":"boolean","Description":"Indicates whether keyboards are restricted.","Name":"KeyboardsRestricted","Option":"Write"},{"CIMType":"string","Description":"Display name of the messaging redirect app.","Name":"MessagingRedirectAppDisplayName","Option":"Write"},{"CIMType":"string","Description":"Package ID of the messaging redirect app.","Name":"MessagingRedirectAppPackageId","Option":"Write"},{"CIMType":"string","Description":"Minimum required patch version for wipe.","Name":"MinimumWipePatchVersion","Option":"Write"},{"CIMType":"uint32","Description":"Number of previous PIN block counts.","Name":"PreviousPinBlockCount","Option":"Write"},{"CIMType":"uint32","Description":"Number of days to warn after a company portal update deferral.","Name":"WarnAfterCompanyPortalUpdateDeferralInDays","Option":"Write"},{"CIMType":"uint32","Description":"Number of days to wipe after a company portal update deferral.","Name":"WipeAfterCompanyPortalUpdateDeferralInDays","Option":"Write"},{"CIMType":"String[]","Description":"Sources from which data is allowed to be transferred.","Name":"Alloweddataingestionlocations","Option":"Write"},{"CIMType":"String","Description":"Defines a managed app behavior, either block or wipe, if the specified device manufacturer is not allowed.","Name":"AppActionIfAndroidDeviceManufacturerNotAllowed","Option":"Write","ValueMap":["block","wipe","warn","blockWhenSettingIsSupported"],"Values":["block","wipe","warn","blockWhenSettingIsSupported"]},{"CIMType":"String","Description":"Defines a managed app behavior, either block or wipe, if the specified device model is not allowed.","Name":"AppActionIfAndroidDeviceModelNotAllowed","Option":"Write","ValueMap":["block","wipe","warn","blockWhenSettingIsSupported"],"Values":["block","wipe","warn","blockWhenSettingIsSupported"]},{"CIMType":"String","Description":"Defines a managed app behavior, either warn or block, if the specified Android App Verification requirement fails.","Name":"AppActionIfAndroidSafetyNetAppsVerificationFailed","Option":"Write","ValueMap":["block","wipe","warn","blockWhenSettingIsSupported"],"Values":["block","wipe","warn","blockWhenSettingIsSupported"]},{"CIMType":"String","Description":"Defines a managed app behavior, either warn or block, if the specified Android SafetyNet Attestation requirement fails.","Name":"AppActionIfAndroidSafetyNetDeviceAttestationFailed","Option":"Write","ValueMap":["block","wipe","warn","blockWhenSettingIsSupported"],"Values":["block","wipe","warn","blockWhenSettingIsSupported"]},{"CIMType":"String","Description":"Defines a managed app behavior, either block or wipe, when the device is either rooted or jailbroken, if DeviceComplianceRequired is set to true.","Name":"AppActionIfDeviceComplianceRequired","Option":"Write","ValueMap":["block","wipe","warn","blockWhenSettingIsSupported"],"Values":["block","wipe","warn","blockWhenSettingIsSupported"]},{"CIMType":"String","Description":"Defines a managed app behavior, either warn, block, or wipe, if the screen lock is required on an Android device but is not set.","Name":"AppActionIfDeviceLockNotSet","Option":"Write","ValueMap":["block","wipe","warn","blockWhenSettingIsSupported"],"Values":["block","wipe","warn","blockWhenSettingIsSupported"]},{"CIMType":"String","Description":"Defines a managed app behavior, either block or wipe, based on the maximum number of incorrect pin retry attempts.","Name":"AppActionIfMaximumPinRetriesExceeded","Option":"Write","ValueMap":["block","wipe","warn","blockWhenSettingIsSupported"],"Values":["block","wipe","warn","blockWhenSettingIsSupported"]},{"CIMType":"String","Description":"Specifies what action to take in the case where the user is unable to check in because their authentication token is invalid, such as when the user is deleted or disabled in Azure AD.","Name":"appActionIfUnableToAuthenticateUser","Option":"Write","ValueMap":["block","wipe","warn","blockWhenSettingIsSupported"],"Values":["block","wipe","warn","BlockWhenSettingIsSupported"]},{"CIMType":"String","Description":"Determines what action to take if the mobile threat defense threat threshold isn't met. Warn isn't a supported value for this property.","Name":"MobileThreatDefenseRemediationAction","Option":"Write","ValueMap":["block","wipe","warn","blockWhenSettingIsSupported"],"Values":["block","wipe","warn","blockWhenSettingIsSupported"]},{"CIMType":"String","Description":"The classes of dialer apps that are allowed to click-to-open a phone number. Inherited from managedAppProtection.","Name":"DialerRestrictionLevel","Option":"Write","ValueMap":["allApps","managedApps","customApp","blocked"],"Values":["allApps","managedApps","customApp","blocked"]},{"CIMType":"String","Description":"Maximum allowed device threat level, as reported by the MTD app. Inherited from managedAppProtection.","Name":"MaximumAllowedDeviceThreatLevel","Option":"Write","ValueMap":["notConfigured","secured","low","medium","high"],"Values":["notConfigured","secured","low","medium","high"]},{"CIMType":"String","Description":"Specify app notification restriction. Inherited from managedAppProtection.","Name":"NotificationRestriction","Option":"Write","ValueMap":["allow","blockOrganizationalData","block"],"Values":["allow","blockOrganizationalData","block"]},{"CIMType":"String","Description":"Defines how app messaging redirection is protected by an App Protection Policy. Default is anyApp. Inherited from managedAppProtection.","Name":"ProtectedMessagingRedirectAppType","Option":"Write","ValueMap":["anyApp","anyManagedApp","specificApps","blocked"],"Values":["anyApp","anyManagedApp","specificApps","blocked"]},{"CIMType":"String","Description":"Defines the Android SafetyNet Apps Verification requirement for a managed app to work.","Name":"RequiredAndroidSafetyNetAppsVerificationType","Option":"Write","ValueMap":["none","enabled"],"Values":["none","enabled"]},{"CIMType":"String","Description":"Defines the Android SafetyNet Device Attestation requirement for a managed app to work.","Name":"RequiredAndroidSafetyNetDeviceAttestationType","Option":"Write","ValueMap":["none","basicIntegrity","basicIntegrityAndDeviceCertification"],"Values":["none","basicIntegrity","basicIntegrityAndDeviceCertification"]},{"CIMType":"String","Description":"Defines the Android SafetyNet evaluation type requirement for a managed app to work.","Name":"RequiredAndroidSafetyNetEvaluationType","Option":"Write","ValueMap":["basic","hardwareBacked"],"Values":["basic","hardwareBacked"]},{"CIMType":"String","Description":"The intended app management levels for this policy. Inherited from targetedManagedAppProtection.","Name":"TargetedAppManagementLevels","Option":"Write","ValueMap":["unspecified","unmanaged","mdm","androidEnterprise","androidEnterpriseDedicatedDevicesWithAzureAdSharedMode","androidOpenSourceProjectUserAssociated","androidOpenSourceProjectUserless","unknownFutureValue"],"Values":["unspecified","unmanaged","mdm","androidEnterprise","androidEnterpriseDedicatedDevicesWithAzureAdSharedMode","androidOpenSourceProjectUserAssociated","androidOpenSourceProjectUserless","unknownFutureValue"]},{"CIMType":"String[]","Description":"If Keyboard Restriction is enabled, only keyboards in this approved list will be allowed. A key should be Android package id for a keyboard and value should be a friendly name.","Name":"ApprovedKeyboards","Option":"Write"},{"CIMType":"String[]","Description":"App packages in this list will be exempt from the policy and will be able to receive data from managed apps.","Name":"ExemptedAppPackages","Option":"Write"},{"CIMType":"String","Description":"The period after which access is checked when the device is not connected to the internet. Must be an ISO8601 timespan format.","Name":"PeriodOfflineBeforeAccessCheck","Option":"Write"},{"CIMType":"String","Description":"The period after which access is checked when the device is connected to the internet. Must be an ISO8601 timespan format.","Name":"PeriodOnlineBeforeAccessCheck","Option":"Write"},{"CIMType":"String","Description":"Sources from which data is allowed to be transferred. Possible values are: allApps, managedApps, none.","Name":"AllowedInboundDataTransferSources","Option":"Write","ValueMap":["allApps","managedApps","none"],"Values":["allApps","managedApps","none"]},{"CIMType":"String","Description":"Destinations to which data is allowed to be transferred. Possible values are: allApps, managedApps, none.","Name":"AllowedOutboundDataTransferDestinations","Option":"Write","ValueMap":["allApps","managedApps","none"],"Values":["allApps","managedApps","none"]},{"CIMType":"Boolean","Description":"Indicates whether organizational credentials are required for app use.","Name":"OrganizationalCredentialsRequired","Option":"Write"},{"CIMType":"String","Description":"The level to which the clipboard may be shared between apps on the managed device. Possible values are: allApps, managedAppsWithPasteIn, managedApps, blocked.","Name":"AllowedOutboundClipboardSharingLevel","Option":"Write","ValueMap":["allApps","managedAppsWithPasteIn","managedApps","blocked"],"Values":["allApps","managedAppsWithPasteIn","managedApps","blocked"]},{"CIMType":"Boolean","Description":"Indicates whether the backup of a managed app's data is blocked.","Name":"DataBackupBlocked","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether device compliance is required.","Name":"DeviceComplianceRequired","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether internet links should be opened in the managed browser app, or any custom browser specified by CustomBrowserProtocol (for Android) or CustomBrowserPackageId/CustomBrowserDisplayName (for Android).","Name":"ManagedBrowserToOpenLinksRequired","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether users may use the Save As menu item to save a copy of protected files.","Name":"SaveAsBlocked","Option":"Write"},{"CIMType":"String","Description":"The amount of time an app is allowed to remain disconnected from the internet before all managed data it is wiped. Must be an ISO8601 timespan format.","Name":"PeriodOfflineBeforeWipeIsEnforced","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether an app-level pin is required.","Name":"PinRequired","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether use of the app pin is required if the device pin is set.","Name":"DisableAppPinIfDevicePinIsSet","Option":"write"},{"CIMType":"UInt32","Description":"Maximum number of incorrect pin retry attempts before the managed app is either blocked or wiped.","Name":"MaximumPinRetries","Option":"Write"},{"CIMType":"Boolean","Description":"Block simple PIN and require complex PIN to be set.","Name":"SimplePinBlocked","Option":"Write"},{"CIMType":"UInt32","Description":"Minimum pin length required for an app-level pin if PinRequired is set to True.","Name":"MinimumPinLength","Option":"Write"},{"CIMType":"String","Description":"Character set which may be used for an app-level pin if PinRequired is set to True. Possible values are: numeric, alphanumericAndSymbol.","Name":"PinCharacterSet","Option":"Write","ValueMap":["numeric","alphanumericAndSymbol"],"Values":["numeric","alphanumericAndSymbol"]},{"CIMType":"String[]","Description":"Data storage locations where a user may store managed data.","Name":"AllowedDataStorageLocations","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether contacts can be synced to the user's device.","Name":"ContactSyncBlocked","Option":"Write"},{"CIMType":"String","Description":"TimePeriod before the all-level pin must be reset if PinRequired is set to True. Must be an ISO8601 timespan format.","Name":"PeriodBeforePinReset","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether printing is allowed from managed apps.","Name":"PrintBlocked","Option":"Write"},{"CIMType":"Boolean","Description":"Require user to apply Class 3 Biometrics on their Android device.","Name":"RequireClass3Biometrics","Option":"Write"},{"CIMType":"Boolean","Description":"A PIN prompt will override biometric prompts if class 3 biometrics are updated on the device.","Name":"RequirePinAfterBiometricChange","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether use of the fingerprint reader is allowed in place of a pin if PinRequired is set to True.","Name":"FingerprintBlocked","Option":"Write"},{"CIMType":"String[]","Description":"List of IDs representing the Android apps controlled by this protection policy.","Name":"Apps","Option":"Write"},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Assignments of the Android Protection Policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Intune Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"ID of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"ID of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String","Description":"Indicates in which managed browser(s) that internet links should be opened. Used in conjunction with CustomBrowserPackageId, CustomBrowserDisplayName and ManagedBrowserToOpenLinksRequired. Possible values are: notConfigured, microsoftEdge.","Name":"ManagedBrowser","Option":"Write","ValueMap":["notConfigured","microsoftEdge"],"Values":["notConfigured","microsoftEdge"]},{"CIMType":"String","Description":"Versions less than the specified version will block the managed app from accessing company data.","Name":"MinimumRequiredAppVersion","Option":"Write"},{"CIMType":"String","Description":"Versions less than the specified version will block the managed app from accessing company data.","Name":"MinimumRequiredOSVersion","Option":"Write"},{"CIMType":"String","Description":"Versions less than the specified version will block the managed app from accessing company data.","Name":"MinimumRequiredPatchVersion","Option":"Write"},{"CIMType":"String","Description":"Versions less than the specified version will result in warning message on the managed app","Name":"MinimumWarningAppVersion","Option":"Write"},{"CIMType":"String","Description":"Versions less than the specified version will result in warning message on the managed app","Name":"MinimumWarningOSVersion","Option":"Write"},{"CIMType":"String","Description":"Versions less than the specified version will result in warning message on the managed app","Name":"MinimumWarningPatchVersion","Option":"Write"},{"CIMType":"String","Description":"The apps controlled by this protection policy, overrides any values in Apps unless this value is 'selectedPublicApps'.","Name":"AppGroupType","Option":"Write","ValueMap":["allApps","allMicrosoftApps","allCoreMicrosoftApps","selectedPublicApps"],"Values":["allApps","allMicrosoftApps","allCoreMicrosoftApps","selectedPublicApps"]},{"CIMType":"Boolean","Description":"Indicates whether or not to Block the user from taking Screenshots.","Name":"ScreenCaptureBlocked","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not the 'Encrypt org data' value is enabled.  True = require","Name":"EncryptAppData","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not the 'Encrypt org data on enrolled devices' value is enabled.  False = require.  Only functions if EncryptAppData is set to True","Name":"DisableAppEncryptionIfDeviceEncryptionIsEnabled","Option":"Write"},{"CIMType":"String","Description":"The application name for browser associated with the 'Unmanaged Browser ID'. This name will be displayed to users if the specified browser is not installed.","Name":"CustomBrowserDisplayName","Option":"Write"},{"CIMType":"String","Description":"The application ID for a single browser. Web content (http/s) from policy managed applications will open in the specified browser.","Name":"CustomBrowserPackageId","Option":"Write"},{"CIMType":"String","Description":"Id of the Intune policy. To avoid creation of duplicate policies DisplayName will be searched for if the ID is not found","Name":"Id","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures an Intune app protection policy for an Android Device."},{"ClassName":"MSFT_IntuneAppProtectionPolicyiOS","Parameters":[{"CIMType":"String","Description":"Display name of the iOS App Protection Policy.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"Identity of the iOS App Protection Policy.","Name":"Identity","Option":"Write"},{"CIMType":"String","Description":"Description of the iOS App Protection Policy.","Name":"Description","Option":"Write"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"String[]","Description":"Data storage locations where a user may store managed data. Inherited from managedAppProtection.","Name":"AllowedDataIngestionLocations","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates if content sync for widgets is allowed for iOS on App Protection Policies.","Name":"AllowWidgetContentSync","Option":"Write"},{"CIMType":"String","Description":"Defines a managed app behavior, either block or warn, if the user is clocked out (non-working time).","Name":"AppActionIfAccountIsClockedOut","Option":"Write","ValueMap":["block","wipe","warn","blockWhenSettingIsSupported"],"Values":["block","wipe","warn","blockWhenSettingIsSupported"]},{"CIMType":"String","Description":"If set, it will specify what action to take in the case where the user is unable to checkin because their authentication token is invalid. This happens when the user is deleted or disabled in AAD. .","Name":"AppActionIfUnableToAuthenticateUser","Option":"Write","ValueMap":["block","wipe","warn","blockWhenSettingIsSupported"],"Values":["block","wipe","warn","blockWhenSettingIsSupported"]},{"CIMType":"String","Description":"Public Apps selection: group or individual Inherited from targetedManagedAppProtection.","Name":"AppGroupType","Option":"Write","ValueMap":["selectedPublicApps","allCoreMicrosoftApps","allMicrosoftApps","allApps"],"Values":["selectedPublicApps","allCoreMicrosoftApps","allMicrosoftApps","allApps"]},{"CIMType":"boolean","Description":"Indicates whether a user can bring data into org documents.","Name":"BlockDataIngestionIntoOrganizationDocuments","Option":"Write"},{"CIMType":"String","Description":"Protocol of a custom dialer app to click-to-open a phone number on iOS, for example, skype:.","Name":"CustomDialerAppProtocol","Option":"Write"},{"CIMType":"UInt32","Description":"Count of apps to which the current policy is deployed.","Name":"DeployedAppCount","Option":"Write"},{"CIMType":"String","Description":"The classes of dialer apps that are allowed to click-to-open a phone number.","Name":"DialerRestrictionLevel","Option":"Write","ValueMap":["allApps","managedApps","customApp","blocked"],"Values":["allApps","managedApps","customApp","blocked"]},{"CIMType":"String[]","Description":"A list of custom urls that are allowed to invocate an unmanaged app.","Name":"ExemptedUniversalLinks","Option":"Write"},{"CIMType":"String","Description":"A grace period before blocking app access during off clock hours. Must be an ISO8601 timespan format.","Name":"GracePeriodToBlockAppsDuringOffClockHours","Option":"Write"},{"CIMType":"String[]","Description":"A list of custom urls that are allowed to invocate a managed app.","Name":"managedUniversalLinks","Option":"Write"},{"CIMType":"String","Description":"Maximum allowed device threat level, as reported by the MTD app Inherited from managedAppProtection.","Name":"MaximumAllowedDeviceThreatLevel","Option":"Write","ValueMap":["notConfigured","secured","low","medium","high"],"Values":["notConfigured","secured","low","medium","high"]},{"CIMType":"String","Description":"Versions bigger than the specified version will block the managed app from accessing company data. Inherited from managedAppProtection.","Name":"MaximumRequiredOsVersion","Option":"Write"},{"CIMType":"String","Description":"Versions bigger than the specified version will block the managed app from accessing company data. Inherited from managedAppProtection.","Name":"MaximumWarningOsVersion","Option":"Write"},{"CIMType":"String","Description":"Versions bigger than the specified version will block the managed app from accessing company data. Inherited from managedAppProtection.","Name":"MaximumWipeOsVersion","Option":"Write"},{"CIMType":"String","Description":"When a specific app redirection is enforced by protectedMessagingRedirectAppType in an App Protection Policy, this value defines the app url redirect schemes which are allowed to be used.","Name":"MessagingRedirectAppUrlScheme","Option":"Write"},{"CIMType":"String","Description":"Versions less than the specified version will result in warning message on the managed app from accessing company data.","Name":"MinimumWarningSdkVersion","Option":"Write"},{"CIMType":"String","Description":"Indicates how to prioritize which Mobile Threat Defense (MTD) partner is enabled for a given platform, when more than one is enabled. An app can only be actively using a single Mobile Threat Defense partner. When NULL, Microsoft Defender will be given preference. Otherwise setting the value to defenderOverThirdPartyPartner or thirdPartyPartnerOverDefender will make explicit which partner to prioritize.","Name":"MobileThreatDefensePartnerPriority","Option":"Write","ValueMap":["defenderOverThirdPartyPartner","thirdPartyPartnerOverDefender","unknownFutureValue"],"Values":["defenderOverThirdPartyPartner","thirdPartyPartnerOverDefender","unknownFutureValue"]},{"CIMType":"String","Description":"Determines what action to take if the mobile threat defense threat threshold isn't met. Warn isn't a supported value for this property Inherited from managedAppProtection.","Name":"MobileThreatDefenseRemediationAction","Option":"Write","ValueMap":["block","wipe","warn","blockWhenSettingIsSupported"],"Values":["block","wipe","warn","blockWhenSettingIsSupported"]},{"CIMType":"UInt32","Description":"Requires a pin to be unique from the number specified in this property. Inherited from managedAppProtection.","Name":"PreviousPinBlockCount","Option":"Write"},{"CIMType":"String","Description":"Defines how app messaging redirection is protected by an App Protection Policy. Default is anyApp. Inherited from managedAppProtection.","Name":"ProtectedMessagingRedirectAppType","Option":"Write","ValueMap":["anyApp","anyManagedApp","specificApps","blocked"],"Values":["anyApp","anyManagedApp","specificApps","blocked"]},{"CIMType":"Boolean","Description":"Defines if third party keyboards are allowed while accessing a managed app.","Name":"ThirdPartyKeyboardsBlocked","Option":"Write"},{"CIMType":"String","Description":"The period after which access is checked when the device is not connected to the internet. Must be an ISO8601 timespan format.","Name":"PeriodOfflineBeforeAccessCheck","Option":"Write"},{"CIMType":"String","Description":"The period after which access is checked when the device is connected to the internet. Must be an ISO8601 timespan format.","Name":"PeriodOnlineBeforeAccessCheck","Option":"Write"},{"CIMType":"String","Description":"Sources from which data is allowed to be transferred. Possible values are: allApps, managedApps, none.","Name":"AllowedInboundDataTransferSources","Option":"Write","ValueMap":["allApps","managedApps","none"],"Values":["allApps","managedApps","none"]},{"CIMType":"String","Description":"Destinations to which data is allowed to be transferred. Possible values are: allApps, managedApps, none.","Name":"AllowedOutboundDataTransferDestinations","Option":"Write","ValueMap":["allApps","managedApps","none"],"Values":["allApps","managedApps","none"]},{"CIMType":"Boolean","Description":"Indicates whether organizational credentials are required for app use.","Name":"OrganizationalCredentialsRequired","Option":"Write"},{"CIMType":"String","Description":"The level to which the clipboard may be shared between apps on the managed device. Possible values are: allApps, managedAppsWithPasteIn, managedApps, blocked.","Name":"AllowedOutboundClipboardSharingLevel","Option":"Write","ValueMap":["allApps","managedAppsWithPasteIn","managedApps","blocked"],"Values":["allApps","managedAppsWithPasteIn","managedApps","blocked"]},{"CIMType":"Boolean","Description":"Indicates whether the backup of a managed app's data is blocked.","Name":"DataBackupBlocked","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether device compliance is required.","Name":"DeviceComplianceRequired","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether internet links should be opened in the managed browser app, or any custom browser specified by CustomBrowserProtocol (for iOS) or CustomBrowserPackageId/CustomBrowserDisplayName (for Android).","Name":"ManagedBrowserToOpenLinksRequired","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether users may use the Save As menu item to save a copy of protected files.","Name":"SaveAsBlocked","Option":"Write"},{"CIMType":"String","Description":"The amount of time an app is allowed to remain disconnected from the internet before all managed data it is wiped. Must be an ISO8601 timespan format.","Name":"PeriodOfflineBeforeWipeIsEnforced","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether an app-level pin is required.","Name":"PinRequired","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether use of the app pin is required if the device pin is set.","Name":"DisableAppPinIfDevicePinIsSet","Option":"Write"},{"CIMType":"UInt32","Description":"Maximum number of incorrect pin retry attempts before the managed app is either blocked or wiped.","Name":"MaximumPinRetries","Option":"Write"},{"CIMType":"Boolean","Description":"Block simple PIN and require complex PIN to be set.","Name":"SimplePinBlocked","Option":"Write"},{"CIMType":"UInt32","Description":"Minimum pin length required for an app-level pin if PinRequired is set to True.","Name":"MinimumPinLength","Option":"Write"},{"CIMType":"String","Description":"Character set which may be used for an app-level pin if PinRequired is set to True. Possible values are: numeric, alphanumericAndSymbol.","Name":"PinCharacterSet","Option":"Write","ValueMap":["numeric","alphanumericAndSymbol"],"Values":["numeric","alphanumericAndSymbol"]},{"CIMType":"String[]","Description":"Data storage locations where a user may store managed data.","Name":"AllowedDataStorageLocations","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether contacts can be synced to the user's device.","Name":"ContactSyncBlocked","Option":"Write"},{"CIMType":"String","Description":"TimePeriod before the all-level pin must be reset if PinRequired is set to True. Must be an ISO8601 timespan format.","Name":"PeriodBeforePinReset","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether printing is allowed from managed apps.","Name":"PrintBlocked","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether use of the fingerprint reader is allowed in place of a pin if PinRequired is set to True.","Name":"FingerprintBlocked","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether use of the FaceID is allowed in place of a pin if PinRequired is set to True.","Name":"FaceIdBlocked","Option":"Write"},{"CIMType":"String","Description":"Indicates in which managed browser(s) that internet links should be opened. When this property is configured, ManagedBrowserToOpenLinksRequired should be true. Possible values are: notConfigured, microsoftEdge.","Name":"ManagedBrowser","Option":"Write","ValueMap":["notConfigured","microsoftEdge"],"Values":["notConfigured","microsoftEdge"]},{"CIMType":"String","Description":"Versions less than the specified version will block the managed app from accessing company data.","Name":"MinimumRequiredAppVersion","Option":"Write"},{"CIMType":"String","Description":"Versions less than the specified version will result in warning message on the managed app from accessing company data.","Name":"MinimumWarningAppVersion","Option":"Write"},{"CIMType":"String","Description":"Versions less than the specified version will block the managed app from accessing company data.","Name":"MinimumRequiredOSVersion","Option":"Write"},{"CIMType":"String","Description":"Versions less than the specified version will result in warning message on the managed app from accessing company data.","Name":"MinimumWarningOSVersion","Option":"Write"},{"CIMType":"String","Description":"Versions less than the specified version will block the managed app from accessing company data.","Name":"MinimumRequiredSdkVersion","Option":"Write"},{"CIMType":"String","Description":"Versions less than or equal to the specified version will wipe the managed app and the associated company data.","Name":"MinimumWipeOSVersion","Option":"Write"},{"CIMType":"String","Description":"Versions less than or equal to the specified version will wipe the managed app and the associated company data.","Name":"MinimumWipeAppVersion","Option":"Write"},{"CIMType":"String","Description":"Defines a managed app behavior, either block or wipe, when the device is either rooted or jailbroken, if DeviceComplianceRequired is set to true.","Name":"AppActionIfDeviceComplianceRequired","Option":"Write","ValueMap":["block","wipe","warn"],"Values":["block","wipe","warn"]},{"CIMType":"String","Description":"Defines a managed app behavior, either block or wipe, based on maximum number of incorrect pin retry attempts.","Name":"AppActionIfMaximumPinRetriesExceeded","Option":"Write","ValueMap":["block","wipe","warn"],"Values":["block","wipe","warn"]},{"CIMType":"String","Description":"Timeout in minutes for an app pin instead of non biometrics passcode. Must be an ISO8601 timespan format.","Name":"PinRequiredInsteadOfBiometricTimeout","Option":"Write"},{"CIMType":"Uint32","Description":"Specify the number of characters that may be cut or copied from Org data and accounts to any application. This setting overrides the AllowedOutboundClipboardSharingLevel restriction. Default value of '0' means no exception is allowed.","Name":"AllowedOutboundClipboardSharingExceptionLength","Option":"Write"},{"CIMType":"String","Description":"Specify app notification restriction.","Name":"NotificationRestriction","Option":"Write","ValueMap":["allow","blockOrganizationalData","block"],"Values":["allow","blockOrganizationalData","block"]},{"CIMType":"String[]","Description":"The intended app management levels for this policy.","Name":"TargetedAppManagementLevels","Option":"Write","ValueMap":["unspecified","unmanaged","mdm","androidEnterprise"],"Values":["unspecified","unmanaged","mdm","androidEnterprise"]},{"CIMType":"String","Description":"Require app data to be encrypted.","Name":"AppDataEncryptionType","Option":"Write","ValueMap":["useDeviceSettings","afterDeviceRestart","whenDeviceLockedExceptOpenFiles","whenDeviceLocked"],"Values":["useDeviceSettings","afterDeviceRestart","whenDeviceLockedExceptOpenFiles","whenDeviceLocked"]},{"CIMType":"String[]","Description":"Apps in this list will be exempt from the policy and will be able to receive data from managed apps.","Name":"ExemptedAppProtocols","Option":"Write"},{"CIMType":"String","Description":"Versions less than the specified version will block the managed app from accessing company data.","Name":"MinimumWipeSdkVersion","Option":"Write"},{"CIMType":"String[]","Description":"Semicolon separated list of device models allowed, as a string, for the managed app to work.","Name":"AllowedIosDeviceModels","Option":"Write"},{"CIMType":"String","Description":"Defines a managed app behavior, either block or wipe, if the specified device model is not allowed.","Name":"AppActionIfIosDeviceModelNotAllowed","Option":"Write","ValueMap":["block","wipe","warn"],"Values":["block","wipe","warn"]},{"CIMType":"Boolean","Description":"Defines if open-in operation is supported from the managed app to the filesharing locations selected. This setting only applies when AllowedOutboundDataTransferDestinations is set to ManagedApps and DisableProtectionOfManagedOutboundOpenInData is set to False.","Name":"FilterOpenInToOnlyManagedApps","Option":"Write"},{"CIMType":"Boolean","Description":"Disable protection of data transferred to other apps through IOS 'OpenIn' option. This setting is only allowed to be True when AllowedOutboundDataTransferDestinations is set to ManagedApps.","Name":"DisableProtectionOfManagedOutboundOpenInData","Option":"Write"},{"CIMType":"Boolean","Description":"Protect incoming data from unknown source. This setting is only allowed to be True when AllowedInboundDataTransferSources is set to AllApps.","Name":"ProtectInboundDataFromUnknownSources","Option":"Write"},{"CIMType":"String","Description":"A custom browser protocol to open weblink on iOS.","Name":"CustomBrowserProtocol","Option":"Write"},{"CIMType":"String[]","Description":"List of IDs representing the iOS apps controlled by this protection policy.","Name":"Apps","Option":"Write"},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"List of IDs of the groups assigned to this iOS Protection Policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Intune Admin.","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"ID of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"ID of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures an Intune app protection policy for an iOS Device."},{"ClassName":"MSFT_IntuneAppProtectionPolicyWindows10","Parameters":[{"CIMType":"String","Description":"Indicates the sources from which data is allowed to be transferred. Some possible values are allApps or none. Possible values are: allApps, none.","Name":"AllowedInboundDataTransferSources","Option":"Write","ValueMap":["allApps","none"],"Values":["allApps","none"]},{"CIMType":"String","Description":"Indicates the level to which the clipboard may be shared across org & non-org resources. Some possible values are anyDestinationAnySource or none. Possible values are: anyDestinationAnySource, none, orgDestinationAnySource, orgDestinationOrgSource, unknownFutureValue.","Name":"AllowedOutboundClipboardSharingLevel","Option":"Write","ValueMap":["anyDestinationAnySource","none"],"Values":["anyDestinationAnySource","none"]},{"CIMType":"String","Description":"Indicates the destinations to which data is allowed to be transferred. Some possible values are allApps or none. Possible values are: allApps, none.","Name":"AllowedOutboundDataTransferDestinations","Option":"Write","ValueMap":["allApps","none"],"Values":["allApps","none"]},{"CIMType":"String","Description":"If set, it will specify what action to take in the case where the user is unable to checkin because their authentication token is invalid. This happens when the user is deleted or disabled in AAD. Some possible values are block or wipe. If this property is not set, no action will be taken. Possible values are: block, wipe, warn, blockWhenSettingIsSupported.","Name":"AppActionIfUnableToAuthenticateUser","Option":"Write","ValueMap":["block","wipe","warn","blockWhenSettingIsSupported"],"Values":["block","wipe","warn","blockWhenSettingIsSupported"]},{"CIMType":"String","Description":"Maximum allowed device threat level, as reported by the Mobile Threat Defense app. Possible values are: notConfigured, secured, low, medium, high.","Name":"MaximumAllowedDeviceThreatLevel","Option":"Write","ValueMap":["notConfigured","secured","low","medium","high"],"Values":["notConfigured","secured","low","medium","high"]},{"CIMType":"String","Description":"Versions bigger than the specified version will block the managed app from accessing company data. For example: '8.1.0' or '13.1.1'.","Name":"MaximumRequiredOsVersion","Option":"Write"},{"CIMType":"String","Description":"Versions bigger than the specified version will result in warning message on the managed app from accessing company data. For example: '8.1.0' or '13.1.1'.","Name":"MaximumWarningOsVersion","Option":"Write"},{"CIMType":"String","Description":"Versions bigger than the specified version will wipe the managed app and the associated company data. For example: '8.1.0' or '13.1.1'.","Name":"MaximumWipeOsVersion","Option":"Write"},{"CIMType":"String","Description":"Versions less than the specified version will block the managed app from accessing company data. For example: '8.1.0' or '13.1.1'.","Name":"MinimumRequiredAppVersion","Option":"Write"},{"CIMType":"String","Description":"Versions less than the specified version will block the managed app from accessing company data. For example: '8.1.0' or '13.1.1'.","Name":"MinimumRequiredOsVersion","Option":"Write"},{"CIMType":"String","Description":"Versions less than the specified version will block the managed app from accessing company data. For example: '8.1.0' or '13.1.1'.","Name":"MinimumRequiredSdkVersion","Option":"Write"},{"CIMType":"String","Description":"Versions less than the specified version will result in warning message on the managed app from accessing company data. For example: '8.1.0' or '13.1.1'.","Name":"MinimumWarningAppVersion","Option":"Write"},{"CIMType":"String","Description":"Versions less than the specified version will result in warning message on the managed app from accessing company data. For example: '8.1.0' or '13.1.1'.","Name":"MinimumWarningOsVersion","Option":"Write"},{"CIMType":"String","Description":"Versions less than the specified version will wipe the managed app and the associated company data. For example: '8.1.0' or '13.1.1'.","Name":"MinimumWipeAppVersion","Option":"Write"},{"CIMType":"String","Description":"Versions less than the specified version will wipe the managed app and the associated company data. For example: '8.1.0' or '13.1.1'.","Name":"MinimumWipeOsVersion","Option":"Write"},{"CIMType":"String","Description":"Versions less than the specified version will wipe the managed app and the associated company data. For example: '8.1.0' or '13.1.1'.","Name":"MinimumWipeSdkVersion","Option":"Write"},{"CIMType":"String","Description":"Determines what action to take if the mobile threat defense threat threshold isn't met. Some possible values are block or wipe. Warn isn't a supported value for this property. Possible values are: block, wipe, warn, blockWhenSettingIsSupported.","Name":"MobileThreatDefenseRemediationAction","Option":"Write","ValueMap":["block","wipe","warn","blockWhenSettingIsSupported"],"Values":["block","wipe","warn","blockWhenSettingIsSupported"]},{"CIMType":"String","Description":"The period after which access is checked when the device is not connected to the internet. For example, PT5M indicates that the interval is 5 minutes in duration. A timespan value of PT0S indicates that access will be blocked immediately when the device is not connected to the internet.","Name":"PeriodOfflineBeforeAccessCheck","Option":"Write"},{"CIMType":"String","Description":"The amount of time an app is allowed to remain disconnected from the internet before all managed data it is wiped. For example, P5D indicates that the interval is 5 days in duration. A timespan value of PT0S indicates that managed data will never be wiped when the device is not connected to the internet.","Name":"PeriodOfflineBeforeWipeIsEnforced","Option":"Write"},{"CIMType":"Boolean","Description":"When TRUE, indicates that printing is blocked from managed apps. When FALSE, indicates that printing is allowed from managed apps. Default value is FALSE.","Name":"PrintBlocked","Option":"Write"},{"CIMType":"String","Description":"The policy's description.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Policy display name.","Name":"DisplayName","Option":"Key"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"String[]","Description":"List of IDs representing the Windows apps controlled by this protection policy.","Name":"Apps","Option":"Write"},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune App Protection Policy for Windows10"},{"ClassName":"MSFT_IntuneAttackSurfaceReductionRulesPolicyWindows10ConfigManager","Parameters":[{"CIMType":"String","Description":"Identity of the endpoint protection attack surface protection rules policy for Windows 10.","Name":"Identity","Option":"Write"},{"CIMType":"String","Description":"Display name of the endpoint protection attack surface protection rules policy for Windows 10.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"Description of the endpoint protection attack surface protection rules policy for Windows 10.","Name":"Description","Option":"Write"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Assignments of the endpoint protection attack surface protection rules policy for Windows 10.","Name":"Assignments","Option":"Write"},{"CIMType":"String[]","Description":"Exclude files and paths from attack surface reduction rules","Name":"AttackSurfaceReductionOnlyExclusions","Option":"Write"},{"CIMType":"String","Description":"This rule prevents an application from writing a vulnerable signed driver to disk.","Name":"BlockAbuseOfExploitedVulnerableSignedDrivers","Option":"Write","ValueMap":["off","block","audit","warn"],"Values":["off","block","audit","warn"]},{"CIMType":"String","Description":"This rule prevents attacks by blocking Adobe Reader from creating processes.","Name":"BlockAdobeReaderFromCreatingChildProcesses","Option":"Write","ValueMap":["off","block","audit","warn"],"Values":["off","block","audit","warn"]},{"CIMType":"String","Description":"This rule blocks Office apps from creating child processes. Office apps include Word, Excel, PowerPoint, OneNote, and Access.","Name":"BlockAllOfficeApplicationsFromCreatingChildProcesses","Option":"Write","ValueMap":["off","block","audit","warn"],"Values":["off","block","audit","warn"]},{"CIMType":"String","Description":"This rule helps prevent credential stealing by locking down Local Security Authority Subsystem Service (LSASS).","Name":"BlockCredentialStealingFromWindowsLocalSecurityAuthoritySubsystem","Option":"Write","ValueMap":["off","block","audit","warn"],"Values":["off","block","audit","warn"]},{"CIMType":"String","Description":"This rule blocks the following file types from launching from email opened within the Microsoft Outlook application, or Outlook.com and other popular webmail providers.","Name":"BlockExecutableContentFromEmailClientAndWebmail","Option":"Write","ValueMap":["off","block","audit","warn"],"Values":["off","block","audit","warn"]},{"CIMType":"String","Description":"This rule blocks executable files that don't meet a prevalence, age, or trusted list criteria, such as .exe, .dll, or .scr, from launching.","Name":"BlockExecutableFilesRunningUnlessTheyMeetPrevalenceAgeTrustedListCriterion","Option":"Write","ValueMap":["off","block","audit","warn"],"Values":["off","block","audit","warn"]},{"CIMType":"String","Description":"This rule detects suspicious properties within an obfuscated script.","Name":"BlockExecutionOfPotentiallyObfuscatedScripts","Option":"Write","ValueMap":["off","block","audit","warn"],"Values":["off","block","audit","warn"]},{"CIMType":"String","Description":"This rule prevents scripts from launching potentially malicious downloaded content.","Name":"BlockJavaScriptOrVBScriptFromLaunchingDownloadedExecutableContent","Option":"Write","ValueMap":["off","block","audit","warn"],"Values":["off","block","audit","warn"]},{"CIMType":"String","Description":"This rule prevents Office apps, including Word, Excel, and PowerPoint, from creating potentially malicious executable content, by blocking malicious code from being written to disk.","Name":"BlockOfficeApplicationsFromCreatingExecutableContent","Option":"Write","ValueMap":["off","block","audit","warn"],"Values":["off","block","audit","warn"]},{"CIMType":"String","Description":"This rule blocks code injection attempts from Office apps into other processes.","Name":"BlockOfficeApplicationsFromInjectingCodeIntoOtherProcesses","Option":"Write","ValueMap":["off","block","audit","warn"],"Values":["off","block","audit","warn"]},{"CIMType":"String","Description":"This rule prevents Outlook from creating child processes, while still allowing legitimate Outlook functions.","Name":"BlockOfficeCommunicationAppFromCreatingChildProcesses","Option":"Write","ValueMap":["off","block","audit","warn"],"Values":["off","block","audit","warn"]},{"CIMType":"String","Description":"This rule prevents malware from abusing WMI to attain persistence on a device.","Name":"BlockPersistenceThroughWMIEventSubscription","Option":"Write","ValueMap":["off","block","audit","warn"],"Values":["off","block","audit","warn"]},{"CIMType":"String","Description":"This rule blocks processes created through PsExec and WMI from running.","Name":"BlockProcessCreationsFromPSExecAndWMICommands","Option":"Write","ValueMap":["off","block","audit","warn"],"Values":["off","block","audit","warn"]},{"CIMType":"String","Description":"With this rule, admins can prevent unsigned or untrusted executable files from running from USB removable drives, including SD cards.","Name":"BlockUntrustedUnsignedProcessesThatRunFromUSB","Option":"Write","ValueMap":["off","block","audit","warn"],"Values":["off","block","audit","warn"]},{"CIMType":"String","Description":"This rule prevents VBA macros from calling Win32 APIs.","Name":"BlockWin32APICallsFromOfficeMacros","Option":"Write","ValueMap":["off","block","audit","warn"],"Values":["off","block","audit","warn"]},{"CIMType":"String","Description":"This rule provides an extra layer of protection against ransomware.","Name":"UseAdvancedProtectionAgainstRansomware","Option":"Write","ValueMap":["off","block","audit","warn"],"Values":["off","block","audit","warn"]},{"CIMType":"String[]","Description":"List of additional folders that need to be protected","Name":"ControlledFolderAccessProtectedFolders","Option":"Write"},{"CIMType":"String[]","Description":"List of apps that have access to protected folders.","Name":"ControlledFolderAccessAllowedApplications","Option":"Write"},{"CIMType":"String","Description":"This rule enable Controlled folder access which protects your data by checking apps against a list of known, trusted apps.values 0:disable, 1:enable, 2:audit, 3: Block disk modification only, 4: Audit disk modification only","Name":"EnableControlledFolderAccess","Option":"Write","ValueMap":["0","1","2","3","4"],"Values":["0","1","2","3","4"]},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Intune Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Name of the Azure Active Directory tenant used for authentication. Format contoso.onmicrosoft.com","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures an Intune Endpoint Protection Attack Surface Reduction Rules policy for a Windows 10 Device for Configuration Manager.\nThis policy setting enables setting the state (Block/Audit/Off/Warn) for each attack surface reduction (ASR) rule. Each ASR rule listed can be set to one of the following states (Block/Audit/Off/Warn). The ASR rule ID and state should be added under the Options for this setting. Each entry must be listed as a name value pair. The name defines a valid ASR rule ID, while the value contains the status ID indicating the status of the rule.\n\nFor more information about ASR rule ID and status ID, see Enable Attack Surface Reduction: <https://docs.microsoft.com/en-us/windows/threat-protection/windows-defender-exploit-guard/enable-attack-surface-reduction/>."},{"ClassName":"MSFT_IntuneAzureNetworkConnectionWindows365","Parameters":[{"CIMType":"String","Description":"The fully qualified domain name (FQDN) of the Active Directory domain you want to join. Optional.","Name":"AdDomainName","Option":"Write"},{"CIMType":"String","Description":"The password associated with adDomainUsername. Cannot be exported and must be manually added before deploying the network connection.","Name":"AdDomainPassword","Option":"Write"},{"CIMType":"String","Description":"The username of an Active Directory account (user or service account) that has permissions to create computer objects in Active Directory. Required format: admincontoso.com. Optional.","Name":"AdDomainUsername","Option":"Write"},{"CIMType":"String","Description":"Specifies the method by which a provisioned Cloud PC is joined to Microsoft Entra. The azureADJoin option indicates the absence of an on-premises Active Directory (AD) in the current tenant that results in the Cloud PC device only joining to Microsoft Entra. The hybridAzureADJoin option indicates the presence of an on-premises AD in the current tenant and that the Cloud PC joins both the on-premises AD and Microsoft Entra. The selected option also determines the types of users who can be assigned and can sign into a Cloud PC. The azureADJoin option allows both cloud-only and hybrid users to be assigned and sign in, whereas hybridAzureADJoin is restricted to hybrid users only. The default value is hybridAzureADJoin. The possible values are: hybridAzureADJoin, azureADJoin.","Name":"ConnectionType","Option":"Write","ValueMap":["hybridAzureADJoin","azureADJoin"],"Values":["hybridAzureADJoin","azureADJoin"]},{"CIMType":"String","Description":"The display name for the Azure network connection.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"The organizational unit (OU) in which the computer account is created. If left null, the OU configured as the default (a well-known computer object container) in your Active Directory domain (OU) is used. Optional. Only applicable for the connection type 'hybridAzureADJoin'.","Name":"OrganizationalUnit","Option":"Write"},{"CIMType":"String","Description":"The ID of the target resource group. Required format: /subscriptions/{subscription-id}/resourceGroups/{resourceGroupName}.","Name":"ResourceGroupId","Option":"Required"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"String","Description":"The ID of the target subnet. Required format: /subscriptions/{subscription-id}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkId}/subnets/{subnetName}.","Name":"SubnetId","Option":"Required"},{"CIMType":"String","Description":"The name of the target Azure subscription.","Name":"SubscriptionName","Option":"Required"},{"CIMType":"String","Description":"The ID of the target virtual network. Required format: /subscriptions/{subscription-id}/{resourceGroups/resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}.","Name":"VirtualNetworkId","Option":"Required"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Azure Network Connection for Windows365\n\n**NOTE:** To resolve the subscription and resource group name, the identity requires the `Microsoft.Resources/subscriptions/read` Azure permission.\nYou can either assign it with a built-in role with more permissions, or use a custom Azure RBAC role with this specific permission.\nThe role scope can be configured at management group or at an individual subscription level, but it must be the subscription where the Azure Network Connection was deployed to.\n\nMake sure that the value of `SubscriptionName` is the same as the one in the subnet and resource group specification."},{"ClassName":"MSFT_MicrosoftGraphCloudPcProvisioningPolicyAutopatch","Parameters":[{"CIMType":"String","Description":"The unique identifier (ID) of a Windows Autopatch group. An Autopatch group is a logical container or unit that groups several Microsoft Entra groups and software update policies. Devices with the same Autopatch group ID share unified software update management. The default value is null that indicates that no Autopatch group is associated with the provisioning policy.","Name":"AutopatchGroupId","Option":"Write"},{"CIMType":"String","Description":"The unique display name of a Windows Autopatch group.","Name":"AutopatchGroupDisplayName","Option":"Write"}],"Description":"Intune Cloud Provisioning Policy for Windows365\n\n**Please note:** To deploy an Intune Cloud Provisioning Policy for Windows 365 and you opted to use Autopatch, then you must use `Credentials` as the authentication method.\nThe Microsoft Graph API does not allow Service Principal authentication for Autopatch configuration."},{"ClassName":"MSFT_MicrosoftGraphCloudPcAutopilotConfiguration","Parameters":[{"CIMType":"UInt32","Description":"Indicates the number of minutes allowed for the Autopilot application to apply the device preparation profile (DPP) configurations to the device. If the Autopilot application doesn't finish within the specified time (applicationTimeoutInMinutes), the application error is added to the statusDetail property of the cloudPC object. The supported value is an integer between 10 and 360. Required.","Name":"ApplicationTimeoutInMinutes","Option":"Write"},{"CIMType":"String","Description":"The unique identifier (ID) of the Autopilot device preparation profile (DPP) that links a Windows Autopilot device preparation policy to ensure that devices are ready for users after provisioning. Required.","Name":"DevicePreparationProfileId","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether the access to the device is allowed when the application of Autopilot device preparation profile (DPP) configurations fails or times out. If true, the status of the device is failed and the device is unable to access otherwise, the status of the device is provisionedWithWarnings and the device is allowed to access. The default value is false. Required.","Name":"OnFailureDeviceAccessDenied","Option":"Write"}],"Description":"Intune Cloud Provisioning Policy for Windows365\n\n**Please note:** To deploy an Intune Cloud Provisioning Policy for Windows 365 and you opted to use Autopatch, then you must use `Credentials` as the authentication method.\nThe Microsoft Graph API does not allow Service Principal authentication for Autopatch configuration."},{"ClassName":"MSFT_MicrosoftGraphCloudPcDomainJoinConfiguration","Parameters":[{"CIMType":"String","Description":"Specifies the method by which the provisioned Cloud PC joins Microsoft Entra ID. If you choose the hybridAzureADJoin type, only provide a value for the onPremisesConnectionId property and leave the regionName property empty. If you choose the azureADJoin type, provide a value for either the onPremisesConnectionId or the regionName property. Possible values are: azureADJoin, hybridAzureADJoin.","Name":"DomainJoinType","Option":"Write","ValueMap":["azureADJoin","hybridAzureADJoin"],"Values":["azureADJoin","hybridAzureADJoin"]},{"CIMType":"String","Description":"The geographic location where the region is located. Read-only.","Name":"GeographicLocationType","Option":"Write","ValueMap":["default","asia","australasia","canada","europe","india","africa","usCentral","usEast","usWest","southAmerica","middleEast","centralAmerica","usGovernment","mexico"],"Values":["default","asia","australasia","canada","europe","india","africa","usCentral","usEast","usWest","southAmerica","middleEast","centralAmerica","usGovernment","mexico"]},{"CIMType":"String","Description":"The Azure network connection ID that matches the virtual network IT admins want the provisioning policy to use when they create Cloud PCs. You can use this property in both domain join types: Azure AD joined or Hybrid Microsoft Entra joined. If you enter an onPremisesConnectionId, leave the regionName property empty.","Name":"OnPremisesConnectionId","Option":"Write"},{"CIMType":"String","Description":"The logical geographic group this region belongs to. Multiple regions can belong to one region group. A customer can select a regionGroup when they provision a Cloud PC, and the Cloud PC is put in one of the regions in the group based on resource status. For example, the Europe region group contains the Northern Europe and Western Europe regions.","Name":"RegionGroup","Option":"Write","ValueMap":["asia","australasia","australia","austria","automatic","belgium","brazil","canada","default","denmark","euap","europe","europeUnion","france","germany","hongKong","india","indonesia","ireland","israel","italy","japan","kenya","malaysia","mexico","middleEast","netherlands","newZealand","norway","poland","singapore","southAmerica","southKorea","spain","sweden","switzerland","taiwan","unitedKingdom","unknownFutureValue","usCentral","usEast","usGovernment","usGovernmentDOD","usWest"],"Values":["asia","australasia","australia","austria","automatic","belgium","brazil","canada","default","denmark","euap","europe","europeUnion","france","germany","hongKong","india","indonesia","ireland","israel","italy","japan","kenya","malaysia","mexico","middleEast","netherlands","newZealand","norway","poland","singapore","southAmerica","southKorea","spain","sweden","switzerland","taiwan","unitedKingdom","unknownFutureValue","usCentral","usEast","usGovernment","usGovernmentDOD","usWest"]},{"CIMType":"String","Description":"The supported Azure region where the IT admin wants the provisioning policy to create Cloud PCs. The underlying virtual network is created and managed by the Windows 365 service. This can only be entered if the IT admin chooses Microsoft Entra joined as the domain join type. If you enter a regionName, leave the onPremisesConnectionId property empty. For an automatic selection, choose 'Automatic'.","Name":"RegionName","Option":"Write"},{"CIMType":"String","Description":"Specifies the method by which the provisioned Cloud PC joins Microsoft Entra ID. If you choose the hybridAzureADJoin type, only provide a value for the onPremisesConnectionId property and leave regionName as empty. If you choose the azureADJoin type, provide a value for either onPremisesConnectionId or regionName. The possible values are: azureADJoin, hybridAzureADJoin. The type property is deprecated and will stop returning data on January 31, 2024. Going forward, use the domainJoinType property.","Name":"Type","Option":"Write","ValueMap":["azureADJoin","hybridAzureADJoin"],"Values":["azureADJoin","hybridAzureADJoin"]}],"Description":"Intune Cloud Provisioning Policy for Windows365\n\n**Please note:** To deploy an Intune Cloud Provisioning Policy for Windows 365 and you opted to use Autopatch, then you must use `Credentials` as the authentication method.\nThe Microsoft Graph API does not allow Service Principal authentication for Autopatch configuration."},{"ClassName":"MSFT_MicrosoftGraphMicrosoftManagedDesktop","Parameters":[{"CIMType":"String","Description":"Indicates the provisioning policy associated with Microsoft Managed Desktop settings. Possible values are: notManaged, premiumManaged, standardManaged, starterManaged. The default value is notManaged.","Name":"ManagedType","Option":"Write","ValueMap":["notManaged","premiumManaged","standardManaged","starterManaged"],"Values":["notManaged","premiumManaged","standardManaged","starterManaged"]},{"CIMType":"String","Description":"The name of the Microsoft Managed Desktop profile that the Windows 365 Cloud PC is associated with.","Name":"Profile","Option":"Write"},{"CIMType":"String","Description":"Indicates whether the provisioning policy enables Microsoft Managed Desktop and, if enabled, specifies the type of plan managing the device. Possible values are: notManaged, premiumManaged, standardManaged, starterManaged. The type property is deprecated and will stop returning data on January 31, 2024. Going forward, use the managedType property.","Name":"Type","Option":"Write","ValueMap":["notManaged","premiumManaged","standardManaged","starterManaged"],"Values":["notManaged","premiumManaged","standardManaged","starterManaged"]}],"Description":"Intune Cloud Provisioning Policy for Windows365\n\n**Please note:** To deploy an Intune Cloud Provisioning Policy for Windows 365 and you opted to use Autopatch, then you must use `Credentials` as the authentication method.\nThe Microsoft Graph API does not allow Service Principal authentication for Autopatch configuration."},{"ClassName":"MSFT_MicrosoftGraphCloudPcWindowsSetting","Parameters":[{"CIMType":"String","Description":"The Windows language or region tag to use for language pack configuration and localization of the Cloud PC. The default value is en-US, which corresponds to English (United States).","Name":"Locale","Option":"Write"}],"Description":"Intune Cloud Provisioning Policy for Windows365\n\n**Please note:** To deploy an Intune Cloud Provisioning Policy for Windows 365 and you opted to use Autopatch, then you must use `Credentials` as the authentication method.\nThe Microsoft Graph API does not allow Service Principal authentication for Autopatch configuration."},{"ClassName":"MSFT_MicrosoftGraphCloudPcWindowsSettings","Parameters":[{"CIMType":"String","Description":"The Windows language/region tag to use for language pack configuration and localization of the Cloud PC. The default value is en-US, which corresponds to English (United States).","Name":"Language","Option":"Write"}],"Description":"Intune Cloud Provisioning Policy for Windows365\n\n**Please note:** To deploy an Intune Cloud Provisioning Policy for Windows 365 and you opted to use Autopatch, then you must use `Credentials` as the authentication method.\nThe Microsoft Graph API does not allow Service Principal authentication for Autopatch configuration."},{"ClassName":"MSFT_IntuneCloudProvisioningPolicyWindows365","Parameters":[{"CIMType":"MSFT_MicrosoftGraphcloudPcProvisioningPolicyAutopatch","Description":"Indicates the Windows Autopatch settings for Cloud PCs using this provisioning policy. The settings take effect when the tenant enrolls in Autopatch and the managedType of the microsoftManagedDesktop property is set as starterManaged.","Name":"Autopatch","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphcloudPcAutopilotConfiguration","Description":"The specific settings for Windows Autopilot that enable Windows 365 customers to experience it on Cloud PC. Supports $select.","Name":"AutopilotConfiguration","Option":"Write"},{"CIMType":"String","Description":"The template used to name Cloud PCs provisioned using this policy. The template can contain custom text and replacement tokens, including %USERNAME:x% and %RAND:x%, which represent the user's name and a randomly generated number, respectively. For example, CPC-%USERNAME:4%-%RAND:5% means that the name of the Cloud PC starts with CPC-, followed by a four-character username, a - character, and then five random characters. The total length of the text generated by the template can't exceed 15 characters.","Name":"CloudPcNamingTemplate","Option":"Write"},{"CIMType":"String","Description":"The provisioning policy description.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"The display name for the provisioning policy.","Name":"DisplayName","Option":"Key"},{"CIMType":"MSFT_MicrosoftGraphcloudPcDomainJoinConfiguration[]","Description":"Specifies a list ordered by priority on how Cloud PCs join Microsoft Entra ID (Azure AD). Supports $select.","Name":"DomainJoinConfigurations","Option":"Write"},{"CIMType":"Boolean","Description":"True if single sign-on can access the provisioned Cloud PC. False indicates that the provisioned Cloud PC doesn't support this feature. The default value is false. Windows 365 users can use single sign-on to authenticate to Microsoft Entra ID with passwordless options (for example, FIDO keys) to access their Cloud PC. Optional.","Name":"EnableSingleSignOn","Option":"Write"},{"CIMType":"String","Description":"The display name of the operating system image that is used for provisioning. For example, Windows 11 Preview + Microsoft 365 Apps 23H2 23H2.","Name":"ImageDisplayName","Option":"Write"},{"CIMType":"String","Description":"The unique identifier that represents an operating system image that is used for provisioning new Cloud PCs. The format for a gallery type image is: {publisherNameofferNameskuName}. Supported values for each of the parameters are:publisher: Microsoftwindowsdesktop offer: windows-ent-cpc sku: 21h1-ent-cpc-m365, 21h1-ent-cpc-os, 20h2-ent-cpc-m365, 20h2-ent-cpc-os, 20h1-ent-cpc-m365, 20h1-ent-cpc-os, 19h2-ent-cpc-m365, and 19h2-ent-cpc-os","Name":"ImageId","Option":"Write"},{"CIMType":"String","Description":"The type of operating system image (custom or gallery) that is used for provisioning on Cloud PCs. Possible values are: gallery, custom. The default value is gallery.","Name":"ImageType","Option":"Write","ValueMap":["gallery","custom"],"Values":["gallery","custom"]},{"CIMType":"Boolean","Description":"When true, the local admin is enabled for Cloud PCs false indicates that the local admin isn't enabled for Cloud PCs. The default value is false.","Name":"LocalAdminEnabled","Option":"Write"},{"CIMType":"String","Description":"Specifies the type of licenses to be used when provisioning Cloud PCs using this policy. The possible values are dedicated, shared, sharedByUser, sharedByEntraGroup. The shared member is deprecated and will stop returning on April 30, 2027 going forward, use the sharedByUser member. For example, a dedicated service plan can be assigned to only one user and provision only one Cloud PC. The shared and sharedByUser plans require customers to purchase a shared service plan. Each shared license purchased can enable up to three Cloud PCs, with only one user signed in at a time. The sharedByEntraGroup plan also requires the purchase of a shared service plan. Each shared license under this plan can enable one Cloud PC, which is shared for the group according to the assignments of this policy. By default, the license type is dedicated if the provisioningType isn't specified when you create the cloudPcProvisioningPolicy. You can't change this property after the cloudPcProvisioningPolicy is created.","Name":"ProvisioningType","Option":"Write","ValueMap":["dedicated","shared","sharedByUser","sharedByEntraGroup","reserve"],"Values":["dedicated","shared","sharedByUser","sharedByEntraGroup","reserve"]},{"CIMType":"String[]","Description":"The Role Scope Tag Ids","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"String","Description":"Specifies the type of cloud object the end user can access. Possible values are: cloudPc, cloudApp. cloudPc indicates that the end user can access the entire desktop. cloudApp indicates that the end user can only access apps published under this provisioning policy. The type can't be changed once the provisioning policy is created. If not specified during creation, the default value is cloudPc. When cloudApp is selected, the provisioningType must be sharedByEntraGroup. Cannot be changed after creation.","Name":"UserExperienceType","Option":"Write","ValueMap":["cloudPc","cloudApp"],"Values":["cloudPc","cloudApp"]},{"CIMType":"MSFT_MicrosoftGraphcloudPcWindowsSetting","Description":"Indicates a specific Windows setting to configure during the creation of Cloud PCs for this provisioning policy. Supports $select.","Name":"WindowsSetting","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphcloudPcWindowsSettings","Description":"Specific Windows settings to configure during the creation of Cloud PCs for this provisioning policy. Supports $select. The windowsSettings property is deprecated and will stop returning data on January 31, 2024. Going forward, use the windowsSetting property.","Name":"WindowsSettings","Option":"Write"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Cloud Provisioning Policy for Windows365\n\n**Please note:** To deploy an Intune Cloud Provisioning Policy for Windows 365 and you opted to use Autopatch, then you must use `Credentials` as the authentication method.\nThe Microsoft Graph API does not allow Service Principal authentication for Autopatch configuration."},{"ClassName":"MSFT_IntuneDeviceIdentifier","Parameters":[{"CIMType":"String","Description":"Unique identifier for the imported device identity.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"Imported Device Identifier","Name":"importedDeviceIdentifier","Option":"Key"},{"CIMType":"String","Description":"Type of Imported Device Identity. Possible values are: unknown, imei, serialNumber, manufacturerModelSerial.","Name":"importedDeviceIdentityType","Option":"Write","ValueMap":["unknown","imei","serialNumber","manufacturerModelSerial"],"Values":["unknown","imei","serialNumber","manufacturerModelSerial"]},{"CIMType":"String","Description":"Description for the device identity.","Name":"description","Option":"Write"},{"CIMType":"String","Description":"Platform of the device (e.g., Windows, Android, iOS).","Name":"platform","Option":"Write"}],"Description":"This resource manages Intune corporate device identifiers used to pre-register devices as corporate-owned. Identifiers can include serial numbers, IMEI numbers, or manufacturer/model/serial combinations.\n\n**Important:** This resource enforces the desired state by:\n- Adding identifiers that are in the configuration but not in Intune\n- **Removing identifiers that are in Intune but NOT in the configuration**\n\nThis ensures the Intune corporate identifiers exactly match your configuration as the single source of truth.\n\n## Graph API Endpoints\n\n- GET/POST: `/beta/deviceManagement/importedDeviceIdentities`\n- DELETE: `/beta/deviceManagement/importedDeviceIdentities/{id}`\n\n## Cloud Support\n\nThis resource is cloud-agnostic and works with:\n- Microsoft 365 Global (Commercial)\n- Microsoft 365 GCC\n- Microsoft 365 GCC High\n- Microsoft 365 DoD\n\nThe resource automatically uses the correct Graph API endpoint based on your cloud environment."},{"ClassName":"MSFT_IntuneCorporateDeviceIdentifier","Parameters":[{"CIMType":"String","Description":"Only valid value is 'Yes'.","Name":"IsSingleInstance","Option":"Key","ValueMap":["Yes"],"Values":["Yes"]},{"CIMType":"MSFT_IntuneDeviceIdentifier[]","Description":"Array of corporate device identifiers.","Name":"Devices","Option":"Write"},{"CIMType":"string","Description":"Present ensures the identifiers exist, absent ensures all are removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Intune Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource manages Intune corporate device identifiers used to pre-register devices as corporate-owned. Identifiers can include serial numbers, IMEI numbers, or manufacturer/model/serial combinations.\n\n**Important:** This resource enforces the desired state by:\n- Adding identifiers that are in the configuration but not in Intune\n- **Removing identifiers that are in Intune but NOT in the configuration**\n\nThis ensures the Intune corporate identifiers exactly match your configuration as the single source of truth.\n\n## Graph API Endpoints\n\n- GET/POST: `/beta/deviceManagement/importedDeviceIdentities`\n- DELETE: `/beta/deviceManagement/importedDeviceIdentities/{id}`\n\n## Cloud Support\n\nThis resource is cloud-agnostic and works with:\n- Microsoft 365 Global (Commercial)\n- Microsoft 365 GCC\n- Microsoft 365 GCC High\n- Microsoft 365 DoD\n\nThe resource automatically uses the correct Graph API endpoint based on your cloud environment."},{"ClassName":"MSFT_MicrosoftGraphCompanyPortalBlockedAction","Parameters":[{"CIMType":"String","Description":"Device Action. Possible values are: unknown, remove, reset.","Name":"Action","Option":"Write","ValueMap":["unknown","remove","reset"],"Values":["unknown","remove","reset"]},{"CIMType":"String","Description":"Device ownership type. Possible values are: unknown, company, personal.","Name":"OwnerType","Option":"Write","ValueMap":["unknown","company","personal"],"Values":["unknown","company","personal"]},{"CIMType":"String","Description":"Device OS/Platform. Possible values are: android, androidForWork, iOS, macOS, windowsPhone81, windows81AndLater, windows10AndLater, androidWorkProfile, unknown.","Name":"Platform","Option":"Write","ValueMap":["android","androidForWork","iOS","macOS","windowsPhone81","windows81AndLater","windows10AndLater","androidWorkProfile","unknown","androidAOSP","androidMobileApplicationManagement","iOSMobileApplicationManagement","unknownFutureValue","windowsMobileApplicationManagement"],"Values":["android","androidForWork","iOS","macOS","windowsPhone81","windows81AndLater","windows10AndLater","androidWorkProfile","unknown","androidAOSP","androidMobileApplicationManagement","iOSMobileApplicationManagement","unknownFutureValue","windowsMobileApplicationManagement"]}],"Description":"Intune Customization Branding Profile\n\n**Attention**: Can only be updated using the delegated `Credentials` authentication method."},{"ClassName":"MSFT_MicrosoftGraphMimeContent","Parameters":[{"CIMType":"String","Description":"Indicates the content mime type.","Name":"Type","Option":"Write"},{"CIMType":"String","Description":"The Base64 encoded string content.","Name":"Value","Option":"Write"}],"Description":"Intune Customization Branding Profile\n\n**Attention**: Can only be updated using the delegated `Credentials` authentication method."},{"ClassName":"MSFT_MicrosoftGraphRgbColor","Parameters":[{"CIMType":"String","Description":"Blue value","Name":"B","Option":"Write"},{"CIMType":"String","Description":"Green value","Name":"G","Option":"Write"},{"CIMType":"String","Description":"Red value","Name":"R","Option":"Write"}],"Description":"Intune Customization Branding Profile\n\n**Attention**: Can only be updated using the delegated `Credentials` authentication method."},{"ClassName":"MSFT_IntuneCustomizationBrandingProfile","Parameters":[{"CIMType":"MSFT_MicrosoftGraphcompanyPortalBlockedAction[]","Description":"Collection of blocked actions on the company portal as per platform and device ownership types.","Name":"CompanyPortalBlockedActions","Option":"Write"},{"CIMType":"String","Description":"E-mail address of the person/organization responsible for IT support","Name":"ContactITEmailAddress","Option":"Write"},{"CIMType":"String","Description":"Name of the person/organization responsible for IT support","Name":"ContactITName","Option":"Write"},{"CIMType":"String","Description":"Text comments regarding the person/organization responsible for IT support","Name":"ContactITNotes","Option":"Write"},{"CIMType":"String","Description":"Phone number of the person/organization responsible for IT support","Name":"ContactITPhoneNumber","Option":"Write"},{"CIMType":"String","Description":"Text comments regarding what the admin has access to on the device","Name":"CustomCanSeePrivacyMessage","Option":"Write"},{"CIMType":"String","Description":"Text comments regarding what the admin doesn't have access to on the device","Name":"CustomCantSeePrivacyMessage","Option":"Write"},{"CIMType":"Boolean","Description":"Boolean that indicates if Device Category Selection will be shown in Company Portal","Name":"DisableDeviceCategorySelection","Option":"Write"},{"CIMType":"String","Description":"Company/organization name that is displayed to end users","Name":"DisplayName","Option":"Required"},{"CIMType":"String","Description":"Customized device enrollment flow displayed to the end user . Possible values are: availableWithPrompts, availableWithoutPrompts, unavailable.","Name":"EnrollmentAvailability","Option":"Write","ValueMap":["availableWithPrompts","availableWithoutPrompts","unavailable"],"Values":["availableWithPrompts","availableWithoutPrompts","unavailable"]},{"CIMType":"MSFT_MicrosoftGraphmimeContent","Description":"Customized image displayed in Company Portal apps landing page","Name":"LandingPageCustomizedImage","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphmimeContent","Description":"Logo image displayed in Company Portal apps which have a light background behind the logo","Name":"LightBackgroundLogo","Option":"Write"},{"CIMType":"String","Description":"Display name of the company/organizations IT helpdesk site","Name":"OnlineSupportSiteName","Option":"Write"},{"CIMType":"String","Description":"URL to the company/organizations IT helpdesk site","Name":"OnlineSupportSiteUrl","Option":"Write"},{"CIMType":"String","Description":"URL to the company/organizations privacy policy","Name":"PrivacyUrl","Option":"Write"},{"CIMType":"String","Description":"Description of the profile","Name":"ProfileDescription","Option":"Write"},{"CIMType":"String","Description":"Name of the profile","Name":"ProfileName","Option":"Key"},{"CIMType":"String[]","Description":"List of scope tags assigned to the branding profile","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"Boolean","Description":"Boolean that indicates if AzureAD Enterprise Apps will be shown in Company Portal","Name":"ShowAzureADEnterpriseApps","Option":"Write"},{"CIMType":"Boolean","Description":"Boolean that indicates if Configuration Manager Apps will be shown in Company Portal","Name":"ShowConfigurationManagerApps","Option":"Write"},{"CIMType":"Boolean","Description":"Boolean that represents whether the administrator-supplied display name will be shown next to the logo image or not","Name":"ShowDisplayNameNextToLogo","Option":"Write"},{"CIMType":"Boolean","Description":"Boolean that represents whether the administrator-supplied logo images are shown or not","Name":"ShowLogo","Option":"Write"},{"CIMType":"Boolean","Description":"Boolean that indicates if Office WebApps will be shown in Company Portal","Name":"ShowOfficeWebApps","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphrgbColor","Description":"Primary theme color used in the Company Portal applications and web portal","Name":"ThemeColor","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphmimeContent","Description":"Logo image displayed in Company Portal apps which have a theme color background behind the logo","Name":"ThemeColorLogo","Option":"Write"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Customization Branding Profile\n\n**Attention**: Can only be updated using the delegated `Credentials` authentication method."},{"ClassName":"MSFT_MicrosoftGraphIntuneSettingsCatalogExclusionsV2","Parameters":[{"CIMType":"String","Description":"Type - (excludedPath: Path, excludedFileName: Process name)","Name":"exclusions_item_type","Option":"Key","ValueMap":["excludedPath","excludedFileName"],"Values":["excludedPath","excludedFileName"]},{"CIMType":"String","Description":"Path","Name":"exclusions_item_path","Option":"Write"},{"CIMType":"String","Description":"Process name","Name":"exclusions_item_name","Option":"Write"},{"CIMType":"String","Description":"Is directory (false: Disabled, true: Enabled)","Name":"exclusions_item_isDirectory","Option":"Write","ValueMap":["false","true"],"Values":["false","true"]}],"Description":"Intune Defender Global Exclusions Policy for Linux. Can be found under Endpoint Security > Endpoint detection and response > Create policy: Platform - Linux, Profile - Microsoft Defender Global Exclusions (AV + EDR)"},{"ClassName":"MSFT_IntuneDefenderGlobalExclusionsPolicyLinux","Parameters":[{"CIMType":"String","Description":"Policy description","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Policy name","Name":"DisplayName","Option":"Key"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphIntuneSettingsCatalogExclusionsV2[]","Description":"Global Exclusions","Name":"Exclusions","Option":"Write"},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Defender Global Exclusions Policy for Linux. Can be found under Endpoint Security > Endpoint detection and response > Create policy: Platform - Linux, Profile - Microsoft Defender Global Exclusions (AV + EDR)"},{"ClassName":"MSFT_IntuneDerivedCredential","Parameters":[{"CIMType":"String","Description":"The name of the app category.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"The URL that will be accessible to end users as they retrieve a derived credential using the Company Portal.","Name":"HelpUrl","Option":"Write"},{"CIMType":"Uint32","Description":"The nominal percentage of time before certificate renewal is initiated by the client.","Name":"RenewalThresholdPercentage","Option":"Write"},{"CIMType":"String","Description":"Supported values for the derived credential issuer.","Name":"Issuer","Option":"Write","ValueMap":["intercede","entrustDatacard","purebred"],"Values":["intercede","entrustDatacard","purebred"]},{"CIMType":"String","Description":"Supported values for the notification type to use.","Name":"NotificationType","Option":"Write","ValueMap":["none","email","companyPortal","companyPortal","email"],"Values":["none","email","companyPortal","companyPortal","email"]},{"CIMType":"String","Description":"Supported values for the notification type to use.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Intune Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Name of the Azure Active Directory tenant used for authentication. Format contoso.onmicrosoft.com","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resources configures derived credentials in Intune."},{"ClassName":"MSFT_IntuneDeviceAndAppManagementAssignmentFilter","Parameters":[{"CIMType":"String","Description":"DisplayName of the Assignment Filter.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"Key of the Assignment Filter.","Name":"Identity","Option":"Write"},{"CIMType":"String","Description":"Description of the Assignment Filter.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Indicates filter is applied to either 'devices' or 'apps' management type. Default is 'devices'.","Name":"AssignmentFilterManagementType","Option":"Write","ValueMap":["apps","devices"],"Values":["apps","devices"]},{"CIMType":"String","Description":"Rule definition of the Assignment Filter.","Name":"Rule","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Intune Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Name of the Azure Active Directory tenant used for authentication. Format contoso.onmicrosoft.com","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource represents the properties of the Intune Assignment Filter.\nFor more information: <https://docs.microsoft.com/en-us/graph/api/resources/intune-policyset-deviceandappmanagementassignmentfilter?view=graph-rest-beta/>\n\n**Please note:** After creating a filter, it is not possible to update the `AssignmentFilterManagementType` property. You have to remove and recreate the filter to update it."},{"ClassName":"MSFT_IntuneDeviceCategory","Parameters":[{"CIMType":"String","Description":"Display name of the device category.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"Description of the device category.","Name":"Description","Option":"Write"},{"CIMType":"string","Description":"Present ensures the category exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Intune Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures the Intune device categories."},{"ClassName":"MSFT_IntuneDeviceCleanupRuleV2","Parameters":[{"CIMType":"String","Description":"Indicates the description for the device clean up rule.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Indicates the managed device platform for which the admin wants to create the device clean up rule. Possible values are: all, androidAOSP, androidDeviceAdministrator, androidDedicatedAndFullyManagedCorporateOwnedWorkProfile, chromeOS, androidPersonallyOwnedWorkProfile, ios, macOS, windows, windowsHolographic, unknownFutureValue, visionOS, tvOS.","Name":"DeviceCleanupRulePlatformType","Option":"Write","ValueMap":["all","androidAOSP","androidDeviceAdministrator","androidDedicatedAndFullyManagedCorporateOwnedWorkProfile","chromeOS","androidPersonallyOwnedWorkProfile","ios","macOS","windows","windowsHolographic","unknownFutureValue","visionOS","tvOS"],"Values":["all","androidAOSP","androidDeviceAdministrator","androidDedicatedAndFullyManagedCorporateOwnedWorkProfile","chromeOS","androidPersonallyOwnedWorkProfile","ios","macOS","windows","windowsHolographic","unknownFutureValue","visionOS","tvOS"]},{"CIMType":"UInt32","Description":"Indicates the number of days when the device has not contacted Intune. Valid values 0 to 2147483647","Name":"DeviceInactivityBeforeRetirementInDays","Option":"Write"},{"CIMType":"String","Description":"Indicates the display name of the device cleanup rule.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Device Cleanup Rule V2.\n\nOnly one instance of each platform can be configured. Multiple cleanup rules for the same platform are not supported."},{"ClassName":"MSFT_DeviceManagementNotificationMessageTemplate","Parameters":[{"CIMType":"Boolean","Description":"If this is the default message template.","Name":"IsDefault","Option":"Write"},{"CIMType":"String","Description":"The locale of the message template.","Name":"Locale","Option":"Write","ValueMap":["ar-sa","bg-bg","cs-cz","da-dk","de-de","el-gr","en-gb","en-us","es-es","es-mx","et-ee","fi-fi","fr-ca","fr-fr","he-il","hr-hr","hu-hu","it-it","ja-jp","ko-kr","lt-lt","lv-lv","nb-no","nl-nl","pl-pl","pt-br","pt-pt","ro-ro","sk-sk","sl-si","ru-ru","sr-Latn-rs","sv-se","th-th","tr-tr","uk-ua","zh-cn","zh-tw"],"Values":["ar-sa","bg-bg","cs-cz","da-dk","de-de","el-gr","en-gb","en-us","es-es","es-mx","et-ee","fi-fi","fr-ca","fr-fr","he-il","hr-hr","hu-hu","it-it","ja-jp","ko-kr","lt-lt","lv-lv","nb-no","nl-nl","pl-pl","pt-br","pt-pt","ro-ro","sk-sk","sl-si","ru-ru","sr-Latn-rs","sv-se","th-th","tr-tr","uk-ua","zh-cn","zh-tw"]},{"CIMType":"String","Description":"The body of the message template","Name":"MessageTemplate","Option":"Write"},{"CIMType":"String","Description":"The subject of the message template.","Name":"Subject","Option":"Write"}],"Description":"Intune Device Compliance Notification Message Template"},{"ClassName":"MSFT_IntuneDeviceComplianceNotificationMessageTemplate","Parameters":[{"CIMType":"String[]","Description":"The Message Template Branding Options. Branding is defined in the Intune Admin Console. Possible values are: none, includeCompanyLogo, includeCompanyName, includeContactInformation, includeCompanyPortalLink, includeDeviceDetails","Name":"BrandingOptions","Option":"Write","ValueMap":["none","includeCompanyLogo","includeCompanyName","includeContactInformation","includeCompanyPortalLink","includeDeviceDetails"],"Values":["none","includeCompanyLogo","includeCompanyName","includeContactInformation","includeCompanyPortalLink","includeDeviceDetails"]},{"CIMType":"MSFT_DeviceManagementNotificationMessageTemplate[]","Description":"The localized notification message templates.","Name":"LocalizedNotificationMessages","Option":"Write"},{"CIMType":"String","Description":"Display name for the Notification Message Template.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Display name for the Notification Message Template.","Name":"DisplayName","Option":"Key"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Device Compliance Notification Message Template"},{"ClassName":"MSFT_scheduledActionConfigurations","Parameters":[{"CIMType":"String","Description":"The unique identifier of the action configuration.","Name":"id","Option":"Write"},{"CIMType":"Uint32","Description":"Number of hours to wait till the action will be enforced. Valid values 0 to 8760.","Name":"gracePeriodHours","Option":"Write"},{"CIMType":"String","Description":"The action to take.","Name":"actionType","Option":"Write","ValueMap":["notification","block","retire","remoteLock","pushNotification"],"Values":["notification","block","retire","remoteLock","pushNotification"]},{"CIMType":"String","Description":"The notification Message template to use.","Name":"notificationTemplateId","Option":"Write"},{"CIMType":"String[]","Description":"A list of group IDs to specify who to CC this notification message to.","Name":"notificationMessageCCList","Option":"Write"}],"Description":"This resource configures the settings of Android Work Profile device compliance policies in your cloud-based organization.\nLabeled in Intune as `Fully managed, dedicated, and corporate-owned work profile` policy type under `Android Enterprise`.\n\n## Parameters\n\n### Microsoft Defender for Endpoint - _for Personally-Owned Work Profile_\n\n**Require the device to be at or under the machine risk score:**\nSelect the maximum allowed machine risk score for devices evaluated by Microsoft Defender for Endpoint. Devices which exceed this score get marked as noncompliant.\n\n* Not configured (_default_)\n* Clear\n* Low\n* Medium\n* High\n\n### Device Health - _for Personally-Owned Work Profile_\n\n**Rooted devices:**\n\n* Not configured (_default_) - This setting isn't evaluated for compliance or non-compliance.\n* Block - Mark rooted (jailbroken) devices as not compliant.\n\n**Require the device to be at or under the Device Threat Level:**\nSelect the maximum allowed device threat level evaluated by your mobile threat defense service. Devices that exceed this threat level are marked noncompliant. To use this setting, choose the allowed threat level:\n\n* Not configured (_default_) - This setting isn't evaluated for compliance or non-compliance.\n* Secured - This option is the most secure, and means that the device can't have any threats. If the device is detected with any level of threats, it's evaluated as noncompliant.\n* Low - The device is evaluated as compliant if only low-level threats are present. Anything higher puts the device in a noncompliant status.\n* Medium - The device is evaluated as compliant if the threats that are present on the device are low or medium level. If the device is detected to have high-level threats, it's determined to be noncompliant.\n* High - This option is the least secure, as it allows all threat levels. It may be useful if you're using this solution only for reporting purposes.\n\n### Google Play Protect - _for Personally-Owned Work Profile_\n\n**Google Play Services is configured:**\n\n* Not configured (_default_) - This setting isn't evaluated for compliance or non-compliance.\n* Require - Require that the Google Play services app is installed and enabled. Google Play services allows security updates, and is a base-level dependency for many security features on certified-Google devices.\n\n**Up-to-date security provider:**\n\n* Not configured (_default_) - This setting isn't evaluated for compliance or non-compliance.\n* Require - Require that an up-to-date security provider can protect a device from known vulnerabilities.\n\n**SafetyNet device attestation:**\nEnter the level of SafetyNet attestation that must be met. Your options:\n\n* Not configured (_default_) - Setting isn't evaluated for compliance or non-compliance.\n* Check basic integrity\n* Check basic integrity & certified devices\n\nNote:\n\n* On Android Enterprise devices, Threat scan on apps is a device configuration policy. Using a configuration policy, administrators can enable the setting on a device. See Android Enterprise device restriction settings.\n\n### Device Properties - _for Personally-Owned Work Profile_\n\n**Operating System Version - _for Personally-Owned Work Profile_:**\n\n* Minimum OS version\n  When a device doesn't meet the minimum OS version requirement, it's reported as non-compliant. A link with information on how to upgrade is shown. The end user can upgrade their device, and then access organization resources.\n\n  _By default, no version is configured._\n\n**Maximum OS version:**\nWhen a device is using an OS version later than the version in the rule, access to organization resources is blocked. The user is asked to contact their IT administrator. Until a rule is changed to allow the OS version, this device can't access organization resources.\n\n  _By default, no version is configured._\n\n### System security - for _Personally-Owned Work Profile_\n\n**Require a password to unlock mobile devices:**\n\n* Not configured (_default_) - This setting isn't evaluated for compliance or non-compliance.\n* Require - Users must enter a password before they can access their device.\n\n  _This setting applies at the device level. If you only need to require a password at the Personally-Owned Work Profile level, then use a configuration policy. See Android Enterprise device configuration settings._\n\n**Required password type:**\nChoose if a password should include only numeric characters, or a mix of numerals and other characters. Your options:\n\n* Device Default\n* Low security biometric\n* At least numeric (_default_): Enter the minimum password length a user must enter, between 4 and 16 characters.\n* Numeric complex: Enter the minimum password length a user must enter, between 4 and 16 characters.\n* At least alphabetic: Enter the minimum password length a user must enter, between 4 and 16 characters.\n* At least alphanumeric: Enter the minimum password length a user must enter, between 4 and 16 characters.\n* At least alphanumeric with symbols: Enter the minimum password length a user must enter, between 4 and 16 characters.\n\nDepending on the password type you select, the following settings are available:\n\n* Maximum minutes of inactivity before password is required\n* Number of days until password expires\n* Minimum password length\n* Number of previous passwords to prevent reuse\n\n### Encryption - _for Personally-Owned Work Profile_\n\n**Encryption of data storage on device:**\n\n* Not configured (_default_) - This setting isn't evaluated for compliance or non-compliance.\n* Require - Encrypt data storage on your devices.\n\n  You don't have to configure this setting because Android Enterprise devices enforce encryption.\n\n### Device Security - _for Personally-Owned Work Profile_\n\n**Block apps from unknown sources:**\n\n* Not configured (_default_) - This setting isn't evaluated for compliance or non-compliance.\n* Block - Block devices with Security > Unknown Sources enabled sources (supported on Android 4.0 through Android 7.x. Not supported by Android 8.0 and later).\n\n_To side-load apps, unknown sources must be allowed. If you're not side-loading Android apps, then set this feature to Block to enable this compliance policy._\n\n**Company portal app runtime integrity:**\n\n* Not configured (_default_) - This setting isn't evaluated for compliance or non-compliance.\n* Require - Choose Require to confirm the Company Portal app meets all the following requirements:\n  * Has the default runtime environment installed\n  * Is properly signed\n  * Isn't in debug-mode\n  * Is installed from a known source\n\n* **Block USB debugging on device:**\n\n* Not configured (_default_) - This setting isn't evaluated for compliance or non-compliance.\n* Block - Prevent devices from using the USB debugging feature.\n\n_You don't have to configure this setting because USB debugging is already disabled on Android Enterprise devices._\n\n**Minimum security patch level:**\nSelect the oldest security patch level a device can have. Devices that aren't at least at this patch level are noncompliant. The date must be entered in the YYYY-MM-DD format.\n\n_By default, no date is configured._"},{"ClassName":"MSFT_IntuneDeviceCompliancePolicyAndroidDeviceOwner","Parameters":[{"CIMType":"String","Description":"Display name of the Android Device Owner device compliance policy.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"Description of the Android Device Owner device compliance policy.","Name":"Description","Option":"Write"},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Assignments of the Intune Policy.","Name":"Assignments","Option":"Write"},{"CIMType":"String","Description":"Minimum Android security patch level.","Name":"MinAndroidSecurityPatchLevel","Option":"Write"},{"CIMType":"Uint32","Description":"Indicates the minimum number of letter characters required for device password. Valid values 1 to 16.","Name":"PasswordMinimumLetterCharacters","Option":"Write"},{"CIMType":"Uint32","Description":"Indicates the minimum number of lower case characters required for device password. Valid values 1 to 16.","Name":"PasswordMinimumLowerCaseCharacters","Option":"Write"},{"CIMType":"Uint32","Description":"Indicates the minimum number of non-letter characters required for device password. Valid values 1 to 16.","Name":"PasswordMinimumNonLetterCharacters","Option":"Write"},{"CIMType":"Uint32","Description":"Indicates the minimum number of numeric characters required for device password. Valid values 1 to 16.","Name":"PasswordMinimumNumericCharacters","Option":"Write"},{"CIMType":"Uint32","Description":"Indicates the minimum number of symbol characters required for device password. Valid values 1 to 16.","Name":"PasswordMinimumSymbolCharacters","Option":"Write"},{"CIMType":"Uint32","Description":"Indicates the minimum number of upper case letter characters required for device password. Valid values 1 to 16.","Name":"PasswordMinimumUpperCaseCharacters","Option":"Write"},{"CIMType":"Boolean","Description":"Require device to have no pending Android system updates.","Name":"RequireNoPendingSystemUpdates","Option":"Write"},{"CIMType":"String","Description":"Require a specific Play Integrity evaluation type for compliance. Possible values are: basic, hardwareBacked.","Name":"SecurityRequiredAndroidSafetyNetEvaluationType","Option":"Write","ValueMap":["basic","hardwareBacked"],"Values":["basic","hardwareBacked"]},{"CIMType":"MSFT_scheduledActionConfigurations[]","Description":"Specifies the non-compliance actions.","Name":"ScheduledActionsForRule","Option":"Write"},{"CIMType":"Boolean","Description":"DeviceThreatProtectionEnabled of the Android Device Owner device compliance policy.","Name":"DeviceThreatProtectionEnabled","Option":"Write"},{"CIMType":"String","Description":"DeviceThreatProtectionRequiredSecurityLevel of the Android Device Owner device compliance policy.","Name":"DeviceThreatProtectionRequiredSecurityLevel","Option":"Write"},{"CIMType":"String","Description":"AdvancedThreatProtectionRequiredSecurityLevel of the Android Device Owner device compliance policy.","Name":"AdvancedThreatProtectionRequiredSecurityLevel","Option":"Write"},{"CIMType":"Boolean","Description":"SecurityRequireSafetyNetAttestationBasicIntegrity of the Android Device Owner device compliance policy.","Name":"SecurityRequireSafetyNetAttestationBasicIntegrity","Option":"Write"},{"CIMType":"Boolean","Description":"SecurityRequireSafetyNetAttestationCertifiedDevice of the Android Device Owner device compliance policy.","Name":"SecurityRequireSafetyNetAttestationCertifiedDevice","Option":"Write"},{"CIMType":"String","Description":"osMinimumVersion of the Android Device Owner device compliance policy.","Name":"osMinimumVersion","Option":"Write"},{"CIMType":"String","Description":"osMaximumVersion of the Android Device Owner device compliance policy.","Name":"osMaximumVersion","Option":"Write"},{"CIMType":"Boolean","Description":"PasswordRequired of the Android Device Owner device compliance policy.","Name":"passwordRequired","Option":"Write"},{"CIMType":"Uint32","Description":"PasswordMinimumLength of the Android Device Owner device compliance policy.","Name":"passwordMinimumLength","Option":"Write"},{"CIMType":"String","Description":"PasswordRequiredType of the Android Device Owner device compliance policy.","Name":"PasswordRequiredType","Option":"Write","ValueMap":["deviceDefault","alphabetic","alphanumeric","alphanumericWithSymbols","lowSecurityBiometric","numeric","numericComplex","any"],"Values":["deviceDefault","alphabetic","alphanumeric","alphanumericWithSymbols","lowSecurityBiometric","numeric","numericComplex","any"]},{"CIMType":"Uint32","Description":"PasswordMinutesOfInactivityBeforeLock of the Android Device Owner device compliance policy.","Name":"PasswordMinutesOfInactivityBeforeLock","Option":"Write"},{"CIMType":"Uint32","Description":"PasswordExpirationDays of the Android Device Owner device compliance policy.","Name":"PasswordExpirationDays","Option":"Write"},{"CIMType":"Uint32","Description":"PasswordPreviousPasswordCountToBlock of the Android Device Owner device compliance policy.","Name":"PasswordPreviousPasswordCountToBlock","Option":"Write"},{"CIMType":"Boolean","Description":"StorageRequireEncryption of the Android Device Owner device compliance policy.","Name":"StorageRequireEncryption","Option":"Write"},{"CIMType":"Boolean","Description":"SecurityRequireIntuneAppIntegrity of the Android Device Owner device compliance policy.","Name":"SecurityRequireIntuneAppIntegrity","Option":"Write"},{"CIMType":"Boolean","Description":"Block rooted Android devices.","Name":"SecurityBlockJailbrokenDevices","Option":"Write"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance. Inherited from deviceConfiguration","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"String","Description":"Present ensures the policy exists, absent ensures it is removed","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Intune Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures the settings of Android Work Profile device compliance policies in your cloud-based organization.\nLabeled in Intune as `Fully managed, dedicated, and corporate-owned work profile` policy type under `Android Enterprise`.\n\n## Parameters\n\n### Microsoft Defender for Endpoint - _for Personally-Owned Work Profile_\n\n**Require the device to be at or under the machine risk score:**\nSelect the maximum allowed machine risk score for devices evaluated by Microsoft Defender for Endpoint. Devices which exceed this score get marked as noncompliant.\n\n* Not configured (_default_)\n* Clear\n* Low\n* Medium\n* High\n\n### Device Health - _for Personally-Owned Work Profile_\n\n**Rooted devices:**\n\n* Not configured (_default_) - This setting isn't evaluated for compliance or non-compliance.\n* Block - Mark rooted (jailbroken) devices as not compliant.\n\n**Require the device to be at or under the Device Threat Level:**\nSelect the maximum allowed device threat level evaluated by your mobile threat defense service. Devices that exceed this threat level are marked noncompliant. To use this setting, choose the allowed threat level:\n\n* Not configured (_default_) - This setting isn't evaluated for compliance or non-compliance.\n* Secured - This option is the most secure, and means that the device can't have any threats. If the device is detected with any level of threats, it's evaluated as noncompliant.\n* Low - The device is evaluated as compliant if only low-level threats are present. Anything higher puts the device in a noncompliant status.\n* Medium - The device is evaluated as compliant if the threats that are present on the device are low or medium level. If the device is detected to have high-level threats, it's determined to be noncompliant.\n* High - This option is the least secure, as it allows all threat levels. It may be useful if you're using this solution only for reporting purposes.\n\n### Google Play Protect - _for Personally-Owned Work Profile_\n\n**Google Play Services is configured:**\n\n* Not configured (_default_) - This setting isn't evaluated for compliance or non-compliance.\n* Require - Require that the Google Play services app is installed and enabled. Google Play services allows security updates, and is a base-level dependency for many security features on certified-Google devices.\n\n**Up-to-date security provider:**\n\n* Not configured (_default_) - This setting isn't evaluated for compliance or non-compliance.\n* Require - Require that an up-to-date security provider can protect a device from known vulnerabilities.\n\n**SafetyNet device attestation:**\nEnter the level of SafetyNet attestation that must be met. Your options:\n\n* Not configured (_default_) - Setting isn't evaluated for compliance or non-compliance.\n* Check basic integrity\n* Check basic integrity & certified devices\n\nNote:\n\n* On Android Enterprise devices, Threat scan on apps is a device configuration policy. Using a configuration policy, administrators can enable the setting on a device. See Android Enterprise device restriction settings.\n\n### Device Properties - _for Personally-Owned Work Profile_\n\n**Operating System Version - _for Personally-Owned Work Profile_:**\n\n* Minimum OS version\n  When a device doesn't meet the minimum OS version requirement, it's reported as non-compliant. A link with information on how to upgrade is shown. The end user can upgrade their device, and then access organization resources.\n\n  _By default, no version is configured._\n\n**Maximum OS version:**\nWhen a device is using an OS version later than the version in the rule, access to organization resources is blocked. The user is asked to contact their IT administrator. Until a rule is changed to allow the OS version, this device can't access organization resources.\n\n  _By default, no version is configured._\n\n### System security - for _Personally-Owned Work Profile_\n\n**Require a password to unlock mobile devices:**\n\n* Not configured (_default_) - This setting isn't evaluated for compliance or non-compliance.\n* Require - Users must enter a password before they can access their device.\n\n  _This setting applies at the device level. If you only need to require a password at the Personally-Owned Work Profile level, then use a configuration policy. See Android Enterprise device configuration settings._\n\n**Required password type:**\nChoose if a password should include only numeric characters, or a mix of numerals and other characters. Your options:\n\n* Device Default\n* Low security biometric\n* At least numeric (_default_): Enter the minimum password length a user must enter, between 4 and 16 characters.\n* Numeric complex: Enter the minimum password length a user must enter, between 4 and 16 characters.\n* At least alphabetic: Enter the minimum password length a user must enter, between 4 and 16 characters.\n* At least alphanumeric: Enter the minimum password length a user must enter, between 4 and 16 characters.\n* At least alphanumeric with symbols: Enter the minimum password length a user must enter, between 4 and 16 characters.\n\nDepending on the password type you select, the following settings are available:\n\n* Maximum minutes of inactivity before password is required\n* Number of days until password expires\n* Minimum password length\n* Number of previous passwords to prevent reuse\n\n### Encryption - _for Personally-Owned Work Profile_\n\n**Encryption of data storage on device:**\n\n* Not configured (_default_) - This setting isn't evaluated for compliance or non-compliance.\n* Require - Encrypt data storage on your devices.\n\n  You don't have to configure this setting because Android Enterprise devices enforce encryption.\n\n### Device Security - _for Personally-Owned Work Profile_\n\n**Block apps from unknown sources:**\n\n* Not configured (_default_) - This setting isn't evaluated for compliance or non-compliance.\n* Block - Block devices with Security > Unknown Sources enabled sources (supported on Android 4.0 through Android 7.x. Not supported by Android 8.0 and later).\n\n_To side-load apps, unknown sources must be allowed. If you're not side-loading Android apps, then set this feature to Block to enable this compliance policy._\n\n**Company portal app runtime integrity:**\n\n* Not configured (_default_) - This setting isn't evaluated for compliance or non-compliance.\n* Require - Choose Require to confirm the Company Portal app meets all the following requirements:\n  * Has the default runtime environment installed\n  * Is properly signed\n  * Isn't in debug-mode\n  * Is installed from a known source\n\n* **Block USB debugging on device:**\n\n* Not configured (_default_) - This setting isn't evaluated for compliance or non-compliance.\n* Block - Prevent devices from using the USB debugging feature.\n\n_You don't have to configure this setting because USB debugging is already disabled on Android Enterprise devices._\n\n**Minimum security patch level:**\nSelect the oldest security patch level a device can have. Devices that aren't at least at this patch level are noncompliant. The date must be entered in the YYYY-MM-DD format.\n\n_By default, no date is configured._"},{"ClassName":"MSFT_IntuneDeviceCompliancePolicyAndroidWorkProfile","Parameters":[{"CIMType":"String","Description":"Display name of the AndroidWorkProfile device compliance policy.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"Description of the AndroidWorkProfile device compliance policy.","Name":"Description","Option":"Write"},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Assignments of the Intune Policy.","Name":"Assignments","Option":"Write"},{"CIMType":"String","Description":"The password complexity types that can be set on Android. One of: NONE, LOW, MEDIUM, HIGH. This is an API targeted to Android 11+.","Name":"RequiredPasswordComplexity","Option":"Write","ValueMap":["none","low","medium","high"],"Values":["none","low","medium","high"]},{"CIMType":"Boolean","Description":"Setting securityBlockDeviceAdministratorManagedDevices to true enhances security by preventing devices managed through the legacy device administrator method from accessing corporate resources.","Name":"SecurityBlockDeviceAdministratorManagedDevices","Option":"Write"},{"CIMType":"String[]","Description":"Specify applications that users are prohibited from installing or using on their devices.","Name":"RestrictedApps","Option":"Write"},{"CIMType":"String","Description":"Specifies Android Work Profile password type.","Name":"WorkProfilePasswordRequiredType","Option":"Write","ValueMap":["deviceDefault","lowSecurityBiometric","required","atLeastNumeric","numericComplex","atLeastAlphabetic","atLeastAlphanumeric","alphanumericWithSymbols"],"Values":["deviceDefault","lowSecurityBiometric","required","atLeastNumeric","numericComplex","atLeastAlphabetic","atLeastAlphanumeric","alphanumericWithSymbols"]},{"CIMType":"String","Description":"Specifies Android Work Profile password complexity.","Name":"WorkProfileRequiredPasswordComplexity","Option":"Write","ValueMap":["None","Low","Medium","High"],"Values":["None","Low","Medium","High"]},{"CIMType":"Boolean","Description":"Specifies if Android Work Profile password is required.","Name":"WorkProfileRequirePassword","Option":"Write"},{"CIMType":"Uint32","Description":"Specifies the number of previous passwords that cannot be reused in an Android Work Profile compliance policy.","Name":"WorkProfilePreviousPasswordBlockCount","Option":"Write"},{"CIMType":"Uint32","Description":"Defines the duration of inactivity (in minutes) after which the screen is locked.","Name":"WorkProfileInactiveBeforeScreenLockInMinutes","Option":"Write"},{"CIMType":"Uint32","Description":"Specifies the minimum number of characters required in a password for an Android Work Profile.","Name":"WorkProfilePasswordMinimumLength","Option":"Write"},{"CIMType":"Uint32","Description":"Specifies the number of days before a password expires for an Android Work Profile.","Name":"WorkProfilePasswordExpirationInDays","Option":"Write"},{"CIMType":"MSFT_scheduledActionConfigurations[]","Description":"Specifies the non-compliance actions.","Name":"ScheduledActionsForRule","Option":"Write"},{"CIMType":"Boolean","Description":"PasswordRequired of the AndroidWorkProfile device compliance policy.","Name":"PasswordRequired","Option":"Write"},{"CIMType":"Uint32","Description":"PasswordMinimumLength of the AndroidWorkProfile device compliance policy.","Name":"PasswordMinimumLength","Option":"Write"},{"CIMType":"String","Description":"PasswordRequiredType of the AndroidWorkProfile device compliance policy.","Name":"PasswordRequiredType","Option":"Write","ValueMap":["deviceDefault","alphabetic","alphanumeric","alphanumericWithSymbols","lowSecurityBiometric","numeric","numericComplex","any"],"Values":["deviceDefault","alphabetic","alphanumeric","alphanumericWithSymbols","lowSecurityBiometric","numeric","numericComplex","any"]},{"CIMType":"Uint32","Description":"PasswordMinutesOfInactivityBeforeLock of the AndroidWorkProfile device compliance policy.","Name":"PasswordMinutesOfInactivityBeforeLock","Option":"Write"},{"CIMType":"Uint32","Description":"PasswordExpirationDays of the AndroidWorkProfile device compliance policy.","Name":"PasswordExpirationDays","Option":"Write"},{"CIMType":"Uint32","Description":"PasswordPreviousPasswordBlockCount of the AndroidWorkProfile device compliance policy.","Name":"PasswordPreviousPasswordBlockCount","Option":"Write"},{"CIMType":"Uint32","Description":"PasswordSignInFailureCountBeforeFactoryReset of the AndroidWorkProfile device compliance policy.","Name":"PasswordSignInFailureCountBeforeFactoryReset","Option":"Write"},{"CIMType":"Boolean","Description":"SecurityPreventInstallAppsFromUnknownSources of the AndroidWorkProfile device compliance policy.","Name":"SecurityPreventInstallAppsFromUnknownSources","Option":"Write"},{"CIMType":"Boolean","Description":"SecurityDisableUsbDebugging of the AndroidWorkProfile device compliance policy.","Name":"SecurityDisableUsbDebugging","Option":"Write"},{"CIMType":"Boolean","Description":"SecurityRequireVerifyApps of the AndroidWorkProfile device compliance policy.","Name":"SecurityRequireVerifyApps","Option":"Write"},{"CIMType":"Boolean","Description":"DeviceThreatProtectionEnabled of the AndroidWorkProfile device compliance policy.","Name":"DeviceThreatProtectionEnabled","Option":"Write"},{"CIMType":"String","Description":"DeviceThreatProtectionRequiredSecurityLevel of the AndroidWorkProfile device compliance policy.","Name":"DeviceThreatProtectionRequiredSecurityLevel","Option":"Write","ValueMap":["unavailable","secured","low","medium","high","notSet"],"Values":["unavailable","secured","low","medium","high","notSet"]},{"CIMType":"String","Description":"AdvancedThreatProtectionRequiredSecurityLevel of the AndroidWorkProfile device compliance policy.","Name":"AdvancedThreatProtectionRequiredSecurityLevel","Option":"Write","ValueMap":["unavailable","secured","low","medium","high","notSet"],"Values":["unavailable","secured","low","medium","high","notSet"]},{"CIMType":"Boolean","Description":"SecurityBlockJailbrokenDevices of the AndroidWorkProfile device compliance policy.","Name":"SecurityBlockJailbrokenDevices","Option":"Write"},{"CIMType":"String","Description":"OsMinimumVersion of the AndroidWorkProfile device compliance policy.","Name":"OsMinimumVersion","Option":"Write"},{"CIMType":"String","Description":"OsMaximumVersion of the AndroidWorkProfile device compliance policy.","Name":"OsMaximumVersion","Option":"Write"},{"CIMType":"String","Description":"MinAndroidSecurityPatchLevel of the AndroidWorkProfile device compliance policy.","Name":"MinAndroidSecurityPatchLevel","Option":"Write"},{"CIMType":"Boolean","Description":"StorageRequireEncryption of the AndroidWorkProfile device compliance policy.","Name":"StorageRequireEncryption","Option":"Write"},{"CIMType":"Boolean","Description":"SecurityRequireSafetyNetAttestationBasicIntegrity of the AndroidWorkProfile device compliance policy.","Name":"SecurityRequireSafetyNetAttestationBasicIntegrity","Option":"Write"},{"CIMType":"Boolean","Description":"SecurityRequireSafetyNetAttestationCertifiedDevice of the AndroidWorkProfile device compliance policy.","Name":"SecurityRequireSafetyNetAttestationCertifiedDevice","Option":"Write"},{"CIMType":"Boolean","Description":"SecurityRequireGooglePlayServices of the AndroidWorkProfile device compliance policy.","Name":"SecurityRequireGooglePlayServices","Option":"Write"},{"CIMType":"Boolean","Description":"SecurityRequireUpToDateSecurityProviders of the AndroidWorkProfile device compliance policy.","Name":"SecurityRequireUpToDateSecurityProviders","Option":"Write"},{"CIMType":"Boolean","Description":"SecurityRequireCompanyPortalAppIntegrity of the AndroidWorkProfile device compliance policy.","Name":"SecurityRequireCompanyPortalAppIntegrity","Option":"Write"},{"CIMType":"String","Description":"Require a specific SafetyNet evaluation type for compliance.","Name":"SecurityRequiredAndroidSafetyNetEvaluationType","Option":"Write","ValueMap":["basic","hardwareBacked"],"Values":["basic","hardwareBacked"]},{"CIMType":"String","Description":"RoleScopeTagIds of the AndroidWorkProfile device compliance policy.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Intune Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures the settings of Android Work Profile device compliance policies in your cloud-based organization.\nLabeled in Intune as `Personally-owned work profile` policy type under `Android Enterprise`.\n\n## Parameters\n\n### Microsoft Defender for Endpoint - _for Personally-Owned Work Profile_\n\n**Require the device to be at or under the machine risk score:**\nSelect the maximum allowed machine risk score for devices evaluated by Microsoft Defender for Endpoint. Devices which exceed this score get marked as noncompliant.\n\n* Not configured (_default_)\n* Clear\n* Low\n* Medium\n* High\n\n### Device Health - _for Personally-Owned Work Profile_\n\n**Rooted devices:**\n\n* Not configured (_default_) - This setting isn't evaluated for compliance or non-compliance.\n* Block - Mark rooted (jailbroken) devices as not compliant.\n\n**Require the device to be at or under the Device Threat Level:**\nSelect the maximum allowed device threat level evaluated by your mobile threat defense service. Devices that exceed this threat level are marked noncompliant. To use this setting, choose the allowed threat level:\n\n* Not configured (_default_) - This setting isn't evaluated for compliance or non-compliance.\n* Secured - This option is the most secure, and means that the device can't have any threats. If the device is detected with any level of threats, it's evaluated as noncompliant.\n* Low - The device is evaluated as compliant if only low-level threats are present. Anything higher puts the device in a noncompliant status.\n* Medium - The device is evaluated as compliant if the threats that are present on the device are low or medium level. If the device is detected to have high-level threats, it's determined to be noncompliant.\n* High - This option is the least secure, as it allows all threat levels. It may be useful if you're using this solution only for reporting purposes.\n\n### Google Play Protect - _for Personally-Owned Work Profile_\n\n**Google Play Services is configured:**\n\n* Not configured (_default_) - This setting isn't evaluated for compliance or non-compliance.\n* Require - Require that the Google Play services app is installed and enabled. Google Play services allows security updates, and is a base-level dependency for many security features on certified-Google devices.\n\n**Up-to-date security provider:**\n\n* Not configured (_default_) - This setting isn't evaluated for compliance or non-compliance.\n* Require - Require that an up-to-date security provider can protect a device from known vulnerabilities.\n\n**SafetyNet device attestation:**\nEnter the level of SafetyNet attestation that must be met. Your options:\n\n* Not configured (_default_) - Setting isn't evaluated for compliance or non-compliance.\n* Check basic integrity\n* Check basic integrity & certified devices\n\nNote:\n\n* On Android Enterprise devices, Threat scan on apps is a device configuration policy. Using a configuration policy, administrators can enable the setting on a device. See Android Enterprise device restriction settings.\n\n### Device Properties - _for Personally-Owned Work Profile_\n\n**Operating System Version - _for Personally-Owned Work Profile_:**\n\n* Minimum OS version\n  When a device doesn't meet the minimum OS version requirement, it's reported as non-compliant. A link with information on how to upgrade is shown. The end user can upgrade their device, and then access organization resources.\n\n  _By default, no version is configured._\n\n**Maximum OS version**\nWhen a device is using an OS version later than the version in the rule, access to organization resources is blocked. The user is asked to contact their IT administrator. Until a rule is changed to allow the OS version, this device can't access organization resources.\n\n_By default, no version is configured._\n\n### System security - for _Personally-Owned Work Profile_\n\n**Require a password to unlock mobile devices:**\n\n* Not configured (_default_) - This setting isn't evaluated for compliance or non-compliance.\n* Require - Users must enter a password before they can access their device.\n\n_This setting applies at the device level. If you only need to require a password at the Personally-Owned Work Profile level, then use a configuration policy. See Android Enterprise device configuration settings._\n\n**Required password type:**\nChoose if a password should include only numeric characters, or a mix of numerals and other characters. Your options:\n\n* Device Default\n* Low security biometric\n* At least numeric (_default_): Enter the minimum password length a user must enter, between 4 and 16 characters.\n* Numeric complex: Enter the minimum password length a user must enter, between 4 and 16 characters.\n* At least alphabetic: Enter the minimum password length a user must enter, between 4 and 16 characters.\n* At least alphanumeric: Enter the minimum password length a user must enter, between 4 and 16 characters.\n* At least alphanumeric with symbols: Enter the minimum password length a user must enter, between 4 and 16 characters.\n\nDepending on the password type you select, the following settings are available:\n\n* Maximum minutes of inactivity before password is required\n* Number of days until password expires\n* Minimum password length\n* Number of previous passwords to prevent reuse\n\n### Encryption - _for Personally-Owned Work Profile_\n\n**Encryption of data storage on device:**\n\n* Not configured (_default_) - This setting isn't evaluated for compliance or non-compliance.\n* Require - Encrypt data storage on your devices.\n\nYou don't have to configure this setting because Android Enterprise devices enforce encryption.\n\n### Device Security - _for Personally-Owned Work Profile_\n\n**Block apps from unknown sources:**\n\n* Not configured (_default_) - This setting isn't evaluated for compliance or non-compliance.\n* Block - Block devices with Security > Unknown Sources enabled sources (supported on Android 4.0 through Android 7.x. Not supported by Android 8.0 and later).\n\n_To side-load apps, unknown sources must be allowed. If you're not side-loading Android apps, then set this feature to Block to enable this compliance policy._\n\n**Company portal app runtime integrity:**\n\n* Not configured (_default_) - This setting isn't evaluated for compliance or non-compliance.\n* Require - Choose Require to confirm the Company Portal app meets all the following requirements:\n  * Has the default runtime environment installed\n  * Is properly signed\n  * Isn't in debug-mode\n  * Is installed from a known source\n\n**Block USB debugging on device:**\n\n* Not configured (_default_) - This setting isn't evaluated for compliance or non-compliance.\n* Block - Prevent devices from using the USB debugging feature.\n\n_You don't have to configure this setting because USB debugging is already disabled on Android Enterprise devices._\n\n**Minimum security patch level:**\n\n* Select the oldest security patch level a device can have. Devices that aren't at least at this patch level are noncompliant. The date must be entered in the YYYY-MM-DD format.\n\n_By default, no date is configured._"},{"ClassName":"MSFT_appListItem","Parameters":[{"CIMType":"String","Description":"The application name.","Name":"name","Option":"Write"},{"CIMType":"String","Description":"The publisher of the application.","Name":"publisher","Option":"Write"},{"CIMType":"String","Description":"The Store URL of the application.","Name":"appStoreUrl","Option":"Write"},{"CIMType":"String","Description":"The application or bundle identifier of the application.","Name":"appId","Option":"Key"}],"Description":"This resource configures the Intune compliance policies for iOs devices."},{"ClassName":"MSFT_IntuneDeviceCompliancePolicyiOs","Parameters":[{"CIMType":"String","Description":"Display name of the iOS device compliance policy.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"Description of the iOS device compliance policy.","Name":"Description","Option":"Write"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Assignments of the Intune Policy.","Name":"Assignments","Option":"Write"},{"CIMType":"Boolean","Description":"PasscodeBlockSimple of the iOS device compliance policy.","Name":"PasscodeBlockSimple","Option":"Write"},{"CIMType":"Uint32","Description":"PasscodeExpirationDays of the iOS device compliance policy.","Name":"PasscodeExpirationDays","Option":"Write"},{"CIMType":"Uint32","Description":"PasscodeMinimumLength of the iOS device compliance policy.","Name":"PasscodeMinimumLength","Option":"Write"},{"CIMType":"Uint32","Description":"PasscodeMinutesOfInactivityBeforeLock of the iOS device compliance policy.","Name":"PasscodeMinutesOfInactivityBeforeLock","Option":"Write"},{"CIMType":"Uint32","Description":"Minutes of inactivity before the screen times out.","Name":"PasscodeMinutesOfInactivityBeforeScreenTimeout","Option":"Write"},{"CIMType":"Uint32","Description":"PasscodePreviousPasscodeBlockCount of the iOS device compliance policy.","Name":"PasscodePreviousPasscodeBlockCount","Option":"Write"},{"CIMType":"Uint32","Description":"PasscodeMinimumCharacterSetCount of the iOS device compliance policy.","Name":"PasscodeMinimumCharacterSetCount","Option":"Write"},{"CIMType":"String","Description":"PasscodeRequiredType of the iOS device compliance policy.","Name":"PasscodeRequiredType","Option":"Write","ValueMap":["deviceDefault","alphanumeric","numeric"],"Values":["deviceDefault","alphanumeric","numeric"]},{"CIMType":"Boolean","Description":"PasscodeRequired of the iOS device compliance policy.","Name":"PasscodeRequired","Option":"Write"},{"CIMType":"String","Description":"OsMinimumVersion of the iOS device compliance policy.","Name":"OsMinimumVersion","Option":"Write"},{"CIMType":"String","Description":"OsMaximumVersion of the iOS device compliance policy.","Name":"OsMaximumVersion","Option":"Write"},{"CIMType":"String","Description":"Minimum IOS build version.","Name":"OsMinimumBuildVersion","Option":"Write"},{"CIMType":"String","Description":"Maximum IOS build version.","Name":"OsMaximumBuildVersion","Option":"Write"},{"CIMType":"Boolean","Description":"SecurityBlockJailbrokenDevices of the iOS device compliance policy.","Name":"SecurityBlockJailbrokenDevices","Option":"Write"},{"CIMType":"Boolean","Description":"DeviceThreatProtectionEnabled of the iOS device compliance policy.","Name":"DeviceThreatProtectionEnabled","Option":"Write"},{"CIMType":"String","Description":"Require Mobile Threat Protection minimum risk level to report noncompliance.","Name":"DeviceThreatProtectionRequiredSecurityLevel","Option":"Write","ValueMap":["unavailable","secured","low","medium","high","notSet"],"Values":["unavailable","secured","low","medium","high","notSet"]},{"CIMType":"String","Description":"MDATP Require Mobile Threat Protection minimum risk level to report noncompliance.","Name":"AdvancedThreatProtectionRequiredSecurityLevel","Option":"Write","ValueMap":["unavailable","secured","low","medium","high","notSet"],"Values":["unavailable","secured","low","medium","high","notSet"]},{"CIMType":"Boolean","Description":"ManagedEmailProfileRequired of the iOS device compliance policy.","Name":"ManagedEmailProfileRequired","Option":"Write"},{"CIMType":"MSFT_appListItem[]","Description":"Credentials of the Intune Admin","Name":"RestrictedApps","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Intune Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures the Intune compliance policies for iOs devices."},{"ClassName":"MSFT_IntuneDeviceCompliancePolicyMacOS","Parameters":[{"CIMType":"String","Description":"Display name of the MacOS device compliance policy.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"Description of the MacOS device compliance policy.","Name":"Description","Option":"Write"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Assignments of the Intune Policy.","Name":"Assignments","Option":"Write"},{"CIMType":"Boolean","Description":"PasswordRequired of the MacOS device compliance policy.","Name":"PasswordRequired","Option":"Write"},{"CIMType":"Boolean","Description":"PasswordBlockSimple of the MacOS device compliance policy.","Name":"PasswordBlockSimple","Option":"Write"},{"CIMType":"Uint32","Description":"PasswordExpirationDays of the MacOS device compliance policy.","Name":"PasswordExpirationDays","Option":"Write"},{"CIMType":"Uint32","Description":"PasswordMinimumLength of the MacOS device compliance policy.","Name":"PasswordMinimumLength","Option":"Write"},{"CIMType":"Uint32","Description":"PasswordMinutesOfInactivityBeforeLock of the MacOS device compliance policy.","Name":"PasswordMinutesOfInactivityBeforeLock","Option":"Write"},{"CIMType":"Uint32","Description":"PasswordPreviousPasswordBlockCount of the MacOS device compliance policy.","Name":"PasswordPreviousPasswordBlockCount","Option":"Write"},{"CIMType":"Uint32","Description":"PasswordMinimumCharacterSetCount of the MacOS device compliance policy.","Name":"PasswordMinimumCharacterSetCount","Option":"Write"},{"CIMType":"String","Description":"PasswordRequiredType of the MacOS device compliance policy.","Name":"PasswordRequiredType","Option":"Write","ValueMap":["DeviceDefault","Alphanumeric","Numeric"],"Values":["DeviceDefault","Alphanumeric","Numeric"]},{"CIMType":"String","Description":"OsMinimumVersion of the MacOS device compliance policy.","Name":"OsMinimumVersion","Option":"Write"},{"CIMType":"String","Description":"OsMaximumVersion of the MacOS device compliance policy.","Name":"OsMaximumVersion","Option":"Write"},{"CIMType":"String","Description":"Minimum MacOS build version.","Name":"OsMinimumBuildVersion","Option":"Write"},{"CIMType":"String","Description":"Maximum MacOS build version.","Name":"OsMaximumBuildVersion","Option":"Write"},{"CIMType":"Boolean","Description":"SystemIntegrityProtectionEnabled of the MacOS device compliance policy.","Name":"SystemIntegrityProtectionEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"DeviceThreatProtectionEnabled of the MacOS device compliance policy.","Name":"DeviceThreatProtectionEnabled","Option":"Write"},{"CIMType":"String","Description":"DeviceThreatProtectionRequiredSecurityLevel of the MacOS device compliance policy.","Name":"DeviceThreatProtectionRequiredSecurityLevel","Option":"Write","ValueMap":["Unavailable","Secured","Low","Medium","High","NotSet"],"Values":["Unavailable","Secured","Low","Medium","High","NotSet"]},{"CIMType":"String","Description":"AdvancedThreatProtectionRequiredSecurityLevel of the MacOS device compliance policy.","Name":"AdvancedThreatProtectionRequiredSecurityLevel","Option":"Write","ValueMap":["Unavailable","Secured","Low","Medium","High","NotSet"],"Values":["Unavailable","Secured","Low","Medium","High","NotSet"]},{"CIMType":"Boolean","Description":"StorageRequireEncryption of the MacOS device compliance policy.","Name":"StorageRequireEncryption","Option":"Write"},{"CIMType":"String","Description":"System and Privacy setting that determines which download locations apps can be run from on a macOS device.","Name":"GatekeeperAllowedAppSource","Option":"Write","ValueMap":["notConfigured","macAppStore","macAppStoreAndIdentifiedDevelopers","anywhere"],"Values":["notConfigured","macAppStore","macAppStoreAndIdentifiedDevelopers","anywhere"]},{"CIMType":"Boolean","Description":"FirewallEnabled of the MacOS device compliance policy.","Name":"FirewallEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"FirewallBlockAllIncoming of the MacOS device compliance policy.","Name":"FirewallBlockAllIncoming","Option":"Write"},{"CIMType":"Boolean","Description":"FirewallEnableStealthMode of the MacOS device compliance policy.","Name":"FirewallEnableStealthMode","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Intune Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures the settings of MacOS compliance policies\nin your cloud-based organization.\n\n## Parameters\n\n### Device Health\n\n**Require a system integrity protection:**\n\n* Not configured _(default)_ - This setting isn't evaluated for compliance or non-compliance.\n* Require - Require macOS devices to have System Integrity Protection enabled.\n\n### Device Properties\n\n**Minimum OS required:**\nWhen a device doesn't meet the minimum OS version requirement, it's reported as non-compliant. A link with information on how to upgrade is shown. The device user can choose to upgrade their device. After that, they can access organization resources.\n\n**Maximum OS version allowed:**\nWhen a device uses an OS version later than the version in the rule, access to organization resources is blocked. The device user is asked to contact their IT administrator. The device can't access organization resources until a rule changes to allow the OS version.\n\n**Minimum OS build version:**\nWhen Apple publishes security updates, the build number is typically updated, not the OS version. Use this feature to enter a minimum allowed build number on the device.\n\n**Maximum OS build version:**\nWhen Apple publishes security updates, the build number is typically updated, not the OS version. Use this feature to enter a maximum allowed build number on the device.\n\n## System security settings\n\n### Password\n\n**Require a password to unlock mobile devices:**\n\n* Not configured _(default)_\n* Require Users must enter a password before they can access their device.\n\n**Simple passwords:**\n\n* Not configured _(default)_ - Users can create passwords simple like 1234 or 1111.\n* Block - Users can't create simple passwords, such as 1234 or 1111.\n\n**Minimum password length:**\n\n* Enter the minimum number of digits or characters that the password must have.\n\n**Password type:**\n\n* Choose if a password should have only Numeric characters, or if there should be a mix of numbers and other characters (Alphanumeric).\n\n**Number of non-alphanumeric characters in password:**\n\n* Enter the minimum number of special characters, such as &, #, %, !, and so on, that must be in the password.\n\nSetting a higher number requires the user to create a password that is more complex.\n\n**Maximum minutes of inactivity before password is required:**\n\n* Enter the idle time before the user must reenter their password.\n\n**Password expiration (days):**\n\n* Select the number of days before the password expires, and they must create a new one.\n\n**Number of previous passwords to prevent reuse:**\n\n* Enter the number of previously used passwords that can't be used.\n\n### Encryption\n\n**Encryption of data storage on device:**\n\n* Not configured (_default_)\n* Require - Use _Require_ to encrypt data storage on your devices.\n\n### Device Security\n\nFirewall protects devices from unauthorized network access. You can use Firewall to control connections on a per-application basis.\n\n**Firewall:**\n\n* Not configured _(default)_ - This setting leaves the firewall turned off, and network traffic is allowed (not blocked).\n* Enable - Use Enable to help protect devices from unauthorized access. Enabling this feature allows you to handle incoming internet connections, and use stealth mode.\n\n**Incoming connections:**\n\n* Not configured _(default)_ - Allows incoming connections and sharing services.\n* Block - Block all incoming network connections except the connections required for basic internet services, such as DHCP, Bonjour, and IPSec. This setting also blocks all sharing services, including screen sharing, remote access, iTunes music sharing, and more.\n\n**Stealth Mode:**\n\n* Not configured _(default)_ - This setting leaves stealth mode turned off.\n* Enable - Turn on stealth mode to prevent devices from responding to probing requests, which can be made my malicious users. When enabled, the device continues to answer incoming requests for authorized apps.\n\n### Gatekeeper\n\nFor more information, see Gatekeeper on macOS.\n\n**Allow apps downloaded from these locations:**\nAllows supported applications to be installed on your devices from different locations. Your location options:\n\n* Not configured _(default)_ - The gatekeeper option has no impact on compliance or non-compliance.\n* Mac App Store - Only install apps for the Mac app store. Apps can't be installed from third parties nor identified developers. If a user selects Gatekeeper to install apps outside the Mac App Store, then the device is considered not compliant.\n* Mac App Store and identified developers - Install apps for the Mac app store and from identified developers. macOS checks the identity of developers, and does some other checks to verify app integrity. If a user selects Gatekeeper to install apps outside these options, then the device is considered not compliant.\n* Anywhere - Apps can be installed from anywhere, and by any developer. This option is the least secure."},{"ClassName":"MSFT_MicrosoftGraphOperatingSystemVersionRange","Parameters":[{"CIMType":"String","Description":"The description of this range (e.g. Valid 1702 builds)","Name":"Description","Option":"Key"},{"CIMType":"String","Description":"The lowest inclusive version that this range contains.","Name":"LowestVersion","Option":"Key"},{"CIMType":"String","Description":"The highest inclusive version that this range contains.","Name":"HighestVersion","Option":"Key"}],"Description":"This resource configures the settings of Windows 10 compliance policies\nin your cloud-based organization.\n\n## Parameters\n\n### Device Health\n\n#### Windows Health Attestation Service evaluation rules\n\n**Require BitLocker:**\n  Windows BitLocker Drive Encryption encrypts all data stored on the Windows operating system volume. BitLocker uses the Trusted Platform Module (TPM) to help protect the Windows operating system and user data. It also helps confirm that a computer isn't tampered with, even if its left unattended, lost, or stolen. If the computer is equipped with a compatible TPM, BitLocker uses the TPM to lock the encryption keys that protect the data. As a result, the keys can't be accessed until the TPM verifies the state of the computer.\n\n* Not configured _(default)_ - This setting isn't evaluated for compliance or non-compliance.\n* Require - The device can protect data that's stored on the drive from unauthorized access when the system is off, or hibernates.\n\n  Device HealthAttestation CSP - BitLockerStatus\n\n**Require Secure Boot to be enabled on the device:**\n\n* Not configured _(default)_ - This setting isn't evaluated for compliance or non-compliance.\n* Require - The system is forced to boot to a factory trusted state. The core components that are used to boot the machine must have correct cryptographic signatures that are trusted by the organization that manufactured the device. The UEFI firmware verifies the signature before it lets the machine start. If any files are tampered with, which breaks their signature, the system doesn't boot.\n\n### Device Properties\n\n#### Operating System Version\n\nTo discover build versions for all Windows 10 Feature Updates and Cumulative Updates (to be used in some of the fields below), see Windows 10 release information. Be sure to include the 10.0. prefix before the build numbers, as the following examples illustrate.\n\n**Minimum OS version:**\nEnter the minimum allowed version in the major.minor.build.revision number format. To get the correct value, open a command prompt, and type ver. The ver command returns the version in the following format:\n\nMicrosoft Windows [Version 10.0.17134.1]\n\nWhen a device has an earlier version than the OS version you enter, it's reported as noncompliant. A link with information on how to upgrade is shown. The end user can choose to upgrade their device. After they upgrade, they can access company resources.\n\n**Maximum OS version:**\nEnter the maximum allowed version, in the major.minor.build.revision number format. To get the correct value, open a command prompt, and type ver. The ver command returns the version in the following format:\n\nMicrosoft Windows [Version 10.0.17134.1]\n\nWhen a device is using an OS version later than the version entered, access to organization resources is blocked. The end user is asked to contact their IT administrator. The device can't access organization resources until the rule is changed to allow the OS version.\n\n**Minimum OS required for mobile devices:**\nEnter the minimum allowed version, in the major.minor.build number format.\n\nWhen a device has an earlier version that the OS version you enter, it's reported as noncompliant. A link with information on how to upgrade is shown. The end user can choose to upgrade their device. After they upgrade, they can access company resources.\n\n**Maximum OS required for mobile devices:**\nEnter the maximum allowed version, in the major.minor.build number.\n\nWhen a device is using an OS version later than the version entered, access to organization resources is blocked. The end user is asked to contact their IT administrator. The device can't access organization resources until the rule is changed to allow the OS version.\n\n**Valid operating system builds:**\nSpecify a list of minimum and maximum operating system builds. Valid operating system builds provides additional flexibility when compared against minimum and maximum OS versions. Consider a scenario where minimum OS version is set to 10.0.18362.xxx (Windows 10 1903) and maximum OS version is set to 10.0.18363.xxx (Windows 10 1909). This configuration can allow a Windows 10 1903 device that doesn't have recent cumulative updates installed to be identified as compliant. Minimum and maximum OS versions might be suitable if you have standardized on a single Windows 10 release, but might not address your requirements if you need to use multiple builds, each with specific patch levels. In such a case, consider leveraging valid operating system builds instead, which allows multiple builds to be specified as per the following example.\n\nExample:\nThe following table is an example of a range for the acceptable operating systems versions for different Windows 10 releases. In this example, three different Feature Updates have been allowed (1809, 1909 and 2004). Specifically, only those versions of Windows and which have applied cumulative updates from June to September 2020 will be considered to be compliant. This is sample data only. The table includes a first column that includes any text you want to describe the entry, followed by the minimum and maximum OS version for that entry. The second and third columns must adhere to valid OS build versions in the major.minor.build.revision number format. After you define one or more entries, you can Export the list as a comma-separated values (CSV) file.\n\n| Description                 | Minimum OS version | Maximum OS version |\n|-----------------------------|--------------------|--------------------|\n| Win 10 2004 (Jun-Sept 2020) | 10.0.19041.329     | 10.0.19041.508     |\n| Win 10 1909 (Jun-Sept 2020) | 10.0.18363.900     | 10.0.18363.1110    |\n| Win 10 1809 (Jun-Sept 2020) | 10.0.17763.1282    | 10.0.17763.1490    |\n\n### Configuration Manager Compliance\n\nApplies only to co-managed devices running Windows 10 and later. Intune-only devices return a not available status.\n\n**Require device compliance from Configuration Manager:**\n\n* Not configured _(default)_ - Intune doesn't check for any of the Configuration Manager settings for compliance.\n* Require - Require all settings (configuration items) in Configuration Manager to be compliant.\n\n### System Security\n\n#### Password\n\n**Require a password to unlock mobile devices:**\n\n* Not configured _(default)_ - This setting isn't evaluated for compliance or non-compliance.\n* Require - Users must enter a password before they can access their device.\n\n**Simple passwords:**\n\n* Not configured _(default)_ - Users can create simple passwords, such as 1234 or 1111.\n* Block - Users can't create simple passwords, such as 1234 or 1111.\n\n**Password type:**\nChoose the type of password or PIN required. Your options:\n\n* Device _(default)_  - Require a password, numeric PIN, or alphanumeric PIN\n* Numeric - Require a password or numeric PIN\n* Alphanumeric - Require a password, or alphanumeric PIN.\n\nWhen set to Alphanumeric, the following settings are available:\n\n* Password complexity:\n  * Require digits and lowercase letters _(default)_\n  * Require digits, lowercase letters, and uppercase letters\n  * Require digits, lowercase letters, uppercase letters, and special characters\n\n**Minimum password length:**\nEnter the minimum number of digits or characters that the password must have.\n\n**Maximum minutes of inactivity before password is required:**\nEnter the idle time before the user must reenter their password.\n\n**Password expiration (days):**\nEnter the number of days before the password expires, and they must create a new one, from 1-730.\n\n**Number of previous passwords to prevent reuse:**\nEnter the number of previously used passwords that can't be used.\n\n**Require password when device returns from idle state (Mobile and Holographic):**\n\n* Not configured _(default)_\n* Require - Require device users to enter the password every time the device returns from an idle state.\n\n**Important**\nWhen the password requirement is changed on a Windows desktop, users are impacted the next time they sign in, as that's when the device goes from idle to active. Users with passwords that meet the requirement are still prompted to change their passwords.\n\n### Encryption\n\n**Encryption of data storage on a device:**\nThis setting applies to all drives on a device.\n\n* Not configured _(default)_\n* Require - Use Require to encrypt data storage on your devices.\n\n**Note**\nThe Encryption of data storage on a device setting generically checks for the presence of encryption on the device, more specifically at the OS drive level. Currently, Intune supports only the encryption check with BitLocker. For a more robust encryption setting, consider using Require BitLocker, which leverages Windows Device Health Attestation to validate Bitlocker status at the TPM level.\n\n### Device Security\n\n**Firewall:**\n\n* Not configured _(default)_ - Intune doesn't control the Microsoft Defender Firewall, nor change existing settings.\n* Require - Turn on the Microsoft Defender Firewall, and prevent users from turning it off.\n\n**Note**\nIf the device immediately syncs after a reboot, or immediately syncs waking from sleep, then this setting may report as an Error. This scenario might not affect the overall device compliance status. To re-evaluate the compliance status, manually sync the device.\n\n**Trusted Platform Module (TPM):**\n\n* Not configured _(default)_ - Intune doesn't check the device for a TPM chip version.\n* Require - Intune checks the TPM chip version for compliance. The device is compliant if the TPM chip version is greater than 0 (zero). The device isn't compliant if there isn't a TPM version on the device.\n\n**Antivirus:**\n\n* Not configured _(default)_ - Intune doesn't check for any antivirus solutions installed on the device.\n* Require - Check compliance using antivirus solutions that are registered with Windows Security Center, such as Symantec and Microsoft Defender.\n\n**Antispyware:**\n\n* Not configured _(default)_ - Intune doesn't check for any antispyware solutions installed on the device.\n* Require - Check compliance using antispyware solutions that are registered with Windows Security Center, such as Symantec and Microsoft Defender.\n\n### Defender\n\nThe following compliance settings are supported with Windows 10 Desktop.\n\n**Microsoft Defender Antimalware:**\n\n* Not configured _(default)_ - Intune doesn't control the service, nor change existing settings.\n* Require - Turn on the Microsoft Defender anti-malware service, and prevent users from turning it off.\n\n**Microsoft Defender Antimalware minimum version:**\nEnter the minimum allowed version of Microsoft Defender anti-malware service. For example, enter 4.11.0.0. When left blank, any version of the Microsoft Defender anti-malware service can be used.\n\nBy _(default)_, no version is configured.\n\n**Microsoft Defender Antimalware security intelligence up-to-date:**\nControls the Windows Security virus and threat protection updates on the devices.\n\n* Not configured _(default)_ - Intune doesn't enforce any requirements.\n* Require - Force the Microsoft Defender security intelligence be up-to-date.\n\n**Real-time protection:**\n\n* Not configured (_(default)_) - Intune doesn't control this feature, nor change existing settings.\n* Require - Turn on real-time protection, which scans for malware, spyware, and other unwanted software.\n\n### Microsoft Defender for Endpoint\n\n#### Microsoft Defender for Endpoint rules\n\nFor additional information on Microsoft Defender for Endpoint integration in conditional access scenarios, see Configure Conditional Access in Microsoft Defender for Endpoint.\n\n**Require the device to be at or under the machine risk score:**\nUse this setting to take the risk assessment from your defense threat services as a condition for compliance. Choose the maximum allowed threat level:\n\n* Not configured (_(default)_)\n* Clear -This option is the most secure, as the device can't have any threats. If the device is detected as having any level of threats, it's evaluated as non-compliant.\n* Low - The device is evaluated as compliant if only low-level threats are present. Anything higher puts the device in a non-compliant status.\n* Medium - The device is evaluated as compliant if existing threats on the device are low or medium level. If the device is detected to have high-level threats, it's determined to be non-compliant.\n* High - This option is the least secure, and allows all threat levels. It may be useful if you're using this solution only for reporting purposes.\n\n### Windows Holographic for Business\n\nWindows Holographic for Business uses the Windows 10 and later platform. Windows Holographic for Business supports the following setting:\n\n**System Security > Encryption > Encryption of data storage on device.**\nTo verify device encryption on the Microsoft HoloLens, see Verify device encryption.\n\n### Surface Hub\n\nSurface Hub uses the Windows 10 and later platform. Surface Hubs are supported for both compliance and Conditional Access. To enable these features on Surface Hubs, we recommend you enable Windows 10 automatic enrollment in Intune (requires Azure Active Directory (Azure AD)), and target the Surface Hub devices as device groups. Surface Hubs are required to be Azure AD joined for compliance and Conditional Access to work.\n\nFor guidance, see set up enrollment for Windows devices.\n\nSpecial consideration for Surface Hubs running Windows 10 Team OS:\nSurface Hubs that run Windows 10 Team OS do not support the Microsoft Defender for Endpoint and Password compliance policies at this time. Therefore, for Surface Hubs that run Windows 10 Team OS set the following two settings to their _(default)_ of _Not configured_:\n\n* In the category Password, set Require a password to unlock mobile devices to the _(default)_ of Not configured.\n* In the category Microsoft Defender for Endpoint, set Require the device to be at or under the machine risk score to the _(default)_ of Not configured."},{"ClassName":"MSFT_MicrosoftGraphDeviceCompliancePolicyScript","Parameters":[{"CIMType":"String","Description":"Device compliance script name.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"Rules content of the custom settings.","Name":"RulesContent","Option":"Write"}],"Description":"This resource configures the settings of Windows 10 compliance policies\nin your cloud-based organization.\n\n## Parameters\n\n### Device Health\n\n#### Windows Health Attestation Service evaluation rules\n\n**Require BitLocker:**\n  Windows BitLocker Drive Encryption encrypts all data stored on the Windows operating system volume. BitLocker uses the Trusted Platform Module (TPM) to help protect the Windows operating system and user data. It also helps confirm that a computer isn't tampered with, even if its left unattended, lost, or stolen. If the computer is equipped with a compatible TPM, BitLocker uses the TPM to lock the encryption keys that protect the data. As a result, the keys can't be accessed until the TPM verifies the state of the computer.\n\n* Not configured _(default)_ - This setting isn't evaluated for compliance or non-compliance.\n* Require - The device can protect data that's stored on the drive from unauthorized access when the system is off, or hibernates.\n\n  Device HealthAttestation CSP - BitLockerStatus\n\n**Require Secure Boot to be enabled on the device:**\n\n* Not configured _(default)_ - This setting isn't evaluated for compliance or non-compliance.\n* Require - The system is forced to boot to a factory trusted state. The core components that are used to boot the machine must have correct cryptographic signatures that are trusted by the organization that manufactured the device. The UEFI firmware verifies the signature before it lets the machine start. If any files are tampered with, which breaks their signature, the system doesn't boot.\n\n### Device Properties\n\n#### Operating System Version\n\nTo discover build versions for all Windows 10 Feature Updates and Cumulative Updates (to be used in some of the fields below), see Windows 10 release information. Be sure to include the 10.0. prefix before the build numbers, as the following examples illustrate.\n\n**Minimum OS version:**\nEnter the minimum allowed version in the major.minor.build.revision number format. To get the correct value, open a command prompt, and type ver. The ver command returns the version in the following format:\n\nMicrosoft Windows [Version 10.0.17134.1]\n\nWhen a device has an earlier version than the OS version you enter, it's reported as noncompliant. A link with information on how to upgrade is shown. The end user can choose to upgrade their device. After they upgrade, they can access company resources.\n\n**Maximum OS version:**\nEnter the maximum allowed version, in the major.minor.build.revision number format. To get the correct value, open a command prompt, and type ver. The ver command returns the version in the following format:\n\nMicrosoft Windows [Version 10.0.17134.1]\n\nWhen a device is using an OS version later than the version entered, access to organization resources is blocked. The end user is asked to contact their IT administrator. The device can't access organization resources until the rule is changed to allow the OS version.\n\n**Minimum OS required for mobile devices:**\nEnter the minimum allowed version, in the major.minor.build number format.\n\nWhen a device has an earlier version that the OS version you enter, it's reported as noncompliant. A link with information on how to upgrade is shown. The end user can choose to upgrade their device. After they upgrade, they can access company resources.\n\n**Maximum OS required for mobile devices:**\nEnter the maximum allowed version, in the major.minor.build number.\n\nWhen a device is using an OS version later than the version entered, access to organization resources is blocked. The end user is asked to contact their IT administrator. The device can't access organization resources until the rule is changed to allow the OS version.\n\n**Valid operating system builds:**\nSpecify a list of minimum and maximum operating system builds. Valid operating system builds provides additional flexibility when compared against minimum and maximum OS versions. Consider a scenario where minimum OS version is set to 10.0.18362.xxx (Windows 10 1903) and maximum OS version is set to 10.0.18363.xxx (Windows 10 1909). This configuration can allow a Windows 10 1903 device that doesn't have recent cumulative updates installed to be identified as compliant. Minimum and maximum OS versions might be suitable if you have standardized on a single Windows 10 release, but might not address your requirements if you need to use multiple builds, each with specific patch levels. In such a case, consider leveraging valid operating system builds instead, which allows multiple builds to be specified as per the following example.\n\nExample:\nThe following table is an example of a range for the acceptable operating systems versions for different Windows 10 releases. In this example, three different Feature Updates have been allowed (1809, 1909 and 2004). Specifically, only those versions of Windows and which have applied cumulative updates from June to September 2020 will be considered to be compliant. This is sample data only. The table includes a first column that includes any text you want to describe the entry, followed by the minimum and maximum OS version for that entry. The second and third columns must adhere to valid OS build versions in the major.minor.build.revision number format. After you define one or more entries, you can Export the list as a comma-separated values (CSV) file.\n\n| Description                 | Minimum OS version | Maximum OS version |\n|-----------------------------|--------------------|--------------------|\n| Win 10 2004 (Jun-Sept 2020) | 10.0.19041.329     | 10.0.19041.508     |\n| Win 10 1909 (Jun-Sept 2020) | 10.0.18363.900     | 10.0.18363.1110    |\n| Win 10 1809 (Jun-Sept 2020) | 10.0.17763.1282    | 10.0.17763.1490    |\n\n### Configuration Manager Compliance\n\nApplies only to co-managed devices running Windows 10 and later. Intune-only devices return a not available status.\n\n**Require device compliance from Configuration Manager:**\n\n* Not configured _(default)_ - Intune doesn't check for any of the Configuration Manager settings for compliance.\n* Require - Require all settings (configuration items) in Configuration Manager to be compliant.\n\n### System Security\n\n#### Password\n\n**Require a password to unlock mobile devices:**\n\n* Not configured _(default)_ - This setting isn't evaluated for compliance or non-compliance.\n* Require - Users must enter a password before they can access their device.\n\n**Simple passwords:**\n\n* Not configured _(default)_ - Users can create simple passwords, such as 1234 or 1111.\n* Block - Users can't create simple passwords, such as 1234 or 1111.\n\n**Password type:**\nChoose the type of password or PIN required. Your options:\n\n* Device _(default)_  - Require a password, numeric PIN, or alphanumeric PIN\n* Numeric - Require a password or numeric PIN\n* Alphanumeric - Require a password, or alphanumeric PIN.\n\nWhen set to Alphanumeric, the following settings are available:\n\n* Password complexity:\n  * Require digits and lowercase letters _(default)_\n  * Require digits, lowercase letters, and uppercase letters\n  * Require digits, lowercase letters, uppercase letters, and special characters\n\n**Minimum password length:**\nEnter the minimum number of digits or characters that the password must have.\n\n**Maximum minutes of inactivity before password is required:**\nEnter the idle time before the user must reenter their password.\n\n**Password expiration (days):**\nEnter the number of days before the password expires, and they must create a new one, from 1-730.\n\n**Number of previous passwords to prevent reuse:**\nEnter the number of previously used passwords that can't be used.\n\n**Require password when device returns from idle state (Mobile and Holographic):**\n\n* Not configured _(default)_\n* Require - Require device users to enter the password every time the device returns from an idle state.\n\n**Important**\nWhen the password requirement is changed on a Windows desktop, users are impacted the next time they sign in, as that's when the device goes from idle to active. Users with passwords that meet the requirement are still prompted to change their passwords.\n\n### Encryption\n\n**Encryption of data storage on a device:**\nThis setting applies to all drives on a device.\n\n* Not configured _(default)_\n* Require - Use Require to encrypt data storage on your devices.\n\n**Note**\nThe Encryption of data storage on a device setting generically checks for the presence of encryption on the device, more specifically at the OS drive level. Currently, Intune supports only the encryption check with BitLocker. For a more robust encryption setting, consider using Require BitLocker, which leverages Windows Device Health Attestation to validate Bitlocker status at the TPM level.\n\n### Device Security\n\n**Firewall:**\n\n* Not configured _(default)_ - Intune doesn't control the Microsoft Defender Firewall, nor change existing settings.\n* Require - Turn on the Microsoft Defender Firewall, and prevent users from turning it off.\n\n**Note**\nIf the device immediately syncs after a reboot, or immediately syncs waking from sleep, then this setting may report as an Error. This scenario might not affect the overall device compliance status. To re-evaluate the compliance status, manually sync the device.\n\n**Trusted Platform Module (TPM):**\n\n* Not configured _(default)_ - Intune doesn't check the device for a TPM chip version.\n* Require - Intune checks the TPM chip version for compliance. The device is compliant if the TPM chip version is greater than 0 (zero). The device isn't compliant if there isn't a TPM version on the device.\n\n**Antivirus:**\n\n* Not configured _(default)_ - Intune doesn't check for any antivirus solutions installed on the device.\n* Require - Check compliance using antivirus solutions that are registered with Windows Security Center, such as Symantec and Microsoft Defender.\n\n**Antispyware:**\n\n* Not configured _(default)_ - Intune doesn't check for any antispyware solutions installed on the device.\n* Require - Check compliance using antispyware solutions that are registered with Windows Security Center, such as Symantec and Microsoft Defender.\n\n### Defender\n\nThe following compliance settings are supported with Windows 10 Desktop.\n\n**Microsoft Defender Antimalware:**\n\n* Not configured _(default)_ - Intune doesn't control the service, nor change existing settings.\n* Require - Turn on the Microsoft Defender anti-malware service, and prevent users from turning it off.\n\n**Microsoft Defender Antimalware minimum version:**\nEnter the minimum allowed version of Microsoft Defender anti-malware service. For example, enter 4.11.0.0. When left blank, any version of the Microsoft Defender anti-malware service can be used.\n\nBy _(default)_, no version is configured.\n\n**Microsoft Defender Antimalware security intelligence up-to-date:**\nControls the Windows Security virus and threat protection updates on the devices.\n\n* Not configured _(default)_ - Intune doesn't enforce any requirements.\n* Require - Force the Microsoft Defender security intelligence be up-to-date.\n\n**Real-time protection:**\n\n* Not configured (_(default)_) - Intune doesn't control this feature, nor change existing settings.\n* Require - Turn on real-time protection, which scans for malware, spyware, and other unwanted software.\n\n### Microsoft Defender for Endpoint\n\n#### Microsoft Defender for Endpoint rules\n\nFor additional information on Microsoft Defender for Endpoint integration in conditional access scenarios, see Configure Conditional Access in Microsoft Defender for Endpoint.\n\n**Require the device to be at or under the machine risk score:**\nUse this setting to take the risk assessment from your defense threat services as a condition for compliance. Choose the maximum allowed threat level:\n\n* Not configured (_(default)_)\n* Clear -This option is the most secure, as the device can't have any threats. If the device is detected as having any level of threats, it's evaluated as non-compliant.\n* Low - The device is evaluated as compliant if only low-level threats are present. Anything higher puts the device in a non-compliant status.\n* Medium - The device is evaluated as compliant if existing threats on the device are low or medium level. If the device is detected to have high-level threats, it's determined to be non-compliant.\n* High - This option is the least secure, and allows all threat levels. It may be useful if you're using this solution only for reporting purposes.\n\n### Windows Holographic for Business\n\nWindows Holographic for Business uses the Windows 10 and later platform. Windows Holographic for Business supports the following setting:\n\n**System Security > Encryption > Encryption of data storage on device.**\nTo verify device encryption on the Microsoft HoloLens, see Verify device encryption.\n\n### Surface Hub\n\nSurface Hub uses the Windows 10 and later platform. Surface Hubs are supported for both compliance and Conditional Access. To enable these features on Surface Hubs, we recommend you enable Windows 10 automatic enrollment in Intune (requires Azure Active Directory (Azure AD)), and target the Surface Hub devices as device groups. Surface Hubs are required to be Azure AD joined for compliance and Conditional Access to work.\n\nFor guidance, see set up enrollment for Windows devices.\n\nSpecial consideration for Surface Hubs running Windows 10 Team OS:\nSurface Hubs that run Windows 10 Team OS do not support the Microsoft Defender for Endpoint and Password compliance policies at this time. Therefore, for Surface Hubs that run Windows 10 Team OS set the following two settings to their _(default)_ of _Not configured_:\n\n* In the category Password, set Require a password to unlock mobile devices to the _(default)_ of Not configured.\n* In the category Microsoft Defender for Endpoint, set Require the device to be at or under the machine risk score to the _(default)_ of Not configured."},{"ClassName":"MSFT_MicrosoftGraphDeviceComplianceScheduledActionsForRuleConfiguration","Parameters":[{"CIMType":"String","Description":"The action type of the compliance policy action.","Name":"ActionType","Option":"Write","ValueMap":["block","notification","retire"],"Values":["block","notification","retire"]},{"CIMType":"Uint32","Description":"Number of hours the device can be in grace period.","Name":"GracePeriodHours","Option":"Write"},{"CIMType":"String[]","Description":"Display names of the groups that should be notified if the compliance fails.","Name":"NotificationMessageCCList","Option":"Write"},{"CIMType":"String","Description":"Display name of the Notification Template used in the compliance policy. Can only be used with ActionType 'notification'.","Name":"NotificationTemplate","Option":"Write"}],"Description":"This resource configures the settings of Windows 10 compliance policies\nin your cloud-based organization.\n\n## Parameters\n\n### Device Health\n\n#### Windows Health Attestation Service evaluation rules\n\n**Require BitLocker:**\n  Windows BitLocker Drive Encryption encrypts all data stored on the Windows operating system volume. BitLocker uses the Trusted Platform Module (TPM) to help protect the Windows operating system and user data. It also helps confirm that a computer isn't tampered with, even if its left unattended, lost, or stolen. If the computer is equipped with a compatible TPM, BitLocker uses the TPM to lock the encryption keys that protect the data. As a result, the keys can't be accessed until the TPM verifies the state of the computer.\n\n* Not configured _(default)_ - This setting isn't evaluated for compliance or non-compliance.\n* Require - The device can protect data that's stored on the drive from unauthorized access when the system is off, or hibernates.\n\n  Device HealthAttestation CSP - BitLockerStatus\n\n**Require Secure Boot to be enabled on the device:**\n\n* Not configured _(default)_ - This setting isn't evaluated for compliance or non-compliance.\n* Require - The system is forced to boot to a factory trusted state. The core components that are used to boot the machine must have correct cryptographic signatures that are trusted by the organization that manufactured the device. The UEFI firmware verifies the signature before it lets the machine start. If any files are tampered with, which breaks their signature, the system doesn't boot.\n\n### Device Properties\n\n#### Operating System Version\n\nTo discover build versions for all Windows 10 Feature Updates and Cumulative Updates (to be used in some of the fields below), see Windows 10 release information. Be sure to include the 10.0. prefix before the build numbers, as the following examples illustrate.\n\n**Minimum OS version:**\nEnter the minimum allowed version in the major.minor.build.revision number format. To get the correct value, open a command prompt, and type ver. The ver command returns the version in the following format:\n\nMicrosoft Windows [Version 10.0.17134.1]\n\nWhen a device has an earlier version than the OS version you enter, it's reported as noncompliant. A link with information on how to upgrade is shown. The end user can choose to upgrade their device. After they upgrade, they can access company resources.\n\n**Maximum OS version:**\nEnter the maximum allowed version, in the major.minor.build.revision number format. To get the correct value, open a command prompt, and type ver. The ver command returns the version in the following format:\n\nMicrosoft Windows [Version 10.0.17134.1]\n\nWhen a device is using an OS version later than the version entered, access to organization resources is blocked. The end user is asked to contact their IT administrator. The device can't access organization resources until the rule is changed to allow the OS version.\n\n**Minimum OS required for mobile devices:**\nEnter the minimum allowed version, in the major.minor.build number format.\n\nWhen a device has an earlier version that the OS version you enter, it's reported as noncompliant. A link with information on how to upgrade is shown. The end user can choose to upgrade their device. After they upgrade, they can access company resources.\n\n**Maximum OS required for mobile devices:**\nEnter the maximum allowed version, in the major.minor.build number.\n\nWhen a device is using an OS version later than the version entered, access to organization resources is blocked. The end user is asked to contact their IT administrator. The device can't access organization resources until the rule is changed to allow the OS version.\n\n**Valid operating system builds:**\nSpecify a list of minimum and maximum operating system builds. Valid operating system builds provides additional flexibility when compared against minimum and maximum OS versions. Consider a scenario where minimum OS version is set to 10.0.18362.xxx (Windows 10 1903) and maximum OS version is set to 10.0.18363.xxx (Windows 10 1909). This configuration can allow a Windows 10 1903 device that doesn't have recent cumulative updates installed to be identified as compliant. Minimum and maximum OS versions might be suitable if you have standardized on a single Windows 10 release, but might not address your requirements if you need to use multiple builds, each with specific patch levels. In such a case, consider leveraging valid operating system builds instead, which allows multiple builds to be specified as per the following example.\n\nExample:\nThe following table is an example of a range for the acceptable operating systems versions for different Windows 10 releases. In this example, three different Feature Updates have been allowed (1809, 1909 and 2004). Specifically, only those versions of Windows and which have applied cumulative updates from June to September 2020 will be considered to be compliant. This is sample data only. The table includes a first column that includes any text you want to describe the entry, followed by the minimum and maximum OS version for that entry. The second and third columns must adhere to valid OS build versions in the major.minor.build.revision number format. After you define one or more entries, you can Export the list as a comma-separated values (CSV) file.\n\n| Description                 | Minimum OS version | Maximum OS version |\n|-----------------------------|--------------------|--------------------|\n| Win 10 2004 (Jun-Sept 2020) | 10.0.19041.329     | 10.0.19041.508     |\n| Win 10 1909 (Jun-Sept 2020) | 10.0.18363.900     | 10.0.18363.1110    |\n| Win 10 1809 (Jun-Sept 2020) | 10.0.17763.1282    | 10.0.17763.1490    |\n\n### Configuration Manager Compliance\n\nApplies only to co-managed devices running Windows 10 and later. Intune-only devices return a not available status.\n\n**Require device compliance from Configuration Manager:**\n\n* Not configured _(default)_ - Intune doesn't check for any of the Configuration Manager settings for compliance.\n* Require - Require all settings (configuration items) in Configuration Manager to be compliant.\n\n### System Security\n\n#### Password\n\n**Require a password to unlock mobile devices:**\n\n* Not configured _(default)_ - This setting isn't evaluated for compliance or non-compliance.\n* Require - Users must enter a password before they can access their device.\n\n**Simple passwords:**\n\n* Not configured _(default)_ - Users can create simple passwords, such as 1234 or 1111.\n* Block - Users can't create simple passwords, such as 1234 or 1111.\n\n**Password type:**\nChoose the type of password or PIN required. Your options:\n\n* Device _(default)_  - Require a password, numeric PIN, or alphanumeric PIN\n* Numeric - Require a password or numeric PIN\n* Alphanumeric - Require a password, or alphanumeric PIN.\n\nWhen set to Alphanumeric, the following settings are available:\n\n* Password complexity:\n  * Require digits and lowercase letters _(default)_\n  * Require digits, lowercase letters, and uppercase letters\n  * Require digits, lowercase letters, uppercase letters, and special characters\n\n**Minimum password length:**\nEnter the minimum number of digits or characters that the password must have.\n\n**Maximum minutes of inactivity before password is required:**\nEnter the idle time before the user must reenter their password.\n\n**Password expiration (days):**\nEnter the number of days before the password expires, and they must create a new one, from 1-730.\n\n**Number of previous passwords to prevent reuse:**\nEnter the number of previously used passwords that can't be used.\n\n**Require password when device returns from idle state (Mobile and Holographic):**\n\n* Not configured _(default)_\n* Require - Require device users to enter the password every time the device returns from an idle state.\n\n**Important**\nWhen the password requirement is changed on a Windows desktop, users are impacted the next time they sign in, as that's when the device goes from idle to active. Users with passwords that meet the requirement are still prompted to change their passwords.\n\n### Encryption\n\n**Encryption of data storage on a device:**\nThis setting applies to all drives on a device.\n\n* Not configured _(default)_\n* Require - Use Require to encrypt data storage on your devices.\n\n**Note**\nThe Encryption of data storage on a device setting generically checks for the presence of encryption on the device, more specifically at the OS drive level. Currently, Intune supports only the encryption check with BitLocker. For a more robust encryption setting, consider using Require BitLocker, which leverages Windows Device Health Attestation to validate Bitlocker status at the TPM level.\n\n### Device Security\n\n**Firewall:**\n\n* Not configured _(default)_ - Intune doesn't control the Microsoft Defender Firewall, nor change existing settings.\n* Require - Turn on the Microsoft Defender Firewall, and prevent users from turning it off.\n\n**Note**\nIf the device immediately syncs after a reboot, or immediately syncs waking from sleep, then this setting may report as an Error. This scenario might not affect the overall device compliance status. To re-evaluate the compliance status, manually sync the device.\n\n**Trusted Platform Module (TPM):**\n\n* Not configured _(default)_ - Intune doesn't check the device for a TPM chip version.\n* Require - Intune checks the TPM chip version for compliance. The device is compliant if the TPM chip version is greater than 0 (zero). The device isn't compliant if there isn't a TPM version on the device.\n\n**Antivirus:**\n\n* Not configured _(default)_ - Intune doesn't check for any antivirus solutions installed on the device.\n* Require - Check compliance using antivirus solutions that are registered with Windows Security Center, such as Symantec and Microsoft Defender.\n\n**Antispyware:**\n\n* Not configured _(default)_ - Intune doesn't check for any antispyware solutions installed on the device.\n* Require - Check compliance using antispyware solutions that are registered with Windows Security Center, such as Symantec and Microsoft Defender.\n\n### Defender\n\nThe following compliance settings are supported with Windows 10 Desktop.\n\n**Microsoft Defender Antimalware:**\n\n* Not configured _(default)_ - Intune doesn't control the service, nor change existing settings.\n* Require - Turn on the Microsoft Defender anti-malware service, and prevent users from turning it off.\n\n**Microsoft Defender Antimalware minimum version:**\nEnter the minimum allowed version of Microsoft Defender anti-malware service. For example, enter 4.11.0.0. When left blank, any version of the Microsoft Defender anti-malware service can be used.\n\nBy _(default)_, no version is configured.\n\n**Microsoft Defender Antimalware security intelligence up-to-date:**\nControls the Windows Security virus and threat protection updates on the devices.\n\n* Not configured _(default)_ - Intune doesn't enforce any requirements.\n* Require - Force the Microsoft Defender security intelligence be up-to-date.\n\n**Real-time protection:**\n\n* Not configured (_(default)_) - Intune doesn't control this feature, nor change existing settings.\n* Require - Turn on real-time protection, which scans for malware, spyware, and other unwanted software.\n\n### Microsoft Defender for Endpoint\n\n#### Microsoft Defender for Endpoint rules\n\nFor additional information on Microsoft Defender for Endpoint integration in conditional access scenarios, see Configure Conditional Access in Microsoft Defender for Endpoint.\n\n**Require the device to be at or under the machine risk score:**\nUse this setting to take the risk assessment from your defense threat services as a condition for compliance. Choose the maximum allowed threat level:\n\n* Not configured (_(default)_)\n* Clear -This option is the most secure, as the device can't have any threats. If the device is detected as having any level of threats, it's evaluated as non-compliant.\n* Low - The device is evaluated as compliant if only low-level threats are present. Anything higher puts the device in a non-compliant status.\n* Medium - The device is evaluated as compliant if existing threats on the device are low or medium level. If the device is detected to have high-level threats, it's determined to be non-compliant.\n* High - This option is the least secure, and allows all threat levels. It may be useful if you're using this solution only for reporting purposes.\n\n### Windows Holographic for Business\n\nWindows Holographic for Business uses the Windows 10 and later platform. Windows Holographic for Business supports the following setting:\n\n**System Security > Encryption > Encryption of data storage on device.**\nTo verify device encryption on the Microsoft HoloLens, see Verify device encryption.\n\n### Surface Hub\n\nSurface Hub uses the Windows 10 and later platform. Surface Hubs are supported for both compliance and Conditional Access. To enable these features on Surface Hubs, we recommend you enable Windows 10 automatic enrollment in Intune (requires Azure Active Directory (Azure AD)), and target the Surface Hub devices as device groups. Surface Hubs are required to be Azure AD joined for compliance and Conditional Access to work.\n\nFor guidance, see set up enrollment for Windows devices.\n\nSpecial consideration for Surface Hubs running Windows 10 Team OS:\nSurface Hubs that run Windows 10 Team OS do not support the Microsoft Defender for Endpoint and Password compliance policies at this time. Therefore, for Surface Hubs that run Windows 10 Team OS set the following two settings to their _(default)_ of _Not configured_:\n\n* In the category Password, set Require a password to unlock mobile devices to the _(default)_ of Not configured.\n* In the category Microsoft Defender for Endpoint, set Require the device to be at or under the machine risk score to the _(default)_ of Not configured."},{"ClassName":"MSFT_IntuneDeviceCompliancePolicyWindows10","Parameters":[{"CIMType":"String","Description":"The id of the Windows 10 device compliance policy.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"Display name of the Windows 10 device compliance policy.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"Description of the Windows 10 device compliance policy.","Name":"Description","Option":"Write"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"Boolean","Description":"PasswordRequired of the Windows 10 device compliance policy.","Name":"PasswordRequired","Option":"Write"},{"CIMType":"Boolean","Description":"PasswordBlockSimple of the Windows 10 device compliance policy.","Name":"PasswordBlockSimple","Option":"Write"},{"CIMType":"Boolean","Description":"PasswordRequiredToUnlockFromIdle of the Windows 10 device compliance policy.","Name":"PasswordRequiredToUnlockFromIdle","Option":"Write"},{"CIMType":"Uint32","Description":"PasswordMinutesOfInactivityBeforeLock of the Windows 10 device compliance policy.","Name":"PasswordMinutesOfInactivityBeforeLock","Option":"Write"},{"CIMType":"Uint32","Description":"PasswordExpirationDays of the Windows 10 device compliance policy.","Name":"PasswordExpirationDays","Option":"Write"},{"CIMType":"Uint32","Description":"PasswordMinimumLength of the Windows 10 device compliance policy.","Name":"PasswordMinimumLength","Option":"Write"},{"CIMType":"Uint32","Description":"PasswordMinimumCharacterSetCount of the Windows 10 device compliance policy.","Name":"PasswordMinimumCharacterSetCount","Option":"Write"},{"CIMType":"String","Description":"PasswordRequiredType of the Windows 10 device compliance policy.","Name":"PasswordRequiredType","Option":"Write","ValueMap":["DeviceDefault","Alphanumeric","Numeric"],"Values":["DeviceDefault","Alphanumeric","Numeric"]},{"CIMType":"Uint32","Description":"PasswordPreviousPasswordBlockCount of the Windows 10 device compliance policy.","Name":"PasswordPreviousPasswordBlockCount","Option":"Write"},{"CIMType":"Boolean","Description":"RequireHealthyDeviceReport of the Windows 10 device compliance policy.","Name":"RequireHealthyDeviceReport","Option":"Write"},{"CIMType":"String","Description":"OsMinimumVersion of the Windows 10 device compliance policy.","Name":"OsMinimumVersion","Option":"Write"},{"CIMType":"String","Description":"OsMaximumVersion of the Windows 10 device compliance policy.","Name":"OsMaximumVersion","Option":"Write"},{"CIMType":"String","Description":"MobileOsMinimumVersion of the Windows 10 device compliance policy.","Name":"MobileOsMinimumVersion","Option":"Write"},{"CIMType":"String","Description":"MobileOsMaximumVersion of the Windows 10 device compliance policy.","Name":"MobileOsMaximumVersion","Option":"Write"},{"CIMType":"Boolean","Description":"EarlyLaunchAntiMalwareDriverEnabled of the Windows 10 device compliance policy.","Name":"EarlyLaunchAntiMalwareDriverEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"BitLockerEnabled of the Windows 10 device compliance policy.","Name":"BitLockerEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"SecureBootEnabled of the Windows 10 device compliance policy.","Name":"SecureBootEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"CodeIntegrityEnabled of the Windows 10 device compliance policy.","Name":"CodeIntegrityEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"StorageRequireEncryption of the Windows 10 device compliance policy.","Name":"StorageRequireEncryption","Option":"Write"},{"CIMType":"Boolean","Description":"ActiveFirewallRequired of the Windows 10 device compliance policy.","Name":"ActiveFirewallRequired","Option":"Write"},{"CIMType":"Boolean","Description":"DefenderEnabled of the Windows 10 device compliance policy.","Name":"DefenderEnabled","Option":"Write"},{"CIMType":"String","Description":"DefenderVersion of the Windows 10 device compliance policy.","Name":"DefenderVersion","Option":"Write"},{"CIMType":"Boolean","Description":"SignatureOutOfDate of the Windows 10 device compliance policy.","Name":"SignatureOutOfDate","Option":"Write"},{"CIMType":"Boolean","Description":"RTPEnabled of the Windows 10 device compliance policy.","Name":"RTPEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"AntivirusRequired of the Windows 10 device compliance policy.","Name":"AntivirusRequired","Option":"Write"},{"CIMType":"Boolean","Description":"AntiSpywareRequired of the Windows 10 device compliance policy.","Name":"AntiSpywareRequired","Option":"Write"},{"CIMType":"Boolean","Description":"DeviceThreatProtectionEnabled of the Windows 10 device compliance policy.","Name":"DeviceThreatProtectionEnabled","Option":"Write"},{"CIMType":"String","Description":"DeviceThreatProtectionRequiredSecurityLevel of the Windows 10 device compliance policy.","Name":"DeviceThreatProtectionRequiredSecurityLevel","Option":"Write","ValueMap":["Unavailable","Secured","Low","Medium","High","NotSet"],"Values":["Unavailable","Secured","Low","Medium","High","NotSet"]},{"CIMType":"Boolean","Description":"ConfigurationManagerComplianceRequired of the Windows 10 device compliance policy.","Name":"ConfigurationManagerComplianceRequired","Option":"Write"},{"CIMType":"Boolean","Description":"TpmRequired of the Windows 10 device compliance policy.","Name":"TpmRequired","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphDeviceCompliancePolicyScript","Description":"DeviceCompliancePolicyScript of the Windows 10 device compliance policy.","Name":"DeviceCompliancePolicyScript","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphOperatingSystemVersionRange[]","Description":"ValidOperatingSystemBuildRanges of the Windows 10 device compliance policy.","Name":"ValidOperatingSystemBuildRanges","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphDeviceComplianceScheduledActionsForRuleConfiguration[]","Description":"Actions to take for noncompliant devices.","Name":"ScheduledActionsForRule","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Intune Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures the settings of Windows 10 compliance policies\nin your cloud-based organization.\n\n## Parameters\n\n### Device Health\n\n#### Windows Health Attestation Service evaluation rules\n\n**Require BitLocker:**\n  Windows BitLocker Drive Encryption encrypts all data stored on the Windows operating system volume. BitLocker uses the Trusted Platform Module (TPM) to help protect the Windows operating system and user data. It also helps confirm that a computer isn't tampered with, even if its left unattended, lost, or stolen. If the computer is equipped with a compatible TPM, BitLocker uses the TPM to lock the encryption keys that protect the data. As a result, the keys can't be accessed until the TPM verifies the state of the computer.\n\n* Not configured _(default)_ - This setting isn't evaluated for compliance or non-compliance.\n* Require - The device can protect data that's stored on the drive from unauthorized access when the system is off, or hibernates.\n\n  Device HealthAttestation CSP - BitLockerStatus\n\n**Require Secure Boot to be enabled on the device:**\n\n* Not configured _(default)_ - This setting isn't evaluated for compliance or non-compliance.\n* Require - The system is forced to boot to a factory trusted state. The core components that are used to boot the machine must have correct cryptographic signatures that are trusted by the organization that manufactured the device. The UEFI firmware verifies the signature before it lets the machine start. If any files are tampered with, which breaks their signature, the system doesn't boot.\n\n### Device Properties\n\n#### Operating System Version\n\nTo discover build versions for all Windows 10 Feature Updates and Cumulative Updates (to be used in some of the fields below), see Windows 10 release information. Be sure to include the 10.0. prefix before the build numbers, as the following examples illustrate.\n\n**Minimum OS version:**\nEnter the minimum allowed version in the major.minor.build.revision number format. To get the correct value, open a command prompt, and type ver. The ver command returns the version in the following format:\n\nMicrosoft Windows [Version 10.0.17134.1]\n\nWhen a device has an earlier version than the OS version you enter, it's reported as noncompliant. A link with information on how to upgrade is shown. The end user can choose to upgrade their device. After they upgrade, they can access company resources.\n\n**Maximum OS version:**\nEnter the maximum allowed version, in the major.minor.build.revision number format. To get the correct value, open a command prompt, and type ver. The ver command returns the version in the following format:\n\nMicrosoft Windows [Version 10.0.17134.1]\n\nWhen a device is using an OS version later than the version entered, access to organization resources is blocked. The end user is asked to contact their IT administrator. The device can't access organization resources until the rule is changed to allow the OS version.\n\n**Minimum OS required for mobile devices:**\nEnter the minimum allowed version, in the major.minor.build number format.\n\nWhen a device has an earlier version that the OS version you enter, it's reported as noncompliant. A link with information on how to upgrade is shown. The end user can choose to upgrade their device. After they upgrade, they can access company resources.\n\n**Maximum OS required for mobile devices:**\nEnter the maximum allowed version, in the major.minor.build number.\n\nWhen a device is using an OS version later than the version entered, access to organization resources is blocked. The end user is asked to contact their IT administrator. The device can't access organization resources until the rule is changed to allow the OS version.\n\n**Valid operating system builds:**\nSpecify a list of minimum and maximum operating system builds. Valid operating system builds provides additional flexibility when compared against minimum and maximum OS versions. Consider a scenario where minimum OS version is set to 10.0.18362.xxx (Windows 10 1903) and maximum OS version is set to 10.0.18363.xxx (Windows 10 1909). This configuration can allow a Windows 10 1903 device that doesn't have recent cumulative updates installed to be identified as compliant. Minimum and maximum OS versions might be suitable if you have standardized on a single Windows 10 release, but might not address your requirements if you need to use multiple builds, each with specific patch levels. In such a case, consider leveraging valid operating system builds instead, which allows multiple builds to be specified as per the following example.\n\nExample:\nThe following table is an example of a range for the acceptable operating systems versions for different Windows 10 releases. In this example, three different Feature Updates have been allowed (1809, 1909 and 2004). Specifically, only those versions of Windows and which have applied cumulative updates from June to September 2020 will be considered to be compliant. This is sample data only. The table includes a first column that includes any text you want to describe the entry, followed by the minimum and maximum OS version for that entry. The second and third columns must adhere to valid OS build versions in the major.minor.build.revision number format. After you define one or more entries, you can Export the list as a comma-separated values (CSV) file.\n\n| Description                 | Minimum OS version | Maximum OS version |\n|-----------------------------|--------------------|--------------------|\n| Win 10 2004 (Jun-Sept 2020) | 10.0.19041.329     | 10.0.19041.508     |\n| Win 10 1909 (Jun-Sept 2020) | 10.0.18363.900     | 10.0.18363.1110    |\n| Win 10 1809 (Jun-Sept 2020) | 10.0.17763.1282    | 10.0.17763.1490    |\n\n### Configuration Manager Compliance\n\nApplies only to co-managed devices running Windows 10 and later. Intune-only devices return a not available status.\n\n**Require device compliance from Configuration Manager:**\n\n* Not configured _(default)_ - Intune doesn't check for any of the Configuration Manager settings for compliance.\n* Require - Require all settings (configuration items) in Configuration Manager to be compliant.\n\n### System Security\n\n#### Password\n\n**Require a password to unlock mobile devices:**\n\n* Not configured _(default)_ - This setting isn't evaluated for compliance or non-compliance.\n* Require - Users must enter a password before they can access their device.\n\n**Simple passwords:**\n\n* Not configured _(default)_ - Users can create simple passwords, such as 1234 or 1111.\n* Block - Users can't create simple passwords, such as 1234 or 1111.\n\n**Password type:**\nChoose the type of password or PIN required. Your options:\n\n* Device _(default)_  - Require a password, numeric PIN, or alphanumeric PIN\n* Numeric - Require a password or numeric PIN\n* Alphanumeric - Require a password, or alphanumeric PIN.\n\nWhen set to Alphanumeric, the following settings are available:\n\n* Password complexity:\n  * Require digits and lowercase letters _(default)_\n  * Require digits, lowercase letters, and uppercase letters\n  * Require digits, lowercase letters, uppercase letters, and special characters\n\n**Minimum password length:**\nEnter the minimum number of digits or characters that the password must have.\n\n**Maximum minutes of inactivity before password is required:**\nEnter the idle time before the user must reenter their password.\n\n**Password expiration (days):**\nEnter the number of days before the password expires, and they must create a new one, from 1-730.\n\n**Number of previous passwords to prevent reuse:**\nEnter the number of previously used passwords that can't be used.\n\n**Require password when device returns from idle state (Mobile and Holographic):**\n\n* Not configured _(default)_\n* Require - Require device users to enter the password every time the device returns from an idle state.\n\n**Important**\nWhen the password requirement is changed on a Windows desktop, users are impacted the next time they sign in, as that's when the device goes from idle to active. Users with passwords that meet the requirement are still prompted to change their passwords.\n\n### Encryption\n\n**Encryption of data storage on a device:**\nThis setting applies to all drives on a device.\n\n* Not configured _(default)_\n* Require - Use Require to encrypt data storage on your devices.\n\n**Note**\nThe Encryption of data storage on a device setting generically checks for the presence of encryption on the device, more specifically at the OS drive level. Currently, Intune supports only the encryption check with BitLocker. For a more robust encryption setting, consider using Require BitLocker, which leverages Windows Device Health Attestation to validate Bitlocker status at the TPM level.\n\n### Device Security\n\n**Firewall:**\n\n* Not configured _(default)_ - Intune doesn't control the Microsoft Defender Firewall, nor change existing settings.\n* Require - Turn on the Microsoft Defender Firewall, and prevent users from turning it off.\n\n**Note**\nIf the device immediately syncs after a reboot, or immediately syncs waking from sleep, then this setting may report as an Error. This scenario might not affect the overall device compliance status. To re-evaluate the compliance status, manually sync the device.\n\n**Trusted Platform Module (TPM):**\n\n* Not configured _(default)_ - Intune doesn't check the device for a TPM chip version.\n* Require - Intune checks the TPM chip version for compliance. The device is compliant if the TPM chip version is greater than 0 (zero). The device isn't compliant if there isn't a TPM version on the device.\n\n**Antivirus:**\n\n* Not configured _(default)_ - Intune doesn't check for any antivirus solutions installed on the device.\n* Require - Check compliance using antivirus solutions that are registered with Windows Security Center, such as Symantec and Microsoft Defender.\n\n**Antispyware:**\n\n* Not configured _(default)_ - Intune doesn't check for any antispyware solutions installed on the device.\n* Require - Check compliance using antispyware solutions that are registered with Windows Security Center, such as Symantec and Microsoft Defender.\n\n### Defender\n\nThe following compliance settings are supported with Windows 10 Desktop.\n\n**Microsoft Defender Antimalware:**\n\n* Not configured _(default)_ - Intune doesn't control the service, nor change existing settings.\n* Require - Turn on the Microsoft Defender anti-malware service, and prevent users from turning it off.\n\n**Microsoft Defender Antimalware minimum version:**\nEnter the minimum allowed version of Microsoft Defender anti-malware service. For example, enter 4.11.0.0. When left blank, any version of the Microsoft Defender anti-malware service can be used.\n\nBy _(default)_, no version is configured.\n\n**Microsoft Defender Antimalware security intelligence up-to-date:**\nControls the Windows Security virus and threat protection updates on the devices.\n\n* Not configured _(default)_ - Intune doesn't enforce any requirements.\n* Require - Force the Microsoft Defender security intelligence be up-to-date.\n\n**Real-time protection:**\n\n* Not configured (_(default)_) - Intune doesn't control this feature, nor change existing settings.\n* Require - Turn on real-time protection, which scans for malware, spyware, and other unwanted software.\n\n### Microsoft Defender for Endpoint\n\n#### Microsoft Defender for Endpoint rules\n\nFor additional information on Microsoft Defender for Endpoint integration in conditional access scenarios, see Configure Conditional Access in Microsoft Defender for Endpoint.\n\n**Require the device to be at or under the machine risk score:**\nUse this setting to take the risk assessment from your defense threat services as a condition for compliance. Choose the maximum allowed threat level:\n\n* Not configured (_(default)_)\n* Clear -This option is the most secure, as the device can't have any threats. If the device is detected as having any level of threats, it's evaluated as non-compliant.\n* Low - The device is evaluated as compliant if only low-level threats are present. Anything higher puts the device in a non-compliant status.\n* Medium - The device is evaluated as compliant if existing threats on the device are low or medium level. If the device is detected to have high-level threats, it's determined to be non-compliant.\n* High - This option is the least secure, and allows all threat levels. It may be useful if you're using this solution only for reporting purposes.\n\n### Windows Holographic for Business\n\nWindows Holographic for Business uses the Windows 10 and later platform. Windows Holographic for Business supports the following setting:\n\n**System Security > Encryption > Encryption of data storage on device.**\nTo verify device encryption on the Microsoft HoloLens, see Verify device encryption.\n\n### Surface Hub\n\nSurface Hub uses the Windows 10 and later platform. Surface Hubs are supported for both compliance and Conditional Access. To enable these features on Surface Hubs, we recommend you enable Windows 10 automatic enrollment in Intune (requires Azure Active Directory (Azure AD)), and target the Surface Hub devices as device groups. Surface Hubs are required to be Azure AD joined for compliance and Conditional Access to work.\n\nFor guidance, see set up enrollment for Windows devices.\n\nSpecial consideration for Surface Hubs running Windows 10 Team OS:\nSurface Hubs that run Windows 10 Team OS do not support the Microsoft Defender for Endpoint and Password compliance policies at this time. Therefore, for Surface Hubs that run Windows 10 Team OS set the following two settings to their _(default)_ of _Not configured_:\n\n* In the category Password, set Require a password to unlock mobile devices to the _(default)_ of Not configured.\n* In the category Microsoft Defender for Endpoint, set Require the device to be at or under the machine risk score to the _(default)_ of Not configured."},{"ClassName":"MSFT_IntuneDeviceComplianceScriptLinux","Parameters":[{"CIMType":"String","Description":"Description of the compliance script.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Name of the compliance script.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"The compliance discovery script. Cannot be empty.","Name":"DiscoveryScript","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Device Compliance Script for Linux"},{"ClassName":"MSFT_IntuneDeviceComplianceScriptWindows10","Parameters":[{"CIMType":"String","Description":"Optional description for the device compliance script.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Name of the device compliance script.","Name":"DisplayName","Option":"Key"},{"CIMType":"Boolean","Description":"Indicate whether the script signature needs be checked.","Name":"EnforceSignatureCheck","Option":"Write"},{"CIMType":"String","Description":"Publisher of the script.","Name":"Publisher","Option":"Write"},{"CIMType":"String[]","Description":"List of Scope Tag IDs for this PowerShellScript instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"Boolean","Description":"A value indicating whether the PowerShell script should run as 32-bit","Name":"RunAs32Bit","Option":"Write"},{"CIMType":"String","Description":"Indicates the type of execution context. Possible values are: system, user.","Name":"RunAsAccount","Option":"Write","ValueMap":["system","user"],"Values":["system","user"]},{"CIMType":"String","Description":"The script content in Base64.","Name":"DetectionScriptContent","Option":"Write"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Device Compliance Script for Windows10"},{"ClassName":"MSFT_IntuneGroupPolicyDefinitionValueDefinition","Parameters":[{"CIMType":"String","Description":"The localized full category path for the policy.","Name":"CategoryPath","Option":"Write"},{"CIMType":"String","Description":"Identifies the type of groups the policy can be applied to. Possible values are: user, machine.","Name":"ClassType","Option":"Write","ValueMap":["user","machine"],"Values":["user","machine"]},{"CIMType":"String","Description":"The localized policy name.","Name":"DisplayName","Option":"Write"},{"CIMType":"String","Description":"The localized explanation or help text associated with the policy. The default value is empty.","Name":"ExplainText","Option":"Write"},{"CIMType":"String","Description":"The category id of the parent category","Name":"GroupPolicyCategoryId","Option":"Write"},{"CIMType":"Boolean","Description":"Signifies whether or not there are related definitions to this definition","Name":"HasRelatedDefinitions","Option":"Write"},{"CIMType":"String","Description":"Minimum required CSP version for device configuration in this definition","Name":"MinDeviceCspVersion","Option":"Write"},{"CIMType":"String","Description":"Minimum required CSP version for user configuration in this definition","Name":"MinUserCspVersion","Option":"Write"},{"CIMType":"String","Description":"Specifies the type of group policy. Possible values are: admxBacked, admxIngested.","Name":"PolicyType","Option":"Write","ValueMap":["admxBacked","admxIngested"],"Values":["admxBacked","admxIngested"]},{"CIMType":"String","Description":"Localized string used to specify what operating system or application version is affected by the policy.","Name":"SupportedOn","Option":"Write"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"}],"Description":"Intune Device Configuration Administrative Template Policy for Windows10"},{"ClassName":"MSFT_IntuneGroupPolicyDefinitionValue","Parameters":[{"CIMType":"String","Description":"Specifies how the value should be configured. This can be either as a Policy or as a Preference. Possible values are: policy, preference.","Name":"ConfigurationType","Option":"Write","ValueMap":["policy","preference"],"Values":["policy","preference"]},{"CIMType":"Boolean","Description":"Enables or disables the associated group policy definition.","Name":"Enabled","Option":"Write"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"MSFT_IntuneGroupPolicyDefinitionValueDefinition","Description":"The associated group policy definition with the value. Read-Only.","Name":"Definition","Option":"Write"},{"CIMType":"MSFT_IntuneGroupPolicyDefinitionValuePresentationValue[]","Description":"The associated group policy presentation values with the definition value.","Name":"PresentationValues","Option":"Write"}],"Description":"Intune Device Configuration Administrative Template Policy for Windows10"},{"ClassName":"MSFT_IntuneGroupPolicyDefinitionValuePresentationValue","Parameters":[{"CIMType":"Boolean","Description":"A value for the associated presentation.","Name":"BooleanValue","Option":"Write"},{"CIMType":"Uint64","Description":"A value for the associated presentation.","Name":"DecimalValue","Option":"Write"},{"CIMType":"String","Description":"A value for the associated presentation.","Name":"StringValue","Option":"Write"},{"CIMType":"MSFT_IntuneGroupPolicyDefinitionValuePresentationValueKeyValuePair[]","Description":"A list of pairs for the associated presentation.","Name":"KeyValuePairValues","Option":"Write"},{"CIMType":"String[]","Description":"A list of pairs for the associated presentation.","Name":"StringValues","Option":"Write"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"The unique identifier for presentation definition. Read-only.","Name":"PresentationDefinitionId","Option":"Write"},{"CIMType":"String","Description":"The label of the presentation definition. Read-only.","Name":"PresentationDefinitionLabel","Option":"Write"},{"CIMType":"String","Description":"A value for the associated presentation.","Name":"odataType","Option":"Write","ValueMap":["#microsoft.graph.groupPolicyPresentationValueBoolean","#microsoft.graph.groupPolicyPresentationValueDecimal","#microsoft.graph.groupPolicyPresentationValueList","#microsoft.graph.groupPolicyPresentationValueLongDecimal","#microsoft.graph.groupPolicyPresentationValueMultiText","#microsoft.graph.groupPolicyPresentationValueText"],"Values":["#microsoft.graph.groupPolicyPresentationValueBoolean","#microsoft.graph.groupPolicyPresentationValueDecimal","#microsoft.graph.groupPolicyPresentationValueList","#microsoft.graph.groupPolicyPresentationValueLongDecimal","#microsoft.graph.groupPolicyPresentationValueMultiText","#microsoft.graph.groupPolicyPresentationValueText"]}],"Description":"Intune Device Configuration Administrative Template Policy for Windows10"},{"ClassName":"MSFT_IntuneGroupPolicyDefinitionValuePresentationValueKeyValuePair","Parameters":[{"CIMType":"String","Description":"Value for this key-value pair.","Name":"Value","Option":"Write"},{"CIMType":"String","Description":"Name for this key-value pair.","Name":"Name","Option":"Write"}],"Description":"Intune Device Configuration Administrative Template Policy for Windows10"},{"ClassName":"MSFT_IntuneDeviceConfigurationAdministrativeTemplatePolicyWindows10","Parameters":[{"CIMType":"String","Description":"User provided description for the resource object.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"User provided name for the resource object.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"Type of definitions configured for this policy. Possible values are: unknown, custom, builtIn, mixed, unknownFutureValue.","Name":"PolicyConfigurationIngestionType","Option":"Write","ValueMap":["unknown","custom","builtIn","mixed","unknownFutureValue"],"Values":["unknown","custom","builtIn","mixed","unknownFutureValue"]},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"MSFT_IntuneGroupPolicyDefinitionValue[]","Description":"The list of enabled or disabled group policy definition values for the configuration.","Name":"DefinitionValues","Option":"Write"},{"CIMType":"String[]","Description":"List of Scope Tag IDs for this policy instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Device Configuration Administrative Template Policy for Windows10"},{"ClassName":"MSFT_IntuneDeviceConfigurationCustomPolicyiOS","Parameters":[{"CIMType":"String","Description":"Id of the Intune policy.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"Display name of the Intune policy.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"Admin provided description of the Device Configuration. Inherited from managedDeviceMobileAppConfiguration","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Name that is displayed to the user.","Name":"PayloadName","Option":"Write"},{"CIMType":"String","Description":"Payload file name (*.mobileconfig, *.xml).","Name":"PayloadFileName","Option":"Write"},{"CIMType":"String","Description":"Payload. (UTF8 encoded byte array)","Name":"Payload","Option":"Write"},{"CIMType":"string[]","Description":"Role Scope Tag IDs","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"String","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Credentials of the Intune Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures an Intune iOS Custom Configuration Policy."},{"ClassName":"MSFT_MicrosoftGraphOmaSetting","Parameters":[{"CIMType":"String","Description":"Description.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Display Name.","Name":"DisplayName","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether the value field is encrypted. This property is read-only.","Name":"IsEncrypted","Option":"Write"},{"CIMType":"String","Description":"OMA.","Name":"OmaUri","Option":"Write"},{"CIMType":"String","Description":"ReferenceId for looking up secret for decryption. This property is read-only.","Name":"SecretReferenceValueId","Option":"Write"},{"CIMType":"String","Description":"File name associated with the Value property (.cer)","Name":"FileName","Option":"Write"},{"CIMType":"String","Description":"Value. (Base64 encoded string)","Name":"Value","Option":"Write"},{"CIMType":"Boolean","Description":"By setting to true, the CSP (configuration service provider) specified in the OMA-URI will perform a get, instead of set","Name":"IsReadOnly","Option":"Write"},{"CIMType":"String","Description":"The type of the entity.","Name":"odataType","Option":"Write","ValueMap":["#microsoft.graph.omaSettingBase64","#microsoft.graph.omaSettingBoolean","#microsoft.graph.omaSettingDateTime","#microsoft.graph.omaSettingFloatingPoint","#microsoft.graph.omaSettingInteger","#microsoft.graph.omaSettingString","#microsoft.graph.omaSettingStringXml"],"Values":["#microsoft.graph.omaSettingBase64","#microsoft.graph.omaSettingBoolean","#microsoft.graph.omaSettingDateTime","#microsoft.graph.omaSettingFloatingPoint","#microsoft.graph.omaSettingInteger","#microsoft.graph.omaSettingString","#microsoft.graph.omaSettingStringXml"]}],"Description":"Intune Device Configuration Custom Policy for Windows10"},{"ClassName":"MSFT_IntuneDeviceConfigurationCustomPolicyWindows10","Parameters":[{"CIMType":"String","Description":"Admin provided name of the device configuration.","Name":"DisplayName","Option":"Key"},{"CIMType":"MSFT_MicrosoftGraphomaSetting[]","Description":"OMA settings. This collection can contain a maximum of 1000 elements.","Name":"OmaSettings","Option":"Write"},{"CIMType":"String","Description":"Admin provided description of the Device Configuration.","Name":"Description","Option":"Write"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Device Configuration Custom Policy for Windows10"},{"ClassName":"MSFT_IntuneDeviceConfigurationDefenderForEndpointOnboardingPolicyWindows10","Parameters":[{"CIMType":"Boolean","Description":"Auto populate onboarding blob programmatically from Advanced Threat protection service","Name":"AdvancedThreatProtectionAutoPopulateOnboardingBlob","Option":"Write"},{"CIMType":"String","Description":"Windows Defender AdvancedThreatProtection Offboarding Blob.","Name":"AdvancedThreatProtectionOffboardingBlob","Option":"Write"},{"CIMType":"String","Description":"Name of the file from which AdvancedThreatProtectionOffboardingBlob was obtained.","Name":"AdvancedThreatProtectionOffboardingFilename","Option":"Write"},{"CIMType":"String","Description":"Windows Defender AdvancedThreatProtection Onboarding Blob.","Name":"AdvancedThreatProtectionOnboardingBlob","Option":"Write"},{"CIMType":"String","Description":"Name of the file from which AdvancedThreatProtectionOnboardingBlob was obtained.","Name":"AdvancedThreatProtectionOnboardingFilename","Option":"Write"},{"CIMType":"Boolean","Description":"Windows Defender AdvancedThreatProtection 'Allow Sample Sharing' Rule","Name":"AllowSampleSharing","Option":"Write"},{"CIMType":"Boolean","Description":"Expedite Windows Defender Advanced Threat Protection telemetry reporting frequency.","Name":"EnableExpeditedTelemetryReporting","Option":"Write"},{"CIMType":"String","Description":"Admin provided description of the Device Configuration.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Admin provided name of the device configuration.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Device Configuration Defender For Endpoint Onboarding Policy for Windows10"},{"ClassName":"MSFT_MicrosoftGraphDeliveryOptimizationBandwidth","Parameters":[{"CIMType":"UInt64","Description":"Specifies the maximum download bandwidth in KiloBytes/second that the device can use across all concurrent download activities using Delivery Optimization. Valid values 0 to 4294967295","Name":"MaximumDownloadBandwidthInKilobytesPerSecond","Option":"Write"},{"CIMType":"UInt64","Description":"Specifies the maximum upload bandwidth in KiloBytes/second that a device will use across all concurrent upload activity using Delivery Optimization (0-4000000). Valid values 0 to 4000000 The default value is 0, which permits unlimited possible bandwidth (optimized for minimal usage of upload bandwidth). Valid values 0 to 4000000","Name":"MaximumUploadBandwidthInKilobytesPerSecond","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphDeliveryOptimizationBandwidthBusinessHoursLimit","Description":"Background download percentage hours.","Name":"BandwidthBackgroundPercentageHours","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphDeliveryOptimizationBandwidthBusinessHoursLimit","Description":"Foreground download percentage hours.","Name":"BandwidthForegroundPercentageHours","Option":"Write"},{"CIMType":"UInt32","Description":"Specifies the maximum background download bandwidth that Delivery Optimization uses across all concurrent download activities as a percentage of available download bandwidth (0-100). Valid values 0 to 100","Name":"MaximumBackgroundBandwidthPercentage","Option":"Write"},{"CIMType":"UInt32","Description":"Specifies the maximum foreground download bandwidth that Delivery Optimization uses across all concurrent download activities as a percentage of available download bandwidth (0-100). Valid values 0 to 100 The default value 0 (zero) means that Delivery Optimization dynamically adjusts to use the available bandwidth for foreground downloads. Valid values 0 to 100","Name":"MaximumForegroundBandwidthPercentage","Option":"Write"},{"CIMType":"String","Description":"The type of the entity.","Name":"odataType","Option":"Write","ValueMap":["#microsoft.graph.deliveryOptimizationBandwidthAbsolute","#microsoft.graph.deliveryOptimizationBandwidthHoursWithPercentage","#microsoft.graph.deliveryOptimizationBandwidthPercentage"],"Values":["#microsoft.graph.deliveryOptimizationBandwidthAbsolute","#microsoft.graph.deliveryOptimizationBandwidthHoursWithPercentage","#microsoft.graph.deliveryOptimizationBandwidthPercentage"]}],"Description":"Intune Device Configuration Delivery Optimization Policy for Windows10"},{"ClassName":"MSFT_MicrosoftGraphDeliveryOptimizationBandwidthBusinessHoursLimit","Parameters":[{"CIMType":"UInt32","Description":"Specifies the beginning of business hours using a 24-hour clock (0-23). Valid values 0 to 23","Name":"BandwidthBeginBusinessHours","Option":"Write"},{"CIMType":"UInt32","Description":"Specifies the end of business hours using a 24-hour clock (0-23). Valid values 0 to 23","Name":"BandwidthEndBusinessHours","Option":"Write"},{"CIMType":"UInt32","Description":"Specifies the percentage of bandwidth to limit during business hours (0-100). Valid values 0 to 100","Name":"BandwidthPercentageDuringBusinessHours","Option":"Write"},{"CIMType":"UInt32","Description":"Specifies the percentage of bandwidth to limit outsidse business hours (0-100). Valid values 0 to 100","Name":"BandwidthPercentageOutsideBusinessHours","Option":"Write"}],"Description":"Intune Device Configuration Delivery Optimization Policy for Windows10"},{"ClassName":"MSFT_MicrosoftGraphDeliveryOptimizationGroupIdSource","Parameters":[{"CIMType":"String","Description":"Specifies an arbitrary group ID that the device belongs to","Name":"GroupIdCustom","Option":"Write"},{"CIMType":"String","Description":"Set this policy to restrict peer selection to a specific source. Possible values are: notConfigured, adSite, authenticatedDomainSid, dhcpUserOption, dnsSuffix.","Name":"GroupIdSourceOption","Option":"Write","ValueMap":["notConfigured","adSite","authenticatedDomainSid","dhcpUserOption","dnsSuffix"],"Values":["notConfigured","adSite","authenticatedDomainSid","dhcpUserOption","dnsSuffix"]},{"CIMType":"String","Description":"The type of the entity.","Name":"odataType","Option":"Write","ValueMap":["#microsoft.graph.deliveryOptimizationGroupIdCustom","#microsoft.graph.deliveryOptimizationGroupIdSourceOptions"],"Values":["#microsoft.graph.deliveryOptimizationGroupIdCustom","#microsoft.graph.deliveryOptimizationGroupIdSourceOptions"]}],"Description":"Intune Device Configuration Delivery Optimization Policy for Windows10"},{"ClassName":"MSFT_MicrosoftGraphDeliveryOptimizationMaxCacheSize","Parameters":[{"CIMType":"UInt64","Description":"Specifies the maximum size in GB of Delivery Optimization cache. Valid values 0 to 4294967295","Name":"MaximumCacheSizeInGigabytes","Option":"Write"},{"CIMType":"UInt32","Description":"Specifies the maximum cache size that Delivery Optimization can utilize, as a percentage of disk size (1-100). Valid values 1 to 100","Name":"MaximumCacheSizePercentage","Option":"Write"},{"CIMType":"String","Description":"The type of the entity.","Name":"odataType","Option":"Write","ValueMap":["#microsoft.graph.deliveryOptimizationMaxCacheSizeAbsolute","#microsoft.graph.deliveryOptimizationMaxCacheSizePercentage"],"Values":["#microsoft.graph.deliveryOptimizationMaxCacheSizeAbsolute","#microsoft.graph.deliveryOptimizationMaxCacheSizePercentage"]}],"Description":"Intune Device Configuration Delivery Optimization Policy for Windows10"},{"ClassName":"MSFT_IntuneDeviceConfigurationDeliveryOptimizationPolicyWindows10","Parameters":[{"CIMType":"UInt64","Description":"Specifies number of seconds to delay an HTTP source in a background download that is allowed to use peer-to-peer. Valid values 0 to 4294967295","Name":"BackgroundDownloadFromHttpDelayInSeconds","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphdeliveryOptimizationBandwidth","Description":"Specifies foreground and background bandwidth usage using percentages, absolutes, or hours.","Name":"BandwidthMode","Option":"Write"},{"CIMType":"UInt32","Description":"Specifies number of seconds to delay a fall back from cache servers to an HTTP source for a background download. Valid values 0 to 2592000.","Name":"CacheServerBackgroundDownloadFallbackToHttpDelayInSeconds","Option":"Write"},{"CIMType":"UInt32","Description":"Specifies number of seconds to delay a fall back from cache servers to an HTTP source for a foreground download. Valid values 0 to 2592000.","Name":"CacheServerForegroundDownloadFallbackToHttpDelayInSeconds","Option":"Write"},{"CIMType":"String[]","Description":"Specifies cache servers host names.","Name":"CacheServerHostNames","Option":"Write"},{"CIMType":"String","Description":"Specifies the download method that delivery optimization can use to manage network bandwidth consumption for large content distribution scenarios. Possible values are: userDefined, httpOnly, httpWithPeeringNat, httpWithPeeringPrivateGroup, httpWithInternetPeering, simpleDownload, bypassMode.","Name":"DeliveryOptimizationMode","Option":"Write","ValueMap":["userDefined","httpOnly","httpWithPeeringNat","httpWithPeeringPrivateGroup","httpWithInternetPeering","simpleDownload","bypassMode"],"Values":["userDefined","httpOnly","httpWithPeeringNat","httpWithPeeringPrivateGroup","httpWithInternetPeering","simpleDownload","bypassMode"]},{"CIMType":"UInt64","Description":"Specifies number of seconds to delay an HTTP source in a foreground download that is allowed to use peer-to-peer (0-86400). Valid values 0 to 86400 Specifying 0 sets Delivery Optimization to manage this setting using the cloud service. Valid values 0 to 86400","Name":"ForegroundDownloadFromHttpDelayInSeconds","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphdeliveryOptimizationGroupIdSource","Description":"Specifies to restrict peer selection to a specific source. The options set in this policy only apply to Delivery Optimization mode Group (2) download mode. If Group (2) isn't set as Download mode, this policy will be ignored. For option 3 - DHCP Option ID, the client will query DHCP Option ID 234 and use the returned GUID value as the Group ID.","Name":"GroupIdSource","Option":"Write"},{"CIMType":"UInt32","Description":"Specifies the maximum time in days that each file is held in the Delivery Optimization cache after downloading successfully (0-3650). Valid values 0 to 3650","Name":"MaximumCacheAgeInDays","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphdeliveryOptimizationMaxCacheSize","Description":"Specifies the maximum cache size that Delivery Optimization either as a percentage or in GB.","Name":"MaximumCacheSize","Option":"Write"},{"CIMType":"UInt32","Description":"Specifies the minimum battery percentage to allow the device to upload data (0-100). Valid values 0 to 100 The default value is 0. The value 0 (zero) means 'not limited' and the cloud service default value will be used. Valid values 0 to 100","Name":"MinimumBatteryPercentageAllowedToUpload","Option":"Write"},{"CIMType":"UInt32","Description":"Specifies the minimum disk size in GB to use Peer Caching (1-100000). Valid values 1 to 100000 Recommended values: 64 GB to 256 GB. Valid values 1 to 100000","Name":"MinimumDiskSizeAllowedToPeerInGigabytes","Option":"Write"},{"CIMType":"UInt32","Description":"Specifies the minimum content file size in MB enabled to use Peer Caching (1-100000). Valid values 1 to 100000 Recommended values: 1 MB to 100,000 MB. Valid values 1 to 100000","Name":"MinimumFileSizeToCacheInMegabytes","Option":"Write"},{"CIMType":"UInt32","Description":"Specifies the minimum RAM size in GB to use Peer Caching (1-100000). Valid values 1 to 100000","Name":"MinimumRamAllowedToPeerInGigabytes","Option":"Write"},{"CIMType":"String","Description":"Specifies the drive that Delivery Optimization should use for its cache.","Name":"ModifyCacheLocation","Option":"Write"},{"CIMType":"String","Description":"Specifies to restrict peer selection via selected option.","Name":"RestrictPeerSelectionBy","Option":"Write","ValueMap":["notConfigured","subnetMask"],"Values":["notConfigured","subnetMask"]},{"CIMType":"String","Description":"Specifies whether the device is allowed to participate in Peer Caching while connected via VPN to the domain network.","Name":"VpnPeerCaching","Option":"Write","ValueMap":["notConfigured","enabled","disabled"],"Values":["notConfigured","enabled","disabled"]},{"CIMType":"String","Description":"Admin provided description of the Device Configuration.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Admin provided name of the device configuration.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Device Configuration Delivery Optimization Policy for Windows10"},{"ClassName":"MSFT_IntuneDeviceConfigurationDeliveryOptimizationPolicyWindows10V2","Parameters":[{"CIMType":"String","Description":"Policy description","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Policy name","Name":"DisplayName","Option":"Key"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"SInt32","Description":"DO Download Mode (0: HTTP only, no peering, 1: HTTP blended with peering behind the same NAT, 2: HTTP blended with peering across a private group, 3: HTTP blended with Internet peering, 99: HTTP only, no peering, no use of DO cloud service, 100: Bypass mode, deprecated in Windows 11)","Name":"DODownloadMode","Option":"Write","ValueMap":[0,1,2,3,99,100],"Values":[0,1,2,3,99,100]},{"CIMType":"SInt32","Description":"DO Restrict Peer Selection By (0: None, 1: Subnet mask, 2: Local discovery (DNS-SD))","Name":"DORestrictPeerSelectionBy","Option":"Write","ValueMap":[0,1,2],"Values":[0,1,2]},{"CIMType":"SInt32","Description":"DO Group Id Source (0: Not Set, 1: AD site, 2: Authenticated domain SID, 3: DHCP Option ID, 4: DNS Suffix, 5: Entra ID Tenant ID)","Name":"DOGroupIdSource","Option":"Write","ValueMap":[0,1,2,3,4,5],"Values":[0,1,2,3,4,5]},{"CIMType":"String","Description":"DO Group Id","Name":"DOGroupId","Option":"Write"},{"CIMType":"SInt32","Description":"DO Max Foreground Download Bandwidth","Name":"DOMaxForegroundDownloadBandwidth","Option":"Write"},{"CIMType":"SInt32","Description":"DO Max Background Download Bandwidth","Name":"DOMaxBackgroundDownloadBandwidth","Option":"Write"},{"CIMType":"SInt32","Description":"DO Percentage Max Foreground Bandwidth","Name":"DOPercentageMaxForegroundBandwidth","Option":"Write"},{"CIMType":"SInt32","Description":"DO Percentage Max Background Bandwidth","Name":"DOPercentageMaxBackgroundBandwidth","Option":"Write"},{"CIMType":"SInt32","Description":"Set Business Hours to Limit Foreground Download Bandwidth (0: Disabled, 1: Enabled)","Name":"SetHoursToLimitForegroundDownloadBandwidth","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"String","Description":"To: (Device) - Depends on SetHoursToLimitForegroundDownloadBandwidth (0: 12 AM, 1: 1 AM, 2: 2 AM, 3: 3 AM, 4: 4 AM, 5: 5 AM, 6: 6 AM, 7: 7 AM, 8: 8 AM, 9: 9 AM, 10: 10 AM, 11: 11 AM, 12: 12 PM, 13: 1 PM, 14: 2 PM, 15: 3 PM, 16: 4 PM, 17: 5 PM, 18: 6 PM, 19: 7 PM, 20: 8 PM, 21: 9 PM, 22: 10 PM, 23: 11 PM)","Name":"SetHoursToLimitForegroundDownloadBandwidthTo","Option":"Write","ValueMap":["0","1","2","3","4","5","6","7","8","9","10","11","12","13","14","15","16","17","18","19","20","21","22","23"],"Values":["0","1","2","3","4","5","6","7","8","9","10","11","12","13","14","15","16","17","18","19","20","21","22","23"]},{"CIMType":"String","Description":"From: (Device) - Depends on SetHoursToLimitForegroundDownloadBandwidth (0: 12 AM, 1: 1 AM, 2: 2 AM, 3: 3 AM, 4: 4 AM, 5: 5 AM, 6: 6 AM, 7: 7 AM, 8: 8 AM, 9: 9 AM, 10: 10 AM, 11: 11 AM, 12: 12 PM, 13: 1 PM, 14: 2 PM, 15: 3 PM, 16: 4 PM, 17: 5 PM, 18: 6 PM, 19: 7 PM, 20: 8 PM, 21: 9 PM, 22: 10 PM, 23: 11 PM)","Name":"SetHoursToLimitForegroundDownloadBandwidthFrom","Option":"Write","ValueMap":["0","1","2","3","4","5","6","7","8","9","10","11","12","13","14","15","16","17","18","19","20","21","22","23"],"Values":["0","1","2","3","4","5","6","7","8","9","10","11","12","13","14","15","16","17","18","19","20","21","22","23"]},{"CIMType":"SInt32","Description":"Maximum Foreground Download Bandwidth (percentage) during Business Hours: - Depends on SetHoursToLimitForegroundDownloadBandwidth","Name":"SetHoursToLimitForegroundDownloadBandwidthIn","Option":"Write"},{"CIMType":"SInt32","Description":"Maximum Foreground Download Bandwidth (percentage) outside of Business Hours: - Depends on SetHoursToLimitForegroundDownloadBandwidth","Name":"SetHoursToLimitForegroundDownloadBandwidthOut","Option":"Write"},{"CIMType":"SInt32","Description":"Set Business Hours to Limit Background Download Bandwidth (0: Disabled, 1: Enabled)","Name":"SetHoursToLimitBackgroundDownloadBandwidth","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Maximum Background Download Bandwidth (percentage) outside of Business Hours: - Depends on SetHoursToLimitBackgroundDownloadBandwidth","Name":"SetHoursToLimitBackgroundDownloadBandwidthOut","Option":"Write"},{"CIMType":"String","Description":"From: (Device) - Depends on SetHoursToLimitBackgroundDownloadBandwidth (0: 12 AM, 1: 1 AM, 2: 2 AM, 3: 3 AM, 4: 4 AM, 5: 5 AM, 6: 6 AM, 7: 7 AM, 8: 8 AM, 9: 9 AM, 10: 10 AM, 11: 11 AM, 12: 12 PM, 13: 1 PM, 14: 2 PM, 15: 3 PM, 16: 4 PM, 17: 5 PM, 18: 6 PM, 19: 7 PM, 20: 8 PM, 21: 9 PM, 22: 10 PM, 23: 11 PM)","Name":"SetHoursToLimitBackgroundDownloadBandwidthFrom","Option":"Write","ValueMap":["0","1","2","3","4","5","6","7","8","9","10","11","12","13","14","15","16","17","18","19","20","21","22","23"],"Values":["0","1","2","3","4","5","6","7","8","9","10","11","12","13","14","15","16","17","18","19","20","21","22","23"]},{"CIMType":"SInt32","Description":"Maximum Background Download Bandwidth (percentage) during Business Hours: - Depends on SetHoursToLimitBackgroundDownloadBandwidth","Name":"SetHoursToLimitBackgroundDownloadBandwidthIn","Option":"Write"},{"CIMType":"String","Description":"To: (Device) - Depends on SetHoursToLimitBackgroundDownloadBandwidth (0: 12 AM, 1: 1 AM, 2: 2 AM, 3: 3 AM, 4: 4 AM, 5: 5 AM, 6: 6 AM, 7: 7 AM, 8: 8 AM, 9: 9 AM, 10: 10 AM, 11: 11 AM, 12: 12 PM, 13: 1 PM, 14: 2 PM, 15: 3 PM, 16: 4 PM, 17: 5 PM, 18: 6 PM, 19: 7 PM, 20: 8 PM, 21: 9 PM, 22: 10 PM, 23: 11 PM)","Name":"SetHoursToLimitBackgroundDownloadBandwidthTo","Option":"Write","ValueMap":["0","1","2","3","4","5","6","7","8","9","10","11","12","13","14","15","16","17","18","19","20","21","22","23"],"Values":["0","1","2","3","4","5","6","7","8","9","10","11","12","13","14","15","16","17","18","19","20","21","22","23"]},{"CIMType":"SInt32","Description":"DO Delay Foreground Download From Http","Name":"DODelayForegroundDownloadFromHttp","Option":"Write"},{"CIMType":"SInt32","Description":"DO Delay Background Download From Http","Name":"DODelayBackgroundDownloadFromHttp","Option":"Write"},{"CIMType":"SInt32","Description":"DO Min RAM Allowed To Peer","Name":"DOMinRAMAllowedToPeer","Option":"Write"},{"CIMType":"SInt32","Description":"DO Min Disk Size Allowed To Peer","Name":"DOMinDiskSizeAllowedToPeer","Option":"Write"},{"CIMType":"SInt32","Description":"DO Min File Size To Cache","Name":"DOMinFileSizeToCache","Option":"Write"},{"CIMType":"SInt32","Description":"DO Min Battery Percentage Allowed To Upload","Name":"DOMinBatteryPercentageAllowedToUpload","Option":"Write"},{"CIMType":"String","Description":"DO Modify Cache Drive","Name":"DOModifyCacheDrive","Option":"Write"},{"CIMType":"SInt32","Description":"DO Max Cache Age","Name":"DOMaxCacheAge","Option":"Write"},{"CIMType":"SInt32","Description":"DO Absolute Max Cache Size","Name":"DOAbsoluteMaxCacheSize","Option":"Write"},{"CIMType":"SInt32","Description":"DO Max Cache Size","Name":"DOMaxCacheSize","Option":"Write"},{"CIMType":"SInt32","Description":"DO Allow VPN Peer Caching (0: Not allowed, 1: Allowed)","Name":"DOAllowVPNPeerCaching","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"String[]","Description":"DO Cache Host","Name":"DOCacheHost","Option":"Write"},{"CIMType":"SInt32","Description":"DO Cache Host Source","Name":"DOCacheHostSource","Option":"Write"},{"CIMType":"SInt32","Description":"DO Disallow Cache Server Downloads On VPN (0: Not Set, 1: Enabled)","Name":"DODisallowCacheServerDownloadsOnVPN","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"DO Delay Cache Server Fallback Foreground","Name":"DODelayCacheServerFallbackForeground","Option":"Write"},{"CIMType":"SInt32","Description":"DO Delay Cache Server Fallback Background","Name":"DODelayCacheServerFallbackBackground","Option":"Write"},{"CIMType":"SInt32","Description":"DO Min Background Qos","Name":"DOMinBackgroundQos","Option":"Write"},{"CIMType":"SInt32","Description":"DO Monthly Upload Data Cap","Name":"DOMonthlyUploadDataCap","Option":"Write"},{"CIMType":"String[]","Description":"DO Vpn Keywords","Name":"DOVpnKeywords","Option":"Write"},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Device Configuration Delivery Optimization Policy for Windows10 Setting Catalog"},{"ClassName":"MSFT_IntuneDeviceConfigurationDomainJoinPolicyWindows10","Parameters":[{"CIMType":"String","Description":"Active Directory domain name to join.","Name":"ActiveDirectoryDomainName","Option":"Write"},{"CIMType":"String","Description":"Fixed prefix to be used for computer name.","Name":"ComputerNameStaticPrefix","Option":"Write"},{"CIMType":"UInt32","Description":"Dynamically generated characters used as suffix for computer name. Valid values 3 to 14","Name":"ComputerNameSuffixRandomCharCount","Option":"Write"},{"CIMType":"String","Description":"Organizational unit (OU) where the computer account will be created. If this parameter is NULL, the well known computer object container will be used as published in the domain.","Name":"OrganizationalUnit","Option":"Write"},{"CIMType":"String","Description":"Admin provided description of the Device Configuration.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Admin provided name of the device configuration.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Device Configuration Domain Join Policy for Windows10"},{"ClassName":"MSFT_IntuneDeviceConfigurationEmailProfilePolicyWindows10","Parameters":[{"CIMType":"String","Description":"Account name.","Name":"AccountName","Option":"Write"},{"CIMType":"String","Description":"Duration of email to sync. Possible values are: userDefined, oneDay, threeDays, oneWeek, twoWeeks, oneMonth, unlimited.","Name":"DurationOfEmailToSync","Option":"Write","ValueMap":["userDefined","oneDay","threeDays","oneWeek","twoWeeks","oneMonth","unlimited"],"Values":["userDefined","oneDay","threeDays","oneWeek","twoWeeks","oneMonth","unlimited"]},{"CIMType":"String","Description":"Email attribute that is picked from AAD and injected into this profile before installing on the device. Possible values are: userPrincipalName, primarySmtpAddress.","Name":"EmailAddressSource","Option":"Write","ValueMap":["userPrincipalName","primarySmtpAddress"],"Values":["userPrincipalName","primarySmtpAddress"]},{"CIMType":"String","Description":"Email sync schedule. Possible values are: userDefined, asMessagesArrive, manual, fifteenMinutes, thirtyMinutes, sixtyMinutes, basedOnMyUsage.","Name":"EmailSyncSchedule","Option":"Write","ValueMap":["userDefined","asMessagesArrive","manual","fifteenMinutes","thirtyMinutes","sixtyMinutes","basedOnMyUsage"],"Values":["userDefined","asMessagesArrive","manual","fifteenMinutes","thirtyMinutes","sixtyMinutes","basedOnMyUsage"]},{"CIMType":"String","Description":"Exchange location that (URL) that the native mail app connects to.","Name":"HostName","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to use SSL.","Name":"RequireSsl","Option":"Write"},{"CIMType":"Boolean","Description":"Whether or not to sync the calendar.","Name":"SyncCalendar","Option":"Write"},{"CIMType":"Boolean","Description":"Whether or not to sync contacts.","Name":"SyncContacts","Option":"Write"},{"CIMType":"Boolean","Description":"Whether or not to sync tasks.","Name":"SyncTasks","Option":"Write"},{"CIMType":"String","Description":"Custom domain name value used while generating an email profile before installing on the device.","Name":"CustomDomainName","Option":"Write"},{"CIMType":"String","Description":"UserDomainname attribute that is picked from AAD and injected into this profile before installing on the device. Possible values are: fullDomainName, netBiosDomainName.","Name":"UserDomainNameSource","Option":"Write","ValueMap":["fullDomainName","netBiosDomainName"],"Values":["fullDomainName","netBiosDomainName"]},{"CIMType":"String","Description":"Name of the AAD field, that will be used to retrieve UserName for email profile. Possible values are: userPrincipalName, primarySmtpAddress, samAccountName.","Name":"UsernameAADSource","Option":"Write","ValueMap":["userPrincipalName","primarySmtpAddress","samAccountName"],"Values":["userPrincipalName","primarySmtpAddress","samAccountName"]},{"CIMType":"String","Description":"Username attribute that is picked from AAD and injected into this profile before installing on the device. Possible values are: userPrincipalName, primarySmtpAddress.","Name":"UsernameSource","Option":"Write","ValueMap":["userPrincipalName","primarySmtpAddress"],"Values":["userPrincipalName","primarySmtpAddress"]},{"CIMType":"String","Description":"Admin provided description of the Device Configuration.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Admin provided name of the device configuration.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Device Configuration Email Profile Policy for Windows10"},{"ClassName":"MSFT_MicrosoftGraphBitLockerFixedDrivePolicy","Parameters":[{"CIMType":"String","Description":"Select the encryption method for fixed drives. Possible values are: aesCbc128, aesCbc256, xtsAes128, xtsAes256.","Name":"EncryptionMethod","Option":"Write","ValueMap":["aesCbc128","aesCbc256","xtsAes128","xtsAes256"],"Values":["aesCbc128","aesCbc256","xtsAes128","xtsAes256"]},{"CIMType":"MSFT_MicrosoftGraphBitLockerRecoveryOptions","Description":"This policy setting allows you to control how BitLocker-protected fixed data drives are recovered in the absence of the required credentials. This policy setting is applied when you turn on BitLocker.","Name":"RecoveryOptions","Option":"Write"},{"CIMType":"Boolean","Description":"This policy setting determines whether BitLocker protection is required for fixed data drives to be writable on a computer.","Name":"RequireEncryptionForWriteAccess","Option":"Write"}],"Description":"Intune Device Configuration Endpoint Protection Policy for Windows10"},{"ClassName":"MSFT_MicrosoftGraphBitLockerRecoveryOptions","Parameters":[{"CIMType":"Boolean","Description":"Indicates whether to block certificate-based data recovery agent.","Name":"BlockDataRecoveryAgent","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to enable BitLocker until recovery information is stored in AD DS.","Name":"EnableBitLockerAfterRecoveryInformationToStore","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to allow BitLocker recovery information to store in AD DS.","Name":"EnableRecoveryInformationSaveToStore","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to allow showing recovery options in BitLocker Setup Wizard for fixed or system disk.","Name":"HideRecoveryOptions","Option":"Write"},{"CIMType":"String","Description":"Configure what pieces of BitLocker recovery information are stored to AD DS. Possible values are: passwordAndKey, passwordOnly.","Name":"RecoveryInformationToStore","Option":"Write","ValueMap":["passwordAndKey","passwordOnly"],"Values":["passwordAndKey","passwordOnly"]},{"CIMType":"String","Description":"Indicates whether users are allowed or required to generate a 256-bit recovery key for fixed or system disk. Possible values are: blocked, required, allowed, notConfigured.","Name":"RecoveryKeyUsage","Option":"Write","ValueMap":["blocked","required","allowed","notConfigured"],"Values":["blocked","required","allowed","notConfigured"]},{"CIMType":"String","Description":"Indicates whether users are allowed or required to generate a 48-digit recovery password for fixed or system disk. Possible values are: blocked, required, allowed, notConfigured.","Name":"RecoveryPasswordUsage","Option":"Write","ValueMap":["blocked","required","allowed","notConfigured"],"Values":["blocked","required","allowed","notConfigured"]}],"Description":"Intune Device Configuration Endpoint Protection Policy for Windows10"},{"ClassName":"MSFT_MicrosoftGraphBitLockerRemovableDrivePolicy","Parameters":[{"CIMType":"Boolean","Description":"This policy setting determines whether BitLocker protection is required for removable data drives to be writable on a computer.","Name":"BlockCrossOrganizationWriteAccess","Option":"Write"},{"CIMType":"String","Description":"Select the encryption method for removable  drives. Possible values are: aesCbc128, aesCbc256, xtsAes128, xtsAes256.","Name":"EncryptionMethod","Option":"Write","ValueMap":["aesCbc128","aesCbc256","xtsAes128","xtsAes256"],"Values":["aesCbc128","aesCbc256","xtsAes128","xtsAes256"]},{"CIMType":"Boolean","Description":"Indicates whether to block write access to devices configured in another organization.  If requireEncryptionForWriteAccess is false, this value does not affect.","Name":"RequireEncryptionForWriteAccess","Option":"Write"}],"Description":"Intune Device Configuration Endpoint Protection Policy for Windows10"},{"ClassName":"MSFT_MicrosoftGraphBitLockerSystemDrivePolicy","Parameters":[{"CIMType":"String","Description":"Select the encryption method for operating system drives. Possible values are: aesCbc128, aesCbc256, xtsAes128, xtsAes256.","Name":"EncryptionMethod","Option":"Write","ValueMap":["aesCbc128","aesCbc256","xtsAes128","xtsAes256"],"Values":["aesCbc128","aesCbc256","xtsAes128","xtsAes256"]},{"CIMType":"UInt32","Description":"Indicates the minimum length of startup pin. Valid values 4 to 20","Name":"MinimumPinLength","Option":"Write"},{"CIMType":"Boolean","Description":"Enable pre-boot recovery message and Url. If requireStartupAuthentication is false, this value does not affect.","Name":"PrebootRecoveryEnableMessageAndUrl","Option":"Write"},{"CIMType":"String","Description":"Defines a custom recovery message.","Name":"PrebootRecoveryMessage","Option":"Write"},{"CIMType":"String","Description":"Defines a custom recovery URL.","Name":"PrebootRecoveryUrl","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphBitLockerRecoveryOptions","Description":"Allows to recover BitLocker encrypted operating system drives in the absence of the required startup key information. This policy setting is applied when you turn on BitLocker.","Name":"RecoveryOptions","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether to allow BitLocker without a compatible TPM (requires a password or a startup key on a USB flash drive).","Name":"StartupAuthenticationBlockWithoutTpmChip","Option":"Write"},{"CIMType":"Boolean","Description":"Require additional authentication at startup.","Name":"StartupAuthenticationRequired","Option":"Write"},{"CIMType":"String","Description":"Indicates if TPM startup key is allowed/required/disallowed. Possible values are: blocked, required, allowed, notConfigured.","Name":"StartupAuthenticationTpmKeyUsage","Option":"Write","ValueMap":["blocked","required","allowed","notConfigured"],"Values":["blocked","required","allowed","notConfigured"]},{"CIMType":"String","Description":"Indicates if TPM startup pin key and key are allowed/required/disallowed. Possible values are: blocked, required, allowed, notConfigured.","Name":"StartupAuthenticationTpmPinAndKeyUsage","Option":"Write","ValueMap":["blocked","required","allowed","notConfigured"],"Values":["blocked","required","allowed","notConfigured"]},{"CIMType":"String","Description":"Indicates if TPM startup pin is allowed/required/disallowed. Possible values are: blocked, required, allowed, notConfigured.","Name":"StartupAuthenticationTpmPinUsage","Option":"Write","ValueMap":["blocked","required","allowed","notConfigured"],"Values":["blocked","required","allowed","notConfigured"]},{"CIMType":"String","Description":"Indicates if TPM startup is allowed/required/disallowed. Possible values are: blocked, required, allowed, notConfigured.","Name":"StartupAuthenticationTpmUsage","Option":"Write","ValueMap":["blocked","required","allowed","notConfigured"],"Values":["blocked","required","allowed","notConfigured"]}],"Description":"Intune Device Configuration Endpoint Protection Policy for Windows10"},{"ClassName":"MSFT_MicrosoftGraphDefenderDetectedMalwareActions","Parameters":[{"CIMType":"String","Description":"Indicates a Defender action to take for high severity Malware threat detected. Possible values are: deviceDefault, clean, quarantine, remove, allow, userDefined, block.","Name":"HighSeverity","Option":"Write","ValueMap":["deviceDefault","clean","quarantine","remove","allow","userDefined","block"],"Values":["deviceDefault","clean","quarantine","remove","allow","userDefined","block"]},{"CIMType":"String","Description":"Indicates a Defender action to take for low severity Malware threat detected. Possible values are: deviceDefault, clean, quarantine, remove, allow, userDefined, block.","Name":"LowSeverity","Option":"Write","ValueMap":["deviceDefault","clean","quarantine","remove","allow","userDefined","block"],"Values":["deviceDefault","clean","quarantine","remove","allow","userDefined","block"]},{"CIMType":"String","Description":"Indicates a Defender action to take for moderate severity Malware threat detected. Possible values are: deviceDefault, clean, quarantine, remove, allow, userDefined, block.","Name":"ModerateSeverity","Option":"Write","ValueMap":["deviceDefault","clean","quarantine","remove","allow","userDefined","block"],"Values":["deviceDefault","clean","quarantine","remove","allow","userDefined","block"]},{"CIMType":"String","Description":"Indicates a Defender action to take for severe severity Malware threat detected. Possible values are: deviceDefault, clean, quarantine, remove, allow, userDefined, block.","Name":"SevereSeverity","Option":"Write","ValueMap":["deviceDefault","clean","quarantine","remove","allow","userDefined","block"],"Values":["deviceDefault","clean","quarantine","remove","allow","userDefined","block"]}],"Description":"Intune Device Configuration Endpoint Protection Policy for Windows10"},{"ClassName":"MSFT_MicrosoftGraphWindowsFirewallNetworkProfile","Parameters":[{"CIMType":"Boolean","Description":"Configures the firewall to merge authorized application rules from group policy with those from local store instead of ignoring the local store rules. When AuthorizedApplicationRulesFromGroupPolicyNotMerged and AuthorizedApplicationRulesFromGroupPolicyMerged are both true, AuthorizedApplicationRulesFromGroupPolicyMerged takes priority.","Name":"AuthorizedApplicationRulesFromGroupPolicyMerged","Option":"Write"},{"CIMType":"Boolean","Description":"Configures the firewall to prevent merging authorized application rules from group policy with those from local store instead of ignoring the local store rules. When AuthorizedApplicationRulesFromGroupPolicyNotMerged and AuthorizedApplicationRulesFromGroupPolicyMerged are both true, AuthorizedApplicationRulesFromGroupPolicyMerged takes priority.","Name":"AuthorizedApplicationRulesFromGroupPolicyNotMerged","Option":"Write"},{"CIMType":"Boolean","Description":"Configures the firewall to merge connection security rules from group policy with those from local store instead of ignoring the local store rules. When ConnectionSecurityRulesFromGroupPolicyNotMerged and ConnectionSecurityRulesFromGroupPolicyMerged are both true, ConnectionSecurityRulesFromGroupPolicyMerged takes priority.","Name":"ConnectionSecurityRulesFromGroupPolicyMerged","Option":"Write"},{"CIMType":"Boolean","Description":"Configures the firewall to prevent merging connection security rules from group policy with those from local store instead of ignoring the local store rules. When ConnectionSecurityRulesFromGroupPolicyNotMerged and ConnectionSecurityRulesFromGroupPolicyMerged are both true, ConnectionSecurityRulesFromGroupPolicyMerged takes priority.","Name":"ConnectionSecurityRulesFromGroupPolicyNotMerged","Option":"Write"},{"CIMType":"String","Description":"Configures the host device to allow or block the firewall and advanced security enforcement for the network profile. Possible values are: notConfigured, blocked, allowed.","Name":"FirewallEnabled","Option":"Write","ValueMap":["notConfigured","blocked","allowed"],"Values":["notConfigured","blocked","allowed"]},{"CIMType":"Boolean","Description":"Configures the firewall to merge global port rules from group policy with those from local store instead of ignoring the local store rules. When GlobalPortRulesFromGroupPolicyNotMerged and GlobalPortRulesFromGroupPolicyMerged are both true, GlobalPortRulesFromGroupPolicyMerged takes priority.","Name":"GlobalPortRulesFromGroupPolicyMerged","Option":"Write"},{"CIMType":"Boolean","Description":"Configures the firewall to prevent merging global port rules from group policy with those from local store instead of ignoring the local store rules. When GlobalPortRulesFromGroupPolicyNotMerged and GlobalPortRulesFromGroupPolicyMerged are both true, GlobalPortRulesFromGroupPolicyMerged takes priority.","Name":"GlobalPortRulesFromGroupPolicyNotMerged","Option":"Write"},{"CIMType":"Boolean","Description":"Configures the firewall to block all incoming connections by default. When InboundConnectionsRequired and InboundConnectionsBlocked are both true, InboundConnectionsBlocked takes priority.","Name":"InboundConnectionsBlocked","Option":"Write"},{"CIMType":"Boolean","Description":"Configures the firewall to allow all incoming connections by default. When InboundConnectionsRequired and InboundConnectionsBlocked are both true, InboundConnectionsBlocked takes priority.","Name":"InboundConnectionsRequired","Option":"Write"},{"CIMType":"Boolean","Description":"Prevents the firewall from displaying notifications when an application is blocked from listening on a port. When InboundNotificationsRequired and InboundNotificationsBlocked are both true, InboundNotificationsBlocked takes priority.","Name":"InboundNotificationsBlocked","Option":"Write"},{"CIMType":"Boolean","Description":"Allows the firewall to display notifications when an application is blocked from listening on a port. When InboundNotificationsRequired and InboundNotificationsBlocked are both true, InboundNotificationsBlocked takes priority.","Name":"InboundNotificationsRequired","Option":"Write"},{"CIMType":"Boolean","Description":"Configures the firewall to block all incoming traffic regardless of other policy settings. When IncomingTrafficRequired and IncomingTrafficBlocked are both true, IncomingTrafficBlocked takes priority.","Name":"IncomingTrafficBlocked","Option":"Write"},{"CIMType":"Boolean","Description":"Configures the firewall to allow incoming traffic pursuant to other policy settings. When IncomingTrafficRequired and IncomingTrafficBlocked are both true, IncomingTrafficBlocked takes priority.","Name":"IncomingTrafficRequired","Option":"Write"},{"CIMType":"Boolean","Description":"Configures the firewall to block all outgoing connections by default. When OutboundConnectionsRequired and OutboundConnectionsBlocked are both true, OutboundConnectionsBlocked takes priority. This setting will get applied to Windows releases version 1809 and above.","Name":"OutboundConnectionsBlocked","Option":"Write"},{"CIMType":"Boolean","Description":"Configures the firewall to allow all outgoing connections by default. When OutboundConnectionsRequired and OutboundConnectionsBlocked are both true, OutboundConnectionsBlocked takes priority. This setting will get applied to Windows releases version 1809 and above.","Name":"OutboundConnectionsRequired","Option":"Write"},{"CIMType":"Boolean","Description":"Configures the firewall to merge Firewall Rule policies from group policy with those from local store instead of ignoring the local store rules. When PolicyRulesFromGroupPolicyNotMerged and PolicyRulesFromGroupPolicyMerged are both true, PolicyRulesFromGroupPolicyMerged takes priority.","Name":"PolicyRulesFromGroupPolicyMerged","Option":"Write"},{"CIMType":"Boolean","Description":"Configures the firewall to prevent merging Firewall Rule policies from group policy with those from local store instead of ignoring the local store rules. When PolicyRulesFromGroupPolicyNotMerged and PolicyRulesFromGroupPolicyMerged are both true, PolicyRulesFromGroupPolicyMerged takes priority.","Name":"PolicyRulesFromGroupPolicyNotMerged","Option":"Write"},{"CIMType":"Boolean","Description":"Configures the firewall to allow the host computer to respond to unsolicited network traffic of that traffic is secured by IPSec even when stealthModeBlocked is set to true. When SecuredPacketExemptionBlocked and SecuredPacketExemptionAllowed are both true, SecuredPacketExemptionAllowed takes priority.","Name":"SecuredPacketExemptionAllowed","Option":"Write"},{"CIMType":"Boolean","Description":"Configures the firewall to block the host computer to respond to unsolicited network traffic of that traffic is secured by IPSec even when stealthModeBlocked is set to true. When SecuredPacketExemptionBlocked and SecuredPacketExemptionAllowed are both true, SecuredPacketExemptionAllowed takes priority.","Name":"SecuredPacketExemptionBlocked","Option":"Write"},{"CIMType":"Boolean","Description":"Prevent the server from operating in stealth mode. When StealthModeRequired and StealthModeBlocked are both true, StealthModeBlocked takes priority.","Name":"StealthModeBlocked","Option":"Write"},{"CIMType":"Boolean","Description":"Allow the server to operate in stealth mode. When StealthModeRequired and StealthModeBlocked are both true, StealthModeBlocked takes priority.","Name":"StealthModeRequired","Option":"Write"},{"CIMType":"Boolean","Description":"Configures the firewall to block unicast responses to multicast broadcast traffic. When UnicastResponsesToMulticastBroadcastsRequired and UnicastResponsesToMulticastBroadcastsBlocked are both true, UnicastResponsesToMulticastBroadcastsBlocked takes priority.","Name":"UnicastResponsesToMulticastBroadcastsBlocked","Option":"Write"},{"CIMType":"Boolean","Description":"Configures the firewall to allow unicast responses to multicast broadcast traffic. When UnicastResponsesToMulticastBroadcastsRequired and UnicastResponsesToMulticastBroadcastsBlocked are both true, UnicastResponsesToMulticastBroadcastsBlocked takes priority.","Name":"UnicastResponsesToMulticastBroadcastsRequired","Option":"Write"}],"Description":"Intune Device Configuration Endpoint Protection Policy for Windows10"},{"ClassName":"MSFT_MicrosoftGraphWindowsFirewallRule","Parameters":[{"CIMType":"String","Description":"The action the rule enforces. If not specified, the default is Allowed. Possible values are: notConfigured, blocked, allowed.","Name":"Action","Option":"Write","ValueMap":["notConfigured","blocked","allowed"],"Values":["notConfigured","blocked","allowed"]},{"CIMType":"String","Description":"The description of the rule.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"The display name of the rule. Does not need to be unique.","Name":"DisplayName","Option":"Write"},{"CIMType":"String","Description":"Indicates whether edge traversal is enabled or disabled for this rule. The EdgeTraversal setting indicates that specific inbound traffic is allowed to tunnel through NATs and other edge devices using the Teredo tunneling technology. In order for this setting to work correctly, the application or service with the inbound firewall rule needs to support IPv6. The primary application of this setting allows listeners on the host to be globally addressable through a Teredo IPv6 address. New rules have the EdgeTraversal property disabled by default. Possible values are: notConfigured, blocked, allowed.","Name":"EdgeTraversal","Option":"Write","ValueMap":["notConfigured","blocked","allowed"],"Values":["notConfigured","blocked","allowed"]},{"CIMType":"String","Description":"The full file path of an app that's affected by the firewall rule.","Name":"FilePath","Option":"Write"},{"CIMType":"String[]","Description":"The interface types of the rule. Possible values are: notConfigured, remoteAccess, wireless, lan.","Name":"InterfaceTypes","Option":"Write","ValueMap":["notConfigured","remoteAccess","wireless","lan"],"Values":["notConfigured","remoteAccess","wireless","lan"]},{"CIMType":"String[]","Description":"List of local addresses covered by the rule. Default is any address. Valid tokens include:'' indicates any local address. If present, this must be the only token included.A subnet can be specified using either the subnet mask or network prefix notation. If neither a subnet mask nor a network prefix is specified, the subnet mask defaults to 255.255.255.255.A valid IPv6 address.An IPv4 address range in the format of 'start address - end address' with no spaces included.An IPv6 address range in the format of 'start address - end address' with no spaces included.","Name":"LocalAddressRanges","Option":"Write"},{"CIMType":"String[]","Description":"List of local port ranges. For example, '100-120', '200', '300-320'. If not specified, the default is All.","Name":"LocalPortRanges","Option":"Write"},{"CIMType":"String","Description":"Specifies the list of authorized local users for the app container. This is a string in Security Descriptor Definition Language (SDDL) format.","Name":"LocalUserAuthorizations","Option":"Write"},{"CIMType":"String","Description":"The package family name of a Microsoft Store application that's affected by the firewall rule.","Name":"PackageFamilyName","Option":"Write"},{"CIMType":"String","Description":"Specifies the profiles to which the rule belongs. If not specified, the default is All. Possible values are: notConfigured, domain, private, public.","Name":"ProfileTypes","Option":"Write"},{"CIMType":"UInt32","Description":"0-255 number representing the IP protocol (TCP = 6, UDP = 17). If not specified, the default is All. Valid values 0 to 255","Name":"Protocol","Option":"Write"},{"CIMType":"String[]","Description":"List of tokens specifying the remote addresses covered by the rule. Tokens are case insensitive. Default is any address. Valid tokens include:'' indicates any remote address. If present, this must be the only token included.'Defaultgateway''DHCP''DNS''WINS''Intranet' (supported on Windows versions 1809+)'RmtIntranet' (supported on Windows versions 1809+)'Internet' (supported on Windows versions 1809+)'Ply2Renders' (supported on Windows versions 1809+)'LocalSubnet' indicates any local address on the local subnet.A subnet can be specified using either the subnet mask or network prefix notation. If neither a subnet mask nor a network prefix is specified, the subnet mask defaults to 255.255.255.255.A valid IPv6 address.An IPv4 address range in the format of 'start address - end address' with no spaces included.An IPv6 address range in the format of 'start address - end address' with no spaces included.","Name":"RemoteAddressRanges","Option":"Write"},{"CIMType":"String[]","Description":"List of remote port ranges. For example, '100-120', '200', '300-320'. If not specified, the default is All.","Name":"RemotePortRanges","Option":"Write"},{"CIMType":"String","Description":"The name used in cases when a service, not an application, is sending or receiving traffic.","Name":"ServiceName","Option":"Write"},{"CIMType":"String","Description":"The traffic direction that the rule is enabled for. If not specified, the default is Out. Possible values are: notConfigured, out, in.","Name":"TrafficDirection","Option":"Write","ValueMap":["notConfigured","out","in"],"Values":["notConfigured","out","in"]}],"Description":"Intune Device Configuration Endpoint Protection Policy for Windows10"},{"ClassName":"MSFT_MicrosoftGraphDeviceManagementUserRightsSetting","Parameters":[{"CIMType":"MSFT_MicrosoftGraphDeviceManagementUserRightsLocalUserOrGroup[]","Description":"Representing a collection of local users or groups which will be set on device if the state of this setting is Allowed. This collection can contain a maximum of 500 elements.","Name":"LocalUsersOrGroups","Option":"Write"},{"CIMType":"String","Description":"Representing the current state of this user rights setting. Possible values are: notConfigured, blocked, allowed.","Name":"State","Option":"Write","ValueMap":["notConfigured","blocked","allowed"],"Values":["notConfigured","blocked","allowed"]}],"Description":"Intune Device Configuration Endpoint Protection Policy for Windows10"},{"ClassName":"MSFT_MicrosoftGraphDeviceManagementUserRightsLocalUserOrGroup","Parameters":[{"CIMType":"String","Description":"Admins description of this local user or group.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"The name of this local user or group.","Name":"Name","Option":"Write"},{"CIMType":"String","Description":"The security identifier of this local user or group (e.g. S-1-5-32-544).","Name":"SecurityIdentifier","Option":"Write"}],"Description":"Intune Device Configuration Endpoint Protection Policy for Windows10"},{"ClassName":"MSFT_IntuneDeviceConfigurationEndpointProtectionPolicyWindows10","Parameters":[{"CIMType":"Boolean","Description":"Gets or sets whether applications inside Microsoft Defender Application Guard can access the devices camera and microphone.","Name":"ApplicationGuardAllowCameraMicrophoneRedirection","Option":"Write"},{"CIMType":"Boolean","Description":"Allow users to download files from Edge in the application guard container and save them on the host file system","Name":"ApplicationGuardAllowFileSaveOnHost","Option":"Write"},{"CIMType":"Boolean","Description":"Allow persisting user generated data inside the App Guard Container (favorites, cookies, web passwords, etc.)","Name":"ApplicationGuardAllowPersistence","Option":"Write"},{"CIMType":"Boolean","Description":"Allow printing to Local Printers from Container","Name":"ApplicationGuardAllowPrintToLocalPrinters","Option":"Write"},{"CIMType":"Boolean","Description":"Allow printing to Network Printers from Container","Name":"ApplicationGuardAllowPrintToNetworkPrinters","Option":"Write"},{"CIMType":"Boolean","Description":"Allow printing to PDF from Container","Name":"ApplicationGuardAllowPrintToPDF","Option":"Write"},{"CIMType":"Boolean","Description":"Allow printing to XPS from Container","Name":"ApplicationGuardAllowPrintToXPS","Option":"Write"},{"CIMType":"Boolean","Description":"Allow application guard to use virtual GPU","Name":"ApplicationGuardAllowVirtualGPU","Option":"Write"},{"CIMType":"String","Description":"Block clipboard to share data from Host to Container, or from Container to Host, or both ways, or neither ways. Possible values are: notConfigured, blockBoth, blockHostToContainer, blockContainerToHost, blockNone.","Name":"ApplicationGuardBlockClipboardSharing","Option":"Write","ValueMap":["notConfigured","blockBoth","blockHostToContainer","blockContainerToHost","blockNone"],"Values":["notConfigured","blockBoth","blockHostToContainer","blockContainerToHost","blockNone"]},{"CIMType":"String","Description":"Block clipboard to transfer image file, text file or neither of them. Possible values are: notConfigured, blockImageAndTextFile, blockImageFile, blockNone, blockTextFile.","Name":"ApplicationGuardBlockFileTransfer","Option":"Write","ValueMap":["notConfigured","blockImageAndTextFile","blockImageFile","blockNone","blockTextFile"],"Values":["notConfigured","blockImageAndTextFile","blockImageFile","blockNone","blockTextFile"]},{"CIMType":"Boolean","Description":"Block enterprise sites to load non-enterprise content, such as third party plug-ins","Name":"ApplicationGuardBlockNonEnterpriseContent","Option":"Write"},{"CIMType":"String[]","Description":"Allows certain device level Root Certificates to be shared with the Microsoft Defender Application Guard container.","Name":"ApplicationGuardCertificateThumbprints","Option":"Write"},{"CIMType":"Boolean","Description":"Enable Windows Defender Application Guard","Name":"ApplicationGuardEnabled","Option":"Write"},{"CIMType":"String","Description":"Enable Windows Defender Application Guard for newer Windows builds. Possible values are: notConfigured, enabledForEdge, enabledForOffice, enabledForEdgeAndOffice.","Name":"ApplicationGuardEnabledOptions","Option":"Write","ValueMap":["notConfigured","enabledForEdge","enabledForOffice","enabledForEdgeAndOffice"],"Values":["notConfigured","enabledForEdge","enabledForOffice","enabledForEdgeAndOffice"]},{"CIMType":"Boolean","Description":"Force auditing will persist Windows logs and events to meet security/compliance criteria (sample events are user login-logoff, use of privilege rights, software installation, system changes, etc.)","Name":"ApplicationGuardForceAuditing","Option":"Write"},{"CIMType":"String","Description":"Enables the Admin to choose what types of app to allow on devices. Possible values are: notConfigured, enforceComponentsAndStoreApps, auditComponentsAndStoreApps, enforceComponentsStoreAppsAndSmartlocker, auditComponentsStoreAppsAndSmartlocker.","Name":"AppLockerApplicationControl","Option":"Write","ValueMap":["notConfigured","enforceComponentsAndStoreApps","auditComponentsAndStoreApps","enforceComponentsStoreAppsAndSmartlocker","auditComponentsStoreAppsAndSmartlocker"],"Values":["notConfigured","enforceComponentsAndStoreApps","auditComponentsAndStoreApps","enforceComponentsStoreAppsAndSmartlocker","auditComponentsStoreAppsAndSmartlocker"]},{"CIMType":"Boolean","Description":"Allows the admin to allow standard users to enable encryption during Azure AD Join.","Name":"BitLockerAllowStandardUserEncryption","Option":"Write"},{"CIMType":"Boolean","Description":"Allows the Admin to disable the warning prompt for other disk encryption on the user machines.","Name":"BitLockerDisableWarningForOtherDiskEncryption","Option":"Write"},{"CIMType":"Boolean","Description":"Allows the admin to require encryption to be turned on using BitLocker. This policy is valid only for a mobile SKU.","Name":"BitLockerEnableStorageCardEncryptionOnMobile","Option":"Write"},{"CIMType":"Boolean","Description":"Allows the admin to require encryption to be turned on using BitLocker.","Name":"BitLockerEncryptDevice","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphbitLockerFixedDrivePolicy","Description":"BitLocker Fixed Drive Policy.","Name":"BitLockerFixedDrivePolicy","Option":"Write"},{"CIMType":"String","Description":"This setting initiates a client-driven recovery password rotation after an OS drive recovery (either by using bootmgr or WinRE). Possible values are: notConfigured, disabled, enabledForAzureAd, enabledForAzureAdAndHybrid.","Name":"BitLockerRecoveryPasswordRotation","Option":"Write","ValueMap":["notConfigured","disabled","enabledForAzureAd","enabledForAzureAdAndHybrid"],"Values":["notConfigured","disabled","enabledForAzureAd","enabledForAzureAdAndHybrid"]},{"CIMType":"MSFT_MicrosoftGraphbitLockerRemovableDrivePolicy","Description":"BitLocker Removable Drive Policy.","Name":"BitLockerRemovableDrivePolicy","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphbitLockerSystemDrivePolicy","Description":"BitLocker System Drive Policy.","Name":"BitLockerSystemDrivePolicy","Option":"Write"},{"CIMType":"String[]","Description":"List of folder paths to be added to the list of protected folders","Name":"DefenderAdditionalGuardedFolders","Option":"Write"},{"CIMType":"String","Description":"Value indicating the behavior of Adobe Reader from creating child processes. Possible values are: userDefined, enable, auditMode, warn, notConfigured.","Name":"DefenderAdobeReaderLaunchChildProcess","Option":"Write","ValueMap":["userDefined","enable","auditMode","warn","notConfigured"],"Values":["userDefined","enable","auditMode","warn","notConfigured"]},{"CIMType":"String","Description":"Value indicating use of advanced protection against ransomeware. Possible values are: userDefined, enable, auditMode, warn, notConfigured.","Name":"DefenderAdvancedRansomewareProtectionType","Option":"Write","ValueMap":["userDefined","enable","auditMode","warn","notConfigured"],"Values":["userDefined","enable","auditMode","warn","notConfigured"]},{"CIMType":"Boolean","Description":"Allows or disallows Windows Defender Behavior Monitoring functionality.","Name":"DefenderAllowBehaviorMonitoring","Option":"Write"},{"CIMType":"Boolean","Description":"To best protect your PC, Windows Defender will send information to Microsoft about any problems it finds. Microsoft will analyze that information, learn more about problems affecting you and other customers, and offer improved solutions.","Name":"DefenderAllowCloudProtection","Option":"Write"},{"CIMType":"Boolean","Description":"Allows or disallows user access to the Windows Defender UI. If disallowed, all Windows Defender notifications will also be suppressed.","Name":"DefenderAllowEndUserAccess","Option":"Write"},{"CIMType":"Boolean","Description":"Allows or disallows Windows Defender Intrusion Prevention functionality.","Name":"DefenderAllowIntrusionPreventionSystem","Option":"Write"},{"CIMType":"Boolean","Description":"Allows or disallows Windows Defender On Access Protection functionality.","Name":"DefenderAllowOnAccessProtection","Option":"Write"},{"CIMType":"Boolean","Description":"Allows or disallows Windows Defender Realtime Monitoring functionality.","Name":"DefenderAllowRealTimeMonitoring","Option":"Write"},{"CIMType":"Boolean","Description":"Allows or disallows scanning of archives.","Name":"DefenderAllowScanArchiveFiles","Option":"Write"},{"CIMType":"Boolean","Description":"Allows or disallows Windows Defender IOAVP Protection functionality.","Name":"DefenderAllowScanDownloads","Option":"Write"},{"CIMType":"Boolean","Description":"Allows or disallows a scanning of network files.","Name":"DefenderAllowScanNetworkFiles","Option":"Write"},{"CIMType":"Boolean","Description":"Allows or disallows a full scan of removable drives. During a quick scan, removable drives may still be scanned.","Name":"DefenderAllowScanRemovableDrivesDuringFullScan","Option":"Write"},{"CIMType":"Boolean","Description":"Allows or disallows Windows Defender Script Scanning functionality.","Name":"DefenderAllowScanScriptsLoadedInInternetExplorer","Option":"Write"},{"CIMType":"String[]","Description":"List of exe files and folders to be excluded from attack surface reduction rules","Name":"DefenderAttackSurfaceReductionExcludedPaths","Option":"Write"},{"CIMType":"Boolean","Description":"Allows or disallows user access to the Windows Defender UI. If disallowed, all Windows Defender notifications will also be suppressed.","Name":"DefenderBlockEndUserAccess","Option":"Write"},{"CIMType":"String","Description":"Value indicating the behavior ofBlock persistence through WMI event subscription. Possible values are: userDefined, block, auditMode, warn, disable.","Name":"DefenderBlockPersistenceThroughWmiType","Option":"Write","ValueMap":["userDefined","block","auditMode","warn","disable"],"Values":["userDefined","block","auditMode","warn","disable"]},{"CIMType":"Boolean","Description":"This policy setting allows you to manage whether a check for new virus and spyware definitions will occur before running a scan.","Name":"DefenderCheckForSignaturesBeforeRunningScan","Option":"Write"},{"CIMType":"String","Description":"Added in Windows 10, version 1709. This policy setting determines how aggressive Windows Defender Antivirus will be in blocking and scanning suspicious files. Value type is integer. This feature requires the 'Join Microsoft MAPS' setting enabled in order to function. Possible values are: notConfigured, high, highPlus, zeroTolerance.","Name":"DefenderCloudBlockLevel","Option":"Write","ValueMap":["notConfigured","high","highPlus","zeroTolerance"],"Values":["notConfigured","high","highPlus","zeroTolerance"]},{"CIMType":"UInt32","Description":"Added in Windows 10, version 1709. This feature allows Windows Defender Antivirus to block a suspicious file for up to 60 seconds, and scan it in the cloud to make sure it's safe. Value type is integer, range is 0 - 50. This feature depends on three other MAPS settings the must all be enabled- 'Configure the 'Block at First Sight' feature 'Join Microsoft MAPS' 'Send file samples when further analysis is required'. Valid values 0 to 50","Name":"DefenderCloudExtendedTimeoutInSeconds","Option":"Write"},{"CIMType":"UInt32","Description":"Time period (in days) that quarantine items will be stored on the system. Valid values 0 to 90","Name":"DefenderDaysBeforeDeletingQuarantinedMalware","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphdefenderDetectedMalwareActions","Description":"Allows an administrator to specify any valid threat severity levels and the corresponding default action ID to take.","Name":"DefenderDetectedMalwareActions","Option":"Write"},{"CIMType":"Boolean","Description":"Allows or disallows Windows Defender Behavior Monitoring functionality.","Name":"DefenderDisableBehaviorMonitoring","Option":"Write"},{"CIMType":"Boolean","Description":"This policy setting allows you to configure catch-up scans for scheduled full scans. A catch-up scan is a scan that is initiated because a regularly scheduled scan was missed. Usually these scheduled scans are missed because the computer was turned off at the scheduled time.","Name":"DefenderDisableCatchupFullScan","Option":"Write"},{"CIMType":"Boolean","Description":"This policy setting allows you to configure catch-up scans for scheduled quick scans. A catch-up scan is a scan that is initiated because a regularly scheduled scan was missed. Usually these scheduled scans are missed because the computer was turned off at the scheduled time.","Name":"DefenderDisableCatchupQuickScan","Option":"Write"},{"CIMType":"Boolean","Description":"To best protect your PC, Windows Defender will send information to Microsoft about any problems it finds. Microsoft will analyze that information, learn more about problems affecting you and other customers, and offer improved solutions.","Name":"DefenderDisableCloudProtection","Option":"Write"},{"CIMType":"Boolean","Description":"Allows or disallows Windows Defender Intrusion Prevention functionality.","Name":"DefenderDisableIntrusionPreventionSystem","Option":"Write"},{"CIMType":"Boolean","Description":"Allows or disallows Windows Defender On Access Protection functionality.","Name":"DefenderDisableOnAccessProtection","Option":"Write"},{"CIMType":"Boolean","Description":"Allows or disallows Windows Defender Realtime Monitoring functionality.","Name":"DefenderDisableRealTimeMonitoring","Option":"Write"},{"CIMType":"Boolean","Description":"Allows or disallows scanning of archives.","Name":"DefenderDisableScanArchiveFiles","Option":"Write"},{"CIMType":"Boolean","Description":"Allows or disallows Windows Defender IOAVP Protection functionality.","Name":"DefenderDisableScanDownloads","Option":"Write"},{"CIMType":"Boolean","Description":"Allows or disallows a scanning of network files.","Name":"DefenderDisableScanNetworkFiles","Option":"Write"},{"CIMType":"Boolean","Description":"Allows or disallows a full scan of removable drives. During a quick scan, removable drives may still be scanned.","Name":"DefenderDisableScanRemovableDrivesDuringFullScan","Option":"Write"},{"CIMType":"Boolean","Description":"Allows or disallows Windows Defender Script Scanning functionality.","Name":"DefenderDisableScanScriptsLoadedInInternetExplorer","Option":"Write"},{"CIMType":"String","Description":"Value indicating if execution of executable content (exe, dll, ps, js, vbs, etc) should be dropped from email (webmail/mail-client). Possible values are: userDefined, enable, auditMode, warn, notConfigured.","Name":"DefenderEmailContentExecution","Option":"Write","ValueMap":["userDefined","enable","auditMode","warn","notConfigured"],"Values":["userDefined","enable","auditMode","warn","notConfigured"]},{"CIMType":"String","Description":"Value indicating if execution of executable content (exe, dll, ps, js, vbs, etc) should be dropped from email (webmail/mail-client). Possible values are: userDefined, block, auditMode, warn, disable.","Name":"DefenderEmailContentExecutionType","Option":"Write","ValueMap":["userDefined","block","auditMode","warn","disable"],"Values":["userDefined","block","auditMode","warn","disable"]},{"CIMType":"Boolean","Description":"This policy setting allows you to enable or disable low CPU priority for scheduled scans.","Name":"DefenderEnableLowCpuPriority","Option":"Write"},{"CIMType":"Boolean","Description":"Allows or disallows scanning of email.","Name":"DefenderEnableScanIncomingMail","Option":"Write"},{"CIMType":"Boolean","Description":"Allows or disallows a full scan of mapped network drives.","Name":"DefenderEnableScanMappedNetworkDrivesDuringFullScan","Option":"Write"},{"CIMType":"String","Description":"Xml content containing information regarding exploit protection details.","Name":"DefenderExploitProtectionXml","Option":"Write"},{"CIMType":"String","Description":"Name of the file from which DefenderExploitProtectionXml was obtained.","Name":"DefenderExploitProtectionXmlFileName","Option":"Write"},{"CIMType":"String[]","Description":"File extensions to exclude from scans and real time protection.","Name":"DefenderFileExtensionsToExclude","Option":"Write"},{"CIMType":"String[]","Description":"Files and folder to exclude from scans and real time protection.","Name":"DefenderFilesAndFoldersToExclude","Option":"Write"},{"CIMType":"String[]","Description":"List of paths to exe that are allowed to access protected folders","Name":"DefenderGuardedFoldersAllowedAppPaths","Option":"Write"},{"CIMType":"String","Description":"Value indicating the behavior of protected folders. Possible values are: userDefined, enable, auditMode, blockDiskModification, auditDiskModification.","Name":"DefenderGuardMyFoldersType","Option":"Write","ValueMap":["userDefined","enable","auditMode","blockDiskModification","auditDiskModification"],"Values":["userDefined","enable","auditMode","blockDiskModification","auditDiskModification"]},{"CIMType":"String","Description":"Value indicating the behavior of NetworkProtection. Possible values are: userDefined, enable, auditMode, warn, notConfigured.","Name":"DefenderNetworkProtectionType","Option":"Write","ValueMap":["userDefined","enable","auditMode","warn","notConfigured"],"Values":["userDefined","enable","auditMode","warn","notConfigured"]},{"CIMType":"String","Description":"Value indicating the behavior of Office applications/macros creating or launching executable content. Possible values are: userDefined, enable, auditMode, warn, notConfigured.","Name":"DefenderOfficeAppsExecutableContentCreationOrLaunch","Option":"Write","ValueMap":["userDefined","enable","auditMode","warn","notConfigured"],"Values":["userDefined","enable","auditMode","warn","notConfigured"]},{"CIMType":"String","Description":"Value indicating the behavior of Office applications/macros creating or launching executable content. Possible values are: userDefined, block, auditMode, warn, disable.","Name":"DefenderOfficeAppsExecutableContentCreationOrLaunchType","Option":"Write","ValueMap":["userDefined","block","auditMode","warn","disable"],"Values":["userDefined","block","auditMode","warn","disable"]},{"CIMType":"String","Description":"Value indicating the behavior of Office application launching child processes. Possible values are: userDefined, enable, auditMode, warn, notConfigured.","Name":"DefenderOfficeAppsLaunchChildProcess","Option":"Write","ValueMap":["userDefined","enable","auditMode","warn","notConfigured"],"Values":["userDefined","enable","auditMode","warn","notConfigured"]},{"CIMType":"String","Description":"Value indicating the behavior of Office application launching child processes. Possible values are: userDefined, block, auditMode, warn, disable.","Name":"DefenderOfficeAppsLaunchChildProcessType","Option":"Write","ValueMap":["userDefined","block","auditMode","warn","disable"],"Values":["userDefined","block","auditMode","warn","disable"]},{"CIMType":"String","Description":"Value indicating the behavior of Office applications injecting into other processes. Possible values are: userDefined, enable, auditMode, warn, notConfigured.","Name":"DefenderOfficeAppsOtherProcessInjection","Option":"Write","ValueMap":["userDefined","enable","auditMode","warn","notConfigured"],"Values":["userDefined","enable","auditMode","warn","notConfigured"]},{"CIMType":"String","Description":"Value indicating the behavior ofOffice applications injecting into other processes. Possible values are: userDefined, block, auditMode, warn, disable.","Name":"DefenderOfficeAppsOtherProcessInjectionType","Option":"Write","ValueMap":["userDefined","block","auditMode","warn","disable"],"Values":["userDefined","block","auditMode","warn","disable"]},{"CIMType":"String","Description":"Value indicating the behavior of Office communication applications, including Microsoft Outlook, from creating child processes. Possible values are: userDefined, enable, auditMode, warn, notConfigured.","Name":"DefenderOfficeCommunicationAppsLaunchChildProcess","Option":"Write","ValueMap":["userDefined","enable","auditMode","warn","notConfigured"],"Values":["userDefined","enable","auditMode","warn","notConfigured"]},{"CIMType":"String","Description":"Value indicating the behavior of Win32 imports from Macro code in Office. Possible values are: userDefined, enable, auditMode, warn, notConfigured.","Name":"DefenderOfficeMacroCodeAllowWin32Imports","Option":"Write","ValueMap":["userDefined","enable","auditMode","warn","notConfigured"],"Values":["userDefined","enable","auditMode","warn","notConfigured"]},{"CIMType":"String","Description":"Value indicating the behavior of Win32 imports from Macro code in Office. Possible values are: userDefined, block, auditMode, warn, disable.","Name":"DefenderOfficeMacroCodeAllowWin32ImportsType","Option":"Write","ValueMap":["userDefined","block","auditMode","warn","disable"],"Values":["userDefined","block","auditMode","warn","disable"]},{"CIMType":"String","Description":"Added in Windows 10, version 1607. Specifies the level of detection for potentially unwanted applications (PUAs). Windows Defender alerts you when potentially unwanted software is being downloaded or attempts to install itself on your computer. Possible values are: userDefined, enable, auditMode, warn, notConfigured.","Name":"DefenderPotentiallyUnwantedAppAction","Option":"Write","ValueMap":["userDefined","enable","auditMode","warn","notConfigured"],"Values":["userDefined","enable","auditMode","warn","notConfigured"]},{"CIMType":"String","Description":"Value indicating if credential stealing from the Windows local security authority subsystem is permitted. Possible values are: userDefined, enable, auditMode, warn, notConfigured.","Name":"DefenderPreventCredentialStealingType","Option":"Write","ValueMap":["userDefined","enable","auditMode","warn","notConfigured"],"Values":["userDefined","enable","auditMode","warn","notConfigured"]},{"CIMType":"String","Description":"Value indicating response to process creations originating from PSExec and WMI commands. Possible values are: userDefined, enable, auditMode, warn, notConfigured.","Name":"DefenderProcessCreation","Option":"Write","ValueMap":["userDefined","enable","auditMode","warn","notConfigured"],"Values":["userDefined","enable","auditMode","warn","notConfigured"]},{"CIMType":"String","Description":"Value indicating response to process creations originating from PSExec and WMI commands. Possible values are: userDefined, block, auditMode, warn, disable.","Name":"DefenderProcessCreationType","Option":"Write","ValueMap":["userDefined","block","auditMode","warn","disable"],"Values":["userDefined","block","auditMode","warn","disable"]},{"CIMType":"String[]","Description":"Processes to exclude from scans and real time protection.","Name":"DefenderProcessesToExclude","Option":"Write"},{"CIMType":"String","Description":"Controls which sets of files should be monitored. Possible values are: monitorAllFiles, monitorIncomingFilesOnly, monitorOutgoingFilesOnly.","Name":"DefenderScanDirection","Option":"Write","ValueMap":["monitorAllFiles","monitorIncomingFilesOnly","monitorOutgoingFilesOnly"],"Values":["monitorAllFiles","monitorIncomingFilesOnly","monitorOutgoingFilesOnly"]},{"CIMType":"UInt32","Description":"Represents the average CPU load factor for the Windows Defender scan (in percent). The default value is 50. Valid values 0 to 100","Name":"DefenderScanMaxCpuPercentage","Option":"Write"},{"CIMType":"String","Description":"Selects whether to perform a quick scan or full scan. Possible values are: userDefined, disabled, quick, full.","Name":"DefenderScanType","Option":"Write","ValueMap":["userDefined","disabled","quick","full"],"Values":["userDefined","disabled","quick","full"]},{"CIMType":"String","Description":"Selects the time of day that the Windows Defender quick scan should run. For example, a value of 0=12:00AM, a value of 60=1:00AM, a value of 120=2:00, and so on, up to a value of 1380=11:00PM. The default value is 120","Name":"DefenderScheduledQuickScanTime","Option":"Write"},{"CIMType":"String","Description":"Selects the day that the Windows Defender scan should run. Possible values are: userDefined, everyday, sunday, monday, tuesday, wednesday, thursday, friday, saturday, noScheduledScan.","Name":"DefenderScheduledScanDay","Option":"Write","ValueMap":["userDefined","everyday","sunday","monday","tuesday","wednesday","thursday","friday","saturday","noScheduledScan"],"Values":["userDefined","everyday","sunday","monday","tuesday","wednesday","thursday","friday","saturday","noScheduledScan"]},{"CIMType":"String","Description":"Selects the time of day that the Windows Defender scan should run.","Name":"DefenderScheduledScanTime","Option":"Write"},{"CIMType":"String","Description":"Value indicating the behavior of js/vbs executing payload downloaded from Internet. Possible values are: userDefined, enable, auditMode, warn, notConfigured.","Name":"DefenderScriptDownloadedPayloadExecution","Option":"Write","ValueMap":["userDefined","enable","auditMode","warn","notConfigured"],"Values":["userDefined","enable","auditMode","warn","notConfigured"]},{"CIMType":"String","Description":"Value indicating the behavior of js/vbs executing payload downloaded from Internet. Possible values are: userDefined, block, auditMode, warn, disable.","Name":"DefenderScriptDownloadedPayloadExecutionType","Option":"Write","ValueMap":["userDefined","block","auditMode","warn","disable"],"Values":["userDefined","block","auditMode","warn","disable"]},{"CIMType":"String","Description":"Value indicating the behavior of obfuscated js/vbs/ps/macro code. Possible values are: userDefined, enable, auditMode, warn, notConfigured.","Name":"DefenderScriptObfuscatedMacroCode","Option":"Write","ValueMap":["userDefined","enable","auditMode","warn","notConfigured"],"Values":["userDefined","enable","auditMode","warn","notConfigured"]},{"CIMType":"String","Description":"Value indicating the behavior of obfuscated js/vbs/ps/macro code. Possible values are: userDefined, block, auditMode, warn, disable.","Name":"DefenderScriptObfuscatedMacroCodeType","Option":"Write","ValueMap":["userDefined","block","auditMode","warn","disable"],"Values":["userDefined","block","auditMode","warn","disable"]},{"CIMType":"Boolean","Description":"Indicates whether or not to block user from overriding Exploit Protection settings.","Name":"DefenderSecurityCenterBlockExploitProtectionOverride","Option":"Write"},{"CIMType":"Boolean","Description":"Used to disable the display of the account protection area.","Name":"DefenderSecurityCenterDisableAccountUI","Option":"Write"},{"CIMType":"Boolean","Description":"Used to disable the display of the app and browser protection area.","Name":"DefenderSecurityCenterDisableAppBrowserUI","Option":"Write"},{"CIMType":"Boolean","Description":"Used to disable the display of the Clear TPM button.","Name":"DefenderSecurityCenterDisableClearTpmUI","Option":"Write"},{"CIMType":"Boolean","Description":"Used to disable the display of the family options area.","Name":"DefenderSecurityCenterDisableFamilyUI","Option":"Write"},{"CIMType":"Boolean","Description":"Used to disable the display of the hardware protection area.","Name":"DefenderSecurityCenterDisableHardwareUI","Option":"Write"},{"CIMType":"Boolean","Description":"Used to disable the display of the device performance and health area.","Name":"DefenderSecurityCenterDisableHealthUI","Option":"Write"},{"CIMType":"Boolean","Description":"Used to disable the display of the firewall and network protection area.","Name":"DefenderSecurityCenterDisableNetworkUI","Option":"Write"},{"CIMType":"Boolean","Description":"Used to disable the display of the notification area control. The user needs to either sign out and sign in or reboot the computer for this setting to take effect.","Name":"DefenderSecurityCenterDisableNotificationAreaUI","Option":"Write"},{"CIMType":"Boolean","Description":"Used to disable the display of the ransomware protection area.","Name":"DefenderSecurityCenterDisableRansomwareUI","Option":"Write"},{"CIMType":"Boolean","Description":"Used to disable the display of the secure boot area under Device security.","Name":"DefenderSecurityCenterDisableSecureBootUI","Option":"Write"},{"CIMType":"Boolean","Description":"Used to disable the display of the security process troubleshooting under Device security.","Name":"DefenderSecurityCenterDisableTroubleshootingUI","Option":"Write"},{"CIMType":"Boolean","Description":"Used to disable the display of the virus and threat protection area.","Name":"DefenderSecurityCenterDisableVirusUI","Option":"Write"},{"CIMType":"Boolean","Description":"Used to disable the display of update TPM Firmware when a vulnerable firmware is detected.","Name":"DefenderSecurityCenterDisableVulnerableTpmFirmwareUpdateUI","Option":"Write"},{"CIMType":"String","Description":"The email address that is displayed to users.","Name":"DefenderSecurityCenterHelpEmail","Option":"Write"},{"CIMType":"String","Description":"The phone number or Skype ID that is displayed to users.","Name":"DefenderSecurityCenterHelpPhone","Option":"Write"},{"CIMType":"String","Description":"The help portal URL this is displayed to users.","Name":"DefenderSecurityCenterHelpURL","Option":"Write"},{"CIMType":"String","Description":"Configure where to display IT contact information to end users. Possible values are: notConfigured, displayInAppAndInNotifications, displayOnlyInApp, displayOnlyInNotifications.","Name":"DefenderSecurityCenterITContactDisplay","Option":"Write","ValueMap":["notConfigured","displayInAppAndInNotifications","displayOnlyInApp","displayOnlyInNotifications"],"Values":["notConfigured","displayInAppAndInNotifications","displayOnlyInApp","displayOnlyInNotifications"]},{"CIMType":"String","Description":"Notifications to show from the displayed areas of app. Possible values are: notConfigured, blockNoncriticalNotifications, blockAllNotifications.","Name":"DefenderSecurityCenterNotificationsFromApp","Option":"Write","ValueMap":["notConfigured","blockNoncriticalNotifications","blockAllNotifications"],"Values":["notConfigured","blockNoncriticalNotifications","blockAllNotifications"]},{"CIMType":"String","Description":"The company name that is displayed to the users.","Name":"DefenderSecurityCenterOrganizationDisplayName","Option":"Write"},{"CIMType":"UInt32","Description":"Specifies the interval (in hours) that will be used to check for signatures, so instead of using the ScheduleDay and ScheduleTime the check for new signatures will be set according to the interval. Valid values 0 to 24","Name":"DefenderSignatureUpdateIntervalInHours","Option":"Write"},{"CIMType":"String","Description":"Checks for the user consent level in Windows Defender to send data. Possible values are: sendSafeSamplesAutomatically, alwaysPrompt, neverSend, sendAllSamplesAutomatically.","Name":"DefenderSubmitSamplesConsentType","Option":"Write","ValueMap":["sendSafeSamplesAutomatically","alwaysPrompt","neverSend","sendAllSamplesAutomatically"],"Values":["sendSafeSamplesAutomatically","alwaysPrompt","neverSend","sendAllSamplesAutomatically"]},{"CIMType":"String","Description":"Value indicating response to executables that don't meet a prevalence, age, or trusted list criteria. Possible values are: userDefined, enable, auditMode, warn, notConfigured.","Name":"DefenderUntrustedExecutable","Option":"Write","ValueMap":["userDefined","enable","auditMode","warn","notConfigured"],"Values":["userDefined","enable","auditMode","warn","notConfigured"]},{"CIMType":"String","Description":"Value indicating response to executables that don't meet a prevalence, age, or trusted list criteria. Possible values are: userDefined, block, auditMode, warn, disable.","Name":"DefenderUntrustedExecutableType","Option":"Write","ValueMap":["userDefined","block","auditMode","warn","disable"],"Values":["userDefined","block","auditMode","warn","disable"]},{"CIMType":"String","Description":"Value indicating response to untrusted and unsigned processes that run from USB. Possible values are: userDefined, enable, auditMode, warn, notConfigured.","Name":"DefenderUntrustedUSBProcess","Option":"Write","ValueMap":["userDefined","enable","auditMode","warn","notConfigured"],"Values":["userDefined","enable","auditMode","warn","notConfigured"]},{"CIMType":"String","Description":"Value indicating response to untrusted and unsigned processes that run from USB. Possible values are: userDefined, block, auditMode, warn, disable.","Name":"DefenderUntrustedUSBProcessType","Option":"Write","ValueMap":["userDefined","block","auditMode","warn","disable"],"Values":["userDefined","block","auditMode","warn","disable"]},{"CIMType":"Boolean","Description":"This property will be deprecated in May 2019 and will be replaced with property DeviceGuardSecureBootWithDMA. Specifies whether Platform Security Level is enabled at next reboot.","Name":"DeviceGuardEnableSecureBootWithDMA","Option":"Write"},{"CIMType":"Boolean","Description":"Turns On Virtualization Based Security(VBS).","Name":"DeviceGuardEnableVirtualizationBasedSecurity","Option":"Write"},{"CIMType":"String","Description":"Allows the IT admin to configure the launch of System Guard. Possible values are: notConfigured, enabled, disabled.","Name":"DeviceGuardLaunchSystemGuard","Option":"Write","ValueMap":["notConfigured","enabled","disabled"],"Values":["notConfigured","enabled","disabled"]},{"CIMType":"String","Description":"Turn on Credential Guard when Platform Security Level with Secure Boot and Virtualization Based Security are both enabled. Possible values are: notConfigured, enableWithUEFILock, enableWithoutUEFILock, disable.","Name":"DeviceGuardLocalSystemAuthorityCredentialGuardSettings","Option":"Write","ValueMap":["notConfigured","enableWithUEFILock","enableWithoutUEFILock","disable"],"Values":["notConfigured","enableWithUEFILock","enableWithoutUEFILock","disable"]},{"CIMType":"String","Description":"Specifies whether Platform Security Level is enabled at next reboot. Possible values are: notConfigured, withoutDMA, withDMA.","Name":"DeviceGuardSecureBootWithDMA","Option":"Write","ValueMap":["notConfigured","withoutDMA","withDMA"],"Values":["notConfigured","withoutDMA","withDMA"]},{"CIMType":"String","Description":"This policy is intended to provide additional security against external DMA capable devices. It allows for more control over the enumeration of external DMA capable devices incompatible with DMA Remapping/device memory isolation and sandboxing. This policy only takes effect when Kernel DMA Protection is supported and enabled by the system firmware. Kernel DMA Protection is a platform feature that cannot be controlled via policy or by end user. It has to be supported by the system at the time of manufacturing. To check if the system supports Kernel DMA Protection, please check the Kernel DMA Protection field in the Summary page of MSINFO32.exe. Possible values are: deviceDefault, blockAll, allowAll.","Name":"DmaGuardDeviceEnumerationPolicy","Option":"Write","ValueMap":["deviceDefault","blockAll","allowAll"],"Values":["deviceDefault","blockAll","allowAll"]},{"CIMType":"Boolean","Description":"Blocks stateful FTP connections to the device","Name":"FirewallBlockStatefulFTP","Option":"Write"},{"CIMType":"String","Description":"Specify how the certificate revocation list is to be enforced. Possible values are: deviceDefault, none, attempt, require.","Name":"FirewallCertificateRevocationListCheckMethod","Option":"Write","ValueMap":["deviceDefault","none","attempt","require"],"Values":["deviceDefault","none","attempt","require"]},{"CIMType":"UInt32","Description":"Configures the idle timeout for security associations, in seconds, from 300 to 3600 inclusive. This is the period after which security associations will expire and be deleted. Valid values 300 to 3600","Name":"FirewallIdleTimeoutForSecurityAssociationInSeconds","Option":"Write"},{"CIMType":"Boolean","Description":"Configures IPSec exemptions to allow both IPv4 and IPv6 DHCP traffic","Name":"FirewallIPSecExemptionsAllowDHCP","Option":"Write"},{"CIMType":"Boolean","Description":"Configures IPSec exemptions to allow ICMP","Name":"FirewallIPSecExemptionsAllowICMP","Option":"Write"},{"CIMType":"Boolean","Description":"Configures IPSec exemptions to allow neighbor discovery IPv6 ICMP type-codes","Name":"FirewallIPSecExemptionsAllowNeighborDiscovery","Option":"Write"},{"CIMType":"Boolean","Description":"Configures IPSec exemptions to allow router discovery IPv6 ICMP type-codes","Name":"FirewallIPSecExemptionsAllowRouterDiscovery","Option":"Write"},{"CIMType":"Boolean","Description":"Configures IPSec exemptions to no exemptions","Name":"FirewallIPSecExemptionsNone","Option":"Write"},{"CIMType":"Boolean","Description":"If an authentication set is not fully supported by a keying module, direct the module to ignore only unsupported authentication suites rather than the entire set","Name":"FirewallMergeKeyingModuleSettings","Option":"Write"},{"CIMType":"String","Description":"Configures how packet queueing should be applied in the tunnel gateway scenario. Possible values are: deviceDefault, disabled, queueInbound, queueOutbound, queueBoth.","Name":"FirewallPacketQueueingMethod","Option":"Write","ValueMap":["deviceDefault","disabled","queueInbound","queueOutbound","queueBoth"],"Values":["deviceDefault","disabled","queueInbound","queueOutbound","queueBoth"]},{"CIMType":"String","Description":"Select the preshared key encoding to be used. Possible values are: deviceDefault, none, utF8.","Name":"FirewallPreSharedKeyEncodingMethod","Option":"Write","ValueMap":["deviceDefault","none","utF8"],"Values":["deviceDefault","none","utF8"]},{"CIMType":"MSFT_MicrosoftGraphwindowsFirewallNetworkProfile","Description":"Configures the firewall profile settings for domain networks","Name":"FirewallProfileDomain","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphwindowsFirewallNetworkProfile","Description":"Configures the firewall profile settings for private networks","Name":"FirewallProfilePrivate","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphwindowsFirewallNetworkProfile","Description":"Configures the firewall profile settings for public networks","Name":"FirewallProfilePublic","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphwindowsFirewallRule[]","Description":"Configures the firewall rule settings. This collection can contain a maximum of 150 elements.","Name":"FirewallRules","Option":"Write"},{"CIMType":"String","Description":"This security setting determines which challenge/response authentication protocol is used for network logons. Possible values are: lmAndNltm, lmNtlmAndNtlmV2, lmAndNtlmOnly, lmAndNtlmV2, lmNtlmV2AndNotLm, lmNtlmV2AndNotLmOrNtm.","Name":"LanManagerAuthenticationLevel","Option":"Write","ValueMap":["lmAndNltm","lmNtlmAndNtlmV2","lmAndNtlmOnly","lmAndNtlmV2","lmNtlmV2AndNotLm","lmNtlmV2AndNotLmOrNtm"],"Values":["lmAndNltm","lmNtlmAndNtlmV2","lmAndNtlmOnly","lmAndNtlmV2","lmNtlmV2AndNotLm","lmNtlmV2AndNotLmOrNtm"]},{"CIMType":"Boolean","Description":"If enabled,the SMB client will allow insecure guest logons. If not configured, the SMB client will reject insecure guest logons.","Name":"LanManagerWorkstationDisableInsecureGuestLogons","Option":"Write"},{"CIMType":"String","Description":"Define a different account name to be associated with the security identifier (SID) for the account 'Administrator'.","Name":"LocalSecurityOptionsAdministratorAccountName","Option":"Write"},{"CIMType":"String","Description":"Define the behavior of the elevation prompt for admins in Admin Approval Mode. Possible values are: notConfigured, elevateWithoutPrompting, promptForCredentialsOnTheSecureDesktop, promptForConsentOnTheSecureDesktop, promptForCredentials, promptForConsent, promptForConsentForNonWindowsBinaries.","Name":"LocalSecurityOptionsAdministratorElevationPromptBehavior","Option":"Write","ValueMap":["notConfigured","elevateWithoutPrompting","promptForCredentialsOnTheSecureDesktop","promptForConsentOnTheSecureDesktop","promptForCredentials","promptForConsent","promptForConsentForNonWindowsBinaries"],"Values":["notConfigured","elevateWithoutPrompting","promptForCredentialsOnTheSecureDesktop","promptForConsentOnTheSecureDesktop","promptForCredentials","promptForConsent","promptForConsentForNonWindowsBinaries"]},{"CIMType":"Boolean","Description":"This security setting determines whether to allows anonymous users to perform certain activities, such as enumerating the names of domain accounts and network shares.","Name":"LocalSecurityOptionsAllowAnonymousEnumerationOfSAMAccountsAndShares","Option":"Write"},{"CIMType":"Boolean","Description":"Block PKU2U authentication requests to this device to use online identities.","Name":"LocalSecurityOptionsAllowPKU2UAuthenticationRequests","Option":"Write"},{"CIMType":"String","Description":"Edit the default Security Descriptor Definition Language string to allow or deny users and groups to make remote calls to the SAM.","Name":"LocalSecurityOptionsAllowRemoteCallsToSecurityAccountsManager","Option":"Write"},{"CIMType":"Boolean","Description":"UI helper boolean for LocalSecurityOptionsAllowRemoteCallsToSecurityAccountsManager entity","Name":"LocalSecurityOptionsAllowRemoteCallsToSecurityAccountsManagerHelperBool","Option":"Write"},{"CIMType":"Boolean","Description":"This security setting determines whether a computer can be shut down without having to log on to Windows.","Name":"LocalSecurityOptionsAllowSystemToBeShutDownWithoutHavingToLogOn","Option":"Write"},{"CIMType":"Boolean","Description":"Allow UIAccess apps to prompt for elevation without using the secure desktop.","Name":"LocalSecurityOptionsAllowUIAccessApplicationElevation","Option":"Write"},{"CIMType":"Boolean","Description":"Allow UIAccess apps to prompt for elevation without using the secure desktop.Default is enabled","Name":"LocalSecurityOptionsAllowUIAccessApplicationsForSecureLocations","Option":"Write"},{"CIMType":"Boolean","Description":"Prevent a portable computer from being undocked without having to log in.","Name":"LocalSecurityOptionsAllowUndockWithoutHavingToLogon","Option":"Write"},{"CIMType":"Boolean","Description":"Prevent users from adding new Microsoft accounts to this computer.","Name":"LocalSecurityOptionsBlockMicrosoftAccounts","Option":"Write"},{"CIMType":"Boolean","Description":"Enable Local accounts that are not password protected to log on from locations other than the physical device.Default is enabled","Name":"LocalSecurityOptionsBlockRemoteLogonWithBlankPassword","Option":"Write"},{"CIMType":"Boolean","Description":"Enabling this settings allows only interactively logged on user to access CD-ROM media.","Name":"LocalSecurityOptionsBlockRemoteOpticalDriveAccess","Option":"Write"},{"CIMType":"Boolean","Description":"Restrict installing printer drivers as part of connecting to a shared printer to admins only.","Name":"LocalSecurityOptionsBlockUsersInstallingPrinterDrivers","Option":"Write"},{"CIMType":"Boolean","Description":"This security setting determines whether the virtual memory pagefile is cleared when the system is shut down.","Name":"LocalSecurityOptionsClearVirtualMemoryPageFile","Option":"Write"},{"CIMType":"Boolean","Description":"This security setting determines whether packet signing is required by the SMB client component.","Name":"LocalSecurityOptionsClientDigitallySignCommunicationsAlways","Option":"Write"},{"CIMType":"Boolean","Description":"If this security setting is enabled, the Server Message Block (SMB) redirector is allowed to send plaintext passwords to non-Microsoft SMB servers that do not support password encryption during authentication.","Name":"LocalSecurityOptionsClientSendUnencryptedPasswordToThirdPartySMBServers","Option":"Write"},{"CIMType":"Boolean","Description":"App installations requiring elevated privileges will prompt for admin credentials.Default is enabled","Name":"LocalSecurityOptionsDetectApplicationInstallationsAndPromptForElevation","Option":"Write"},{"CIMType":"Boolean","Description":"Determines whether the Local Administrator account is enabled or disabled.","Name":"LocalSecurityOptionsDisableAdministratorAccount","Option":"Write"},{"CIMType":"Boolean","Description":"This security setting determines whether the SMB client attempts to negotiate SMB packet signing.","Name":"LocalSecurityOptionsDisableClientDigitallySignCommunicationsIfServerAgrees","Option":"Write"},{"CIMType":"Boolean","Description":"Determines if the Guest account is enabled or disabled.","Name":"LocalSecurityOptionsDisableGuestAccount","Option":"Write"},{"CIMType":"Boolean","Description":"This security setting determines whether packet signing is required by the SMB server component.","Name":"LocalSecurityOptionsDisableServerDigitallySignCommunicationsAlways","Option":"Write"},{"CIMType":"Boolean","Description":"This security setting determines whether the SMB server will negotiate SMB packet signing with clients that request it.","Name":"LocalSecurityOptionsDisableServerDigitallySignCommunicationsIfClientAgrees","Option":"Write"},{"CIMType":"Boolean","Description":"This security setting determines what additional permissions will be granted for anonymous connections to the computer.","Name":"LocalSecurityOptionsDoNotAllowAnonymousEnumerationOfSAMAccounts","Option":"Write"},{"CIMType":"Boolean","Description":"Require CTRL+ALT+DEL to be pressed before a user can log on.","Name":"LocalSecurityOptionsDoNotRequireCtrlAltDel","Option":"Write"},{"CIMType":"Boolean","Description":"This security setting determines if, at the next password change, the LAN Manager (LM) hash value for the new password is stored. Its not stored by default.","Name":"LocalSecurityOptionsDoNotStoreLANManagerHashValueOnNextPasswordChange","Option":"Write"},{"CIMType":"String","Description":"Define who is allowed to format and eject removable NTFS media. Possible values are: notConfigured, administrators, administratorsAndPowerUsers, administratorsAndInteractiveUsers.","Name":"LocalSecurityOptionsFormatAndEjectOfRemovableMediaAllowedUser","Option":"Write","ValueMap":["notConfigured","administrators","administratorsAndPowerUsers","administratorsAndInteractiveUsers"],"Values":["notConfigured","administrators","administratorsAndPowerUsers","administratorsAndInteractiveUsers"]},{"CIMType":"String","Description":"Define a different account name to be associated with the security identifier (SID) for the account 'Guest'.","Name":"LocalSecurityOptionsGuestAccountName","Option":"Write"},{"CIMType":"Boolean","Description":"Do not display the username of the last person who signed in on this device.","Name":"LocalSecurityOptionsHideLastSignedInUser","Option":"Write"},{"CIMType":"Boolean","Description":"Do not display the username of the person signing in to this device after credentials are entered and before the devices desktop is shown.","Name":"LocalSecurityOptionsHideUsernameAtSignIn","Option":"Write"},{"CIMType":"String","Description":"Configure the user information that is displayed when the session is locked. If not configured, user display name, domain and username are shown. Possible values are: notConfigured, administrators, administratorsAndPowerUsers, administratorsAndInteractiveUsers.","Name":"LocalSecurityOptionsInformationDisplayedOnLockScreen","Option":"Write","ValueMap":["notConfigured","administrators","administratorsAndPowerUsers","administratorsAndInteractiveUsers"],"Values":["notConfigured","administrators","administratorsAndPowerUsers","administratorsAndInteractiveUsers"]},{"CIMType":"String","Description":"Configure the user information that is displayed when the session is locked. If not configured, user display name, domain and username are shown. Possible values are: notConfigured, userDisplayNameDomainUser, userDisplayNameOnly, doNotDisplayUser.","Name":"LocalSecurityOptionsInformationShownOnLockScreen","Option":"Write","ValueMap":["notConfigured","userDisplayNameDomainUser","userDisplayNameOnly","doNotDisplayUser"],"Values":["notConfigured","userDisplayNameDomainUser","userDisplayNameOnly","doNotDisplayUser"]},{"CIMType":"String","Description":"Set message text for users attempting to log in.","Name":"LocalSecurityOptionsLogOnMessageText","Option":"Write"},{"CIMType":"String","Description":"Set message title for users attempting to log in.","Name":"LocalSecurityOptionsLogOnMessageTitle","Option":"Write"},{"CIMType":"UInt32","Description":"Define maximum minutes of inactivity on the interactive desktops login screen until the screen saver runs. Valid values 0 to 9999","Name":"LocalSecurityOptionsMachineInactivityLimit","Option":"Write"},{"CIMType":"UInt32","Description":"Define maximum minutes of inactivity on the interactive desktops login screen until the screen saver runs. Valid values 0 to 9999","Name":"LocalSecurityOptionsMachineInactivityLimitInMinutes","Option":"Write"},{"CIMType":"String","Description":"This security setting allows a client to require the negotiation of 128-bit encryption and/or NTLMv2 session security. Possible values are: none, requireNtmlV2SessionSecurity, require128BitEncryption, ntlmV2And128BitEncryption.","Name":"LocalSecurityOptionsMinimumSessionSecurityForNtlmSspBasedClients","Option":"Write","ValueMap":["none","requireNtmlV2SessionSecurity","require128BitEncryption","ntlmV2And128BitEncryption"],"Values":["none","requireNtmlV2SessionSecurity","require128BitEncryption","ntlmV2And128BitEncryption"]},{"CIMType":"String","Description":"This security setting allows a server to require the negotiation of 128-bit encryption and/or NTLMv2 session security. Possible values are: none, requireNtmlV2SessionSecurity, require128BitEncryption, ntlmV2And128BitEncryption.","Name":"LocalSecurityOptionsMinimumSessionSecurityForNtlmSspBasedServers","Option":"Write","ValueMap":["none","requireNtmlV2SessionSecurity","require128BitEncryption","ntlmV2And128BitEncryption"],"Values":["none","requireNtmlV2SessionSecurity","require128BitEncryption","ntlmV2And128BitEncryption"]},{"CIMType":"Boolean","Description":"Enforce PKI certification path validation for a given executable file before it is permitted to run.","Name":"LocalSecurityOptionsOnlyElevateSignedExecutables","Option":"Write"},{"CIMType":"Boolean","Description":"By default, this security setting restricts anonymous access to shares and pipes to the settings for named pipes that can be accessed anonymously and Shares that can be accessed anonymously","Name":"LocalSecurityOptionsRestrictAnonymousAccessToNamedPipesAndShares","Option":"Write"},{"CIMType":"String","Description":"This security setting determines what happens when the smart card for a logged-on user is removed from the smart card reader. Possible values are: noAction, lockWorkstation, forceLogoff, disconnectRemoteDesktopSession.","Name":"LocalSecurityOptionsSmartCardRemovalBehavior","Option":"Write","ValueMap":["noAction","lockWorkstation","forceLogoff","disconnectRemoteDesktopSession"],"Values":["noAction","lockWorkstation","forceLogoff","disconnectRemoteDesktopSession"]},{"CIMType":"String","Description":"Define the behavior of the elevation prompt for standard users. Possible values are: notConfigured, automaticallyDenyElevationRequests, promptForCredentialsOnTheSecureDesktop, promptForCredentials.","Name":"LocalSecurityOptionsStandardUserElevationPromptBehavior","Option":"Write","ValueMap":["notConfigured","automaticallyDenyElevationRequests","promptForCredentialsOnTheSecureDesktop","promptForCredentials"],"Values":["notConfigured","automaticallyDenyElevationRequests","promptForCredentialsOnTheSecureDesktop","promptForCredentials"]},{"CIMType":"Boolean","Description":"Enable all elevation requests to go to the interactive user's desktop rather than the secure desktop. Prompt behavior policy settings for admins and standard users are used.","Name":"LocalSecurityOptionsSwitchToSecureDesktopWhenPromptingForElevation","Option":"Write"},{"CIMType":"Boolean","Description":"Defines whether the built-in admin account uses Admin Approval Mode or runs all apps with full admin privileges.Default is enabled","Name":"LocalSecurityOptionsUseAdminApprovalMode","Option":"Write"},{"CIMType":"Boolean","Description":"Define whether Admin Approval Mode and all UAC policy settings are enabled, default is enabled","Name":"LocalSecurityOptionsUseAdminApprovalModeForAdministrators","Option":"Write"},{"CIMType":"Boolean","Description":"Virtualize file and registry write failures to per user locations","Name":"LocalSecurityOptionsVirtualizeFileAndRegistryWriteFailuresToPerUserLocations","Option":"Write"},{"CIMType":"Boolean","Description":"Allows IT Admins to control whether users can can ignore SmartScreen warnings and run malicious files.","Name":"SmartScreenBlockOverrideForFiles","Option":"Write"},{"CIMType":"Boolean","Description":"Allows IT Admins to configure SmartScreen for Windows.","Name":"SmartScreenEnableInShell","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphdeviceManagementUserRightsSetting","Description":"This user right is used by Credential Manager during Backup/Restore. Users' saved credentials might be compromised if this privilege is given to other entities. Only states NotConfigured and Allowed are supported","Name":"UserRightsAccessCredentialManagerAsTrustedCaller","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphdeviceManagementUserRightsSetting","Description":"This user right allows a process to impersonate any user without authentication. The process can therefore gain access to the same local resources as that user. Only states NotConfigured and Allowed are supported","Name":"UserRightsActAsPartOfTheOperatingSystem","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphdeviceManagementUserRightsSetting","Description":"This user right determines which users and groups are allowed to connect to the computer over the network. State Allowed is supported.","Name":"UserRightsAllowAccessFromNetwork","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphdeviceManagementUserRightsSetting","Description":"This user right determines which users can bypass file, directory, registry, and other persistent objects permissions when backing up files and directories. Only states NotConfigured and Allowed are supported","Name":"UserRightsBackupData","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphdeviceManagementUserRightsSetting","Description":"This user right determines which users and groups are block from connecting to the computer over the network. State Block is supported.","Name":"UserRightsBlockAccessFromNetwork","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphdeviceManagementUserRightsSetting","Description":"This user right determines which users and groups can change the time and date on the internal clock of the computer. Only states NotConfigured and Allowed are supported","Name":"UserRightsChangeSystemTime","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphdeviceManagementUserRightsSetting","Description":"This security setting determines whether users can create global objects that are available to all sessions. Users who can create global objects could affect processes that run under other users' sessions, which could lead to application failure or data corruption. Only states NotConfigured and Allowed are supported","Name":"UserRightsCreateGlobalObjects","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphdeviceManagementUserRightsSetting","Description":"This user right determines which users and groups can call an internal API to create and change the size of a page file. Only states NotConfigured and Allowed are supported","Name":"UserRightsCreatePageFile","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphdeviceManagementUserRightsSetting","Description":"This user right determines which accounts can be used by processes to create a directory object using the object manager. Only states NotConfigured and Allowed are supported","Name":"UserRightsCreatePermanentSharedObjects","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphdeviceManagementUserRightsSetting","Description":"This user right determines if the user can create a symbolic link from the computer to which they are logged on. Only states NotConfigured and Allowed are supported","Name":"UserRightsCreateSymbolicLinks","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphdeviceManagementUserRightsSetting","Description":"This user right determines which users/groups can be used by processes to create a token that can then be used to get access to any local resources when the process uses an internal API to create an access token. Only states NotConfigured and Allowed are supported","Name":"UserRightsCreateToken","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphdeviceManagementUserRightsSetting","Description":"This user right determines which users can attach a debugger to any process or to the kernel. Only states NotConfigured and Allowed are supported","Name":"UserRightsDebugPrograms","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphdeviceManagementUserRightsSetting","Description":"This user right determines which users can set the Trusted for Delegation setting on a user or computer object. Only states NotConfigured and Allowed are supported.","Name":"UserRightsDelegation","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphdeviceManagementUserRightsSetting","Description":"This user right determines which users cannot log on to the computer. States NotConfigured, Blocked are supported","Name":"UserRightsDenyLocalLogOn","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphdeviceManagementUserRightsSetting","Description":"This user right determines which accounts can be used by a process to add entries to the security log. The security log is used to trace unauthorized system access.  Only states NotConfigured and Allowed are supported.","Name":"UserRightsGenerateSecurityAudits","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphdeviceManagementUserRightsSetting","Description":"Assigning this user right to a user allows programs running on behalf of that user to impersonate a client. Requiring this user right for this kind of impersonation prevents an unauthorized user from convincing a client to connect to a service that they have created and then impersonating that client, which can elevate the unauthorized user's permissions to administrative or system levels. Only states NotConfigured and Allowed are supported.","Name":"UserRightsImpersonateClient","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphdeviceManagementUserRightsSetting","Description":"This user right determines which accounts can use a process with Write Property access to another process to increase the execution priority assigned to the other process. Only states NotConfigured and Allowed are supported.","Name":"UserRightsIncreaseSchedulingPriority","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphdeviceManagementUserRightsSetting","Description":"This user right determines which users can dynamically load and unload device drivers or other code in to kernel mode. Only states NotConfigured and Allowed are supported.","Name":"UserRightsLoadUnloadDrivers","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphdeviceManagementUserRightsSetting","Description":"This user right determines which users can log on to the computer. States NotConfigured, Allowed are supported","Name":"UserRightsLocalLogOn","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphdeviceManagementUserRightsSetting","Description":"This user right determines which accounts can use a process to keep data in physical memory, which prevents the system from paging the data to virtual memory on disk. Only states NotConfigured and Allowed are supported.","Name":"UserRightsLockMemory","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphdeviceManagementUserRightsSetting","Description":"This user right determines which users can specify object access auditing options for individual resources, such as files, Active Directory objects, and registry keys. Only states NotConfigured and Allowed are supported.","Name":"UserRightsManageAuditingAndSecurityLogs","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphdeviceManagementUserRightsSetting","Description":"This user right determines which users and groups can run maintenance tasks on a volume, such as remote defragmentation. Only states NotConfigured and Allowed are supported.","Name":"UserRightsManageVolumes","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphdeviceManagementUserRightsSetting","Description":"This user right determines who can modify firmware environment values. Only states NotConfigured and Allowed are supported.","Name":"UserRightsModifyFirmwareEnvironment","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphdeviceManagementUserRightsSetting","Description":"This user right determines which user accounts can modify the integrity label of objects, such as files, registry keys, or processes owned by other users. Only states NotConfigured and Allowed are supported.","Name":"UserRightsModifyObjectLabels","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphdeviceManagementUserRightsSetting","Description":"This user right determines which users can use performance monitoring tools to monitor the performance of system processes. Only states NotConfigured and Allowed are supported.","Name":"UserRightsProfileSingleProcess","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphdeviceManagementUserRightsSetting","Description":"This user right determines which users and groups are prohibited from logging on as a Remote Desktop Services client. Only states NotConfigured and Blocked are supported","Name":"UserRightsRemoteDesktopServicesLogOn","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphdeviceManagementUserRightsSetting","Description":"This user right determines which users are allowed to shut down a computer from a remote location on the network. Misuse of this user right can result in a denial of service. Only states NotConfigured and Allowed are supported.","Name":"UserRightsRemoteShutdown","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphdeviceManagementUserRightsSetting","Description":"This user right determines which users can bypass file, directory, registry, and other persistent objects permissions when restoring backed up files and directories, and determines which users can set any valid security principal as the owner of an object. Only states NotConfigured and Allowed are supported.","Name":"UserRightsRestoreData","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphdeviceManagementUserRightsSetting","Description":"This user right determines which users can take ownership of any securable object in the system, including Active Directory objects, files and folders, printers, registry keys, processes, and threads. Only states NotConfigured and Allowed are supported.","Name":"UserRightsTakeOwnership","Option":"Write"},{"CIMType":"String","Description":"Configure windows defender TamperProtection settings. Possible values are: notConfigured, enable, disable.","Name":"WindowsDefenderTamperProtection","Option":"Write","ValueMap":["notConfigured","enable","disable"],"Values":["notConfigured","enable","disable"]},{"CIMType":"String","Description":"This setting determines whether the Accessory management service's start type is Automatic(2), Manual(3), Disabled(4). Default: Manual. Possible values are: manual, automatic, disabled.","Name":"XboxServicesAccessoryManagementServiceStartupMode","Option":"Write","ValueMap":["manual","automatic","disabled"],"Values":["manual","automatic","disabled"]},{"CIMType":"Boolean","Description":"This setting determines whether xbox game save is enabled (1) or disabled (0).","Name":"XboxServicesEnableXboxGameSaveTask","Option":"Write"},{"CIMType":"String","Description":"This setting determines whether Live Auth Manager service's start type is Automatic(2), Manual(3), Disabled(4). Default: Manual. Possible values are: manual, automatic, disabled.","Name":"XboxServicesLiveAuthManagerServiceStartupMode","Option":"Write","ValueMap":["manual","automatic","disabled"],"Values":["manual","automatic","disabled"]},{"CIMType":"String","Description":"This setting determines whether Live Game save service's start type is Automatic(2), Manual(3), Disabled(4). Default: Manual. Possible values are: manual, automatic, disabled.","Name":"XboxServicesLiveGameSaveServiceStartupMode","Option":"Write","ValueMap":["manual","automatic","disabled"],"Values":["manual","automatic","disabled"]},{"CIMType":"String","Description":"This setting determines whether Networking service's start type is Automatic(2), Manual(3), Disabled(4). Default: Manual. Possible values are: manual, automatic, disabled.","Name":"XboxServicesLiveNetworkingServiceStartupMode","Option":"Write","ValueMap":["manual","automatic","disabled"],"Values":["manual","automatic","disabled"]},{"CIMType":"String","Description":"Admin provided description of the Device Configuration.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Admin provided name of the device configuration.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Device Configuration Endpoint Protection Policy for Windows10"},{"ClassName":"MSFT_IntuneDeviceConfigurationFirmwareInterfacePolicyWindows10","Parameters":[{"CIMType":"String","Description":"Defines whether a user is allowed to enable Bluetooth. Possible values are: notConfigured, enabled, disabled.","Name":"Bluetooth","Option":"Write","ValueMap":["notConfigured","enabled","disabled"],"Values":["notConfigured","enabled","disabled"]},{"CIMType":"String","Description":"Defines whether a user is allowed to boot from built-in network adapters. Possible values are: notConfigured, enabled, disabled.","Name":"BootFromBuiltInNetworkAdapters","Option":"Write","ValueMap":["notConfigured","enabled","disabled"],"Values":["notConfigured","enabled","disabled"]},{"CIMType":"String","Description":"Defines whether a user is allowed to boot from external media. Possible values are: notConfigured, enabled, disabled.","Name":"BootFromExternalMedia","Option":"Write","ValueMap":["notConfigured","enabled","disabled"],"Values":["notConfigured","enabled","disabled"]},{"CIMType":"String","Description":"Defines whether built-in cameras are enabled. Possible values are: notConfigured, enabled, disabled.","Name":"Cameras","Option":"Write","ValueMap":["notConfigured","enabled","disabled"],"Values":["notConfigured","enabled","disabled"]},{"CIMType":"String","Description":"Defines the permission level granted to users to change UEFI settings. Possible values are: notConfiguredOnly, none.","Name":"ChangeUefiSettingsPermission","Option":"Write","ValueMap":["notConfiguredOnly","none"],"Values":["notConfiguredOnly","none"]},{"CIMType":"String","Description":"Defines whether a user is allowed to enable Front Camera. Possible values are: notConfigured, enabled, disabled.","Name":"FrontCamera","Option":"Write","ValueMap":["notConfigured","enabled","disabled"],"Values":["notConfigured","enabled","disabled"]},{"CIMType":"String","Description":"Defines whether a user is allowed to enable Infrared camera. Possible values are: notConfigured, enabled, disabled.","Name":"InfraredCamera","Option":"Write","ValueMap":["notConfigured","enabled","disabled"],"Values":["notConfigured","enabled","disabled"]},{"CIMType":"String","Description":"Defines whether a user is allowed to enable Microphone. Possible values are: notConfigured, enabled, disabled.","Name":"Microphone","Option":"Write","ValueMap":["notConfigured","enabled","disabled"],"Values":["notConfigured","enabled","disabled"]},{"CIMType":"String","Description":"Defines whether built-in microphones or speakers are enabled. Possible values are: notConfigured, enabled, disabled.","Name":"MicrophonesAndSpeakers","Option":"Write","ValueMap":["notConfigured","enabled","disabled"],"Values":["notConfigured","enabled","disabled"]},{"CIMType":"String","Description":"Defines whether a user is allowed to enable Near Field Communication. Possible values are: notConfigured, enabled, disabled.","Name":"NearFieldCommunication","Option":"Write","ValueMap":["notConfigured","enabled","disabled"],"Values":["notConfigured","enabled","disabled"]},{"CIMType":"String","Description":"Defines whether built-in radios e.g. WIFI, NFC, Bluetooth, are enabled. Possible values are: notConfigured, enabled, disabled.","Name":"Radios","Option":"Write","ValueMap":["notConfigured","enabled","disabled"],"Values":["notConfigured","enabled","disabled"]},{"CIMType":"String","Description":"Defines whether a user is allowed to enable rear camera. Possible values are: notConfigured, enabled, disabled.","Name":"RearCamera","Option":"Write","ValueMap":["notConfigured","enabled","disabled"],"Values":["notConfigured","enabled","disabled"]},{"CIMType":"String","Description":"Defines whether a user is allowed to enable SD Card Port. Possible values are: notConfigured, enabled, disabled.","Name":"SdCard","Option":"Write","ValueMap":["notConfigured","enabled","disabled"],"Values":["notConfigured","enabled","disabled"]},{"CIMType":"String","Description":"Defines whether a user is allowed to enable Simultaneous MultiThreading. Possible values are: notConfigured, enabled, disabled.","Name":"SimultaneousMultiThreading","Option":"Write","ValueMap":["notConfigured","enabled","disabled"],"Values":["notConfigured","enabled","disabled"]},{"CIMType":"String","Description":"Defines whether a user is allowed to enable USB Type A Port. Possible values are: notConfigured, enabled, disabled.","Name":"UsbTypeAPort","Option":"Write","ValueMap":["notConfigured","enabled","disabled"],"Values":["notConfigured","enabled","disabled"]},{"CIMType":"String","Description":"Defines whether CPU and IO virtualization is enabled. Possible values are: notConfigured, enabled, disabled.","Name":"VirtualizationOfCpuAndIO","Option":"Write","ValueMap":["notConfigured","enabled","disabled"],"Values":["notConfigured","enabled","disabled"]},{"CIMType":"String","Description":"Defines whether a user is allowed to enable Wake on LAN. Possible values are: notConfigured, enabled, disabled.","Name":"WakeOnLAN","Option":"Write","ValueMap":["notConfigured","enabled","disabled"],"Values":["notConfigured","enabled","disabled"]},{"CIMType":"String","Description":"Defines whether a user is allowed to enable Wake On Power. Possible values are: notConfigured, enabled, disabled.","Name":"WakeOnPower","Option":"Write","ValueMap":["notConfigured","enabled","disabled"],"Values":["notConfigured","enabled","disabled"]},{"CIMType":"String","Description":"Defines whether a user is allowed to enable WiFi. Possible values are: notConfigured, enabled, disabled.","Name":"WiFi","Option":"Write","ValueMap":["notConfigured","enabled","disabled"],"Values":["notConfigured","enabled","disabled"]},{"CIMType":"String","Description":"Defines whether a user is allowed to enable Windows Platform Binary Table. Possible values are: notConfigured, enabled, disabled.","Name":"WindowsPlatformBinaryTable","Option":"Write","ValueMap":["notConfigured","enabled","disabled"],"Values":["notConfigured","enabled","disabled"]},{"CIMType":"String","Description":"Defines whether a user is allowed to enable Wireless Wide Area Network. Possible values are: notConfigured, enabled, disabled.","Name":"WirelessWideAreaNetwork","Option":"Write","ValueMap":["notConfigured","enabled","disabled"],"Values":["notConfigured","enabled","disabled"]},{"CIMType":"String","Description":"Admin provided description of the Device Configuration.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Admin provided name of the device configuration.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Device Configuration Firmware Interface Policy for Windows10"},{"ClassName":"MSFT_IntuneDeviceConfigurationHealthMonitoringConfigurationPolicyWindows10","Parameters":[{"CIMType":"String","Description":"Enables device health monitoring on the device. Possible values are: notConfigured, enabled, disabled.","Name":"AllowDeviceHealthMonitoring","Option":"Write","ValueMap":["notConfigured","enabled","disabled"],"Values":["notConfigured","enabled","disabled"]},{"CIMType":"String","Description":"Specifies custom set of events collected from the device where health monitoring is enabled","Name":"ConfigDeviceHealthMonitoringCustomScope","Option":"Write"},{"CIMType":"String[]","Description":"Specifies set of events collected from the device where health monitoring is enabled. Possible values are: undefined, healthMonitoring, bootPerformance, windowsUpdates, privilegeManagement.","Name":"ConfigDeviceHealthMonitoringScope","Option":"Write","ValueMap":["undefined","healthMonitoring","bootPerformance","windowsUpdates","privilegeManagement"],"Values":["undefined","healthMonitoring","bootPerformance","windowsUpdates","privilegeManagement"]},{"CIMType":"String","Description":"Admin provided description of the Device Configuration.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Admin provided name of the device configuration.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Device Configuration Health Monitoring Configuration Policy for Windows10"},{"ClassName":"MSFT_IntuneDeviceConfigurationIdentityProtectionPolicyWindows10","Parameters":[{"CIMType":"Boolean","Description":"Boolean value used to enable enhanced anti-spoofing for facial feature recognition on Windows Hello face authentication.","Name":"EnhancedAntiSpoofingForFacialFeaturesEnabled","Option":"Write"},{"CIMType":"UInt32","Description":"Integer value specifies the period (in days) that a PIN can be used before the system requires the user to change it. Valid values are 0 to 730 inclusive. Valid values 0 to 730","Name":"PinExpirationInDays","Option":"Write"},{"CIMType":"String","Description":"This value configures the use of lowercase characters in the Windows Hello for Business PIN. Possible values are: blocked, required, allowed, notConfigured.","Name":"PinLowercaseCharactersUsage","Option":"Write","ValueMap":["blocked","required","allowed","notConfigured"],"Values":["blocked","required","allowed","notConfigured"]},{"CIMType":"UInt32","Description":"Integer value that sets the maximum number of characters allowed for the work PIN. Valid values are 4 to 127 inclusive and greater than or equal to the value set for the minimum PIN. Valid values 4 to 127","Name":"PinMaximumLength","Option":"Write"},{"CIMType":"UInt32","Description":"Integer value that sets the minimum number of characters required for the Windows Hello for Business PIN. Valid values are 4 to 127 inclusive and less than or equal to the value set for the maximum PIN. Valid values 4 to 127","Name":"PinMinimumLength","Option":"Write"},{"CIMType":"UInt32","Description":"Controls the ability to prevent users from using past PINs. This must be set between 0 and 50, inclusive, and the current PIN of the user is included in that count. If set to 0, previous PINs are not stored. PIN history is not preserved through a PIN reset. Valid values 0 to 50","Name":"PinPreviousBlockCount","Option":"Write"},{"CIMType":"Boolean","Description":"Boolean value that enables a user to change their PIN by using the Windows Hello for Business PIN recovery service.","Name":"PinRecoveryEnabled","Option":"Write"},{"CIMType":"String","Description":"Controls the ability to use special characters in the Windows Hello for Business PIN. Possible values are: blocked, required, allowed, notConfigured.","Name":"PinSpecialCharactersUsage","Option":"Write","ValueMap":["blocked","required","allowed","notConfigured"],"Values":["blocked","required","allowed","notConfigured"]},{"CIMType":"String","Description":"This value configures the use of uppercase characters in the Windows Hello for Business PIN. Possible values are: blocked, required, allowed, notConfigured.","Name":"PinUppercaseCharactersUsage","Option":"Write","ValueMap":["blocked","required","allowed","notConfigured"],"Values":["blocked","required","allowed","notConfigured"]},{"CIMType":"Boolean","Description":"Controls whether to require a Trusted Platform Module (TPM) for provisioning Windows Hello for Business. A TPM provides an additional security benefit in that data stored on it cannot be used on other devices. If set to False, all devices can provision Windows Hello for Business even if there is not a usable TPM.","Name":"SecurityDeviceRequired","Option":"Write"},{"CIMType":"Boolean","Description":"Controls the use of biometric gestures, such as face and fingerprint, as an alternative to the Windows Hello for Business PIN.  If set to False, biometric gestures are not allowed. Users must still configure a PIN as a backup in case of failures.","Name":"UnlockWithBiometricsEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"Boolean value that enables Windows Hello for Business to use certificates to authenticate on-premise resources.","Name":"UseCertificatesForOnPremisesAuthEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"Boolean value used to enable the Windows Hello security key as a logon credential.","Name":"UseSecurityKeyForSignin","Option":"Write"},{"CIMType":"Boolean","Description":"Boolean value that blocks Windows Hello for Business as a method for signing into Windows.","Name":"WindowsHelloForBusinessBlocked","Option":"Write"},{"CIMType":"String","Description":"Admin provided description of the Device Configuration.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Admin provided name of the device configuration.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Device Configuration Identity Protection Policy for Windows10"},{"ClassName":"MSFT_IntuneDeviceConfigurationImportedPfxCertificatePolicyWindows10","Parameters":[{"CIMType":"String","Description":"Intended Purpose of the Certificate Profile - which could be Unassigned, SmimeEncryption, SmimeSigning etc. Possible values are: unassigned, smimeEncryption, smimeSigning, vpn, wifi.","Name":"IntendedPurpose","Option":"Write","ValueMap":["unassigned","smimeEncryption","smimeSigning","vpn","wifi"],"Values":["unassigned","smimeEncryption","smimeSigning","vpn","wifi"]},{"CIMType":"String","Description":"Scale for the Certificate Validity Period. Possible values are: days, months, years.","Name":"CertificateValidityPeriodScale","Option":"Write","ValueMap":["days","months","years"],"Values":["days","months","years"]},{"CIMType":"UInt32","Description":"Value for the Certificate Validity Period","Name":"CertificateValidityPeriodValue","Option":"Write"},{"CIMType":"String","Description":"Key Storage Provider (KSP). Possible values are: useTpmKspOtherwiseUseSoftwareKsp, useTpmKspOtherwiseFail, usePassportForWorkKspOtherwiseFail, useSoftwareKsp.","Name":"KeyStorageProvider","Option":"Write","ValueMap":["useTpmKspOtherwiseUseSoftwareKsp","useTpmKspOtherwiseFail","usePassportForWorkKspOtherwiseFail","useSoftwareKsp"],"Values":["useTpmKspOtherwiseUseSoftwareKsp","useTpmKspOtherwiseFail","usePassportForWorkKspOtherwiseFail","useSoftwareKsp"]},{"CIMType":"UInt32","Description":"Certificate renewal threshold percentage. Valid values 1 to 99","Name":"RenewalThresholdPercentage","Option":"Write"},{"CIMType":"String","Description":"Certificate Subject Alternative Name Type. Possible values are: none, emailAddress, userPrincipalName, customAzureADAttribute, domainNameService, universalResourceIdentifier.","Name":"SubjectAlternativeNameType","Option":"Write","ValueMap":["none","emailAddress","userPrincipalName","customAzureADAttribute","domainNameService","universalResourceIdentifier"],"Values":["none","emailAddress","userPrincipalName","customAzureADAttribute","domainNameService","universalResourceIdentifier"]},{"CIMType":"String","Description":"Certificate Subject Name Format. Possible values are: commonName, commonNameIncludingEmail, commonNameAsEmail, custom, commonNameAsIMEI, commonNameAsSerialNumber, commonNameAsAadDeviceId, commonNameAsIntuneDeviceId, commonNameAsDurableDeviceId.","Name":"SubjectNameFormat","Option":"Write","ValueMap":["commonName","commonNameIncludingEmail","commonNameAsEmail","custom","commonNameAsIMEI","commonNameAsSerialNumber","commonNameAsAadDeviceId","commonNameAsIntuneDeviceId","commonNameAsDurableDeviceId"],"Values":["commonName","commonNameIncludingEmail","commonNameAsEmail","custom","commonNameAsIMEI","commonNameAsSerialNumber","commonNameAsAadDeviceId","commonNameAsIntuneDeviceId","commonNameAsDurableDeviceId"]},{"CIMType":"String","Description":"Admin provided description of the Device Configuration.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Admin provided name of the device configuration.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Device Configuration Imported Pfx Certificate Policy for Windows10"},{"ClassName":"MSFT_MicrosoftGraphWindowsKioskProfile","Parameters":[{"CIMType":"MSFT_MicrosoftGraphWindowsKioskAppConfiguration","Description":"The App configuration that will be used for this kiosk configuration.","Name":"AppConfiguration","Option":"Write"},{"CIMType":"String","Description":"This is a friendly name used to identify a group of applications, the layout of these apps on the start menu and the users to whom this kiosk configuration is assigned.","Name":"ProfileName","Option":"Key"},{"CIMType":"MSFT_MicrosoftGraphWindowsKioskUser[]","Description":"The user accounts that will be locked to this kiosk configuration. This collection can contain a maximum of 100 elements.","Name":"UserAccountsConfiguration","Option":"Write"}],"Description":"Intune Device Configuration Kiosk Policy for Windows10"},{"ClassName":"MSFT_MicrosoftGraphWindowsKioskAppConfiguration","Parameters":[{"CIMType":"Boolean","Description":"This setting allows access to Downloads folder in file explorer.","Name":"AllowAccessToDownloadsFolder","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphWindowsKioskAppBase[]","Description":"These are the only Windows Store Apps that will be available to launch from the Start menu. This collection can contain a maximum of 128 elements.","Name":"Apps","Option":"Write"},{"CIMType":"Boolean","Description":"This setting indicates that desktop apps are allowed. Default to true.","Name":"DisallowDesktopApps","Option":"Write"},{"CIMType":"Boolean","Description":"This setting allows the admin to specify whether the Task Bar is shown or not.","Name":"ShowTaskBar","Option":"Write"},{"CIMType":"String","Description":"Allows admins to override the default Start layout and prevents the user from changing it.The layout is modified by specifying an XML file based on a layout modification schema. XML needs to be in Binary format.","Name":"StartMenuLayoutXml","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphWindowsKioskUWPApp","Description":"This is the only Application User Model ID (AUMID) that will be available to launch use while in Kiosk Mode","Name":"UwpApp","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphWindowsKioskWin32App","Description":"This is the win32 app that will be available to launch use while in Kiosk Mode","Name":"Win32App","Option":"Write"},{"CIMType":"String","Description":"The type of the entity.","Name":"odataType","Option":"Write","ValueMap":["#microsoft.graph.windowsKioskMultipleApps","#microsoft.graph.windowsKioskSingleUWPApp","#microsoft.graph.windowsKioskSingleWin32App"],"Values":["#microsoft.graph.windowsKioskMultipleApps","#microsoft.graph.windowsKioskSingleUWPApp","#microsoft.graph.windowsKioskSingleWin32App"]}],"Description":"Intune Device Configuration Kiosk Policy for Windows10"},{"ClassName":"MSFT_MicrosoftGraphWindowsKioskAppBase","Parameters":[{"CIMType":"String","Description":"The app type. Possible values are: unknown, store, desktop, aumId.","Name":"AppType","Option":"Required","ValueMap":["unknown","store","desktop","aumId"],"Values":["unknown","store","desktop","aumId"]},{"CIMType":"Boolean","Description":"Allow the app to be auto-launched in multi-app kiosk mode","Name":"AutoLaunch","Option":"Write"},{"CIMType":"String","Description":"Represents the friendly name of an app","Name":"Name","Option":"Write"},{"CIMType":"String","Description":"The app tile size for the start layout. Possible values are: hidden, small, medium, wide, large.","Name":"StartLayoutTileSize","Option":"Write","ValueMap":["hidden","small","medium","wide","large"],"Values":["hidden","small","medium","wide","large"]},{"CIMType":"String","Description":"Define the DesktopApplicationID of the app","Name":"DesktopApplicationId","Option":"Write"},{"CIMType":"String","Description":"Define the DesktopApplicationLinkPath of the app","Name":"DesktopApplicationLinkPath","Option":"Write"},{"CIMType":"String","Description":"Define the path of a desktop app","Name":"Path","Option":"Write"},{"CIMType":"String","Description":"This references an Intune App that will be target to the same assignments as Kiosk configuration","Name":"AppId","Option":"Write"},{"CIMType":"String","Description":"This is the only Application User Model ID (AUMID) that will be available to launch use while in Kiosk Mode","Name":"AppUserModelId","Option":"Write"},{"CIMType":"String","Description":"This references an contained App from an Intune App","Name":"ContainedAppId","Option":"Write"},{"CIMType":"String","Description":"This is the classicapppath to be used by v4 Win32 app while in Kiosk Mode","Name":"ClassicAppPath","Option":"Write"},{"CIMType":"String","Description":"Edge kiosk (url) for Edge kiosk mode","Name":"EdgeKiosk","Option":"Write"},{"CIMType":"UInt32","Description":"Edge kiosk idle timeout in minutes for Edge kiosk mode. Valid values 0 to 1440","Name":"EdgeKioskIdleTimeoutMinutes","Option":"Write"},{"CIMType":"String","Description":"Edge kiosk type for Edge kiosk mode. Possible values are: publicBrowsing, fullScreen.","Name":"EdgeKioskType","Option":"Write","ValueMap":["publicBrowsing","fullScreen"],"Values":["publicBrowsing","fullScreen"]},{"CIMType":"Boolean","Description":"Edge first run flag for Edge kiosk mode","Name":"EdgeNoFirstRun","Option":"Write"},{"CIMType":"String","Description":"The type of the entity.","Name":"odataType","Option":"Required","ValueMap":["#microsoft.graph.windowsKioskDesktopApp","#microsoft.graph.windowsKioskUWPApp","#microsoft.graph.windowsKioskWin32App"],"Values":["#microsoft.graph.windowsKioskDesktopApp","#microsoft.graph.windowsKioskUWPApp","#microsoft.graph.windowsKioskWin32App"]}],"Description":"Intune Device Configuration Kiosk Policy for Windows10"},{"ClassName":"MSFT_MicrosoftGraphWindowsKioskUWPApp","Parameters":[{"CIMType":"String","Description":"This references an Intune App that will be target to the same assignments as Kiosk configuration","Name":"AppId","Option":"Write"},{"CIMType":"String","Description":"This is the only Application User Model ID (AUMID) that will be available to launch use while in Kiosk Mode","Name":"AppUserModelId","Option":"Write"},{"CIMType":"String","Description":"This references an contained App from an Intune App","Name":"ContainedAppId","Option":"Write"},{"CIMType":"String","Description":"The app type. Possible values are: unknown, store, desktop, aumId.","Name":"AppType","Option":"Write","ValueMap":["unknown","store","desktop","aumId"],"Values":["unknown","store","desktop","aumId"]},{"CIMType":"Boolean","Description":"Allow the app to be auto-launched in multi-app kiosk mode","Name":"AutoLaunch","Option":"Write"},{"CIMType":"String","Description":"Represents the friendly name of an app","Name":"Name","Option":"Write"},{"CIMType":"String","Description":"The app tile size for the start layout. Possible values are: hidden, small, medium, wide, large.","Name":"StartLayoutTileSize","Option":"Write","ValueMap":["hidden","small","medium","wide","large"],"Values":["hidden","small","medium","wide","large"]},{"CIMType":"String","Description":"Define the DesktopApplicationID of the app","Name":"DesktopApplicationId","Option":"Write"},{"CIMType":"String","Description":"Define the DesktopApplicationLinkPath of the app","Name":"DesktopApplicationLinkPath","Option":"Write"},{"CIMType":"String","Description":"Define the path of a desktop app","Name":"Path","Option":"Write"},{"CIMType":"String","Description":"This is the classicapppath to be used by v4 Win32 app while in Kiosk Mode","Name":"ClassicAppPath","Option":"Write"},{"CIMType":"String","Description":"Edge kiosk (url) for Edge kiosk mode","Name":"EdgeKiosk","Option":"Write"},{"CIMType":"UInt32","Description":"Edge kiosk idle timeout in minutes for Edge kiosk mode. Valid values 0 to 1440","Name":"EdgeKioskIdleTimeoutMinutes","Option":"Write"},{"CIMType":"String","Description":"Edge kiosk type for Edge kiosk mode. Possible values are: publicBrowsing, fullScreen.","Name":"EdgeKioskType","Option":"Write","ValueMap":["publicBrowsing","fullScreen"],"Values":["publicBrowsing","fullScreen"]},{"CIMType":"Boolean","Description":"Edge first run flag for Edge kiosk mode","Name":"EdgeNoFirstRun","Option":"Write"},{"CIMType":"String","Description":"The type of the entity.","Name":"odataType","Option":"Required","ValueMap":["#microsoft.graph.windowsKioskDesktopApp","#microsoft.graph.windowsKioskUWPApp","#microsoft.graph.windowsKioskWin32App"],"Values":["#microsoft.graph.windowsKioskDesktopApp","#microsoft.graph.windowsKioskUWPApp","#microsoft.graph.windowsKioskWin32App"]}],"Description":"Intune Device Configuration Kiosk Policy for Windows10"},{"ClassName":"MSFT_MicrosoftGraphWindowsKioskWin32App","Parameters":[{"CIMType":"String","Description":"This is the classicapppath to be used by v4 Win32 app while in Kiosk Mode","Name":"ClassicAppPath","Option":"Write"},{"CIMType":"String","Description":"Edge kiosk (url) for Edge kiosk mode","Name":"EdgeKiosk","Option":"Write"},{"CIMType":"UInt32","Description":"Edge kiosk idle timeout in minutes for Edge kiosk mode. Valid values 0 to 1440","Name":"EdgeKioskIdleTimeoutMinutes","Option":"Write"},{"CIMType":"String","Description":"Edge kiosk type for Edge kiosk mode. Possible values are: publicBrowsing, fullScreen.","Name":"EdgeKioskType","Option":"Write","ValueMap":["publicBrowsing","fullScreen"],"Values":["publicBrowsing","fullScreen"]},{"CIMType":"Boolean","Description":"Edge first run flag for Edge kiosk mode","Name":"EdgeNoFirstRun","Option":"Write"},{"CIMType":"String","Description":"The app type. Possible values are: unknown, store, desktop, aumId.","Name":"AppType","Option":"Write","ValueMap":["unknown","store","desktop","aumId"],"Values":["unknown","store","desktop","aumId"]},{"CIMType":"Boolean","Description":"Allow the app to be auto-launched in multi-app kiosk mode","Name":"AutoLaunch","Option":"Write"},{"CIMType":"String","Description":"Represents the friendly name of an app","Name":"Name","Option":"Write"},{"CIMType":"String","Description":"The app tile size for the start layout. Possible values are: hidden, small, medium, wide, large.","Name":"StartLayoutTileSize","Option":"Write","ValueMap":["hidden","small","medium","wide","large"],"Values":["hidden","small","medium","wide","large"]},{"CIMType":"String","Description":"Define the DesktopApplicationID of the app","Name":"DesktopApplicationId","Option":"Write"},{"CIMType":"String","Description":"Define the DesktopApplicationLinkPath of the app","Name":"DesktopApplicationLinkPath","Option":"Write"},{"CIMType":"String","Description":"Define the path of a desktop app","Name":"Path","Option":"Write"},{"CIMType":"String","Description":"This references an Intune App that will be target to the same assignments as Kiosk configuration","Name":"AppId","Option":"Write"},{"CIMType":"String","Description":"This is the only Application User Model ID (AUMID) that will be available to launch use while in Kiosk Mode","Name":"AppUserModelId","Option":"Write"},{"CIMType":"String","Description":"This references an contained App from an Intune App","Name":"ContainedAppId","Option":"Write"},{"CIMType":"String","Description":"The type of the entity.","Name":"odataType","Option":"Required","ValueMap":["#microsoft.graph.windowsKioskDesktopApp","#microsoft.graph.windowsKioskUWPApp","#microsoft.graph.windowsKioskWin32App"],"Values":["#microsoft.graph.windowsKioskDesktopApp","#microsoft.graph.windowsKioskUWPApp","#microsoft.graph.windowsKioskWin32App"]}],"Description":"Intune Device Configuration Kiosk Policy for Windows10"},{"ClassName":"MSFT_MicrosoftGraphWindowsKioskUser","Parameters":[{"CIMType":"String","Description":"The name of the AD group that will be locked to this kiosk configuration","Name":"GroupName","Option":"Write"},{"CIMType":"String","Description":"The display name of the AzureAD group that will be locked to this kiosk configuration","Name":"DisplayName","Option":"Write"},{"CIMType":"String","Description":"The ID of the AzureAD group that will be locked to this kiosk configuration","Name":"GroupId","Option":"Write"},{"CIMType":"String","Description":"The ID of the AzureAD user that will be locked to this kiosk configuration","Name":"UserId","Option":"Write"},{"CIMType":"String","Description":"The user accounts that will be locked to this kiosk configuration","Name":"UserPrincipalName","Option":"Write"},{"CIMType":"String","Description":"The local user that will be locked to this kiosk configuration","Name":"UserName","Option":"Write"},{"CIMType":"String","Description":"The type of the entity.","Name":"odataType","Option":"Required","ValueMap":["#microsoft.graph.windowsKioskActiveDirectoryGroup","#microsoft.graph.windowsKioskAutologon","#microsoft.graph.windowsKioskAzureADGroup","#microsoft.graph.windowsKioskAzureADUser","#microsoft.graph.windowsKioskLocalGroup","#microsoft.graph.windowsKioskLocalUser","#microsoft.graph.windowsKioskVisitor"],"Values":["#microsoft.graph.windowsKioskActiveDirectoryGroup","#microsoft.graph.windowsKioskAutologon","#microsoft.graph.windowsKioskAzureADGroup","#microsoft.graph.windowsKioskAzureADUser","#microsoft.graph.windowsKioskLocalGroup","#microsoft.graph.windowsKioskLocalUser","#microsoft.graph.windowsKioskVisitor"]}],"Description":"Intune Device Configuration Kiosk Policy for Windows10"},{"ClassName":"MSFT_MicrosoftGraphWindowsKioskForceUpdateSchedule","Parameters":[{"CIMType":"UInt32","Description":"Day of month. Valid values 1 to 31","Name":"DayofMonth","Option":"Write"},{"CIMType":"String","Description":"Day of week. Possible values are: sunday, monday, tuesday, wednesday, thursday, friday, saturday.","Name":"DayofWeek","Option":"Write","ValueMap":["sunday","monday","tuesday","wednesday","thursday","friday","saturday"],"Values":["sunday","monday","tuesday","wednesday","thursday","friday","saturday"]},{"CIMType":"String","Description":"Recurrence schedule. Possible values are: none, daily, weekly, monthly.","Name":"Recurrence","Option":"Write","ValueMap":["none","daily","weekly","monthly"],"Values":["none","daily","weekly","monthly"]},{"CIMType":"Boolean","Description":"If true, runs the task immediately if StartDateTime is in the past, else, runs at the next recurrence.","Name":"RunImmediatelyIfAfterStartDateTime","Option":"Write"},{"CIMType":"String","Description":"The start time for the force restart.","Name":"StartDateTime","Option":"Write"}],"Description":"Intune Device Configuration Kiosk Policy for Windows10"},{"ClassName":"MSFT_IntuneDeviceConfigurationKioskPolicyWindows10","Parameters":[{"CIMType":"Boolean","Description":"Enable public browsing kiosk mode for the Microsoft Edge browser. The Default is false.","Name":"EdgeKioskEnablePublicBrowsing","Option":"Write"},{"CIMType":"String[]","Description":"Specify URLs that the kiosk browser is allowed to navigate to","Name":"KioskBrowserBlockedUrlExceptions","Option":"Write"},{"CIMType":"String[]","Description":"Specify URLs that the kiosk browsers should not navigate to","Name":"KioskBrowserBlockedURLs","Option":"Write"},{"CIMType":"String","Description":"Specify the default URL the browser should navigate to on launch.","Name":"KioskBrowserDefaultUrl","Option":"Write"},{"CIMType":"Boolean","Description":"Enable the kiosk browser's end session button. By default, the end session button is disabled.","Name":"KioskBrowserEnableEndSessionButton","Option":"Write"},{"CIMType":"Boolean","Description":"Enable the kiosk browser's home button. By default, the home button is disabled.","Name":"KioskBrowserEnableHomeButton","Option":"Write"},{"CIMType":"Boolean","Description":"Enable the kiosk browser's navigation buttons(forward/back). By default, the navigation buttons are disabled.","Name":"KioskBrowserEnableNavigationButtons","Option":"Write"},{"CIMType":"UInt32","Description":"Specify the number of minutes the session is idle until the kiosk browser restarts in a fresh state.  Valid values are 1-1440. Valid values 1 to 1440","Name":"KioskBrowserRestartOnIdleTimeInMinutes","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphwindowsKioskProfile[]","Description":"This policy setting allows to define a list of Kiosk profiles for a Kiosk configuration. This collection can contain a maximum of 3 elements.","Name":"KioskProfiles","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphwindowsKioskForceUpdateSchedule","Description":"force update schedule for Kiosk devices.","Name":"WindowsKioskForceUpdateSchedule","Option":"Write"},{"CIMType":"String","Description":"Admin provided description of the Device Configuration.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Admin provided name of the device configuration.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Device Configuration Kiosk Policy for Windows10"},{"ClassName":"MSFT_MicrosoftGraphWindowsNetworkIsolationPolicy","Parameters":[{"CIMType":"MSFT_MicrosoftGraphProxiedDomain1[]","Description":"Contains a list of enterprise resource domains hosted in the cloud that need to be protected. Connections to these resources are considered enterprise data. If a proxy is paired with a cloud resource, traffic to the cloud resource will be routed through the enterprise network via the denoted proxy server (on Port 80). A proxy server used for this purpose must also be configured using the EnterpriseInternalProxyServers policy. This collection can contain a maximum of 500 elements.","Name":"EnterpriseCloudResources","Option":"Write"},{"CIMType":"String[]","Description":"This is the comma-separated list of internal proxy servers. For example, '157.54.14.28, 157.54.11.118, 10.202.14.167, 157.53.14.163, 157.69.210.59'. These proxies have been configured by the admin to connect to specific resources on the Internet. They are considered to be enterprise network locations. The proxies are only leveraged in configuring the EnterpriseCloudResources policy to force traffic to the matched cloud resources through these proxies.","Name":"EnterpriseInternalProxyServers","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphIpRange1[]","Description":"Sets the enterprise IP ranges that define the computers in the enterprise network. Data that comes from those computers will be considered part of the enterprise and protected. These locations will be considered a safe destination for enterprise data to be shared to. This collection can contain a maximum of 500 elements.","Name":"EnterpriseIPRanges","Option":"Write"},{"CIMType":"Boolean","Description":"Boolean value that tells the client to accept the configured list and not to use heuristics to attempt to find other subnets. Default is false.","Name":"EnterpriseIPRangesAreAuthoritative","Option":"Write"},{"CIMType":"String[]","Description":"This is the list of domains that comprise the boundaries of the enterprise. Data from one of these domains that is sent to a device will be considered enterprise data and protected. These locations will be considered a safe destination for enterprise data to be shared to.","Name":"EnterpriseNetworkDomainNames","Option":"Write"},{"CIMType":"String[]","Description":"This is a list of proxy servers. Any server not on this list is considered non-enterprise.","Name":"EnterpriseProxyServers","Option":"Write"},{"CIMType":"Boolean","Description":"Boolean value that tells the client to accept the configured list of proxies and not try to detect other work proxies. Default is false","Name":"EnterpriseProxyServersAreAuthoritative","Option":"Write"},{"CIMType":"String[]","Description":"List of domain names that can used for work or personal resource.","Name":"NeutralDomainResources","Option":"Write"}],"Description":"Intune Device Configuration Network Boundary Policy for Windows10"},{"ClassName":"MSFT_MicrosoftGraphProxiedDomain1","Parameters":[{"CIMType":"String","Description":"The IP address or FQDN","Name":"IpAddressOrFQDN","Option":"Key"},{"CIMType":"String","Description":"Proxy IP or FQDN","Name":"Proxy","Option":"Write"}],"Description":"Intune Device Configuration Network Boundary Policy for Windows10"},{"ClassName":"MSFT_MicrosoftGraphIpRange1","Parameters":[{"CIMType":"String","Description":"Lower address.","Name":"LowerAddress","Option":"Key"},{"CIMType":"String","Description":"Upper address.","Name":"UpperAddress","Option":"Key"},{"CIMType":"String","Description":"The type of the entity.","Name":"odataType","Option":"Key","ValueMap":["#microsoft.graph.iPv4Range","#microsoft.graph.iPv6Range"],"Values":["#microsoft.graph.iPv4Range","#microsoft.graph.iPv6Range"]}],"Description":"Intune Device Configuration Network Boundary Policy for Windows10"},{"ClassName":"MSFT_IntuneDeviceConfigurationNetworkBoundaryPolicyWindows10","Parameters":[{"CIMType":"MSFT_MicrosoftGraphwindowsNetworkIsolationPolicy","Description":"Windows Network Isolation Policy","Name":"WindowsNetworkIsolationPolicy","Option":"Write"},{"CIMType":"String","Description":"Admin provided description of the Device Configuration.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Admin provided name of the device configuration.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Device Configuration Network Boundary Policy for Windows10"},{"ClassName":"MSFT_MicrosoftGraphCustomSubjectAlternativeName","Parameters":[{"CIMType":"String","Description":"Custom SAN Name","Name":"Name","Option":"Key"},{"CIMType":"String","Description":"Custom SAN Type. Possible values are: none, emailAddress, userPrincipalName, customAzureADAttribute, domainNameService, universalResourceIdentifier.","Name":"SanType","Option":"Key","ValueMap":["none","emailAddress","userPrincipalName","customAzureADAttribute","domainNameService","universalResourceIdentifier"],"Values":["none","emailAddress","userPrincipalName","customAzureADAttribute","domainNameService","universalResourceIdentifier"]}],"Description":"Intune Device Configuration Pkcs Certificate Policy for Windows10"},{"ClassName":"MSFT_MicrosoftGraphExtendedKeyUsage","Parameters":[{"CIMType":"String","Description":"Extended Key Usage Name","Name":"Name","Option":"Key"},{"CIMType":"String","Description":"Extended Key Usage Object Identifier","Name":"ObjectIdentifier","Option":"Key"}],"Description":"Intune Device Configuration Pkcs Certificate Policy for Windows10"},{"ClassName":"MSFT_IntuneDeviceConfigurationPkcsCertificatePolicyWindows10","Parameters":[{"CIMType":"String","Description":"Target store certificate. Possible values are: user, machine.","Name":"CertificateStore","Option":"Write","ValueMap":["user","machine"],"Values":["user","machine"]},{"CIMType":"String","Description":"PKCS Certificate Template Name","Name":"CertificateTemplateName","Option":"Write"},{"CIMType":"String","Description":"PKCS Certification Authority","Name":"CertificationAuthority","Option":"Write"},{"CIMType":"String","Description":"PKCS Certification Authority Name","Name":"CertificationAuthorityName","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphcustomSubjectAlternativeName[]","Description":"Custom Subject Alternative Name Settings. This collection can contain a maximum of 500 elements.","Name":"CustomSubjectAlternativeNames","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphextendedKeyUsage[]","Description":"Extended Key Usage (EKU) settings. This collection can contain a maximum of 500 elements.","Name":"ExtendedKeyUsages","Option":"Write"},{"CIMType":"String","Description":"Custom String that defines the AAD Attribute.","Name":"SubjectAlternativeNameFormatString","Option":"Write"},{"CIMType":"String","Description":"Custom format to use with SubjectNameFormat = Custom. Example: {{CN=EmailAddress,E=EmailAddress}},OU=Enterprise Users,O=Contoso Corporation,L=Redmond,ST=WA,C=US","Name":"SubjectNameFormatString","Option":"Write"},{"CIMType":"String","Description":"Scale for the Certificate Validity Period. Possible values are: days, months, years.","Name":"CertificateValidityPeriodScale","Option":"Write","ValueMap":["days","months","years"],"Values":["days","months","years"]},{"CIMType":"UInt32","Description":"Value for the Certificate Validity Period","Name":"CertificateValidityPeriodValue","Option":"Write"},{"CIMType":"String","Description":"Key Storage Provider (KSP). Possible values are: useTpmKspOtherwiseUseSoftwareKsp, useTpmKspOtherwiseFail, usePassportForWorkKspOtherwiseFail, useSoftwareKsp.","Name":"KeyStorageProvider","Option":"Write","ValueMap":["useTpmKspOtherwiseUseSoftwareKsp","useTpmKspOtherwiseFail","usePassportForWorkKspOtherwiseFail","useSoftwareKsp"],"Values":["useTpmKspOtherwiseUseSoftwareKsp","useTpmKspOtherwiseFail","usePassportForWorkKspOtherwiseFail","useSoftwareKsp"]},{"CIMType":"UInt32","Description":"Certificate renewal threshold percentage. Valid values 1 to 99","Name":"RenewalThresholdPercentage","Option":"Write"},{"CIMType":"String","Description":"Certificate Subject Alternative Name Type. Possible values are: none, emailAddress, userPrincipalName, customAzureADAttribute, domainNameService, universalResourceIdentifier.","Name":"SubjectAlternativeNameType","Option":"Write","ValueMap":["none","emailAddress","userPrincipalName","customAzureADAttribute","domainNameService","universalResourceIdentifier"],"Values":["none","emailAddress","userPrincipalName","customAzureADAttribute","domainNameService","universalResourceIdentifier"]},{"CIMType":"String","Description":"Certificate Subject Name Format. Possible values are: commonName, commonNameIncludingEmail, commonNameAsEmail, custom, commonNameAsIMEI, commonNameAsSerialNumber, commonNameAsAadDeviceId, commonNameAsIntuneDeviceId, commonNameAsDurableDeviceId.","Name":"SubjectNameFormat","Option":"Write","ValueMap":["commonName","commonNameIncludingEmail","commonNameAsEmail","custom","commonNameAsIMEI","commonNameAsSerialNumber","commonNameAsAadDeviceId","commonNameAsIntuneDeviceId","commonNameAsDurableDeviceId"],"Values":["commonName","commonNameIncludingEmail","commonNameAsEmail","custom","commonNameAsIMEI","commonNameAsSerialNumber","commonNameAsAadDeviceId","commonNameAsIntuneDeviceId","commonNameAsDurableDeviceId"]},{"CIMType":"String","Description":"Admin provided description of the Device Configuration.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Admin provided name of the device configuration.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Device Configuration Pkcs Certificate Policy for Windows10"},{"ClassName":"MSFT_IntuneDeviceConfigurationPlatformScriptLinux","Parameters":[{"CIMType":"String","Description":"Policy description","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Policy name","Name":"DisplayName","Option":"Key"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"Execution context (root: Root, user: User)","Name":"CustomConfigExecutionContext","Option":"Write","ValueMap":["root","user"],"Values":["root","user"]},{"CIMType":"SInt32","Description":"Execution frequency (15: Every 15 minutes, 30: Every 30 minutes, 60: Every 1 hour, 120: Every 2 hours, 180: Every 3 hours, 360: Every 6 hours, 720: Every 12 hours, 1440: Every 1 day, 10080: Every 1 week)","Name":"CustomConfigExecutionFrequency","Option":"Write","ValueMap":[15,30,60,120,180,360,720,1440,10080],"Values":[15,30,60,120,180,360,720,1440,10080]},{"CIMType":"SInt32","Description":"Execution retries (0: No retries, 1: 1 time, 2: 2 times, 3: 3 times)","Name":"CustomConfigExecutionRetries","Option":"Write","ValueMap":[0,1,2,3],"Values":[0,1,2,3]},{"CIMType":"String","Description":"Execution Script","Name":"CustomConfig_Script","Option":"Write"},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Device Configuration Platform Script for Linux"},{"ClassName":"MSFT_IntuneDeviceConfigurationPlatformScriptMacOS","Parameters":[{"CIMType":"Boolean","Description":"Does not notify the user a script is being executed","Name":"BlockExecutionNotifications","Option":"Write"},{"CIMType":"String","Description":"Optional description for the device management script.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Name of the device management script.","Name":"DisplayName","Option":"Required"},{"CIMType":"String","Description":"The script file name.","Name":"FileName","Option":"Write"},{"CIMType":"String","Description":"The interval for script to run. If not defined the script will run once","Name":"ExecutionFrequency","Option":"Write"},{"CIMType":"UInt32","Description":"Number of times for the script to be retried if it fails","Name":"RetryCount","Option":"Write"},{"CIMType":"String[]","Description":"List of Scope Tag IDs for this PowerShellScript instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"String","Description":"Indicates the type of execution context. Possible values are: system, user.","Name":"RunAsAccount","Option":"Write","ValueMap":["system","user"],"Values":["system","user"]},{"CIMType":"String","Description":"The script content in Base64.","Name":"ScriptContent","Option":"Write"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Key"},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Device Configuration Platform Script MacOS"},{"ClassName":"MSFT_IntuneDeviceConfigurationPlatformScriptWindows","Parameters":[{"CIMType":"String","Description":"Optional description for the device management script.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Name of the device management script.","Name":"DisplayName","Option":"Required"},{"CIMType":"Boolean","Description":"Indicate whether the script signature needs be checked.","Name":"EnforceSignatureCheck","Option":"Write"},{"CIMType":"String","Description":"The script file name.","Name":"FileName","Option":"Write"},{"CIMType":"String[]","Description":"List of Scope Tag IDs for this PowerShellScript instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"Boolean","Description":"A value indicating whether the PowerShell script should run as 32-bit","Name":"RunAs32Bit","Option":"Write"},{"CIMType":"String","Description":"Indicates the type of execution context. Possible values are: system, user.","Name":"RunAsAccount","Option":"Write","ValueMap":["system","user"],"Values":["system","user"]},{"CIMType":"String","Description":"The script content in Base64.","Name":"ScriptContent","Option":"Write"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Key"},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Device Configuration Platform Script Windows"},{"ClassName":"MSFT_MicrosoftGraphapplistitem","Parameters":[{"CIMType":"String","Description":"odatatype of the item.","Name":"odataType","Option":"Write","ValueMap":["#microsoft.graph.appleAppListItem"],"Values":["#microsoft.graph.appleAppListItem"]},{"CIMType":"String","Description":"Kiosk mode managed app id","Name":"appId","Option":"Key"},{"CIMType":"String","Description":"Define the app store URL.","Name":"appStoreUrl","Option":"Write"},{"CIMType":"String","Description":"Define the name of the app.","Name":"name","Option":"Write"},{"CIMType":"String","Description":"Define the publisher of the app.","Name":"publisher","Option":"Write"}],"Description":"This resource configures an Intune Device Configuration Policy Android Device Owner."},{"ClassName":"MSFT_MicrosoftGraphandroiddeviceowneruserfacingmessage","Parameters":[{"CIMType":"String","Description":"The default message displayed if the user's locale doesn't match with any of the localized messages.","Name":"defaultMessage","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphkeyvaluepair[]","Description":"The list of <locale, message> pairs. This collection can contain a maximum of 500 elements.","Name":"localizedMessages","Option":"Write"}],"Description":"This resource configures an Intune Device Configuration Policy Android Device Owner."},{"ClassName":"MSFT_MicrosoftGraphkeyvaluepair","Parameters":[{"CIMType":"String","Description":"Name of the message localizedMessages.","Name":"Name","Option":"Key"},{"CIMType":"String","Description":"Value of the message localizedMessages.","Name":"Value","Option":"Write"}],"Description":"This resource configures an Intune Device Configuration Policy Android Device Owner."},{"ClassName":"MSFT_MicrosoftGraphandroiddeviceownerglobalproxy","Parameters":[{"CIMType":"String","Description":"The type of the global proxy.","Name":"odataType","Option":"Write","ValueMap":["#microsoft.graph.androidDeviceOwnerGlobalProxyAutoConfig","#microsoft.graph.androidDeviceOwnerGlobalProxyDirect"],"Values":["#microsoft.graph.androidDeviceOwnerGlobalProxyAutoConfig","#microsoft.graph.androidDeviceOwnerGlobalProxyDirect"]},{"CIMType":"String","Description":"The proxy auto-config URL.","Name":"proxyAutoConfigURL","Option":"Write"},{"CIMType":"String[]","Description":"The excluded hosts.","Name":"excludedHosts","Option":"Write"},{"CIMType":"String","Description":"The host name.","Name":"host","Option":"Write"},{"CIMType":"UInt32","Description":"The port.","Name":"port","Option":"Write"}],"Description":"This resource configures an Intune Device Configuration Policy Android Device Owner."},{"ClassName":"MSFT_MicrosoftGraphandroiddeviceownerkioskmodeapppositionitem","Parameters":[{"CIMType":"MSFT_MicrosoftGraphandroiddeviceownerkioskmodehomescreenitem","Description":"Item to be arranged.","Name":"item","Option":"Write"},{"CIMType":"UInt32","Description":"Position of the item on the grid. Valid values 0 to 9999999.","Name":"position","Option":"Write"}],"Description":"This resource configures an Intune Device Configuration Policy Android Device Owner."},{"ClassName":"MSFT_MicrosoftGraphandroiddeviceownerkioskmodehomescreenitem","Parameters":[{"CIMType":"String","Description":"Type of the item.","Name":"odataType","Option":"Write","ValueMap":["#microsoft.graph.androidDeviceOwnerKioskModeApp","#microsoft.graph.androidDeviceOwnerKioskModeWeblink","#microsoft.graph.androidDeviceOwnerKioskModeManagedFolder"],"Values":["#microsoft.graph.androidDeviceOwnerKioskModeApp","#microsoft.graph.androidDeviceOwnerKioskModeWeblink","#microsoft.graph.androidDeviceOwnerKioskModeManagedFolder"]},{"CIMType":"String","Description":"The folder identifier.","Name":"folderIdentifier","Option":"Write"},{"CIMType":"String","Description":"The folder name.","Name":"folderName","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphandroiddeviceownerkioskmodefolderitem[]","Description":"Item to be arranged.","Name":"items","Option":"Write"},{"CIMType":"String","Description":"The class name of the item.","Name":"className","Option":"Write"},{"CIMType":"String","Description":"The package of the item.","Name":"package","Option":"Write"},{"CIMType":"String","Description":"The label of the item.","Name":"label","Option":"Write"},{"CIMType":"String","Description":"The link of the item.","Name":"link","Option":"Write"}],"Description":"This resource configures an Intune Device Configuration Policy Android Device Owner."},{"ClassName":"MSFT_MicrosoftGraphandroiddeviceownerkioskmodemanagedfolder","Parameters":[{"CIMType":"String","Description":"The folder identifier.","Name":"folderIdentifier","Option":"Write"},{"CIMType":"String","Description":"The folder name.","Name":"folderName","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphandroiddeviceownerkioskmodefolderitem[]","Description":"Item to be arranged.","Name":"items","Option":"Write"}],"Description":"This resource configures an Intune Device Configuration Policy Android Device Owner."},{"ClassName":"MSFT_MicrosoftGraphandroiddeviceownerkioskmodefolderitem","Parameters":[{"CIMType":"String","Description":"The type of the item.","Name":"odataType","Option":"Write","ValueMap":["#microsoft.graph.androidDeviceOwnerKioskModeApp","#microsoft.graph.androidDeviceOwnerKioskModeWeblink"],"Values":["#microsoft.graph.androidDeviceOwnerKioskModeApp","#microsoft.graph.androidDeviceOwnerKioskModeWeblink"]},{"CIMType":"String","Description":"The class name of the item.","Name":"className","Option":"Write"},{"CIMType":"String","Description":"The package of the item.","Name":"package","Option":"Write"},{"CIMType":"String","Description":"The label of the item.","Name":"label","Option":"Write"},{"CIMType":"String","Description":"The link of the item.","Name":"link","Option":"Write"}],"Description":"This resource configures an Intune Device Configuration Policy Android Device Owner."},{"ClassName":"MSFT_MicrosoftGraphandroiddeviceownersystemupdatefreezeperiod","Parameters":[{"CIMType":"UInt32","Description":"The day of the end date of the freeze period. Valid values 1 to 31.","Name":"endDay","Option":"Write"},{"CIMType":"UInt32","Description":"The month of the end date of the freeze period. Valid values 1 to 12.","Name":"endMonth","Option":"Write"},{"CIMType":"UInt32","Description":"The day of the start date of the freeze period. Valid values 1 to 31.","Name":"startDay","Option":"Write"},{"CIMType":"UInt32","Description":"The month of the start date of the freeze period. Valid values 1 to 12.","Name":"startMonth","Option":"Write"}],"Description":"This resource configures an Intune Device Configuration Policy Android Device Owner."},{"ClassName":"MSFT_IntuneDeviceConfigurationPolicyAndroidDeviceOwner","Parameters":[{"CIMType":"String","Description":"The Id of the policy.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"The display name of the policy.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"The description of the policy.","Name":"Description","Option":"Write"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"Boolean","Description":"Block modification of accounts. Only supported on Dedicated devices.","Name":"AccountsBlockModification","Option":"Write"},{"CIMType":"Boolean","Description":"When allowed, users can enable the 'unknown sources' setting to install apps from sources other than the Google Play Store.","Name":"AppsAllowInstallFromUnknownSources","Option":"Write"},{"CIMType":"String","Description":"Devices check for app updates daily. The default behavior is to let device users decide. They'll be able to set their preferences in the managed Google Play app.","Name":"AppsAutoUpdatePolicy","Option":"Write","ValueMap":["notConfigured","userChoice","never","wiFiOnly","always"],"Values":["notConfigured","userChoice","never","wiFiOnly","always"]},{"CIMType":"String","Description":"Define the default permission policy for requests for runtime permissions.","Name":"AppsDefaultPermissionPolicy","Option":"Write","ValueMap":["deviceDefault","prompt","autoGrant","autoDeny"],"Values":["deviceDefault","prompt","autoGrant","autoDeny"]},{"CIMType":"Boolean","Description":"Enable a suggestion to apps that they skip their user tutorials and any introductory hints when they first start up, if applicable.","Name":"AppsRecommendSkippingFirstUseHints","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphapplistitem[]","Description":"A list of managed apps that will have their data cleared during a global sign-out in AAD shared device mode. This collection can contain a maximum of 500 elements.","Name":"AzureAdSharedDeviceDataClearApps","Option":"Write"},{"CIMType":"Boolean","Description":"Block configuring Bluetooth.","Name":"BluetoothBlockConfiguration","Option":"Write"},{"CIMType":"Boolean","Description":"Block access to work contacts from another device such as a car system when an Android device is paired via Bluetooth.","Name":"BluetoothBlockContactSharing","Option":"Write"},{"CIMType":"Boolean","Description":"Block all cameras on the device","Name":"CameraBlocked","Option":"Write"},{"CIMType":"Boolean","Description":"Block tethering and access to portable hotspots.","Name":"CellularBlockWiFiTethering","Option":"Write"},{"CIMType":"Boolean","Description":"Blocks users from making any changes to credentials associated with certificates associated with certificates assigned to them.","Name":"CertificateCredentialConfigurationDisabled","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not text copied from one profile (personal or work) can be pasted in the other.","Name":"CrossProfilePoliciesAllowCopyPaste","Option":"Write"},{"CIMType":"String","Description":"Indicates whether data from one profile (personal or work) can be shared with apps in the other profile.","Name":"CrossProfilePoliciesAllowDataSharing","Option":"Write","ValueMap":["notConfigured","crossProfileDataSharingBlocked","dataSharingFromWorkToPersonalBlocked","crossProfileDataSharingAllowed","unkownFutureValue"],"Values":["notConfigured","crossProfileDataSharingBlocked","dataSharingFromWorkToPersonalBlocked","crossProfileDataSharingAllowed","unkownFutureValue"]},{"CIMType":"Boolean","Description":"Indicates whether or not contacts stored in work profile are shown in personal profile contact searches/incoming calls.","Name":"CrossProfilePoliciesShowWorkContactsInPersonalProfile","Option":"Write"},{"CIMType":"Boolean","Description":"Block data roaming.","Name":"DataRoamingBlocked","Option":"Write"},{"CIMType":"Boolean","Description":"Block user from manually setting the date and time.","Name":"DateTimeConfigurationBlocked","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphandroiddeviceowneruserfacingmessage","Description":"Represents the customized detailed help text provided to users when they attempt to modify managed settings on their device.","Name":"DetailedHelpText","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphandroiddeviceowneruserfacingmessage","Description":"Represents the customized lock screen message provided to users when they attempt to modify managed settings on their device.","Name":"DeviceOwnerLockScreenMessage","Option":"Write"},{"CIMType":"String","Description":"Represents the enrollment profile type.","Name":"EnrollmentProfile","Option":"Write","ValueMap":["notConfigured","dedicatedDevice","fullyManaged"],"Values":["notConfigured","dedicatedDevice","fullyManaged"]},{"CIMType":"Boolean","Description":"Block factory resetting from settings.","Name":"FactoryResetBlocked","Option":"Write"},{"CIMType":"String[]","Description":"Email addresses of device admins for factory reset protection. When a device is factory reset, it will require that one of these admins log in with their Google account to unlock the device. If none are specified, factory reset protection is not enabled.","Name":"FactoryResetDeviceAdministratorEmails","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphandroiddeviceownerglobalproxy","Description":"Proxy is set up directly with host, port and excluded hosts.","Name":"GlobalProxy","Option":"Write"},{"CIMType":"Boolean","Description":"Blocking prevents users from adding their personal Google account to their device.","Name":"GoogleAccountsBlocked","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether a user can access the device's Settings app while in Kiosk Mode.","Name":"KioskCustomizationDeviceSettingsBlocked","Option":"Write"},{"CIMType":"Boolean","Description":"Whether the power menu is shown when a user long presses the Power button of a device in Kiosk Mode.","Name":"KioskCustomizationPowerButtonActionsBlocked","Option":"Write"},{"CIMType":"String","Description":"Indicates whether system info and notifications are disabled in Kiosk Mode","Name":"KioskCustomizationStatusBar","Option":"Write","ValueMap":["notConfigured","notificationsAndSystemInfoEnabled","systemInfoOnly"],"Values":["notConfigured","notificationsAndSystemInfoEnabled","systemInfoOnly"]},{"CIMType":"Boolean","Description":"Indicates whether system error dialogs for crashed or unresponsive apps are shown in Kiosk Mode.","Name":"KioskCustomizationSystemErrorWarnings","Option":"Write"},{"CIMType":"String","Description":"Indicates which navigation features are enabled in Kiosk Mode.","Name":"KioskCustomizationSystemNavigation","Option":"Write","ValueMap":["notConfigured","navigationEnabled","homeButtonOnly"],"Values":["notConfigured","navigationEnabled","homeButtonOnly"]},{"CIMType":"Boolean","Description":"Whether or not to enable app ordering in Kiosk Mode.","Name":"KioskModeAppOrderEnabled","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphandroiddeviceownerkioskmodeapppositionitem[]","Description":"The ordering of items on Kiosk Mode Managed Home Screen. This collection can contain a maximum of 500 elements.","Name":"KioskModeAppPositions","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphapplistitem[]","Description":"A list of managed apps that will be shown when the device is in Kiosk Mode. This collection can contain a maximum of 500 elements.","Name":"KioskModeApps","Option":"Write"},{"CIMType":"Boolean","Description":"Whether or not to alphabetize applications within a folder in Kiosk Mode.","Name":"KioskModeAppsInFolderOrderedByName","Option":"Write"},{"CIMType":"Boolean","Description":"Enable end-users to configure and pair devices over Bluetooth.","Name":"KioskModeBluetoothConfigurationEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"Whether or not to allow a user to easy access to the debug menu in Kiosk Mode","Name":"KioskModeDebugMenuEasyAccessEnabled","Option":"Write"},{"CIMType":"String","Description":"The 4-6 digit PIN will be the code an IT administrator enters on a multi-app dedicated device to pause kiosk mode.","Name":"KioskModeExitCode","Option":"Write"},{"CIMType":"Boolean","Description":"Whether or not to allow a user to use the flashlight in Kiosk Mode.","Name":"KioskModeFlashlightConfigurationEnabled","Option":"Write"},{"CIMType":"String","Description":"Folder icon configuration for managed home screen in Kiosk Mode.","Name":"KioskModeFolderIcon","Option":"Write","ValueMap":["notConfigured","darkSquare","darkCircle","lightSquare","lightCircle"],"Values":["notConfigured","darkSquare","darkCircle","lightSquare","lightCircle"]},{"CIMType":"UInt32","Description":"Number of rows for Managed Home Screen grid with app ordering enabled in Kiosk Mode. Valid values 1 to 9999999.","Name":"KioskModeGridHeight","Option":"Write"},{"CIMType":"UInt32","Description":"Number of columns for Managed Home Screen grid with app ordering enabled in Kiosk Mode. Valid values 1 to 9999999.","Name":"KioskModeGridWidth","Option":"Write"},{"CIMType":"String","Description":"Icon size configuration for managed home screen in Kiosk Mode.","Name":"KioskModeIconSize","Option":"Write","ValueMap":["notConfigured","smallest","small","regular","large","largest"],"Values":["notConfigured","smallest","small","regular","large","largest"]},{"CIMType":"Boolean","Description":"Whether or not to lock home screen to the end user in Kiosk Mode.","Name":"KioskModeLockHomeScreen","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphandroiddeviceownerkioskmodemanagedfolder[]","Description":"A list of managed folders for a device in Kiosk Mode. This collection can contain a maximum of 500 elements.","Name":"KioskModeManagedFolders","Option":"Write"},{"CIMType":"Boolean","Description":"Whether or not to automatically sign-out of MHS and Shared device mode applications after inactive for Managed Home Screen.","Name":"KioskModeManagedHomeScreenAutoSignout","Option":"Write"},{"CIMType":"UInt32","Description":"Number of seconds to give user notice before automatically signing them out for Managed Home Screen. Valid values 0 to 9999999.","Name":"KioskModeManagedHomeScreenInactiveSignOutDelayInSeconds","Option":"Write"},{"CIMType":"UInt32","Description":"Number of seconds device is inactive before automatically signing user out for Managed Home Screen. Valid values 0 to 9999999.","Name":"KioskModeManagedHomeScreenInactiveSignOutNoticeInSeconds","Option":"Write"},{"CIMType":"String","Description":"Complexity of PIN for sign-in session for Managed Home Screen.","Name":"KioskModeManagedHomeScreenPinComplexity","Option":"Write","ValueMap":["notConfigured","simple","complex"],"Values":["notConfigured","simple","complex"]},{"CIMType":"Boolean","Description":"Whether or not require user to set a PIN for sign-in session for Managed Home Screen.","Name":"KioskModeManagedHomeScreenPinRequired","Option":"Write"},{"CIMType":"Boolean","Description":"Whether or not required user to enter session PIN if screensaver has appeared for Managed Home Screen.","Name":"KioskModeManagedHomeScreenPinRequiredToResume","Option":"Write"},{"CIMType":"String","Description":"Custom URL background for sign-in screen for Managed Home Screen.","Name":"KioskModeManagedHomeScreenSignInBackground","Option":"Write"},{"CIMType":"String","Description":"Custom URL branding logo for sign-in screen and session pin page for Managed Home Screen.","Name":"KioskModeManagedHomeScreenSignInBrandingLogo","Option":"Write"},{"CIMType":"Boolean","Description":"Whether or not show sign-in screen for Managed Home Screen.","Name":"KioskModeManagedHomeScreenSignInEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"Whether or not to use single app kiosk mode or multi-app kiosk mode.","Name":"KioskModeManagedSettingsEntryDisabled","Option":"Write"},{"CIMType":"Boolean","Description":"Whether or not to allow a user to change the media volume in Kiosk Mode.","Name":"KioskModeMediaVolumeConfigurationEnabled","Option":"Write"},{"CIMType":"String","Description":"Screen orientation configuration for managed home screen in Kiosk Mode.","Name":"KioskModeScreenOrientation","Option":"Write","ValueMap":["notConfigured","portrait","landscape","autoRotate"],"Values":["notConfigured","portrait","landscape","autoRotate"]},{"CIMType":"Boolean","Description":"Start screen saver when the device screen times out or locks.","Name":"KioskModeScreenSaverConfigurationEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"Whether or not the device screen should show the screen saver if audio/video is playing in Kiosk Mode.","Name":"KioskModeScreenSaverDetectMediaDisabled","Option":"Write"},{"CIMType":"UInt32","Description":"The number of seconds that the device will display the screen saver for in Kiosk Mode. Valid values 0 to 9999999","Name":"KioskModeScreenSaverDisplayTimeInSeconds","Option":"Write"},{"CIMType":"String","Description":"URL for an image that will be the device's screen saver in Kiosk Mode.","Name":"KioskModeScreenSaverImageUrl","Option":"Write"},{"CIMType":"UInt32","Description":"The number of seconds the device needs to be inactive for before the screen saver is shown in Kiosk Mode. Valid values 1 to 9999999","Name":"KioskModeScreenSaverStartDelayInSeconds","Option":"Write"},{"CIMType":"Boolean","Description":"Whether or not to display application notification badges in Kiosk Mode.","Name":"KioskModeShowAppNotificationBadge","Option":"Write"},{"CIMType":"Boolean","Description":"Whether or not to allow a user to access basic device information.","Name":"KioskModeShowDeviceInfo","Option":"Write"},{"CIMType":"String","Description":"Whether or not to use single app kiosk mode or multi-app kiosk mode.","Name":"KioskModeUseManagedHomeScreenApp","Option":"Write","ValueMap":["notConfigured","singleAppMode","multiAppMode"],"Values":["notConfigured","singleAppMode","multiAppMode"]},{"CIMType":"Boolean","Description":"Enable IT administrators to temporarily leave multi-app kiosk mode to make changes on the device.","Name":"KioskModeVirtualHomeButtonEnabled","Option":"Write"},{"CIMType":"String","Description":"Enable a soft-key button that returns users to the Managed Home Screen. Choose between a persistent, floating button or a button activated by a swipe-up gesture.","Name":"KioskModeVirtualHomeButtonType","Option":"Write","ValueMap":["notConfigured","swipeUp","floating"],"Values":["notConfigured","swipeUp","floating"]},{"CIMType":"String","Description":"Customize the appearance of the screen background for assigned groups.","Name":"KioskModeWallpaperUrl","Option":"Write"},{"CIMType":"String[]","Description":"The restricted set of WIFI SSIDs available for the user to configure in Kiosk Mode. This collection can contain a maximum of 500 elements.","Name":"KioskModeWifiAllowedSsids","Option":"Write"},{"CIMType":"Boolean","Description":"Enable end-users to connect to different Wi-Fi networks.","Name":"KioskModeWiFiConfigurationEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"Block unmuting the microphone and adjusting the microphone volume.","Name":"MicrophoneForceMute","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to you want configure Microsoft Launcher.","Name":"MicrosoftLauncherConfigurationEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not the user can modify the wallpaper to personalize their device.","Name":"MicrosoftLauncherCustomWallpaperAllowUserModification","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to configure the wallpaper on the targeted devices.","Name":"MicrosoftLauncherCustomWallpaperEnabled","Option":"Write"},{"CIMType":"String","Description":"Indicates the URL for the image file to use as the wallpaper on the targeted devices.","Name":"MicrosoftLauncherCustomWallpaperImageUrl","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not the user can modify the device dock configuration on the device.","Name":"MicrosoftLauncherDockPresenceAllowUserModification","Option":"Write"},{"CIMType":"String","Description":"Indicates whether or not you want to configure the device dock. ","Name":"MicrosoftLauncherDockPresenceConfiguration","Option":"Write","ValueMap":["notConfigured","show","hide","disabled"],"Values":["notConfigured","show","hide","disabled"]},{"CIMType":"Boolean","Description":"Indicates whether or not the user can modify the launcher feed on the device.","Name":"MicrosoftLauncherFeedAllowUserModification","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not the user can modify the launcher feed on the device.","Name":"MicrosoftLauncherFeedEnabled","Option":"Write"},{"CIMType":"String","Description":"Indicates whether or not you want to configure the device dock.","Name":"MicrosoftLauncherSearchBarPlacementConfiguration","Option":"Write","ValueMap":["notConfigured","top","bottom","hide"],"Values":["notConfigured","top","bottom","hide"]},{"CIMType":"Boolean","Description":"Whether the network escape hatch is enabled. If a network connection can't be made at boot time, the escape hatch prompts the user to temporarily connect to a network in order to refresh the device policy. After applying policy, the temporary network will be forgotten and the device will continue booting. This prevents being unable to connect to a network if there is no suitable network in the last policy and the device boots into an app in lock task mode, or the user is otherwise unable to reach device settings.","Name":"NetworkEscapeHatchAllowed","Option":"Write"},{"CIMType":"Boolean","Description":"Block usage of NFC to beam data from apps.","Name":"NfcBlockOutgoingBeam","Option":"Write"},{"CIMType":"Boolean","Description":"Disable lock screen","Name":"PasswordBlockKeyguard","Option":"Write"},{"CIMType":"String[]","Description":"These features are accessible to users when the device is locked. Users will not be able to see or access disabled features.","Name":"PasswordBlockKeyguardFeatures","Option":"Write","ValueMap":["notConfigured","camera","notifications","unredactedNotifications","trustAgents","fingerprint","remoteInput","allFeatures","face","iris","biometrics"],"Values":["notConfigured","camera","notifications","unredactedNotifications","trustAgents","fingerprint","remoteInput","allFeatures","face","iris","biometrics"]},{"CIMType":"UInt32","Description":"Number of days until device password must be changed. (1-365)","Name":"PasswordExpirationDays","Option":"Write"},{"CIMType":"UInt32","Description":"Indicates the minimum length of the password required on the device. Valid values 4 to 16","Name":"PasswordMinimumLength","Option":"Write"},{"CIMType":"UInt32","Description":"Indicates the minimum number of letter characters required for device password. Valid values 1 to 16","Name":"PasswordMinimumLetterCharacters","Option":"Write"},{"CIMType":"UInt32","Description":"Indicates the minimum number of lower case characters required for device password. Valid values 1 to 16","Name":"PasswordMinimumLowerCaseCharacters","Option":"Write"},{"CIMType":"UInt32","Description":"Indicates the minimum number of non-letter characters required for device password. Valid values 1 to 16","Name":"PasswordMinimumNonLetterCharacters","Option":"Write"},{"CIMType":"UInt32","Description":"Indicates the minimum number of numeric characters required for device password. Valid values 1 to 16","Name":"PasswordMinimumNumericCharacters","Option":"Write"},{"CIMType":"UInt32","Description":"Indicates the minimum number of symbol characters required for device password. Valid values 1 to 16","Name":"PasswordMinimumSymbolCharacters","Option":"Write"},{"CIMType":"UInt32","Description":"Indicates the minimum number of upper case letter characters required for device password. Valid values 1 to 16","Name":"PasswordMinimumUpperCaseCharacters","Option":"Write"},{"CIMType":"UInt32","Description":"Maximum time after which the device will lock. Can disable screen lock as well so that it never times out.","Name":"PasswordMinutesOfInactivityBeforeScreenTimeout","Option":"Write"},{"CIMType":"UInt32","Description":"Enter the number of unique passwords required before a user can reuse an old one. (1-24)","Name":"PasswordPreviousPasswordCountToBlock","Option":"Write"},{"CIMType":"String","Description":"Set the password's complexity requirements. Additional password requirements will become available based on your selection.","Name":"PasswordRequiredType","Option":"Write","ValueMap":["deviceDefault","required","numeric","numericComplex","alphabetic","alphanumeric","alphanumericWithSymbols","lowSecurityBiometric","customPassword"],"Values":["deviceDefault","required","numeric","numericComplex","alphabetic","alphanumeric","alphanumericWithSymbols","lowSecurityBiometric","customPassword"]},{"CIMType":"String","Description":"Indicates the timeout period after which a device must be unlocked using a form of strong authentication.","Name":"PasswordRequireUnlock","Option":"Write","ValueMap":["deviceDefault","daily","unkownFutureValue"],"Values":["deviceDefault","daily","unkownFutureValue"]},{"CIMType":"UInt32","Description":"Number of consecutive times an incorrect password can be entered before device is wiped of all data. (4-11)","Name":"PasswordSignInFailureCountBeforeFactoryReset","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether the user can install apps from unknown sources on the personal profile.","Name":"PersonalProfileAppsAllowInstallFromUnknownSources","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether to disable the use of the camera on the personal profile.","Name":"PersonalProfileCameraBlocked","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphapplistitem[]","Description":"Policy applied to applications in the personal profile. This collection can contain a maximum of 500 elements.","Name":"PersonalProfilePersonalApplications","Option":"Write"},{"CIMType":"String","Description":"Used together with PersonalProfilePersonalApplications to control how apps in the personal profile are allowed or blocked","Name":"PersonalProfilePlayStoreMode","Option":"Write","ValueMap":["notConfigured","blockedApps","allowedApps"],"Values":["notConfigured","blockedApps","allowedApps"]},{"CIMType":"Boolean","Description":"Indicates whether to disable the capability to take screenshots on the personal profile.","Name":"PersonalProfileScreenCaptureBlocked","Option":"Write"},{"CIMType":"String","Description":"Users get access to all apps, except the ones you've required uninstall in Client Apps. If you choose 'Not configured' for this setting, users can only access the apps you've listed as available or required in Client Apps.","Name":"PlayStoreMode","Option":"Write","ValueMap":["notConfigured","allowList","blockList"],"Values":["notConfigured","allowList","blockList"]},{"CIMType":"Boolean","Description":"Block screen capture","Name":"ScreenCaptureBlocked","Option":"Write"},{"CIMType":"Boolean","Description":"Represents the security common criteria mode enabled provided to users when they attempt to modify managed settings on their device.","Name":"SecurityCommonCriteriaModeEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not the user is allowed to access developer settings like developer options and safe boot on the device.","Name":"SecurityDeveloperSettingsEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"Enable Google Play Protect to scan apps before and after they're installed. If it detects a threat, it might warn the user to remove the app from the device. Required by default.","Name":"SecurityRequireVerifyApps","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphandroiddeviceowneruserfacingmessage","Description":"Represents the customized short help text provided to users when they attempt to modify managed settings on their device.","Name":"ShortHelpText","Option":"Write"},{"CIMType":"Boolean","Description":"Block access to the status bar, including notifications and quick settings.","Name":"StatusBarBlocked","Option":"Write"},{"CIMType":"String[]","Description":"The battery plugged in modes for which the device stays on. When using this setting, it is recommended to clear the Time to lock screen setting so that the device doesn't lock itself while it stays on.","Name":"StayOnModes","Option":"Write","ValueMap":["notConfigured","ac","usb","wireless"],"Values":["notConfigured","ac","usb","wireless"]},{"CIMType":"Boolean","Description":"Allow USB storage.","Name":"StorageAllowUsb","Option":"Write"},{"CIMType":"Boolean","Description":"Block mounting of external media.","Name":"StorageBlockExternalMedia","Option":"Write"},{"CIMType":"Boolean","Description":"Block transfer of files over USB.","Name":"StorageBlockUsbFileTransfer","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphandroiddeviceownersystemupdatefreezeperiod[]","Description":"Indicates the annually repeating time periods during which system updates are postponed. This collection can contain a maximum of 500 elements.","Name":"SystemUpdateFreezePeriods","Option":"Write"},{"CIMType":"String","Description":"When over-the-air updates are available for this device, they will be installed based on this policy.?","Name":"SystemUpdateInstallType","Option":"Write","ValueMap":["deviceDefault","postpone","windowed","automatic"],"Values":["deviceDefault","postpone","windowed","automatic"]},{"CIMType":"UInt32","Description":"End of the maintenance window in the device's time zone.?","Name":"SystemUpdateWindowEndMinutesAfterMidnight","Option":"Write"},{"CIMType":"UInt32","Description":"Beginning of the maintenance window in the device's time zone.?","Name":"SystemUpdateWindowStartMinutesAfterMidnight","Option":"Write"},{"CIMType":"Boolean","Description":"Disable window notifications such as toasts, incoming calls, outgoing calls, system alerts, and system errors.?","Name":"SystemWindowsBlocked","Option":"Write"},{"CIMType":"Boolean","Description":"Blocks users from adding and signing in to personal accounts while on the device.","Name":"UsersBlockAdd","Option":"Write"},{"CIMType":"Boolean","Description":"Block removal of users.","Name":"UsersBlockRemove","Option":"Write"},{"CIMType":"Boolean","Description":"Block changes to volume.","Name":"VolumeBlockAdjustment","Option":"Write"},{"CIMType":"Boolean","Description":"Enabling this forces all network traffic through the VPN tunnel. If a connection to the VPN can't be established, no network traffic will be allowed.","Name":"VpnAlwaysOnLockdownMode","Option":"Write"},{"CIMType":"String","Description":"Android app package name for app that will handle an always-on VPN connection.","Name":"VpnAlwaysOnPackageIdentifier","Option":"Write"},{"CIMType":"Boolean","Description":"Block user creation or editing of any Wi-Fi configurations.","Name":"WifiBlockEditConfigurations","Option":"Write"},{"CIMType":"Boolean","Description":"Block changes to Wi-Fi configurations created by the device owner. Users can create their own Wi-Fi configurations.","Name":"WifiBlockEditPolicyDefinedConfigurations","Option":"Write"},{"CIMType":"UInt32","Description":"Indicates the number of days that a work profile password can be set before it expires and a new password will be required. Valid values 1 to 365","Name":"WorkProfilePasswordExpirationDays","Option":"Write"},{"CIMType":"UInt32","Description":"Indicates the minimum length of the work profile password. Valid values 4 to 16","Name":"WorkProfilePasswordMinimumLength","Option":"Write"},{"CIMType":"UInt32","Description":"Indicates the minimum number of numeric characters required for the work profile password. Valid values 1 to 16","Name":"WorkProfilePasswordMinimumLetterCharacters","Option":"Write"},{"CIMType":"UInt32","Description":"Indicates the minimum number of non-letter characters required for the work profile password. Valid values 1 to 16","Name":"WorkProfilePasswordMinimumLowerCaseCharacters","Option":"Write"},{"CIMType":"UInt32","Description":"Indicates the minimum number of letter characters required for the work profile password. Valid values 1 to 16","Name":"WorkProfilePasswordMinimumNonLetterCharacters","Option":"Write"},{"CIMType":"UInt32","Description":"Indicates the minimum number of lower-case characters required for the work profile password. Valid values 1 to 16","Name":"WorkProfilePasswordMinimumNumericCharacters","Option":"Write"},{"CIMType":"UInt32","Description":"Indicates the minimum number of upper-case letter characters required for the work profile password. Valid values 1 to 16","Name":"WorkProfilePasswordMinimumSymbolCharacters","Option":"Write"},{"CIMType":"UInt32","Description":"Indicates the minimum number of symbol characters required for the work profile password. Valid values 1 to 16","Name":"WorkProfilePasswordMinimumUpperCaseCharacters","Option":"Write"},{"CIMType":"UInt32","Description":"Indicates the length of the work profile password history, where the user will not be able to enter a new password that is the same as any password in the history. Valid values 0 to 24","Name":"WorkProfilePasswordPreviousPasswordCountToBlock","Option":"Write"},{"CIMType":"String","Description":"Indicates the minimum password quality required on the work profile password.","Name":"WorkProfilePasswordRequiredType","Option":"Write","ValueMap":["deviceDefault","required","numeric","numericComplex","alphabetic","alphanumeric","alphanumericWithSymbols","lowSecurityBiometric","customPassword"],"Values":["deviceDefault","required","numeric","numericComplex","alphabetic","alphanumeric","alphanumericWithSymbols","lowSecurityBiometric","customPassword"]},{"CIMType":"String","Description":"Indicates the timeout period after which a work profile must be unlocked using a form of strong authentication.","Name":"WorkProfilePasswordRequireUnlock","Option":"Write","ValueMap":["deviceDefault","daily","unkownFutureValue"],"Values":["deviceDefault","daily","unkownFutureValue"]},{"CIMType":"UInt32","Description":"Indicates the number of times a user can enter an incorrect work profile password before the device is wiped. Valid values 4 to 11","Name":"WorkProfilePasswordSignInFailureCountBeforeFactoryReset","Option":"Write"},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Intune Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures an Intune Device Configuration Policy Android Device Owner."},{"ClassName":"MSFT_IntuneDeviceConfigurationPolicyAndroidOpenSourceProject","Parameters":[{"CIMType":"String","Description":"Id of the Intune policy.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"Display name of the Intune policy.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"Description of the Intune policy.","Name":"Description","Option":"Write"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"Boolean","Description":"Prevent applications from unknown sources.","Name":"AppsBlockInstallFromUnknownSources","Option":"Write"},{"CIMType":"Boolean","Description":"Prevent bluetooth configuration.","Name":"BluetoothBlockConfiguration","Option":"Write"},{"CIMType":"Boolean","Description":"Prevents using Bluetooth on devices.","Name":"BluetoothBlocked","Option":"Write"},{"CIMType":"Boolean","Description":"Prevents access to the device camera.","Name":"CameraBlocked","Option":"Write"},{"CIMType":"Boolean","Description":"Prevent factory reset.","Name":"FactoryResetBlocked","Option":"Write"},{"CIMType":"UInt32","Description":"Minimum number of characters required for the password.","Name":"PasswordMinimumLength","Option":"Write"},{"CIMType":"UInt32","Description":"Maximum minutes of inactivity until screen locks.","Name":"PasswordMinutesOfInactivityBeforeScreenTimeout","Option":"Write"},{"CIMType":"String","Description":"Set password complexity.","Name":"PasswordRequiredType","Option":"Write","ValueMap":["deviceDefault","required","numeric","numericComplex","alphabetic","alphanumeric","alphanumericWithSymbols","lowSecurityBiometric","customPassword"],"Values":["deviceDefault","required","numeric","numericComplex","alphabetic","alphanumeric","alphanumericWithSymbols","lowSecurityBiometric","customPassword"]},{"CIMType":"UInt32","Description":"Number of sign-in failures before wiping device.","Name":"PasswordSignInFailureCountBeforeFactoryReset","Option":"Write"},{"CIMType":"Boolean","Description":"Prevent screen capture.","Name":"ScreenCaptureBlocked","Option":"Write"},{"CIMType":"Boolean","Description":"Enable debugging features.","Name":"SecurityAllowDebuggingFeatures","Option":"Write"},{"CIMType":"Boolean","Description":"Prevent external media.","Name":"StorageBlockExternalMedia","Option":"Write"},{"CIMType":"Boolean","Description":"Prevent USB file transfer.","Name":"StorageBlockUsbFileTransfer","Option":"Write"},{"CIMType":"Boolean","Description":"Prevent Wifi configuration edit.","Name":"WifiBlockEditConfigurations","Option":"Write"},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Intune Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures an Intune device configuration profile for an Android Open Source Project Device."},{"ClassName":"MSFT_IntuneDeviceConfigurationPolicyAndroidWorkProfile","Parameters":[{"CIMType":"String","Description":"Display name of the device general configuration policy for Android WorkProfile.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"Description of the device general configuration policy for Android WorkProfile","Name":"Description","Option":"Write"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Assignments of the Intune Policy.","Name":"Assignments","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to block face unlock.","Name":"PasswordBlockFaceUnlock","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to block fingerprint unlock","Name":"PasswordBlockFingerprintUnlock","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to block iris unlock.","Name":"PasswordBlockIrisUnlock","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to block Smart Lock and other trust agents.","Name":"passwordBlockTrustAgents","Option":"Write"},{"CIMType":"Uint32","Description":"Number of days before the password expires","Name":"PasswordExpirationDays","Option":"Write"},{"CIMType":"Uint32","Description":"Minimum length of passwords","Name":"PasswordMinimumLength","Option":"Write"},{"CIMType":"Uint32","Description":"Minutes of inactivity before the screen times out","Name":"PasswordMinutesOfInactivityBeforeScreenTimeout","Option":"Write"},{"CIMType":"Uint32","Description":"Number of previous passwords to block","Name":"PasswordPreviousPasswordBlockCount","Option":"Write"},{"CIMType":"Uint32","Description":"Number of sign in failures allowed before factory reset","Name":"PasswordSignInFailureCountBeforeFactoryReset","Option":"Write"},{"CIMType":"String","Description":"Type of password that is required","Name":"PasswordRequiredType","Option":"Write","ValueMap":["deviceDefault","lowSecurityBiometric","required","atLeastNumeric","numericComplex","atLeastAlphabetic","atLeastAlphanumeric","alphanumericWithSymbols"],"Values":["deviceDefault","lowSecurityBiometric","required","atLeastNumeric","numericComplex","atLeastAlphabetic","atLeastAlphanumeric","alphanumericWithSymbols"]},{"CIMType":"String","Description":"Indicates the required device password complexity on Android. One of: NONE, LOW, MEDIUM, HIGH.","Name":"RequiredPasswordComplexity","Option":"Write","ValueMap":["none","low","medium","high"],"Values":["none","low","medium","high"]},{"CIMType":"Boolean","Description":"Indicates whether to allow installation of apps from unknown sources.","Name":"WorkProfileAllowAppInstallsFromUnknownSources","Option":"Write"},{"CIMType":"String","Description":"Type of data sharing that is allowed","Name":"WorkProfileDataSharingType","Option":"Write","ValueMap":["deviceDefault","preventAny","allowPersonalToWork","noRestrictions"],"Values":["deviceDefault","preventAny","allowPersonalToWork","noRestrictions"]},{"CIMType":"Boolean","Description":"Indicates whether or not to block notifications while device locked","Name":"WorkProfileBlockNotificationsWhileDeviceLocked","Option":"Write"},{"CIMType":"Boolean","Description":"Block users from adding/removing accounts in work profile","Name":"WorkProfileBlockAddingAccounts","Option":"Write"},{"CIMType":"Boolean","Description":"Allow bluetooth devices to access enterprise contacts","Name":"WorkProfileBluetoothEnableContactSharing","Option":"Write"},{"CIMType":"Boolean","Description":"Block screen capture in work profile","Name":"WorkProfileBlockScreenCapture","Option":"Write"},{"CIMType":"Boolean","Description":"Block display work profile caller ID in personal profile","Name":"WorkProfileBlockCrossProfileCallerId","Option":"Write"},{"CIMType":"Boolean","Description":"Block work profile camera","Name":"WorkProfileBlockCamera","Option":"Write"},{"CIMType":"Boolean","Description":"Block work profile contacts availability in personal profile","Name":"WorkProfileBlockCrossProfileContactsSearch","Option":"Write"},{"CIMType":"Boolean","Description":"Boolean that indicates if the setting disallow cross profile copy paste is enabled","Name":"WorkProfileBlockCrossProfileCopyPaste","Option":"Write"},{"CIMType":"String","Description":"Type of password that is required","Name":"WorkProfileDefaultAppPermissionPolicy","Option":"Write","ValueMap":["deviceDefault","prompt","autoGrant","autoDeny"],"Values":["deviceDefault","prompt","autoGrant","autoDeny"]},{"CIMType":"Boolean","Description":"Indicates whether or not to block face unlock in work profile.","Name":"WorkProfilePasswordBlockFaceUnlock","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to block fingerprint unlock in work profile","Name":"WorkProfilePasswordBlockFingerprintUnlock","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to block iris unlock in work profile.","Name":"WorkProfilePasswordBlockIrisUnlock","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to block Smart Lock and other trust agents for work profile","Name":"WorkProfilePasswordBlockTrustAgents","Option":"Write"},{"CIMType":"Uint32","Description":"Number of days before the work profile password expires","Name":"WorkProfilePasswordExpirationDays","Option":"Write"},{"CIMType":"Uint32","Description":"Minimum length of work profile password","Name":"WorkProfilePasswordMinimumLength","Option":"Write"},{"CIMType":"Uint32","Description":"Minimum count of numeric characters required in work profile password","Name":"WorkProfilePasswordMinNumericCharacters","Option":"Write"},{"CIMType":"Uint32","Description":"Minimum count of non-letter characters required in work profile password","Name":"WorkProfilePasswordMinNonLetterCharacters","Option":"Write"},{"CIMType":"Uint32","Description":"Minimum count of letter characters required in work profile password","Name":"WorkProfilePasswordMinLetterCharacters","Option":"Write"},{"CIMType":"Uint32","Description":"Minimum count of lower-case characters required in work profile password","Name":"WorkProfilePasswordMinLowerCaseCharacters","Option":"Write"},{"CIMType":"Uint32","Description":"Minimum count of upper-case characters required in work profile password","Name":"WorkProfilePasswordMinUpperCaseCharacters","Option":"Write"},{"CIMType":"Uint32","Description":"Minimum count of symbols required in work profile password","Name":"WorkProfilePasswordMinSymbolCharacters","Option":"Write"},{"CIMType":"Uint32","Description":"Minutes of inactivity before the screen times out","Name":"WorkProfilePasswordMinutesOfInactivityBeforeScreenTimeout","Option":"Write"},{"CIMType":"Uint32","Description":"Number of previous work profile passwords to block","Name":"WorkProfilePasswordPreviousPasswordBlockCount","Option":"Write"},{"CIMType":"Uint32","Description":"Number of sign in failures allowed before work profile is removed and all corporate data deleted","Name":"WorkProfilePasswordSignInFailureCountBeforeFactoryReset","Option":"Write"},{"CIMType":"String","Description":"Type of work profile password that is required","Name":"WorkProfilePasswordRequiredType","Option":"Write","ValueMap":["deviceDefault","lowSecurityBiometric","required","atLeastNumeric","numericComplex","atLeastAlphabetic","atLeastAlphanumeric","alphanumericWithSymbols"],"Values":["deviceDefault","lowSecurityBiometric","required","atLeastNumeric","numericComplex","atLeastAlphabetic","atLeastAlphanumeric","alphanumericWithSymbols"]},{"CIMType":"String","Description":"Indicates the required device password complexity on Android. One of: NONE, LOW, MEDIUM, HIGH in work profile.","Name":"WorkProfileRequiredPasswordComplexity","Option":"Write","ValueMap":["none","low","medium","high"],"Values":["none","low","medium","high"]},{"CIMType":"Boolean","Description":"Password is required or not for work profile","Name":"WorkProfileRequirePassword","Option":"Write"},{"CIMType":"Boolean","Description":"Require the Android Verify apps feature is turned on","Name":"SecurityRequireVerifyApps","Option":"Write"},{"CIMType":"String","Description":"Package identifier for always-on VPN.","Name":"VpnAlwaysOnPackageIdentifier","Option":"Write"},{"CIMType":"Boolean","Description":"Enable lockdown mode for always-on VPN.","Name":"VpnEnableAlwaysOnLockdownMode","Option":"Write"},{"CIMType":"Boolean","Description":"Allow widgets from work profile apps.","Name":"WorkProfileAllowWidgets","Option":"Write"},{"CIMType":"Boolean","Description":"Prevent app installations from unknown sources in the personal profile.","Name":"WorkProfileBlockPersonalAppInstallsFromUnknownSources","Option":"Write"},{"CIMType":"string","Description":"Present ensures the site collection exists, absent ensures it is removed","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Intune Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Name of the Azure Active Directory tenant used for authentication. Format contoso.onmicrosoft.com","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures an Intune device configuration profile for an Android WorkProfile Device."},{"ClassName":"MSFT_MicrosoftGraphmediacontentratingaustralia","Parameters":[{"CIMType":"String","Description":"Movies rating selected for Australia","Name":"movieRating","Option":"Write","ValueMap":["allAllowed","allBlocked","general","parentalGuidance","mature","agesAbove15","agesAbove18"],"Values":["allAllowed","allBlocked","general","parentalGuidance","mature","agesAbove15","agesAbove18"]},{"CIMType":"String","Description":"TV rating selected for Australia","Name":"tvRating","Option":"Write","ValueMap":["allAllowed","allBlocked","preschoolers","children","general","parentalGuidance","mature","agesAbove15","agesAbove15AdultViolence"],"Values":["allAllowed","allBlocked","preschoolers","children","general","parentalGuidance","mature","agesAbove15","agesAbove15AdultViolence"]}],"Description":"This resource configures an Intune Device Configuration Policy for iOS."},{"ClassName":"MSFT_MicrosoftGraphmediacontentratingcanada","Parameters":[{"CIMType":"String","Description":"Movies rating selected for Canada","Name":"movieRating","Option":"Write","ValueMap":["allAllowed","allBlocked","general","parentalGuidance","agesAbove14","agesAbove18","restricted"],"Values":["allAllowed","allBlocked","general","parentalGuidance","agesAbove14","agesAbove18","restricted"]},{"CIMType":"String","Description":"TV rating selected for Canada","Name":"tvRating","Option":"Write","ValueMap":["allAllowed","allBlocked","children","childrenAbove8","general","parentalGuidance","agesAbove14","agesAbove18"],"Values":["allAllowed","allBlocked","children","childrenAbove8","general","parentalGuidance","agesAbove14","agesAbove18"]}],"Description":"This resource configures an Intune Device Configuration Policy for iOS."},{"ClassName":"MSFT_MicrosoftGraphmediacontentratingfrance","Parameters":[{"CIMType":"String","Description":"Movies rating selected for France","Name":"movieRating","Option":"Write","ValueMap":["allAllowed","allBlocked","agesAbove10","agesAbove12","agesAbove16","agesAbove18"],"Values":["allAllowed","allBlocked","agesAbove10","agesAbove12","agesAbove16","agesAbove18"]},{"CIMType":"String","Description":"TV rating selected for France","Name":"tvRating","Option":"Write","ValueMap":["allAllowed","allBlocked","agesAbove10","agesAbove12","agesAbove16","agesAbove18"],"Values":["allAllowed","allBlocked","agesAbove10","agesAbove12","agesAbove16","agesAbove18"]}],"Description":"This resource configures an Intune Device Configuration Policy for iOS."},{"ClassName":"MSFT_MicrosoftGraphmediacontentratinggermany","Parameters":[{"CIMType":"String","Description":"Movies rating selected for Germany","Name":"movieRating","Option":"Write","ValueMap":["allAllowed","allBlocked","general","agesAbove6","agesAbove12","agesAbove16","adults"],"Values":["allAllowed","allBlocked","general","agesAbove6","agesAbove12","agesAbove16","adults"]},{"CIMType":"String","Description":"TV rating selected for Germany","Name":"tvRating","Option":"Write","ValueMap":["allAllowed","allBlocked","general","agesAbove6","agesAbove12","agesAbove16","adults"],"Values":["allAllowed","allBlocked","general","agesAbove6","agesAbove12","agesAbove16","adults"]}],"Description":"This resource configures an Intune Device Configuration Policy for iOS."},{"ClassName":"MSFT_MicrosoftGraphmediacontentratingireland","Parameters":[{"CIMType":"String","Description":"Movies rating selected for Ireland","Name":"movieRating","Option":"Write","ValueMap":["allAllowed","allBlocked","general","parentalGuidance","agesAbove12","agesAbove15","agesAbove16","adults"],"Values":["allAllowed","allBlocked","general","parentalGuidance","agesAbove12","agesAbove15","agesAbove16","adults"]},{"CIMType":"String","Description":"TV rating selected for Ireland","Name":"tvRating","Option":"Write","ValueMap":["allAllowed","allBlocked","general","children","youngAdults","parentalSupervision","mature"],"Values":["allAllowed","allBlocked","general","children","youngAdults","parentalSupervision","mature"]}],"Description":"This resource configures an Intune Device Configuration Policy for iOS."},{"ClassName":"MSFT_MicrosoftGraphmediacontentratingjapan","Parameters":[{"CIMType":"String","Description":"Movies rating selected for Japan","Name":"movieRating","Option":"Write","ValueMap":["allAllowed","allBlocked","general","parentalGuidance","agesAbove15","agesAbove18"],"Values":["allAllowed","allBlocked","general","parentalGuidance","agesAbove15","agesAbove18"]},{"CIMType":"String","Description":"TV rating selected for Japan","Name":"tvRating","Option":"Write","ValueMap":["allAllowed","allBlocked","explicitAllowed"],"Values":["allAllowed","allBlocked","explicitAllowed"]}],"Description":"This resource configures an Intune Device Configuration Policy for iOS."},{"ClassName":"MSFT_MicrosoftGraphmediacontentratingnewzealand","Parameters":[{"CIMType":"String","Description":"Movies rating selected for New Zealand","Name":"movieRating","Option":"Write","ValueMap":["allAllowed","allBlocked","general","parentalGuidance","mature","agesAbove13","agesAbove15","agesAbove16","agesAbove18","restricted","agesAbove16Restricted"],"Values":["allAllowed","allBlocked","general","parentalGuidance","mature","agesAbove13","agesAbove15","agesAbove16","agesAbove18","restricted","agesAbove16Restricted"]},{"CIMType":"String","Description":"TV rating selected for New Zealand","Name":"tvRating","Option":"Write","ValueMap":["allAllowed","allBlocked","general","parentalGuidance","adults"],"Values":["allAllowed","allBlocked","general","parentalGuidance","adults"]}],"Description":"This resource configures an Intune Device Configuration Policy for iOS."},{"ClassName":"MSFT_MicrosoftGraphmediacontentratingunitedkingdom","Parameters":[{"CIMType":"String","Description":"Movies rating selected for UK","Name":"movieRating","Option":"Write","ValueMap":["allAllowed","allBlocked","general","universalChildren","parentalGuidance","agesAbove12Video","agesAbove12Cinema","agesAbove15","adults"],"Values":["allAllowed","allBlocked","general","universalChildren","parentalGuidance","agesAbove12Video","agesAbove12Cinema","agesAbove15","adults"]},{"CIMType":"String","Description":"TV rating selected for UK","Name":"tvRating","Option":"Write","ValueMap":["allAllowed","allBlocked","caution"],"Values":["allAllowed","allBlocked","caution"]}],"Description":"This resource configures an Intune Device Configuration Policy for iOS."},{"ClassName":"MSFT_MicrosoftGraphmediacontentratingunitedstates","Parameters":[{"CIMType":"String","Description":"Movies rating selected for USA","Name":"movieRating","Option":"Write","ValueMap":["allAllowed","allBlocked","general","parentalGuidance","parentalGuidance13","restricted","adults"],"Values":["allAllowed","allBlocked","general","parentalGuidance","parentalGuidance13","restricted","adults"]},{"CIMType":"String","Description":"TV rating selected for USA","Name":"tvRating","Option":"Write","ValueMap":["allAllowed","allBlocked","childrenAll","childrenAbove7","general","parentalGuidance","childrenAbove14","adults"],"Values":["allAllowed","allBlocked","childrenAll","childrenAbove7","general","parentalGuidance","childrenAbove14","adults"]}],"Description":"This resource configures an Intune Device Configuration Policy for iOS."},{"ClassName":"MSFT_MicrosoftGraphiosnetworkusagerule","Parameters":[{"CIMType":"Boolean","Description":"If set to true, corresponding managed apps will not be allowed to use cellular data at any time.","Name":"cellularDataBlocked","Option":"Write"},{"CIMType":"Boolean","Description":"If set to true, corresponding managed apps will not be allowed to use cellular data when roaming.","Name":"cellularDataBlockWhenRoaming","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphapplistitem[]","Description":"Information about the managed apps that this rule is going to apply to.","Name":"managedApps","Option":"Write"}],"Description":"This resource configures an Intune Device Configuration Policy for iOS."},{"ClassName":"MSFT_IntuneDeviceConfigurationPolicyIOS","Parameters":[{"CIMType":"String","Description":"Id of the Intune policy.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"Display name of the Intune policy.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"Description of the Intune policy.","Name":"Description","Option":"Write"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to allow account modification when the device is in supervised mode.","Name":"AccountBlockModification","Option":"Write"},{"CIMType":"Boolean","Description":"Activation Lock makes it harder for a lost or stolen device to be reactivated.","Name":"ActivationLockAllowWhenSupervised","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to allow AirDrop when the device is in supervised mode.","Name":"AirDropBlocked","Option":"Write"},{"CIMType":"Boolean","Description":"Force AirDrop to be considered an unmanaged drop target.","Name":"AirDropForceUnmanagedDropTarget","Option":"Write"},{"CIMType":"Boolean","Description":"Force requiring a pairing password for outgoing AirPlay requests.","Name":"AirPlayForcePairingPasswordForOutgoingRequests","Option":"Write"},{"CIMType":"Boolean","Description":"Blocks keychain storage of username and password for outgoing AirPrint request.","Name":"AirPrintBlockCredentialsStorage","Option":"Write"},{"CIMType":"Boolean","Description":"Blocks AirPrint request.","Name":"AirPrintBlocked","Option":"Write"},{"CIMType":"Boolean","Description":"Blocking prevents malicious AirPrint Bluetooth beacons phishing for network traffic.","Name":"AirPrintBlockiBeaconDiscovery","Option":"Write"},{"CIMType":"Boolean","Description":"Forces trusted certificates for TLS printing communication","Name":"AirPrintForceTrustedTLS","Option":"Write"},{"CIMType":"Boolean","Description":"Block app clips.","Name":"AppClipsBlocked","Option":"Write"},{"CIMType":"Boolean","Description":"Block Apple News","Name":"AppleNewsBlocked","Option":"Write"},{"CIMType":"Boolean","Description":"Block Apple PersonalizedAdsBlocked","Name":"ApplePersonalizedAdsBlocked","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to allow Apple Watch pairing when the device is in supervised mode (iOS 9.0 and later).","Name":"AppleWatchBlockPairing","Option":"Write"},{"CIMType":"Boolean","Description":"Force paired Apple watch to use wrist detection.","Name":"AppleWatchForceWristDetection","Option":"Write"},{"CIMType":"Boolean","Description":"Block app removal.","Name":"AppRemovalBlocked","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphapplistitem[]","Description":"Apps you add to this list and assign to a device can lock the device to run only that app once launched, or lock the device while a certain action is running (for example, taking a test). Once the action is complete, or you remove the restriction, the device returns to its normal state.","Name":"AppsSingleAppModeList","Option":"Write"},{"CIMType":"Boolean","Description":"Blocks automatic downloading of apps purchased on other devices. Does not affect updates to existing apps.","Name":"AppStoreBlockAutomaticDownloads","Option":"Write"},{"CIMType":"Boolean","Description":"For supervised devices as of iOS 13.0.","Name":"AppStoreBlocked","Option":"Write"},{"CIMType":"Boolean","Description":"Block AppStore in-app purchases.","Name":"AppStoreBlockInAppPurchases","Option":"Write"},{"CIMType":"Boolean","Description":"Block App Store from Home Screen. Users may continue to use iTunes or Apple Configurator to install or update apps.","Name":"AppStoreBlockUIAppInstallation","Option":"Write"},{"CIMType":"Boolean","Description":"Users must enter Apple ID password for each in-app and iTunes purchase.","Name":"AppStoreRequirePassword","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphapplistitem[]","Description":"Enter the iTunes App Store URL of the app you want. For example, to specify the Microsoft Work Folders app for iOS, enter https://itunes.apple.com/us/app/work-folders/id950878067?mt=8. To find the URL of an app, use a search engine to locate the store page. For example, to find the Work Folders app, you could search Microsoft Work Folders ITunes.","Name":"AppsVisibilityList","Option":"Write"},{"CIMType":"String","Description":"Set whether the list is a list of apps to hide or a list of apps to make visible.","Name":"AppsVisibilityListType","Option":"Write","ValueMap":["none","appsInListCompliant","appsNotInListCompliant"],"Values":["none","appsInListCompliant","appsNotInListCompliant"]},{"CIMType":"Boolean","Description":"Require Touch ID or Face ID before passwords or credit card information can be auto filled in Safari and Apps. Available with iOS 12.0 and later.","Name":"AutoFillForceAuthentication","Option":"Write"},{"CIMType":"Boolean","Description":"Block auto unlock.","Name":"AutoUnlockBlocked","Option":"Write"},{"CIMType":"Boolean","Description":"Blocking disables the ability to remove system apps from the device.","Name":"BlockSystemAppRemoval","Option":"Write"},{"CIMType":"Boolean","Description":"Block modification of Bluetooth settings. To use this setting, the device must be in supervised mode (iOS 10.0+).","Name":"BluetoothBlockModification","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to block the user from accessing the camera of the device. Requires a supervised device for iOS 13 and later.","Name":"CameraBlocked","Option":"Write"},{"CIMType":"Boolean","Description":"Block data roaming over the cellular network. This won't show in the device's management profile, but a block will be enforced for data roaming every time the device checks in (typically every 8 hours).","Name":"CellularBlockDataRoaming","Option":"Write"},{"CIMType":"Boolean","Description":"Block global background fetch while roaming over the cellular network.","Name":"CellularBlockGlobalBackgroundFetchWhileRoaming","Option":"Write"},{"CIMType":"Boolean","Description":"Block changes to app cellular data usage settings.","Name":"CellularBlockPerAppDataModification","Option":"Write"},{"CIMType":"Boolean","Description":"This value is available only with certain carriers. This won't show in the device's management profile, but a block will be enforced for personal hotspot every time the device checks in (typically every 8 hours). Block modification of personal hotspot in addition to this setting to ensure personal hotspot will always be blocked.","Name":"CellularBlockPersonalHotspot","Option":"Write"},{"CIMType":"Boolean","Description":"For devices running iOS 12.2 and later. Users can't turn Personal Hotspot on or off. If you block this setting and block Personal Hotspot, Personal Hotspot will be turned off.","Name":"CellularBlockPersonalHotspotModification","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to allow users to change the settings of the cellular plan on a supervised device.","Name":"CellularBlockPlanModification","Option":"Write"},{"CIMType":"Boolean","Description":"Block voice roaming over the cellular network.","Name":"CellularBlockVoiceRoaming","Option":"Write"},{"CIMType":"Boolean","Description":"Block untrusted Transport Layer Security (TLS) certificates.","Name":"CertificatesBlockUntrustedTlsCertificates","Option":"Write"},{"CIMType":"Boolean","Description":"Block remote screen observation by Classroom app. To use this setting, the device must be in supervised mode (iOS 9.3+).","Name":"ClassroomAppBlockRemoteScreenObservation","Option":"Write"},{"CIMType":"Boolean","Description":"Student devices enrolled in a class via the Classroom app will automatically give permission to that course's teacher to silently observe the student's screen.","Name":"ClassroomAppForceUnpromptedScreenObservation","Option":"Write"},{"CIMType":"Boolean","Description":"Students can join a class without prompting the teacher.","Name":"ClassroomForceAutomaticallyJoinClasses","Option":"Write"},{"CIMType":"Boolean","Description":"Requires a student enrolled in an unmanaged course via Classroom to request permission from the teacher when attempting to leave the course. Only available in iOS 11.3+","Name":"ClassroomForceRequestPermissionToLeaveClasses","Option":"Write"},{"CIMType":"Boolean","Description":"Teachers can lock an app open or lock the device without first prompting the user.","Name":"ClassroomForceUnpromptedAppAndDeviceLock","Option":"Write"},{"CIMType":"String","Description":"Device compliance can be viewed in the Restricted Apps Compliance report.","Name":"CompliantAppListType","Option":"Write","ValueMap":["none","appsInListCompliant","appsNotInListCompliant"],"Values":["none","appsInListCompliant","appsNotInListCompliant"]},{"CIMType":"MSFT_MicrosoftGraphapplistitem[]","Description":"Enter the iTunes App Store URL of the app you want. For example, to specify the Microsoft Work Folders app for iOS, enter https://itunes.apple.com/us/app/work-folders/id950878067?mt=8. To find the URL of an app, use a search engine to locate the store page. For example, to find the Work Folders app, you could search Microsoft Work Folders ITunes.","Name":"CompliantAppsList","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to block the user from installing configuration profiles and certificates interactively when the device is in supervised mode.","Name":"ConfigurationProfileBlockChanges","Option":"Write"},{"CIMType":"Boolean","Description":"Users can sync and add their managed contacts (including business and corporate ones) to an unmanaged app, such as the device's built-in contacts app.","Name":"ContactsAllowManagedToUnmanagedWrite","Option":"Write"},{"CIMType":"Boolean","Description":"An unmanaged app, such as the device's built-in contacts app, can access contact info in a managed app, such as Outlook.","Name":"ContactsAllowUnmanagedToManagedRead","Option":"Write"},{"CIMType":"Boolean","Description":"QuickPath enables continuous input on the device keyboard. Available for iOS/iPadOS 13.0 and later.","Name":"ContinuousPathKeyboardBlocked","Option":"Write"},{"CIMType":"Boolean","Description":"Forces device to Set Date & Time Automatically. The device's time zone will only be updated when the device has cellular connections or wifi with location services enabled.","Name":"DateAndTimeForceSetAutomatically","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to block definition lookup when the device is in supervised mode (iOS 8.1.3 and later ).","Name":"DefinitionLookupBlocked","Option":"Write"},{"CIMType":"Boolean","Description":"On iOS 12.0 and later, this blocks users from setting their own Screen Time settings, which includes device restrictions. On iOS 11.4.1 and earlier, this blocks the user from enabling restrictions in the device settings. The blocking effect is the same on any supervised iOS device.","Name":"DeviceBlockEnableRestrictions","Option":"Write"},{"CIMType":"Boolean","Description":"Block the use of the erase all content and settings option on the device.","Name":"DeviceBlockEraseContentAndSettings","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to allow device name modification when the device is in supervised mode (iOS 9.0 and later).","Name":"DeviceBlockNameModification","Option":"Write"},{"CIMType":"Boolean","Description":"Block the device from sending diagnostic and usage telemetry data.","Name":"DiagnosticDataBlockSubmission","Option":"Write"},{"CIMType":"Boolean","Description":"Block the modification of the diagnostic submission and app analytics settings in the Diagnostics and Usage pane in Settings. To use this setting, the device must be in supervised mode (iOS 9.3.2+).","Name":"DiagnosticDataBlockSubmissionModification","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to block the user from viewing managed documents in unmanaged apps.","Name":"DocumentsBlockManagedDocumentsInUnmanagedApps","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to block the user from viewing unmanaged documents in managed apps.","Name":"DocumentsBlockUnmanagedDocumentsInManagedApps","Option":"Write"},{"CIMType":"String[]","Description":"Emails that the user sends or receives which don't match the domains you specify here will be marked as untrusted.","Name":"EmailInDomainSuffixes","Option":"Write"},{"CIMType":"Boolean","Description":"Removes the Trust Enterprise Developer button in Settings->General->Profiles & Device Management.","Name":"EnterpriseAppBlockTrust","Option":"Write"},{"CIMType":"Boolean","Description":"Block the changing of enterprise app trust settings.","Name":"EnterpriseAppBlockTrustModification","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to backup enterprise book.","Name":"EnterpriseBookBlockBackup","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to sync enterprise book metadata.","Name":"EnterpriseBookBlockMetadataSync","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to allow the addition or removal of cellular plans on the eSIM of a supervised device.","Name":"EsimBlockModification","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to block the user from using FaceTime. Requires a supervised device for iOS 13 and later.","Name":"FaceTimeBlocked","Option":"Write"},{"CIMType":"Boolean","Description":"Using the Server Message Block (SMB) protocol, devices can access files or other resources on a network server. Available for devices running iOS and iPadOS, versions 13.0 and later.","Name":"FilesNetworkDriveAccessBlocked","Option":"Write"},{"CIMType":"Boolean","Description":"Devices with access can connect to and open files on a USB drive. Available for devices running iOS and iPadOS, versions 13.0 and later.","Name":"FilesUsbDriveAccessBlocked","Option":"Write"},{"CIMType":"Boolean","Description":"A Find My app feature. Available for iOS/iPadOS 13.0 and later.","Name":"FindMyDeviceInFindMyAppBlocked","Option":"Write"},{"CIMType":"Boolean","Description":"Block changes to the Find My Friends app settings.","Name":"FindMyFriendsBlocked","Option":"Write"},{"CIMType":"Boolean","Description":"A Find My app feature. Used to locate family and friends from an Apple device or iCloud.com. Available for iOS/iPadOS 13.0 and later.","Name":"FindMyFriendsInFindMyAppBlocked","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to block the user from using Game Center when the device is in supervised mode.","Name":"GameCenterBlocked","Option":"Write"},{"CIMType":"Boolean","Description":"Block adding Game Center friends. For supervised devices as of iOS 13.0.","Name":"GamingBlockGameCenterFriends","Option":"Write"},{"CIMType":"Boolean","Description":"For supervised devices as of iOS 13.0.","Name":"GamingBlockMultiplayer","Option":"Write"},{"CIMType":"Boolean","Description":"Host pairing allows you to control which devices the device can pair with.","Name":"HostPairingBlocked","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to block the user from using the iBooks Store when the device is in supervised mode.","Name":"IBooksStoreBlocked","Option":"Write"},{"CIMType":"Boolean","Description":"User will not be able to download media from the iBook store that has been tagged as erotica.","Name":"IBooksStoreBlockErotica","Option":"Write"},{"CIMType":"Boolean","Description":"Handoff lets users start work on one iOS device, and continue it on another MacOS or iOS device.","Name":"ICloudBlockActivityContinuation","Option":"Write"},{"CIMType":"Boolean","Description":"Block backing up device to iCloud.","Name":"ICloudBlockBackup","Option":"Write"},{"CIMType":"Boolean","Description":"Blocks iCloud from syncing documents and data.","Name":"ICloudBlockDocumentSync","Option":"Write"},{"CIMType":"Boolean","Description":"Block managed apps from syncing to cloud.","Name":"ICloudBlockManagedAppsSync","Option":"Write"},{"CIMType":"Boolean","Description":"Any photos not fully downloaded from iCloud Photo Library to device will be removed from local storage.","Name":"ICloudBlockPhotoLibrary","Option":"Write"},{"CIMType":"Boolean","Description":"Block photo stream syncing to iCloud.","Name":"ICloudBlockPhotoStreamSync","Option":"Write"},{"CIMType":"Boolean","Description":"Block shared photo streaming. Blocking can cause data loss.","Name":"ICloudBlockSharedPhotoStream","Option":"Write"},{"CIMType":"Boolean","Description":"Block iCloud private relay.","Name":"ICloudPrivateRelayBlocked","Option":"Write"},{"CIMType":"Boolean","Description":"Require encryption on device backup.","Name":"ICloudRequireEncryptedBackup","Option":"Write"},{"CIMType":"Boolean","Description":"Block iTunes.","Name":"ITunesBlocked","Option":"Write"},{"CIMType":"Boolean","Description":"Block explicit iTunes music, podcast, and news content from iTunes. For supervised devices as of 13.0.","Name":"ITunesBlockExplicitContent","Option":"Write"},{"CIMType":"Boolean","Description":"Block Music service. If true, Music app reverts to classic mode and Music service is disabled.","Name":"ITunesBlockMusicService","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to block the user from using iTunes Radio when the device is in supervised mode (iOS 9.3 and later).","Name":"ITunesBlockRadio","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to block keyboard auto-correction when the device is in supervised mode (iOS 8.1.3 and later).","Name":"KeyboardBlockAutoCorrect","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to block the user from using dictation input when the device is in supervised mode.","Name":"KeyboardBlockDictation","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to block predictive keyboards when device is in supervised mode (iOS 8.1.3 and later).","Name":"KeyboardBlockPredictive","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to block keyboard shortcuts when the device is in supervised mode (iOS 9.0 and later).","Name":"KeyboardBlockShortcuts","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to block keyboard spell-checking when the device is in supervised mode (iOS 8.1.3 and later).","Name":"KeyboardBlockSpellCheck","Option":"Write"},{"CIMType":"Boolean","Description":"Disables syncing credentials stored in the Keychain to iCloud.","Name":"KeychainBlockCloudSync","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to allow assistive speak while in kiosk mode.","Name":"KioskModeAllowAssistiveSpeak","Option":"Write"},{"CIMType":"Boolean","Description":"Users can turn AssistiveTouch on or off.","Name":"KioskModeAllowAssistiveTouchSettings","Option":"Write"},{"CIMType":"Boolean","Description":"Kiosk mode allow auto lock","Name":"KioskModeAllowAutoLock","Option":"Write"},{"CIMType":"Boolean","Description":"Users can turn invert colors on or off.","Name":"KioskModeAllowColorInversionSettings","Option":"Write"},{"CIMType":"Boolean","Description":"Kiosk mode allow ringer switch","Name":"KioskModeAllowRingerSwitch","Option":"Write"},{"CIMType":"Boolean","Description":"Kiosk mode allow screen rotation","Name":"KioskModeAllowScreenRotation","Option":"Write"},{"CIMType":"Boolean","Description":"Kiosk mode allow sleep button","Name":"KioskModeAllowSleepButton","Option":"Write"},{"CIMType":"Boolean","Description":"Kiosk mode allow touchscreen","Name":"KioskModeAllowTouchscreen","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to allow the user to toggle voice control in kiosk mode.","Name":"KioskModeAllowVoiceControlModification","Option":"Write"},{"CIMType":"Boolean","Description":"Users can turn VoiceOver on or off.","Name":"KioskModeAllowVoiceOverSettings","Option":"Write"},{"CIMType":"Boolean","Description":"Kiosk mode allow volume buttons","Name":"KioskModeAllowVolumeButtons","Option":"Write"},{"CIMType":"Boolean","Description":"Users can turn zoom on or off.","Name":"KioskModeAllowZoomSettings","Option":"Write"},{"CIMType":"String","Description":"URL of app for kiosk mode, e.g. https://itunes.apple.com/us/app/work-folders/id950878067?mt=8","Name":"KioskModeAppStoreUrl","Option":"Write"},{"CIMType":"String","Description":"Indicates type of app in kiosk mode.","Name":"KioskModeAppType","Option":"Write","ValueMap":["notConfigured","appStoreApp","managedApp","builtInApp"],"Values":["notConfigured","appStoreApp","managedApp","builtInApp"]},{"CIMType":"Boolean","Description":"Indicates whether or not to block the auto-lock while in Kiosk Mode.","Name":"KioskModeBlockAutoLock","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to block the ringer switch while in Kiosk Mode.","Name":"KioskModeBlockRingerSwitch","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to block the screen rotation while in Kiosk Mode.","Name":"KioskModeBlockScreenRotation","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to block the sleep button while in Kiosk Mode.","Name":"KioskModeBlockSleepButton","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to block the touchscreen while in Kiosk Mode.","Name":"KioskModeBlockTouchscreen","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to block the volume buttons while in Kiosk Mode.","Name":"KioskModeBlockVolumeButtons","Option":"Write"},{"CIMType":"String","Description":"To see a list of bundle IDs for common built-in iOS apps, see the Intune documentation.","Name":"KioskModeBuiltInAppId","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to enable the voice control while in Kiosk Mode.","Name":"KioskModeEnableVoiceControl","Option":"Write"},{"CIMType":"String","Description":"Add managed Intune apps from the Software Node.","Name":"KioskModeManagedAppId","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to enforce assistive touch while in Kiosk Mode.","Name":"KioskModeRequireAssistiveTouch","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to enforce color inversion while in Kiosk Mode.","Name":"KioskModeRequireColorInversion","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to enforce mono audio while in Kiosk Mode.","Name":"KioskModeRequireMonoAudio","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to enforce voice control while in Kiosk Mode.","Name":"KioskModeRequireVoiceOver","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to enforce zoom while in Kiosk Mode.","Name":"KioskModeRequireZoom","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to block the user from using control center on the lock screen.","Name":"LockScreenBlockControlCenter","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to block the user from using the notification view on the lock screen.","Name":"LockScreenBlockNotificationView","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to block the user from using passbook when the device is locked.","Name":"LockScreenBlockPassbook","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to block the user from using the Today View on the lock screen.","Name":"LockScreenBlockTodayView","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to enforce managed pasteboard.","Name":"ManagedPasteboardRequired","Option":"Write"},{"CIMType":"String","Description":"Media content rating settings for apps.","Name":"MediaContentRatingApps","Option":"Write","ValueMap":["allAllowed","allBlocked","agesAbove4","agesAbove9","agesAbove12","agesAbove17"],"Values":["allAllowed","allBlocked","agesAbove4","agesAbove9","agesAbove12","agesAbove17"]},{"CIMType":"MSFT_MicrosoftGraphmediacontentratingaustralia","Description":"Media content rating settings for Australia","Name":"MediaContentRatingAustralia","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphmediacontentratingcanada","Description":"Media content rating settings for Canada","Name":"MediaContentRatingCanada","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphmediacontentratingfrance","Description":"Media content rating settings for France","Name":"MediaContentRatingFrance","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphmediacontentratinggermany","Description":"Media content rating settings for Germany","Name":"MediaContentRatingGermany","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphmediacontentratingireland","Description":"Media content rating settings for Ireland","Name":"MediaContentRatingIreland","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphmediacontentratingjapan","Description":"Media content rating settings for Japan","Name":"MediaContentRatingJapan","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphmediacontentratingnewzealand","Description":"Media content rating settings for New Zealand","Name":"MediaContentRatingNewZealand","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphmediacontentratingunitedkingdom","Description":"Media content rating settings for United Kingdom","Name":"MediaContentRatingUnitedKingdom","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphmediacontentratingunitedstates","Description":"Media content rating settings for United States","Name":"MediaContentRatingUnitedStates","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to block the user from using the Messages app on the supervised device.","Name":"MessagesBlocked","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphiosnetworkusagerule[]","Description":"If you don't add any managed apps, the configured settings will apply to all managed apps by default. If you add specific managed apps, the configured settings will apply to only those apps.","Name":"NetworkUsageRules","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to block the user from using nfc on the supervised device.","Name":"NfcBlocked","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to allow notifications settings modification (iOS 9.3 and later).","Name":"NotificationsBlockSettingsModification","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to enforce on device only dictation.","Name":"OnDeviceOnlyDictationForced","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to enforce on device only translation.","Name":"OnDeviceOnlyTranslationForced","Option":"Write"},{"CIMType":"Boolean","Description":"Block users from adding, changing, or removing fingerprints and faces. Face ID is available in iOS 11.0 and later.","Name":"PasscodeBlockFingerprintModification","Option":"Write"},{"CIMType":"Boolean","Description":"Face ID is available on iOS 11.0 and later.","Name":"PasscodeBlockFingerprintUnlock","Option":"Write"},{"CIMType":"Boolean","Description":"Block passcode from being added, changed or removed. Changes to passcode restrictions will be ignored on supervised devices after blocking passcode modification.","Name":"PasscodeBlockModification","Option":"Write"},{"CIMType":"Boolean","Description":"Block simple password sequences, such as 1234 or 1111.","Name":"PasscodeBlockSimple","Option":"Write"},{"CIMType":"UInt32","Description":"Number of days until device password must be changed. (1-65535)","Name":"PasscodeExpirationDays","Option":"Write"},{"CIMType":"UInt32","Description":"Minimum number (0-4) of non-alphanumeric characters, such as #, %, !, etc., required in the password. The default value is 0.","Name":"PasscodeMinimumCharacterSetCount","Option":"Write"},{"CIMType":"UInt32","Description":"Minimum number of digits or characters in password. (4-14)","Name":"PasscodeMinimumLength","Option":"Write"},{"CIMType":"UInt32","Description":"Set to 0 to require a password immediately. There is no maximum number of minutes, and this number overrides the number currently set on the device. (This compliance check is supported for devices with OS versions iOS 8.0 and above)","Name":"PasscodeMinutesOfInactivityBeforeLock","Option":"Write"},{"CIMType":"UInt32","Description":"Set to 0 to use the device's minimum possible value. This number (0-60) overrides the number currently set on the device. If set to Immediately, devices will use the minimum possible value per device.","Name":"PasscodeMinutesOfInactivityBeforeScreenTimeout","Option":"Write"},{"CIMType":"UInt32","Description":"Number of new passwords that must be used until an old one can be reused. (1-24)","Name":"PasscodePreviousPasscodeBlockCount","Option":"Write"},{"CIMType":"Boolean","Description":"In addition to requiring a password on all devices, this setting enforces a non-simple, 6-digit password requirement (regardless of other password settings you configure) on devices that are enrolled with Apple user enrollment.","Name":"PasscodeRequired","Option":"Write"},{"CIMType":"String","Description":"Type of passcode that is required.","Name":"PasscodeRequiredType","Option":"Write","ValueMap":["deviceDefault","alphanumeric","numeric"],"Values":["deviceDefault","alphanumeric","numeric"]},{"CIMType":"UInt32","Description":"Number of consecutive times an incorrect password can be entered before device is wiped of all data. (2-11)","Name":"PasscodeSignInFailureCountBeforeWipe","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to block AirDrop password sharing","Name":"PasswordBlockAirDropSharing","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to block password autofill.","Name":"PasswordBlockAutoFill","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to block password proximity requests.","Name":"PasswordBlockProximityRequests","Option":"Write"},{"CIMType":"Boolean","Description":"Allows your users to receive software updates without connecting their devices to a computer","Name":"PkiBlockOTAUpdates","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to block podcasts.","Name":"PodcastsBlocked","Option":"Write"},{"CIMType":"Boolean","Description":"Disables device advertising identifier","Name":"PrivacyForceLimitAdTracking","Option":"Write"},{"CIMType":"Boolean","Description":"Block user's from using their Apple devices to set up and configure other Apple devices.","Name":"ProximityBlockSetupToNewDevice","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to block Safari autofill.","Name":"SafariBlockAutofill","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to block Safari. For supervised devices as of iOS 13.0.","Name":"SafariBlocked","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to block javascript in Safari.","Name":"SafariBlockJavaScript","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to block popups on Safari.","Name":"SafariBlockPopups","Option":"Write"},{"CIMType":"String","Description":"Cookie settings for Safari.","Name":"SafariCookieSettings","Option":"Write","ValueMap":["browserDefault","blockAlways","allowCurrentWebSite","allowFromWebsitesVisited","allowAlways"],"Values":["browserDefault","blockAlways","allowCurrentWebSite","allowFromWebsitesVisited","allowAlways"]},{"CIMType":"String[]","Description":"Documents downloaded from the URLs you specify here will be considered managed (Safari only).","Name":"SafariManagedDomains","Option":"Write"},{"CIMType":"String[]","Description":"Users can save passwords in Safari only from URLs matching the patterns you specify here. To use this setting, the device must be in supervised mode and not configured for multiple users. (iOS 9.3+)","Name":"SafariPasswordAutoFillDomains","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to require fraud warning in Safari.","Name":"SafariRequireFraudWarning","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to block the user from taking Screenshots","Name":"ScreenCaptureBlocked","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to block temporary sessions on shared devices.","Name":"SharedDeviceBlockTemporarySessions","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to block Siri.","Name":"SiriBlocked","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to block Siri when locked.","Name":"SiriBlockedWhenLocked","Option":"Write"},{"CIMType":"Boolean","Description":"Block Siri from querying user-generated content from the internet.","Name":"SiriBlockUserGeneratedContent","Option":"Write"},{"CIMType":"Boolean","Description":"Prevents Siri from dictating, or speaking profane language.","Name":"SiriRequireProfanityFilter","Option":"Write"},{"CIMType":"UInt32","Description":"Delay the user's software update for this many days. The maximum is 90 days. (1-90)","Name":"SoftwareUpdatesEnforcedDelayInDays","Option":"Write"},{"CIMType":"Boolean","Description":"Delay user visibility of Software Updates. This does not impact any scheduled updates. It represents days before software updates are visible to end users after release.","Name":"SoftwareUpdatesForceDelayed","Option":"Write"},{"CIMType":"Boolean","Description":"Blocks Spotlight from returning any results from an Internet search.","Name":"SpotlightBlockInternetResults","Option":"Write"},{"CIMType":"Boolean","Description":"Allow users to boot devices into recovery mode with unpaired devices. Available for devices running iOS and iPadOS versions 14.5 and later.","Name":"UnpairedExternalBootToRecoveryAllowed","Option":"Write"},{"CIMType":"Boolean","Description":"Blocks USB Restricted mode. USB Restricted mode blocks USB accessories from exchanging data with a device that has been locked over an hour.","Name":"UsbRestrictedModeBlocked","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to block voice dialing.","Name":"VoiceDialingBlocked","Option":"Write"},{"CIMType":"Boolean","Description":"Blocks the creation of VPN configurations","Name":"VpnBlockCreation","Option":"Write"},{"CIMType":"Boolean","Description":"Block wallpaper from being changed.","Name":"WallpaperBlockModification","Option":"Write"},{"CIMType":"Boolean","Description":"Force the device to use only Wi-Fi networks set up through configuration profiles.","Name":"WiFiConnectOnlyToConfiguredNetworks","Option":"Write"},{"CIMType":"Boolean","Description":"Require devices to use Wi-Fi networks set up via configuration profiles. Available for devices running iOS and iPadOS versions 14.5 and later.","Name":"WiFiConnectToAllowedNetworksOnlyForced","Option":"Write"},{"CIMType":"Boolean","Description":"Wi-Fi can't be turned off in the Settings app or in the Control Center, even when the device is in airplane mode. Available for iOS/iPadOS 13.0 and later.","Name":"WifiPowerOnForced","Option":"Write"},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Intune Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures an Intune Device Configuration Policy for iOS."},{"ClassName":"MSFT_MicrosoftGraphapplistitemMacOS","Parameters":[{"CIMType":"String","Description":"Specify the odataType","Name":"odataType","Option":"Write","ValueMap":["#microsoft.graph.appleAppListItem"],"Values":["#microsoft.graph.appleAppListItem"]},{"CIMType":"String","Description":"The application or bundle identifier of the application","Name":"appId","Option":"Key"},{"CIMType":"String","Description":"The Store URL of the application","Name":"appStoreUrl","Option":"Write"},{"CIMType":"String","Description":"The application name","Name":"name","Option":"Write"},{"CIMType":"String","Description":"The publisher of the application","Name":"publisher","Option":"Write"}],"Description":"This resource configures an Intune device configuration profile for an MacOS Device."},{"ClassName":"MSFT_MicrosoftGraphmacosprivacyaccesscontrolitem","Parameters":[{"CIMType":"String","Description":"Allow the app or process to control the Mac via the Accessibility subsystem.","Name":"accessibility","Option":"Write","ValueMap":["notConfigured","enabled","disabled"],"Values":["notConfigured","enabled","disabled"]},{"CIMType":"String","Description":"Allow or block access to contact information managed by Contacts.","Name":"addressBook","Option":"Write","ValueMap":["notConfigured","enabled","disabled"],"Values":["notConfigured","enabled","disabled"]},{"CIMType":"MSFT_MicrosoftGraphmacosappleeventreceiver[]","Description":"Allow or deny the app or process to send a restricted Apple event to another app or process. You will need to know the identifier, identifier type, and code requirement of the receiving app or process.","Name":"appleEventsAllowedReceivers","Option":"Write"},{"CIMType":"Boolean","Description":"Block access to camera app.","Name":"blockCamera","Option":"Write"},{"CIMType":"Boolean","Description":"Block the app or process from listening to events from input devices such as mouse, keyboard, and trackpad.Requires macOS 10.15 or later.","Name":"blockListenEvent","Option":"Write"},{"CIMType":"Boolean","Description":"Block access to microphone.","Name":"blockMicrophone","Option":"Write"},{"CIMType":"Boolean","Description":"Block app from capturing contents of system display. Requires macOS 10.15 or later.","Name":"blockScreenCapture","Option":"Write"},{"CIMType":"String","Description":"Allow or block access to event information managed by Calendar.","Name":"calendar","Option":"Write","ValueMap":["notConfigured","enabled","disabled"],"Values":["notConfigured","enabled","disabled"]},{"CIMType":"String","Description":"Enter the code requirement, which can be obtained with the command 'codesign -display -r -' in the Terminal app. Include everything after '=>'.","Name":"codeRequirement","Option":"Write"},{"CIMType":"String","Description":"The display name of the app, process, or executable.","Name":"displayName","Option":"Write"},{"CIMType":"String","Description":"Allow the app or process to access files managed by another app's file provider extension. Requires macOS 10.15 or later.","Name":"fileProviderPresence","Option":"Write","ValueMap":["notConfigured","enabled","disabled"],"Values":["notConfigured","enabled","disabled"]},{"CIMType":"String","Description":"The bundle ID or path of the app, process, or executable.","Name":"identifier","Option":"Write"},{"CIMType":"String","Description":"A bundle ID is used to identify an app. A path is used to identify a process or executable.","Name":"identifierType","Option":"Write","ValueMap":["bundleID","path"],"Values":["bundleID","path"]},{"CIMType":"String","Description":"Allow or block access to music and the media library.","Name":"mediaLibrary","Option":"Write","ValueMap":["notConfigured","enabled","disabled"],"Values":["notConfigured","enabled","disabled"]},{"CIMType":"String","Description":"Allow or block access to images managed by Photos.","Name":"photos","Option":"Write","ValueMap":["notConfigured","enabled","disabled"],"Values":["notConfigured","enabled","disabled"]},{"CIMType":"String","Description":"Control access to CoreGraphics APIs, which are used to send CGEvents to the system event stream.","Name":"postEvent","Option":"Write","ValueMap":["notConfigured","enabled","disabled"],"Values":["notConfigured","enabled","disabled"]},{"CIMType":"String","Description":"Allow or block access to information managed by Reminders.","Name":"reminders","Option":"Write","ValueMap":["notConfigured","enabled","disabled"],"Values":["notConfigured","enabled","disabled"]},{"CIMType":"String","Description":"Allow or block access to system speech recognition facility.","Name":"speechRecognition","Option":"Write","ValueMap":["notConfigured","enabled","disabled"],"Values":["notConfigured","enabled","disabled"]},{"CIMType":"Boolean","Description":"Statically validates the code requirement. Use this setting if the process invalidates its dynamic code signature.","Name":"staticCodeValidation","Option":"Write"},{"CIMType":"String","Description":"Control access to all protected files on a device. Files might be in locations such as emails, messages, apps, and administrative settings. Apply this setting with caution.","Name":"systemPolicyAllFiles","Option":"Write","ValueMap":["notConfigured","enabled","disabled"],"Values":["notConfigured","enabled","disabled"]},{"CIMType":"String","Description":"Allow or block access to Desktop folder.","Name":"systemPolicyDesktopFolder","Option":"Write","ValueMap":["notConfigured","enabled","disabled"],"Values":["notConfigured","enabled","disabled"]},{"CIMType":"String","Description":"Allow or block access to Documents folder.","Name":"systemPolicyDocumentsFolder","Option":"Write","ValueMap":["notConfigured","enabled","disabled"],"Values":["notConfigured","enabled","disabled"]},{"CIMType":"String","Description":"Allow or block access to Downloads folder.","Name":"systemPolicyDownloadsFolder","Option":"Write","ValueMap":["notConfigured","enabled","disabled"],"Values":["notConfigured","enabled","disabled"]},{"CIMType":"String","Description":"Allow or block access to network volumes. Requires macOS 10.15 or later.","Name":"systemPolicyNetworkVolumes","Option":"Write","ValueMap":["notConfigured","enabled","disabled"],"Values":["notConfigured","enabled","disabled"]},{"CIMType":"String","Description":"Control access to removable volumes on the device, such as an external hard drive. Requires macOS 10.15 or later.","Name":"systemPolicyRemovableVolumes","Option":"Write","ValueMap":["notConfigured","enabled","disabled"],"Values":["notConfigured","enabled","disabled"]},{"CIMType":"String","Description":"Allow app or process to access files used in system administration.","Name":"systemPolicySystemAdminFiles","Option":"Write","ValueMap":["notConfigured","enabled","disabled"],"Values":["notConfigured","enabled","disabled"]}],"Description":"This resource configures an Intune device configuration profile for an MacOS Device."},{"ClassName":"MSFT_MicrosoftGraphmacosappleeventreceiver","Parameters":[{"CIMType":"Boolean","Description":"Allow or block this app from receiving Apple events.","Name":"allowed","Option":"Write"},{"CIMType":"String","Description":"Code requirement for the app or binary that receives the Apple Event.","Name":"codeRequirement","Option":"Write"},{"CIMType":"String","Description":"Bundle ID of the app or file path of the process or executable that receives the Apple Event.","Name":"identifier","Option":"Write"},{"CIMType":"String","Description":"Use bundle ID for an app or path for a process or executable that receives the Apple Event.","Name":"identifierType","Option":"Write","ValueMap":["bundleID","path"],"Values":["bundleID","path"]}],"Description":"This resource configures an Intune device configuration profile for an MacOS Device."},{"ClassName":"MSFT_IntuneDeviceConfigurationPolicyMacOS","Parameters":[{"CIMType":"String","Description":"Id of the Intune policy.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"Display name of the Intune policy.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"Description of the Intune policy.","Name":"Description","Option":"Write"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"Boolean","Description":"Configures users from adding friends to Game Center. Available for devices running macOS versions 10.13 and later.","Name":"AddingGameCenterFriendsBlocked","Option":"Write"},{"CIMType":"Boolean","Description":"Configures whether or not to allow AirDrop.","Name":"AirDropBlocked","Option":"Write"},{"CIMType":"Boolean","Description":"Blocks users from unlocking their Mac with Apple Watch.","Name":"AppleWatchBlockAutoUnlock","Option":"Write"},{"CIMType":"Boolean","Description":"Blocks users from taking photographs and videos.","Name":"CameraBlocked","Option":"Write"},{"CIMType":"Boolean","Description":"Blocks AirPlay, screen sharing to other devices, and a Classroom app feature used by teachers to view their students' screens. This setting isn't available if you've blocked screenshots.","Name":"ClassroomAppBlockRemoteScreenObservation","Option":"Write"},{"CIMType":"Boolean","Description":"Unprompted observation means that teachers can view screens without warning students first. This setting isn't available if you've blocked screenshots.","Name":"ClassroomAppForceUnpromptedScreenObservation","Option":"Write"},{"CIMType":"Boolean","Description":"Students can join a class without prompting the teacher.","Name":"ClassroomForceAutomaticallyJoinClasses","Option":"Write"},{"CIMType":"Boolean","Description":"Students enrolled in an unmanaged Classroom course must get teacher consent to leave the course.","Name":"ClassroomForceRequestPermissionToLeaveClasses","Option":"Write"},{"CIMType":"Boolean","Description":"Teachers can lock a student's device or app without the student's approval.","Name":"ClassroomForceUnpromptedAppAndDeviceLock","Option":"Write"},{"CIMType":"String","Description":"Device compliance can be viewed in the Restricted Apps Compliance report.","Name":"CompliantAppListType","Option":"Write","ValueMap":["none","appsInListCompliant","appsNotInListCompliant"],"Values":["none","appsInListCompliant","appsNotInListCompliant"]},{"CIMType":"MSFT_MicrosoftGraphapplistitemMacOS[]","Description":"List of apps in the compliance (either allow list or block list, controlled by CompliantAppListType).","Name":"CompliantAppsList","Option":"Write"},{"CIMType":"Boolean","Description":"Configures whether or not to allow content caching.","Name":"ContentCachingBlocked","Option":"Write"},{"CIMType":"Boolean","Description":"Block look up, a feature that looks up the definition of a highlighted word.","Name":"DefinitionLookupBlocked","Option":"Write"},{"CIMType":"String[]","Description":"Emails that the user sends or receives which don't match the domains you specify here will be marked as untrusted. ","Name":"EmailInDomainSuffixes","Option":"Write"},{"CIMType":"Boolean","Description":"Configures the reset option on supervised devices. Available for devices running macOS versions 12.0 and later.","Name":"EraseContentAndSettingsBlocked","Option":"Write"},{"CIMType":"Boolean","Description":"Configured if the Game Center icon is removed from the Home screen. Available for devices running macOS versions 10.13 and later.","Name":"GameCenterBlocked","Option":"Write"},{"CIMType":"Boolean","Description":"Handoff lets users start work on one MacOS device, and continue it on another MacOS or iOS device. Available for macOS 10.15 and later.","Name":"ICloudBlockActivityContinuation","Option":"Write"},{"CIMType":"Boolean","Description":"Blocks iCloud from syncing contacts.","Name":"ICloudBlockAddressBook","Option":"Write"},{"CIMType":"Boolean","Description":"Blocks iCloud from syncing bookmarks.","Name":"ICloudBlockBookmarks","Option":"Write"},{"CIMType":"Boolean","Description":"Blocks iCloud from syncing calendars.","Name":"ICloudBlockCalendar","Option":"Write"},{"CIMType":"Boolean","Description":"Blocks iCloud from syncing documents and data.","Name":"ICloudBlockDocumentSync","Option":"Write"},{"CIMType":"Boolean","Description":"Blocks iCloud from syncing mail.","Name":"ICloudBlockMail","Option":"Write"},{"CIMType":"Boolean","Description":"Blocks iCloud from syncing notes.","Name":"ICloudBlockNotes","Option":"Write"},{"CIMType":"Boolean","Description":"Any photos not fully downloaded from iCloud Photo Library to device will be removed from local storage.","Name":"ICloudBlockPhotoLibrary","Option":"Write"},{"CIMType":"Boolean","Description":"Blocks iCloud from syncing reminders.","Name":"ICloudBlockReminders","Option":"Write"},{"CIMType":"Boolean","Description":"Configures if the synchronization of cloud desktop and documents is blocked. Available for devices running macOS 10.12.4 and later.","Name":"ICloudDesktopAndDocumentsBlocked","Option":"Write"},{"CIMType":"Boolean","Description":"Configures if iCloud private relay is blocked or not. Available for devices running macOS 12 and later.","Name":"ICloudPrivateRelayBlocked","Option":"Write"},{"CIMType":"Boolean","Description":"Blocks files from being transferred using iTunes.","Name":"ITunesBlockFileSharing","Option":"Write"},{"CIMType":"Boolean","Description":"Configures  whether or not to block files from being transferred using iTunes.","Name":"ITunesBlockMusicService","Option":"Write"},{"CIMType":"Boolean","Description":"Block dictation, which is a feature that converts the user's voice to text.","Name":"KeyboardBlockDictation","Option":"Write"},{"CIMType":"Boolean","Description":"Disables syncing credentials stored in the Keychain to iCloud","Name":"KeychainBlockCloudSync","Option":"Write"},{"CIMType":"Boolean","Description":"Configures whether multiplayer gaming when using Game Center is blocked. Available for devices running macOS versions 10.13 and later.","Name":"MultiplayerGamingBlocked","Option":"Write"},{"CIMType":"Boolean","Description":"Configures whether or not to block sharing passwords with the AirDrop passwords feature.","Name":"PasswordBlockAirDropSharing","Option":"Write"},{"CIMType":"Boolean","Description":"Configures whether or not to block the AutoFill Passwords feature.","Name":"PasswordBlockAutoFill","Option":"Write"},{"CIMType":"Boolean","Description":"Requires user to set a non-biometric passcode or password to unlock the device.","Name":"PasswordBlockFingerprintUnlock","Option":"Write"},{"CIMType":"Boolean","Description":"Blocks user from changing the set passcode.","Name":"PasswordBlockModification","Option":"Write"},{"CIMType":"Boolean","Description":"Configures whether or not to block requesting passwords from nearby devices.","Name":"PasswordBlockProximityRequests","Option":"Write"},{"CIMType":"Boolean","Description":"Block simple password sequences, such as 1234 or 1111.","Name":"PasswordBlockSimple","Option":"Write"},{"CIMType":"UInt32","Description":"Number of days until device password must be changed. (1-65535)","Name":"PasswordExpirationDays","Option":"Write"},{"CIMType":"UInt32","Description":"Configures the number of allowed failed attempts to enter the passcode at the device's lock screen. Valid values 2 to 11","Name":"PasswordMaximumAttemptCount","Option":"Write"},{"CIMType":"UInt32","Description":"Minimum number (0-4) of non-alphanumeric characters, such as #, %, !, etc., required in the password. The default value is 0.","Name":"PasswordMinimumCharacterSetCount","Option":"Write"},{"CIMType":"UInt32","Description":"Minimum number of digits or characters in password (4-16).","Name":"PasswordMinimumLength","Option":"Write"},{"CIMType":"UInt32","Description":"Set to 0 to require a password immediately. There is no maximum number of minutes, and this number overrides the number currently set on the device.","Name":"PasswordMinutesOfInactivityBeforeLock","Option":"Write"},{"CIMType":"UInt32","Description":"Set to 0 to use the device's minimum possible value. This number (0-60 minutes) overrides the number currently set on the device.","Name":"PasswordMinutesOfInactivityBeforeScreenTimeout","Option":"Write"},{"CIMType":"UInt32","Description":"Configures the number of minutes before the login is reset after the maximum number of unsuccessful login attempts is reached.","Name":"PasswordMinutesUntilFailedLoginReset","Option":"Write"},{"CIMType":"UInt32","Description":"Number of new passwords that must be used until an old one can be reused. (1-24)","Name":"PasswordPreviousPasswordBlockCount","Option":"Write"},{"CIMType":"Boolean","Description":"Specify the type of password required.","Name":"PasswordRequired","Option":"Write"},{"CIMType":"String","Description":"Specify the type of password required.","Name":"PasswordRequiredType","Option":"Write","ValueMap":["deviceDefault","alphanumeric","numeric"],"Values":["deviceDefault","alphanumeric","numeric"]},{"CIMType":"MSFT_MicrosoftGraphmacosprivacyaccesscontrolitem[]","Description":"Configure an app's access to specific data, folders, and apps on a device. These settings apply to devices running macOS Mojave 10.14 and later.","Name":"PrivacyAccessControls","Option":"Write"},{"CIMType":"Boolean","Description":"Blocks Safari from remembering what users enter in web forms.","Name":"SafariBlockAutofill","Option":"Write"},{"CIMType":"Boolean","Description":"Configures whether or not to block the user from taking Screenshots.","Name":"ScreenCaptureBlocked","Option":"Write"},{"CIMType":"UInt32","Description":"Specify the number of days (1-90) to delay visibility of major OS software updates. Available for devices running macOS versions 11.3 and later. Valid values 0 to 90","Name":"SoftwareUpdateMajorOSDeferredInstallDelayInDays","Option":"Write"},{"CIMType":"UInt32","Description":"Specify the number of days (1-90) to delay visibility of minor OS software updates. Available for devices running macOS versions 11.3 and later. Valid values 0 to 90","Name":"SoftwareUpdateMinorOSDeferredInstallDelayInDays","Option":"Write"},{"CIMType":"UInt32","Description":"Specify the number of days (1-90) to delay visibility of non-OS software updates. Available for devices running macOS versions 11.3 and later. Valid values 0 to 90","Name":"SoftwareUpdateNonOSDeferredInstallDelayInDays","Option":"Write"},{"CIMType":"UInt32","Description":"Delay the user's software update for this many days. The maximum is 90 days. (1-90)","Name":"SoftwareUpdatesEnforcedDelayInDays","Option":"Write"},{"CIMType":"Boolean","Description":"Blocks Spotlight from returning any results from an Internet search","Name":"SpotlightBlockInternetResults","Option":"Write"},{"CIMType":"UInt32","Description":"Configures the maximum hours after which the user must enter their password to unlock the device instead of using Touch ID. Available for devices running macOS 12 and later. Valid values 0 to 2147483647","Name":"TouchIdTimeoutInHours","Option":"Write"},{"CIMType":"String[]","Description":"Configures whether to delay OS and/or app updates for macOS.","Name":"UpdateDelayPolicy","Option":"Write","ValueMap":["none","delayOSUpdateVisibility","delayAppUpdateVisibility","unknownFutureValue","delayMajorOsUpdateVisibility"],"Values":["none","delayOSUpdateVisibility","delayAppUpdateVisibility","unknownFutureValue","delayMajorOsUpdateVisibility"]},{"CIMType":"Boolean","Description":"Configures whether the wallpaper can be changed. Available for devices running macOS versions 10.13 and later.","Name":"WallpaperModificationBlocked","Option":"Write"},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Intune Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures an Intune device configuration profile for an MacOS Device."},{"ClassName":"MSFT_MicrosoftGraphDefenderDetectedMalwareActions1","Parameters":[{"CIMType":"String","Description":"Indicates a Defender action to take for high severity Malware threat detected. Possible values are: deviceDefault, clean, quarantine, remove, allow, userDefined, block.","Name":"HighSeverity","Option":"Write","ValueMap":["deviceDefault","clean","quarantine","remove","allow","userDefined","block"],"Values":["deviceDefault","clean","quarantine","remove","allow","userDefined","block"]},{"CIMType":"String","Description":"Indicates a Defender action to take for low severity Malware threat detected. Possible values are: deviceDefault, clean, quarantine, remove, allow, userDefined, block.","Name":"LowSeverity","Option":"Write","ValueMap":["deviceDefault","clean","quarantine","remove","allow","userDefined","block"],"Values":["deviceDefault","clean","quarantine","remove","allow","userDefined","block"]},{"CIMType":"String","Description":"Indicates a Defender action to take for moderate severity Malware threat detected. Possible values are: deviceDefault, clean, quarantine, remove, allow, userDefined, block.","Name":"ModerateSeverity","Option":"Write","ValueMap":["deviceDefault","clean","quarantine","remove","allow","userDefined","block"],"Values":["deviceDefault","clean","quarantine","remove","allow","userDefined","block"]},{"CIMType":"String","Description":"Indicates a Defender action to take for severe severity Malware threat detected. Possible values are: deviceDefault, clean, quarantine, remove, allow, userDefined, block.","Name":"SevereSeverity","Option":"Write","ValueMap":["deviceDefault","clean","quarantine","remove","allow","userDefined","block"],"Values":["deviceDefault","clean","quarantine","remove","allow","userDefined","block"]}],"Description":"Intune Device Configuration Policy for Windows10"},{"ClassName":"MSFT_MicrosoftGraphEdgeHomeButtonConfiguration","Parameters":[{"CIMType":"String","Description":"The specific URL to load.","Name":"HomeButtonCustomURL","Option":"Write"},{"CIMType":"String","Description":"The type of the entity.","Name":"odataType","Option":"Write","ValueMap":["#microsoft.graph.edgeHomeButtonHidden","#microsoft.graph.edgeHomeButtonLoadsStartPage","#microsoft.graph.edgeHomeButtonOpensCustomURL","#microsoft.graph.edgeHomeButtonOpensNewTab"],"Values":["#microsoft.graph.edgeHomeButtonHidden","#microsoft.graph.edgeHomeButtonLoadsStartPage","#microsoft.graph.edgeHomeButtonOpensCustomURL","#microsoft.graph.edgeHomeButtonOpensNewTab"]}],"Description":"Intune Device Configuration Policy for Windows10"},{"ClassName":"MSFT_MicrosoftGraphEdgeSearchEngineBase","Parameters":[{"CIMType":"String","Description":"Allows IT admins to set a predefined default search engine for MDM-Controlled devices. Possible values are: default, bing.","Name":"EdgeSearchEngineType","Option":"Write","ValueMap":["default","bing"],"Values":["default","bing"]},{"CIMType":"String","Description":"Points to a https link containing the OpenSearch xml file that contains, at minimum, the short name and the URL to the search Engine.","Name":"EdgeSearchEngineOpenSearchXmlUrl","Option":"Write"},{"CIMType":"String","Description":"The type of the entity.","Name":"odataType","Option":"Write","ValueMap":["#microsoft.graph.edgeSearchEngine","#microsoft.graph.edgeSearchEngineCustom"],"Values":["#microsoft.graph.edgeSearchEngine","#microsoft.graph.edgeSearchEngineCustom"]}],"Description":"Intune Device Configuration Policy for Windows10"},{"ClassName":"MSFT_MicrosoftGraphWindows10NetworkProxyServer","Parameters":[{"CIMType":"String","Description":"Address to the proxy server. Specify an address in the format ':'","Name":"Address","Option":"Write"},{"CIMType":"String[]","Description":"Addresses that should not use the proxy server. The system will not use the proxy server for addresses beginning with what is specified in this node.","Name":"Exceptions","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies whether the proxy server should be used for local (intranet) addresses.","Name":"UseForLocalAddresses","Option":"Write"}],"Description":"Intune Device Configuration Policy for Windows10"},{"ClassName":"MSFT_MicrosoftGraphWindows10AppsForceUpdateSchedule","Parameters":[{"CIMType":"String","Description":"Recurrence schedule. Possible values are: none, daily, weekly, monthly.","Name":"Recurrence","Option":"Write","ValueMap":["none","daily","weekly","monthly"],"Values":["none","daily","weekly","monthly"]},{"CIMType":"Boolean","Description":"If true, runs the task immediately if StartDateTime is in the past, else, runs at the next recurrence.","Name":"RunImmediatelyIfAfterStartDateTime","Option":"Write"},{"CIMType":"String","Description":"The start time for the force restart.","Name":"StartDateTime","Option":"Write"}],"Description":"Intune Device Configuration Policy for Windows10"},{"ClassName":"MSFT_IntuneDeviceConfigurationPolicyWindows10","Parameters":[{"CIMType":"Boolean","Description":"Indicates whether or not to Block the user from adding email accounts to the device that are not associated with a Microsoft account.","Name":"AccountsBlockAddingNonMicrosoftAccountEmail","Option":"Write"},{"CIMType":"String","Description":"Specifies if Windows apps can be activated by voice. Possible values are: notConfigured, enabled, disabled.","Name":"ActivateAppsWithVoice","Option":"Write","ValueMap":["notConfigured","enabled","disabled"],"Values":["notConfigured","enabled","disabled"]},{"CIMType":"Boolean","Description":"Indicates whether or not to block the user from selecting an AntiTheft mode preference (Windows 10 Mobile only).","Name":"AntiTheftModeBlocked","Option":"Write"},{"CIMType":"Boolean","Description":"This policy setting permits users to change installation options that typically are available only to system administrators.","Name":"AppManagementMSIAllowUserControlOverInstall","Option":"Write"},{"CIMType":"Boolean","Description":"This policy setting directs Windows Installer to use elevated permissions when it installs any program on the system.","Name":"AppManagementMSIAlwaysInstallWithElevatedPrivileges","Option":"Write"},{"CIMType":"String[]","Description":"List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are to be launched after logon.","Name":"AppManagementPackageFamilyNamesToLaunchAfterLogOn","Option":"Write"},{"CIMType":"String","Description":"Indicates whether apps from AppX packages signed with a trusted certificate can be side loaded. Possible values are: notConfigured, blocked, allowed.","Name":"AppsAllowTrustedAppsSideloading","Option":"Write","ValueMap":["notConfigured","blocked","allowed"],"Values":["notConfigured","blocked","allowed"]},{"CIMType":"Boolean","Description":"Indicates whether or not to disable the launch of all apps from Windows Store that came pre-installed or were downloaded.","Name":"AppsBlockWindowsStoreOriginatedApps","Option":"Write"},{"CIMType":"Boolean","Description":"Allows secondary authentication devices to work with Windows.","Name":"AuthenticationAllowSecondaryDevice","Option":"Write"},{"CIMType":"String","Description":"Specifies the preferred domain among available domains in the Azure AD tenant.","Name":"AuthenticationPreferredAzureADTenantDomainName","Option":"Write"},{"CIMType":"String","Description":"Indicates whether or not Web Credential Provider will be enabled. Possible values are: notConfigured, enabled, disabled.","Name":"AuthenticationWebSignIn","Option":"Write","ValueMap":["notConfigured","enabled","disabled"],"Values":["notConfigured","enabled","disabled"]},{"CIMType":"String[]","Description":"Specify a list of allowed Bluetooth services and profiles in hex formatted strings.","Name":"BluetoothAllowedServices","Option":"Write"},{"CIMType":"Boolean","Description":"Whether or not to Block the user from using bluetooth advertising.","Name":"BluetoothBlockAdvertising","Option":"Write"},{"CIMType":"Boolean","Description":"Whether or not to Block the user from using bluetooth discoverable mode.","Name":"BluetoothBlockDiscoverableMode","Option":"Write"},{"CIMType":"Boolean","Description":"Whether or not to Block the user from using bluetooth.","Name":"BluetoothBlocked","Option":"Write"},{"CIMType":"Boolean","Description":"Whether or not to block specific bundled Bluetooth peripherals to automatically pair with the host device.","Name":"BluetoothBlockPrePairing","Option":"Write"},{"CIMType":"Boolean","Description":"Whether or not to block the users from using Swift Pair and other proximity based scenarios.","Name":"BluetoothBlockPromptedProximalConnections","Option":"Write"},{"CIMType":"Boolean","Description":"Whether or not to Block the user from accessing the camera of the device.","Name":"CameraBlocked","Option":"Write"},{"CIMType":"Boolean","Description":"Whether or not to Block the user from using data over cellular while roaming.","Name":"CellularBlockDataWhenRoaming","Option":"Write"},{"CIMType":"Boolean","Description":"Whether or not to Block the user from using VPN over cellular.","Name":"CellularBlockVpn","Option":"Write"},{"CIMType":"Boolean","Description":"Whether or not to Block the user from using VPN when roaming over cellular.","Name":"CellularBlockVpnWhenRoaming","Option":"Write"},{"CIMType":"String","Description":"Whether or not to allow the cellular data channel on the device. If not configured, the cellular data channel is allowed and the user can turn it off. Possible values are: blocked, required, allowed, notConfigured.","Name":"CellularData","Option":"Write","ValueMap":["blocked","required","allowed","notConfigured"],"Values":["blocked","required","allowed","notConfigured"]},{"CIMType":"Boolean","Description":"Whether or not to Block the user from doing manual root certificate installation.","Name":"CertificatesBlockManualRootCertificateInstallation","Option":"Write"},{"CIMType":"String","Description":"Specifies the time zone to be applied to the device. This is the standard Windows name for the target time zone.","Name":"ConfigureTimeZone","Option":"Write"},{"CIMType":"Boolean","Description":"Whether or not to block Connected Devices Service which enables discovery and connection to other devices, remote messaging, remote app sessions and other cross-device experiences.","Name":"ConnectedDevicesServiceBlocked","Option":"Write"},{"CIMType":"Boolean","Description":"Whether or not to Block the user from using copy paste.","Name":"CopyPasteBlocked","Option":"Write"},{"CIMType":"Boolean","Description":"Whether or not to Block the user from using Cortana.","Name":"CortanaBlocked","Option":"Write"},{"CIMType":"Boolean","Description":"Specify whether to allow or disallow the Federal Information Processing Standard (FIPS) policy.","Name":"CryptographyAllowFipsAlgorithmPolicy","Option":"Write"},{"CIMType":"Boolean","Description":"This policy setting allows you to block direct memory access (DMA) for all hot pluggable PCI downstream ports until a user logs into Windows.","Name":"DataProtectionBlockDirectMemoryAccess","Option":"Write"},{"CIMType":"Boolean","Description":"Whether or not to block end user access to Defender.","Name":"DefenderBlockEndUserAccess","Option":"Write"},{"CIMType":"Boolean","Description":"Allows or disallows Windows Defender On Access Protection functionality.","Name":"DefenderBlockOnAccessProtection","Option":"Write"},{"CIMType":"String","Description":"Specifies the level of cloud-delivered protection. Possible values are: notConfigured, high, highPlus, zeroTolerance.","Name":"DefenderCloudBlockLevel","Option":"Write","ValueMap":["notConfigured","high","highPlus","zeroTolerance"],"Values":["notConfigured","high","highPlus","zeroTolerance"]},{"CIMType":"UInt32","Description":"Timeout extension for file scanning by the cloud. Valid values 0 to 50","Name":"DefenderCloudExtendedTimeout","Option":"Write"},{"CIMType":"UInt32","Description":"Timeout extension for file scanning by the cloud. Valid values 0 to 50","Name":"DefenderCloudExtendedTimeoutInSeconds","Option":"Write"},{"CIMType":"UInt32","Description":"Number of days before deleting quarantined malware. Valid values 0 to 90","Name":"DefenderDaysBeforeDeletingQuarantinedMalware","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphdefenderDetectedMalwareActions1","Description":"Gets or sets Defenders actions to take on detected Malware per threat level.","Name":"DefenderDetectedMalwareActions","Option":"Write"},{"CIMType":"Boolean","Description":"When blocked, catch-up scans for scheduled full scans will be turned off.","Name":"DefenderDisableCatchupFullScan","Option":"Write"},{"CIMType":"Boolean","Description":"When blocked, catch-up scans for scheduled quick scans will be turned off.","Name":"DefenderDisableCatchupQuickScan","Option":"Write"},{"CIMType":"String[]","Description":"File extensions to exclude from scans and real time protection.","Name":"DefenderFileExtensionsToExclude","Option":"Write"},{"CIMType":"String[]","Description":"Files and folder to exclude from scans and real time protection.","Name":"DefenderFilesAndFoldersToExclude","Option":"Write"},{"CIMType":"String","Description":"Value for monitoring file activity. Possible values are: userDefined, disable, monitorAllFiles, monitorIncomingFilesOnly, monitorOutgoingFilesOnly.","Name":"DefenderMonitorFileActivity","Option":"Write","ValueMap":["userDefined","disable","monitorAllFiles","monitorIncomingFilesOnly","monitorOutgoingFilesOnly"],"Values":["userDefined","disable","monitorAllFiles","monitorIncomingFilesOnly","monitorOutgoingFilesOnly"]},{"CIMType":"String","Description":"Gets or sets Defenders action to take on Potentially Unwanted Application (PUA), which includes software with behaviors of ad-injection, software bundling, persistent solicitation for payment or subscription, etc. Defender alerts user when PUA is being downloaded or attempts to install itself. Added in Windows 10 for desktop. Possible values are: deviceDefault, block, audit.","Name":"DefenderPotentiallyUnwantedAppAction","Option":"Write","ValueMap":["deviceDefault","block","audit"],"Values":["deviceDefault","block","audit"]},{"CIMType":"String","Description":"Gets or sets Defenders action to take on Potentially Unwanted Application (PUA), which includes software with behaviors of ad-injection, software bundling, persistent solicitation for payment or subscription, etc. Defender alerts user when PUA is being downloaded or attempts to install itself. Added in Windows 10 for desktop. Possible values are: userDefined, enable, auditMode, warn, notConfigured.","Name":"DefenderPotentiallyUnwantedAppActionSetting","Option":"Write","ValueMap":["userDefined","enable","auditMode","warn","notConfigured"],"Values":["userDefined","enable","auditMode","warn","notConfigured"]},{"CIMType":"String[]","Description":"Processes to exclude from scans and real time protection.","Name":"DefenderProcessesToExclude","Option":"Write"},{"CIMType":"String","Description":"The configuration for how to prompt user for sample submission. Possible values are: userDefined, alwaysPrompt, promptBeforeSendingPersonalData, neverSendData, sendAllDataWithoutPrompting.","Name":"DefenderPromptForSampleSubmission","Option":"Write","ValueMap":["userDefined","alwaysPrompt","promptBeforeSendingPersonalData","neverSendData","sendAllDataWithoutPrompting"],"Values":["userDefined","alwaysPrompt","promptBeforeSendingPersonalData","neverSendData","sendAllDataWithoutPrompting"]},{"CIMType":"Boolean","Description":"Indicates whether or not to require behavior monitoring.","Name":"DefenderRequireBehaviorMonitoring","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to require cloud protection.","Name":"DefenderRequireCloudProtection","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to require network inspection system.","Name":"DefenderRequireNetworkInspectionSystem","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to require real time monitoring.","Name":"DefenderRequireRealTimeMonitoring","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to scan archive files.","Name":"DefenderScanArchiveFiles","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to scan downloads.","Name":"DefenderScanDownloads","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to scan incoming mail messages.","Name":"DefenderScanIncomingMail","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to scan mapped network drives during full scan.","Name":"DefenderScanMappedNetworkDrivesDuringFullScan","Option":"Write"},{"CIMType":"UInt32","Description":"Max CPU usage percentage during scan. Valid values 0 to 100","Name":"DefenderScanMaxCpu","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to scan files opened from a network folder.","Name":"DefenderScanNetworkFiles","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to scan removable drives during full scan.","Name":"DefenderScanRemovableDrivesDuringFullScan","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to scan scripts loaded in Internet Explorer browser.","Name":"DefenderScanScriptsLoadedInInternetExplorer","Option":"Write"},{"CIMType":"String","Description":"The defender system scan type. Possible values are: userDefined, disabled, quick, full.","Name":"DefenderScanType","Option":"Write","ValueMap":["userDefined","disabled","quick","full"],"Values":["userDefined","disabled","quick","full"]},{"CIMType":"String","Description":"The time to perform a daily quick scan.","Name":"DefenderScheduledQuickScanTime","Option":"Write"},{"CIMType":"String","Description":"The defender time for the system scan.","Name":"DefenderScheduledScanTime","Option":"Write"},{"CIMType":"Boolean","Description":"When enabled, low CPU priority will be used during scheduled scans.","Name":"DefenderScheduleScanEnableLowCpuPriority","Option":"Write"},{"CIMType":"UInt32","Description":"The signature update interval in hours. Specify 0 not to check. Valid values 0 to 24","Name":"DefenderSignatureUpdateIntervalInHours","Option":"Write"},{"CIMType":"String","Description":"Checks for the user consent level in Windows Defender to send data. Possible values are: sendSafeSamplesAutomatically, alwaysPrompt, neverSend, sendAllSamplesAutomatically.","Name":"DefenderSubmitSamplesConsentType","Option":"Write","ValueMap":["sendSafeSamplesAutomatically","alwaysPrompt","neverSend","sendAllSamplesAutomatically"],"Values":["sendSafeSamplesAutomatically","alwaysPrompt","neverSend","sendAllSamplesAutomatically"]},{"CIMType":"String","Description":"Defender day of the week for the system scan. Possible values are: userDefined, everyday, sunday, monday, tuesday, wednesday, thursday, friday, saturday, noScheduledScan.","Name":"DefenderSystemScanSchedule","Option":"Write","ValueMap":["userDefined","everyday","sunday","monday","tuesday","wednesday","thursday","friday","saturday","noScheduledScan"],"Values":["userDefined","everyday","sunday","monday","tuesday","wednesday","thursday","friday","saturday","noScheduledScan"]},{"CIMType":"String","Description":"Indicates whether or not to allow developer unlock. Possible values are: notConfigured, blocked, allowed.","Name":"DeveloperUnlockSetting","Option":"Write","ValueMap":["notConfigured","blocked","allowed"],"Values":["notConfigured","blocked","allowed"]},{"CIMType":"Boolean","Description":"Indicates whether or not to Block the user from resetting their phone.","Name":"DeviceManagementBlockFactoryResetOnMobile","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to Block the user from doing manual un-enrollment from device management.","Name":"DeviceManagementBlockManualUnenroll","Option":"Write"},{"CIMType":"String","Description":"Gets or sets a value allowing the device to send diagnostic and usage telemetry data, such as Watson. Possible values are: userDefined, none, basic, enhanced, full.","Name":"DiagnosticsDataSubmissionMode","Option":"Write","ValueMap":["userDefined","none","basic","enhanced","full"],"Values":["userDefined","none","basic","enhanced","full"]},{"CIMType":"String[]","Description":"List of legacy applications that have GDI DPI Scaling turned off.","Name":"DisplayAppListWithGdiDPIScalingTurnedOff","Option":"Write"},{"CIMType":"String[]","Description":"List of legacy applications that have GDI DPI Scaling turned on.","Name":"DisplayAppListWithGdiDPIScalingTurnedOn","Option":"Write"},{"CIMType":"Boolean","Description":"Allow users to change Start pages on Edge. Use the EdgeHomepageUrls to specify the Start pages that the user would see by default when they open Edge.","Name":"EdgeAllowStartPagesModification","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to prevent access to about flags on Edge browser.","Name":"EdgeBlockAccessToAboutFlags","Option":"Write"},{"CIMType":"Boolean","Description":"Block the address bar dropdown functionality in Microsoft Edge. Disable this settings to minimize network connections from Microsoft Edge to Microsoft services.","Name":"EdgeBlockAddressBarDropdown","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to block auto fill.","Name":"EdgeBlockAutofill","Option":"Write"},{"CIMType":"Boolean","Description":"Block Microsoft compatibility list in Microsoft Edge. This list from Microsoft helps Edge properly display sites with known compatibility issues.","Name":"EdgeBlockCompatibilityList","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to block developer tools in the Edge browser.","Name":"EdgeBlockDeveloperTools","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to Block the user from using the Edge browser.","Name":"EdgeBlocked","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to Block the user from making changes to Favorites.","Name":"EdgeBlockEditFavorites","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to block extensions in the Edge browser.","Name":"EdgeBlockExtensions","Option":"Write"},{"CIMType":"Boolean","Description":"Allow or prevent Edge from entering the full screen mode.","Name":"EdgeBlockFullScreenMode","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to block InPrivate browsing on corporate networks, in the Edge browser.","Name":"EdgeBlockInPrivateBrowsing","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to Block the user from using JavaScript.","Name":"EdgeBlockJavaScript","Option":"Write"},{"CIMType":"Boolean","Description":"Block the collection of information by Microsoft for live tile creation when users pin a site to Start from Microsoft Edge.","Name":"EdgeBlockLiveTileDataCollection","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to Block password manager.","Name":"EdgeBlockPasswordManager","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to block popups.","Name":"EdgeBlockPopups","Option":"Write"},{"CIMType":"Boolean","Description":"Decide whether Microsoft Edge is prelaunched at Windows startup.","Name":"EdgeBlockPrelaunch","Option":"Write"},{"CIMType":"Boolean","Description":"Configure Edge to allow or block printing.","Name":"EdgeBlockPrinting","Option":"Write"},{"CIMType":"Boolean","Description":"Configure Edge to allow browsing history to be saved or to never save browsing history.","Name":"EdgeBlockSavingHistory","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to block the user from adding new search engine or changing the default search engine.","Name":"EdgeBlockSearchEngineCustomization","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to block the user from using the search suggestions in the address bar.","Name":"EdgeBlockSearchSuggestions","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to Block the user from sending the do not track header.","Name":"EdgeBlockSendingDoNotTrackHeader","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to switch the intranet traffic from Edge to Internet Explorer. Note: the name of this property is misleading the property is obsolete, use EdgeSendIntranetTrafficToInternetExplorer instead.","Name":"EdgeBlockSendingIntranetTrafficToInternetExplorer","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether the user can sideload extensions.","Name":"EdgeBlockSideloadingExtensions","Option":"Write"},{"CIMType":"Boolean","Description":"Configure whether Edge preloads the new tab page at Windows startup.","Name":"EdgeBlockTabPreloading","Option":"Write"},{"CIMType":"Boolean","Description":"Configure to load a blank page in Edge instead of the default New tab page and prevent users from changing it.","Name":"EdgeBlockWebContentOnNewTabPage","Option":"Write"},{"CIMType":"Boolean","Description":"Clear browsing data on exiting Microsoft Edge.","Name":"EdgeClearBrowsingDataOnExit","Option":"Write"},{"CIMType":"String","Description":"Indicates which cookies to block in the Edge browser. Possible values are: userDefined, allow, blockThirdParty, blockAll.","Name":"EdgeCookiePolicy","Option":"Write","ValueMap":["userDefined","allow","blockThirdParty","blockAll"],"Values":["userDefined","allow","blockThirdParty","blockAll"]},{"CIMType":"Boolean","Description":"Block the Microsoft web page that opens on the first use of Microsoft Edge. This policy allows enterprises, like those enrolled in zero emissions configurations, to block this page.","Name":"EdgeDisableFirstRunPage","Option":"Write"},{"CIMType":"String","Description":"Indicates the enterprise mode site list location. Could be a local file, local network or http location.","Name":"EdgeEnterpriseModeSiteListLocation","Option":"Write"},{"CIMType":"String","Description":"Get or set a value that specifies whether to set the favorites bar to always be visible or hidden on any page. Possible values are: notConfigured, hide, show.","Name":"EdgeFavoritesBarVisibility","Option":"Write","ValueMap":["notConfigured","hide","show"],"Values":["notConfigured","hide","show"]},{"CIMType":"String","Description":"The location of the favorites list to provision. Could be a local file, local network or http location.","Name":"EdgeFavoritesListLocation","Option":"Write"},{"CIMType":"String","Description":"The first run URL for when Edge browser is opened for the first time.","Name":"EdgeFirstRunUrl","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphedgeHomeButtonConfiguration","Description":"Causes the Home button to either hide, load the default Start page, load a New tab page, or a custom URL","Name":"EdgeHomeButtonConfiguration","Option":"Write"},{"CIMType":"Boolean","Description":"Enable the Home button configuration.","Name":"EdgeHomeButtonConfigurationEnabled","Option":"Write"},{"CIMType":"String[]","Description":"The list of URLs for homepages shodwn on MDM-enrolled devices on Edge browser.","Name":"EdgeHomepageUrls","Option":"Write"},{"CIMType":"String","Description":"Controls how the Microsoft Edge settings are restricted based on the configure kiosk mode. Possible values are: notConfigured, digitalSignage, normalMode, publicBrowsingSingleApp, publicBrowsingMultiApp.","Name":"EdgeKioskModeRestriction","Option":"Write","ValueMap":["notConfigured","digitalSignage","normalMode","publicBrowsingSingleApp","publicBrowsingMultiApp"],"Values":["notConfigured","digitalSignage","normalMode","publicBrowsingSingleApp","publicBrowsingMultiApp"]},{"CIMType":"UInt32","Description":"Specifies the time in minutes from the last user activity before Microsoft Edge kiosk resets.  Valid values are 0-1440. The default is 5. 0 indicates no reset. Valid values 0 to 1440","Name":"EdgeKioskResetAfterIdleTimeInMinutes","Option":"Write"},{"CIMType":"String","Description":"Specify the page opened when new tabs are created.","Name":"EdgeNewTabPageURL","Option":"Write"},{"CIMType":"String","Description":"Specify what kind of pages are open at start. Possible values are: notConfigured, startPage, newTabPage, previousPages, specificPages.","Name":"EdgeOpensWith","Option":"Write","ValueMap":["notConfigured","startPage","newTabPage","previousPages","specificPages"],"Values":["notConfigured","startPage","newTabPage","previousPages","specificPages"]},{"CIMType":"Boolean","Description":"Allow or prevent users from overriding certificate errors.","Name":"EdgePreventCertificateErrorOverride","Option":"Write"},{"CIMType":"String[]","Description":"Specify the list of package family names of browser extensions that are required and cannot be turned off by the user.","Name":"EdgeRequiredExtensionPackageFamilyNames","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to Require the user to use the smart screen filter.","Name":"EdgeRequireSmartScreen","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphedgeSearchEngineBase","Description":"Allows IT admins to set a default search engine for MDM-Controlled devices. Users can override this and change their default search engine provided the AllowSearchEngineCustomization policy is not set.","Name":"EdgeSearchEngine","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to switch the intranet traffic from Edge to Internet Explorer.","Name":"EdgeSendIntranetTrafficToInternetExplorer","Option":"Write"},{"CIMType":"String","Description":"Controls the message displayed by Edge before switching to Internet Explorer. Possible values are: notConfigured, disabled, enabled, keepGoing.","Name":"EdgeShowMessageWhenOpeningInternetExplorerSites","Option":"Write","ValueMap":["notConfigured","disabled","enabled","keepGoing"],"Values":["notConfigured","disabled","enabled","keepGoing"]},{"CIMType":"Boolean","Description":"Enable favorites sync between Internet Explorer and Microsoft Edge. Additions, deletions, modifications and order changes to favorites are shared between browsers.","Name":"EdgeSyncFavoritesWithInternetExplorer","Option":"Write"},{"CIMType":"String","Description":"Specifies what type of telemetry data (none, intranet, internet, both) is sent to Microsoft 365 Analytics. Possible values are: notConfigured, intranet, internet, intranetAndInternet.","Name":"EdgeTelemetryForMicrosoft365Analytics","Option":"Write","ValueMap":["notConfigured","intranet","internet","intranetAndInternet"],"Values":["notConfigured","intranet","internet","intranetAndInternet"]},{"CIMType":"Boolean","Description":"Allow users with administrative rights to delete all user data and settings using CTRL + Win + R at the device lock screen so that the device can be automatically re-configured and re-enrolled into management.","Name":"EnableAutomaticRedeployment","Option":"Write"},{"CIMType":"UInt32","Description":"This setting allows you to specify battery charge level at which Energy Saver is turned on. While on battery, Energy Saver is automatically turned on at (and below) the specified battery charge level. Valid input range (0-100). Valid values 0 to 100","Name":"EnergySaverOnBatteryThresholdPercentage","Option":"Write"},{"CIMType":"UInt32","Description":"This setting allows you to specify battery charge level at which Energy Saver is turned on. While plugged in, Energy Saver is automatically turned on at (and below) the specified battery charge level. Valid input range (0-100). Valid values 0 to 100","Name":"EnergySaverPluggedInThresholdPercentage","Option":"Write"},{"CIMType":"String","Description":"Endpoint for discovering cloud printers.","Name":"EnterpriseCloudPrintDiscoveryEndPoint","Option":"Write"},{"CIMType":"UInt32","Description":"Maximum number of printers that should be queried from a discovery endpoint. This is a mobile only setting. Valid values 1 to 65535","Name":"EnterpriseCloudPrintDiscoveryMaxLimit","Option":"Write"},{"CIMType":"String","Description":"OAuth resource URI for printer discovery service as configured in Azure portal.","Name":"EnterpriseCloudPrintMopriaDiscoveryResourceIdentifier","Option":"Write"},{"CIMType":"String","Description":"Authentication endpoint for acquiring OAuth tokens.","Name":"EnterpriseCloudPrintOAuthAuthority","Option":"Write"},{"CIMType":"String","Description":"GUID of a client application authorized to retrieve OAuth tokens from the OAuth Authority.","Name":"EnterpriseCloudPrintOAuthClientIdentifier","Option":"Write"},{"CIMType":"String","Description":"OAuth resource URI for print service as configured in the Azure portal.","Name":"EnterpriseCloudPrintResourceIdentifier","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to enable device discovery UX.","Name":"ExperienceBlockDeviceDiscovery","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to allow the error dialog from displaying if no SIM card is detected.","Name":"ExperienceBlockErrorDialogWhenNoSIM","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to enable task switching on the device.","Name":"ExperienceBlockTaskSwitcher","Option":"Write"},{"CIMType":"String","Description":"Allow or prevent the syncing of Microsoft Edge Browser settings. Option for IT admins to prevent syncing across devices, but allow user override. Possible values are: notConfigured, blockedWithUserOverride, blocked.","Name":"ExperienceDoNotSyncBrowserSettings","Option":"Write","ValueMap":["notConfigured","blockedWithUserOverride","blocked"],"Values":["notConfigured","blockedWithUserOverride","blocked"]},{"CIMType":"String","Description":"Controls if the user can configure search to Find My Files mode, which searches files in secondary hard drives and also outside of the user profile. Find My Files does not allow users to search files or locations to which they do not have access. Possible values are: notConfigured, enabled, disabled.","Name":"FindMyFiles","Option":"Write","ValueMap":["notConfigured","enabled","disabled"],"Values":["notConfigured","enabled","disabled"]},{"CIMType":"Boolean","Description":"Indicates whether or not to block DVR and broadcasting.","Name":"GameDvrBlocked","Option":"Write"},{"CIMType":"String","Description":"Controls the user access to the ink workspace, from the desktop and from above the lock screen. Possible values are: notConfigured, enabled, disabled.","Name":"InkWorkspaceAccess","Option":"Write","ValueMap":["notConfigured","enabled","disabled"],"Values":["notConfigured","enabled","disabled"]},{"CIMType":"String","Description":"Controls the user access to the ink workspace, from the desktop and from above the lock screen. Possible values are: notConfigured, blocked, allowed.","Name":"InkWorkspaceAccessState","Option":"Write","ValueMap":["notConfigured","blocked","allowed"],"Values":["notConfigured","blocked","allowed"]},{"CIMType":"Boolean","Description":"Specify whether to show recommended app suggestions in the ink workspace.","Name":"InkWorkspaceBlockSuggestedApps","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to Block the user from using internet sharing.","Name":"InternetSharingBlocked","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to Block the user from location services.","Name":"LocationServicesBlocked","Option":"Write"},{"CIMType":"String","Description":"This policy setting specifies whether Windows apps can be activated by voice while the system is locked. Possible values are: notConfigured, enabled, disabled.","Name":"LockScreenActivateAppsWithVoice","Option":"Write","ValueMap":["notConfigured","enabled","disabled"],"Values":["notConfigured","enabled","disabled"]},{"CIMType":"Boolean","Description":"Specify whether to show a user-configurable setting to control the screen timeout while on the lock screen of Windows 10 Mobile devices. If this policy is set to Allow, the value set by lockScreenTimeoutInSeconds is ignored.","Name":"LockScreenAllowTimeoutConfiguration","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to block action center notifications over lock screen.","Name":"LockScreenBlockActionCenterNotifications","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not the user can interact with Cortana using speech while the system is locked.","Name":"LockScreenBlockCortana","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether to allow toast notifications above the device lock screen.","Name":"LockScreenBlockToastNotifications","Option":"Write"},{"CIMType":"UInt32","Description":"Set the duration (in seconds) from the screen locking to the screen turning off for Windows 10 Mobile devices. Supported values are 11-1800. Valid values 11 to 1800","Name":"LockScreenTimeoutInSeconds","Option":"Write"},{"CIMType":"Boolean","Description":"Disables the ability to quickly switch between users that are logged on simultaneously without logging off.","Name":"LogonBlockFastUserSwitching","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to block the MMS send/receive functionality on the device.","Name":"MessagingBlockMMS","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to block the RCS send/receive functionality on the device.","Name":"MessagingBlockRichCommunicationServices","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to block text message back up and restore and Messaging Everywhere.","Name":"MessagingBlockSync","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to Block a Microsoft account.","Name":"MicrosoftAccountBlocked","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to Block Microsoft account settings sync.","Name":"MicrosoftAccountBlockSettingsSync","Option":"Write"},{"CIMType":"String","Description":"Controls the Microsoft Account Sign-In Assistant (wlidsvc) NT service. Possible values are: notConfigured, disabled.","Name":"MicrosoftAccountSignInAssistantSettings","Option":"Write","ValueMap":["notConfigured","disabled"],"Values":["notConfigured","disabled"]},{"CIMType":"Boolean","Description":"If set, proxy settings will be applied to all processes and accounts in the device. Otherwise, it will be applied to the user account that's enrolled into MDM.","Name":"NetworkProxyApplySettingsDeviceWide","Option":"Write"},{"CIMType":"String","Description":"Address to the proxy auto-config (PAC) script you want to use.","Name":"NetworkProxyAutomaticConfigurationUrl","Option":"Write"},{"CIMType":"Boolean","Description":"Disable automatic detection of settings. If enabled, the system will try to find the path to a proxy auto-config (PAC) script.","Name":"NetworkProxyDisableAutoDetect","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphwindows10NetworkProxyServer","Description":"Specifies manual proxy server settings.","Name":"NetworkProxyServer","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to Block the user from using near field communication.","Name":"NfcBlocked","Option":"Write"},{"CIMType":"Boolean","Description":"Gets or sets a value allowing IT admins to prevent apps and features from working with files on OneDrive.","Name":"OneDriveDisableFileSync","Option":"Write"},{"CIMType":"Boolean","Description":"Specify whether PINs or passwords such as '1111' or '1234' are allowed. For Windows 10 desktops, it also controls the use of picture passwords.","Name":"PasswordBlockSimple","Option":"Write"},{"CIMType":"UInt32","Description":"The password expiration in days. Valid values 0 to 730","Name":"PasswordExpirationDays","Option":"Write"},{"CIMType":"UInt32","Description":"This security setting determines the period of time (in days) that a password must be used before the user can change it. Valid values 0 to 998","Name":"PasswordMinimumAgeInDays","Option":"Write"},{"CIMType":"UInt32","Description":"The number of character sets required in the password.","Name":"PasswordMinimumCharacterSetCount","Option":"Write"},{"CIMType":"UInt32","Description":"The minimum password length. Valid values 4 to 16","Name":"PasswordMinimumLength","Option":"Write"},{"CIMType":"UInt32","Description":"The minutes of inactivity before the screen times out.","Name":"PasswordMinutesOfInactivityBeforeScreenTimeout","Option":"Write"},{"CIMType":"UInt32","Description":"The number of previous passwords to prevent reuse of. Valid values 0 to 50","Name":"PasswordPreviousPasswordBlockCount","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to require the user to have a password.","Name":"PasswordRequired","Option":"Write"},{"CIMType":"String","Description":"The required password type. Possible values are: deviceDefault, alphanumeric, numeric.","Name":"PasswordRequiredType","Option":"Write","ValueMap":["deviceDefault","alphanumeric","numeric"],"Values":["deviceDefault","alphanumeric","numeric"]},{"CIMType":"Boolean","Description":"Indicates whether or not to require a password upon resuming from an idle state.","Name":"PasswordRequireWhenResumeFromIdleState","Option":"Write"},{"CIMType":"UInt32","Description":"The number of sign in failures before factory reset. Valid values 0 to 999","Name":"PasswordSignInFailureCountBeforeFactoryReset","Option":"Write"},{"CIMType":"String","Description":"A http or https Url to a jpg, jpeg or png image that needs to be downloaded and used as the Desktop Image or a file Url to a local image on the file system that needs to used as the Desktop Image.","Name":"PersonalizationDesktopImageUrl","Option":"Write"},{"CIMType":"String","Description":"A http or https Url to a jpg, jpeg or png image that needs to be downloaded and used as the Lock Screen Image or a file Url to a local image on the file system that needs to be used as the Lock Screen Image.","Name":"PersonalizationLockScreenImageUrl","Option":"Write"},{"CIMType":"String","Description":"This setting specifies the action that Windows takes when a user presses the Power button while on battery. Possible values are: notConfigured, noAction, sleep, hibernate, shutdown.","Name":"PowerButtonActionOnBattery","Option":"Write","ValueMap":["notConfigured","noAction","sleep","hibernate","shutdown"],"Values":["notConfigured","noAction","sleep","hibernate","shutdown"]},{"CIMType":"String","Description":"This setting specifies the action that Windows takes when a user presses the Power button while plugged in. Possible values are: notConfigured, noAction, sleep, hibernate, shutdown.","Name":"PowerButtonActionPluggedIn","Option":"Write","ValueMap":["notConfigured","noAction","sleep","hibernate","shutdown"],"Values":["notConfigured","noAction","sleep","hibernate","shutdown"]},{"CIMType":"String","Description":"This setting allows you to turn off hybrid sleep while on battery. If you set this setting to disable, a hiberfile is not generated when the system transitions to sleep (Stand By). If you set this setting to enable or do not configure this policy setting, users control this setting. Possible values are: notConfigured, enabled, disabled.","Name":"PowerHybridSleepOnBattery","Option":"Write","ValueMap":["notConfigured","enabled","disabled"],"Values":["notConfigured","enabled","disabled"]},{"CIMType":"String","Description":"This setting allows you to turn off hybrid sleep while plugged in. If you set this setting to disable, a hiberfile is not generated when the system transitions to sleep (Stand By). If you set this setting to enable or do not configure this policy setting, users control this setting. Possible values are: notConfigured, enabled, disabled.","Name":"PowerHybridSleepPluggedIn","Option":"Write","ValueMap":["notConfigured","enabled","disabled"],"Values":["notConfigured","enabled","disabled"]},{"CIMType":"String","Description":"This setting specifies the action that Windows takes when a user closes the lid on a mobile PC while on battery. Possible values are: notConfigured, noAction, sleep, hibernate, shutdown.","Name":"PowerLidCloseActionOnBattery","Option":"Write","ValueMap":["notConfigured","noAction","sleep","hibernate","shutdown"],"Values":["notConfigured","noAction","sleep","hibernate","shutdown"]},{"CIMType":"String","Description":"This setting specifies the action that Windows takes when a user closes the lid on a mobile PC while plugged in. Possible values are: notConfigured, noAction, sleep, hibernate, shutdown.","Name":"PowerLidCloseActionPluggedIn","Option":"Write","ValueMap":["notConfigured","noAction","sleep","hibernate","shutdown"],"Values":["notConfigured","noAction","sleep","hibernate","shutdown"]},{"CIMType":"String","Description":"This setting specifies the action that Windows takes when a user presses the Sleep button while on battery. Possible values are: notConfigured, noAction, sleep, hibernate, shutdown.","Name":"PowerSleepButtonActionOnBattery","Option":"Write","ValueMap":["notConfigured","noAction","sleep","hibernate","shutdown"],"Values":["notConfigured","noAction","sleep","hibernate","shutdown"]},{"CIMType":"String","Description":"This setting specifies the action that Windows takes when a user presses the Sleep button while plugged in. Possible values are: notConfigured, noAction, sleep, hibernate, shutdown.","Name":"PowerSleepButtonActionPluggedIn","Option":"Write","ValueMap":["notConfigured","noAction","sleep","hibernate","shutdown"],"Values":["notConfigured","noAction","sleep","hibernate","shutdown"]},{"CIMType":"Boolean","Description":"Prevent user installation of additional printers from printers settings.","Name":"PrinterBlockAddition","Option":"Write"},{"CIMType":"String","Description":"Name (network host name) of an installed printer.","Name":"PrinterDefaultName","Option":"Write"},{"CIMType":"String[]","Description":"Automatically provision printers based on their names (network host names).","Name":"PrinterNames","Option":"Write"},{"CIMType":"String","Description":"Enables or disables the use of advertising ID. Added in Windows 10, version 1607. Possible values are: notConfigured, blocked, allowed.","Name":"PrivacyAdvertisingId","Option":"Write","ValueMap":["notConfigured","blocked","allowed"],"Values":["notConfigured","blocked","allowed"]},{"CIMType":"Boolean","Description":"Indicates whether or not to allow the automatic acceptance of the pairing and privacy user consent dialog when launching apps.","Name":"PrivacyAutoAcceptPairingAndConsentPrompts","Option":"Write"},{"CIMType":"Boolean","Description":"Blocks the usage of cloud based speech services for Cortana, Dictation, or Store applications.","Name":"PrivacyBlockActivityFeed","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to block the usage of cloud based speech services for Cortana, Dictation, or Store applications.","Name":"PrivacyBlockInputPersonalization","Option":"Write"},{"CIMType":"Boolean","Description":"Blocks the shared experiences/discovery of recently used resources in task switcher etc.","Name":"PrivacyBlockPublishUserActivities","Option":"Write"},{"CIMType":"Boolean","Description":"This policy prevents the privacy experience from launching during user logon for new and upgraded users.","Name":"PrivacyDisableLaunchExperience","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to Block the user from reset protection mode.","Name":"ResetProtectionModeBlocked","Option":"Write"},{"CIMType":"String","Description":"Specifies what filter level of safe search is required. Possible values are: userDefined, strict, moderate.","Name":"SafeSearchFilter","Option":"Write","ValueMap":["userDefined","strict","moderate"],"Values":["userDefined","strict","moderate"]},{"CIMType":"Boolean","Description":"Indicates whether or not to Block the user from taking Screenshots.","Name":"ScreenCaptureBlocked","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies if search can use diacritics.","Name":"SearchBlockDiacritics","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to block the web search.","Name":"SearchBlockWebResults","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies whether to use automatic language detection when indexing content and properties.","Name":"SearchDisableAutoLanguageDetection","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to disable the search indexer backoff feature.","Name":"SearchDisableIndexerBackoff","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to block indexing of WIP-protected items to prevent them from appearing in search results for Cortana or Explorer.","Name":"SearchDisableIndexingEncryptedItems","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to allow users to add locations on removable drives to libraries and to be indexed.","Name":"SearchDisableIndexingRemovableDrive","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies if search can use location information.","Name":"SearchDisableLocation","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies if search can use location information.","Name":"SearchDisableUseLocation","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies minimum amount of hard drive space on the same drive as the index location before indexing stops.","Name":"SearchEnableAutomaticIndexSizeManangement","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to block remote queries of this computers index.","Name":"SearchEnableRemoteQueries","Option":"Write"},{"CIMType":"Boolean","Description":"Specify whether to allow automatic device encryption during OOBE when the device is Azure AD joined (desktop only).","Name":"SecurityBlockAzureADJoinedDevicesAutoEncryption","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to block access to Accounts in Settings app.","Name":"SettingsBlockAccountsPage","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to block the user from installing provisioning packages.","Name":"SettingsBlockAddProvisioningPackage","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to block access to Apps in Settings app.","Name":"SettingsBlockAppsPage","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to block the user from changing the language settings.","Name":"SettingsBlockChangeLanguage","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to block the user from changing power and sleep settings.","Name":"SettingsBlockChangePowerSleep","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to block the user from changing the region settings.","Name":"SettingsBlockChangeRegion","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to block the user from changing date and time settings.","Name":"SettingsBlockChangeSystemTime","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to block access to Devices in Settings app.","Name":"SettingsBlockDevicesPage","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to block access to Ease of Access in Settings app.","Name":"SettingsBlockEaseOfAccessPage","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to block the user from editing the device name.","Name":"SettingsBlockEditDeviceName","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to block access to Gaming in Settings app.","Name":"SettingsBlockGamingPage","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to block access to Network & Internet in Settings app.","Name":"SettingsBlockNetworkInternetPage","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to block access to Personalization in Settings app.","Name":"SettingsBlockPersonalizationPage","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to block access to Privacy in Settings app.","Name":"SettingsBlockPrivacyPage","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to block the runtime configuration agent from removing provisioning packages.","Name":"SettingsBlockRemoveProvisioningPackage","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to block access to Settings app.","Name":"SettingsBlockSettingsApp","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to block access to System in Settings app.","Name":"SettingsBlockSystemPage","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to block access to Time & Language in Settings app.","Name":"SettingsBlockTimeLanguagePage","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to block access to Update & Security in Settings app.","Name":"SettingsBlockUpdateSecurityPage","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to block multiple users of the same app to share data.","Name":"SharedUserAppDataAllowed","Option":"Write"},{"CIMType":"String","Description":"Added in Windows 10, version 1703. Allows IT Admins to control whether users are allowed to install apps from places other than the Store. Possible values are: notConfigured, anywhere, storeOnly, recommendations, preferStore.","Name":"SmartScreenAppInstallControl","Option":"Write","ValueMap":["notConfigured","anywhere","storeOnly","recommendations","preferStore"],"Values":["notConfigured","anywhere","storeOnly","recommendations","preferStore"]},{"CIMType":"Boolean","Description":"Indicates whether or not users can override SmartScreen Filter warnings about potentially malicious websites.","Name":"SmartScreenBlockPromptOverride","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not users can override the SmartScreen Filter warnings about downloading unverified files","Name":"SmartScreenBlockPromptOverrideForFiles","Option":"Write"},{"CIMType":"Boolean","Description":"This property will be deprecated in July 2019 and will be replaced by property SmartScreenAppInstallControl. Allows IT Admins to control whether users are allowed to install apps from places other than the Store.","Name":"SmartScreenEnableAppInstallControl","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to block the user from unpinning apps from taskbar.","Name":"StartBlockUnpinningAppsFromTaskbar","Option":"Write"},{"CIMType":"String","Description":"Setting the value of this collapses the app list, removes the app list entirely, or disables the corresponding toggle in the Settings app. Possible values are: userDefined, collapse, remove, disableSettingsApp.","Name":"StartMenuAppListVisibility","Option":"Write","ValueMap":["userDefined","collapse","remove","disableSettingsApp"],"Values":["userDefined","collapse","remove","disableSettingsApp"]},{"CIMType":"Boolean","Description":"Enabling this policy hides the change account setting from appearing in the user tile in the start menu.","Name":"StartMenuHideChangeAccountSettings","Option":"Write"},{"CIMType":"Boolean","Description":"Enabling this policy hides the most used apps from appearing on the start menu and disables the corresponding toggle in the Settings app.","Name":"StartMenuHideFrequentlyUsedApps","Option":"Write"},{"CIMType":"Boolean","Description":"Enabling this policy hides hibernate from appearing in the power button in the start menu.","Name":"StartMenuHideHibernate","Option":"Write"},{"CIMType":"Boolean","Description":"Enabling this policy hides lock from appearing in the user tile in the start menu.","Name":"StartMenuHideLock","Option":"Write"},{"CIMType":"Boolean","Description":"Enabling this policy hides the power button from appearing in the start menu.","Name":"StartMenuHidePowerButton","Option":"Write"},{"CIMType":"Boolean","Description":"Enabling this policy hides recent jump lists from appearing on the start menu/taskbar and disables the corresponding toggle in the Settings app.","Name":"StartMenuHideRecentJumpLists","Option":"Write"},{"CIMType":"Boolean","Description":"Enabling this policy hides recently added apps from appearing on the start menu and disables the corresponding toggle in the Settings app.","Name":"StartMenuHideRecentlyAddedApps","Option":"Write"},{"CIMType":"Boolean","Description":"Enabling this policy hides 'Restart/Update and Restart' from appearing in the power button in the start menu.","Name":"StartMenuHideRestartOptions","Option":"Write"},{"CIMType":"Boolean","Description":"Enabling this policy hides shut down/update and shut down from appearing in the power button in the start menu.","Name":"StartMenuHideShutDown","Option":"Write"},{"CIMType":"Boolean","Description":"Enabling this policy hides sign out from appearing in the user tile in the start menu.","Name":"StartMenuHideSignOut","Option":"Write"},{"CIMType":"Boolean","Description":"Enabling this policy hides sleep from appearing in the power button in the start menu.","Name":"StartMenuHideSleep","Option":"Write"},{"CIMType":"Boolean","Description":"Enabling this policy hides switch account from appearing in the user tile in the start menu.","Name":"StartMenuHideSwitchAccount","Option":"Write"},{"CIMType":"Boolean","Description":"Enabling this policy hides the user tile from appearing in the start menu.","Name":"StartMenuHideUserTile","Option":"Write"},{"CIMType":"String","Description":"This policy setting allows you to import Edge assets to be used with startMenuLayoutXml policy. Start layout can contain secondary tile from Edge app which looks for Edge local asset file. Edge local asset would not exist and cause Edge secondary tile to appear empty in this case. This policy only gets applied when startMenuLayoutXml policy is modified. The value should be a UTF-8 Base64 encoded byte array.","Name":"StartMenuLayoutEdgeAssetsXml","Option":"Write"},{"CIMType":"String","Description":"Allows admins to override the default Start menu layout and prevents the user from changing it. The layout is modified by specifying an XML file based on a layout modification schema. XML needs to be in a UTF8 encoded byte array format.","Name":"StartMenuLayoutXml","Option":"Write"},{"CIMType":"String","Description":"Allows admins to decide how the Start menu is displayed. Possible values are: userDefined, fullScreen, nonFullScreen.","Name":"StartMenuMode","Option":"Write","ValueMap":["userDefined","fullScreen","nonFullScreen"],"Values":["userDefined","fullScreen","nonFullScreen"]},{"CIMType":"String","Description":"Enforces the visibility (Show/Hide) of the Documents folder shortcut on the Start menu. Possible values are: notConfigured, hide, show.","Name":"StartMenuPinnedFolderDocuments","Option":"Write","ValueMap":["notConfigured","hide","show"],"Values":["notConfigured","hide","show"]},{"CIMType":"String","Description":"Enforces the visibility (Show/Hide) of the Downloads folder shortcut on the Start menu. Possible values are: notConfigured, hide, show.","Name":"StartMenuPinnedFolderDownloads","Option":"Write","ValueMap":["notConfigured","hide","show"],"Values":["notConfigured","hide","show"]},{"CIMType":"String","Description":"Enforces the visibility (Show/Hide) of the FileExplorer shortcut on the Start menu. Possible values are: notConfigured, hide, show.","Name":"StartMenuPinnedFolderFileExplorer","Option":"Write","ValueMap":["notConfigured","hide","show"],"Values":["notConfigured","hide","show"]},{"CIMType":"String","Description":"Enforces the visibility (Show/Hide) of the HomeGroup folder shortcut on the Start menu. Possible values are: notConfigured, hide, show.","Name":"StartMenuPinnedFolderHomeGroup","Option":"Write","ValueMap":["notConfigured","hide","show"],"Values":["notConfigured","hide","show"]},{"CIMType":"String","Description":"Enforces the visibility (Show/Hide) of the Music folder shortcut on the Start menu. Possible values are: notConfigured, hide, show.","Name":"StartMenuPinnedFolderMusic","Option":"Write","ValueMap":["notConfigured","hide","show"],"Values":["notConfigured","hide","show"]},{"CIMType":"String","Description":"Enforces the visibility (Show/Hide) of the Network folder shortcut on the Start menu. Possible values are: notConfigured, hide, show.","Name":"StartMenuPinnedFolderNetwork","Option":"Write","ValueMap":["notConfigured","hide","show"],"Values":["notConfigured","hide","show"]},{"CIMType":"String","Description":"Enforces the visibility (Show/Hide) of the PersonalFolder shortcut on the Start menu. Possible values are: notConfigured, hide, show.","Name":"StartMenuPinnedFolderPersonalFolder","Option":"Write","ValueMap":["notConfigured","hide","show"],"Values":["notConfigured","hide","show"]},{"CIMType":"String","Description":"Enforces the visibility (Show/Hide) of the Pictures folder shortcut on the Start menu. Possible values are: notConfigured, hide, show.","Name":"StartMenuPinnedFolderPictures","Option":"Write","ValueMap":["notConfigured","hide","show"],"Values":["notConfigured","hide","show"]},{"CIMType":"String","Description":"Enforces the visibility (Show/Hide) of the Settings folder shortcut on the Start menu. Possible values are: notConfigured, hide, show.","Name":"StartMenuPinnedFolderSettings","Option":"Write","ValueMap":["notConfigured","hide","show"],"Values":["notConfigured","hide","show"]},{"CIMType":"String","Description":"Enforces the visibility (Show/Hide) of the Videos folder shortcut on the Start menu. Possible values are: notConfigured, hide, show.","Name":"StartMenuPinnedFolderVideos","Option":"Write","ValueMap":["notConfigured","hide","show"],"Values":["notConfigured","hide","show"]},{"CIMType":"Boolean","Description":"Indicates whether or not to Block the user from using removable storage.","Name":"StorageBlockRemovableStorage","Option":"Write"},{"CIMType":"Boolean","Description":"Indicating whether or not to require encryption on a mobile device.","Name":"StorageRequireMobileDeviceEncryption","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether application data is restricted to the system drive.","Name":"StorageRestrictAppDataToSystemVolume","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether the installation of applications is restricted to the system drive.","Name":"StorageRestrictAppInstallToSystemVolume","Option":"Write"},{"CIMType":"String","Description":"Gets or sets the fully qualified domain name (FQDN) or IP address of a proxy server to forward Connected User Experiences and Telemetry requests.","Name":"SystemTelemetryProxyServer","Option":"Write"},{"CIMType":"Boolean","Description":"Specify whether non-administrators can use Task Manager to end tasks.","Name":"TaskManagerBlockEndTask","Option":"Write"},{"CIMType":"Boolean","Description":"Whether the device is required to connect to the network.","Name":"TenantLockdownRequireNetworkDuringOutOfBoxExperience","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to uninstall a fixed list of built-in Windows apps.","Name":"UninstallBuiltInApps","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to Block the user from USB connection.","Name":"UsbBlocked","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to Block the user from voice recording.","Name":"VoiceRecordingBlocked","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not user's localhost IP address is displayed while making phone calls using the WebRTC","Name":"WebRtcBlockLocalhostIpAddress","Option":"Write"},{"CIMType":"Boolean","Description":"Indicating whether or not to block automatically connecting to Wi-Fi hotspots. Has no impact if Wi-Fi is blocked.","Name":"WiFiBlockAutomaticConnectHotspots","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to Block the user from using Wi-Fi.","Name":"WiFiBlocked","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to Block the user from using Wi-Fi manual configuration.","Name":"WiFiBlockManualConfiguration","Option":"Write"},{"CIMType":"UInt32","Description":"Specify how often devices scan for Wi-Fi networks. Supported values are 1-500, where 100 = default, and 500 = low frequency. Valid values 1 to 500","Name":"WiFiScanInterval","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphwindows10AppsForceUpdateSchedule","Description":"Windows 10 force update schedule for Apps.","Name":"Windows10AppsForceUpdateSchedule","Option":"Write"},{"CIMType":"Boolean","Description":"Allows IT admins to block experiences that are typically for consumers only, such as Start suggestions, Membership notifications, Post-OOBE app install and redirect tiles.","Name":"WindowsSpotlightBlockConsumerSpecificFeatures","Option":"Write"},{"CIMType":"Boolean","Description":"Allows IT admins to turn off all Windows Spotlight features","Name":"WindowsSpotlightBlocked","Option":"Write"},{"CIMType":"Boolean","Description":"Block suggestions from Microsoft that show after each OS clean install, upgrade or in an on-going basis to introduce users to what is new or changed","Name":"WindowsSpotlightBlockOnActionCenter","Option":"Write"},{"CIMType":"Boolean","Description":"Block personalized content in Windows spotlight based on users device usage.","Name":"WindowsSpotlightBlockTailoredExperiences","Option":"Write"},{"CIMType":"Boolean","Description":"Block third party content delivered via Windows Spotlight","Name":"WindowsSpotlightBlockThirdPartyNotifications","Option":"Write"},{"CIMType":"Boolean","Description":"Block Windows Spotlight Windows welcome experience","Name":"WindowsSpotlightBlockWelcomeExperience","Option":"Write"},{"CIMType":"Boolean","Description":"Allows IT admins to turn off the popup of Windows Tips.","Name":"WindowsSpotlightBlockWindowsTips","Option":"Write"},{"CIMType":"String","Description":"Specifies the type of Spotlight. Possible values are: notConfigured, disabled, enabled.","Name":"WindowsSpotlightConfigureOnLockScreen","Option":"Write","ValueMap":["notConfigured","disabled","enabled"],"Values":["notConfigured","disabled","enabled"]},{"CIMType":"Boolean","Description":"Indicates whether or not to block automatic update of apps from Windows Store.","Name":"WindowsStoreBlockAutoUpdate","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to Block the user from using the Windows store.","Name":"WindowsStoreBlocked","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to enable Private Store Only.","Name":"WindowsStoreEnablePrivateStoreOnly","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to allow other devices from discovering this PC for projection.","Name":"WirelessDisplayBlockProjectionToThisDevice","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to allow user input from wireless display receiver.","Name":"WirelessDisplayBlockUserInputFromReceiver","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to require a PIN for new devices to initiate pairing.","Name":"WirelessDisplayRequirePinForPairing","Option":"Write"},{"CIMType":"String","Description":"Admin provided description of the Device Configuration.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Admin provided name of the device configuration.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Device Configuration Policy for Windows10"},{"ClassName":"MSFT_IntuneDeviceConfigurationSCEPCertificatePolicyWindows10","Parameters":[{"CIMType":"String","Description":"Target store certificate. Possible values are: user, machine.","Name":"CertificateStore","Option":"Write","ValueMap":["user","machine"],"Values":["user","machine"]},{"CIMType":"String","Description":"SCEP Hash Algorithm. Possible values are: sha1, sha2.","Name":"HashAlgorithm","Option":"Write","ValueMap":["sha1","sha2","sha1","sha2"],"Values":["sha1","sha2","sha1","sha2"]},{"CIMType":"String","Description":"SCEP Key Size. Possible values are: size1024, size2048, size4096.","Name":"KeySize","Option":"Write","ValueMap":["size1024","size2048","size4096"],"Values":["size1024","size2048","size4096"]},{"CIMType":"String[]","Description":"SCEP Key Usage. Possible values are: keyEncipherment, digitalSignature.","Name":"KeyUsage","Option":"Write","ValueMap":["keyEncipherment","digitalSignature"],"Values":["keyEncipherment","digitalSignature"]},{"CIMType":"String[]","Description":"SCEP Server Url(s).","Name":"ScepServerUrls","Option":"Write"},{"CIMType":"String","Description":"Custom String that defines the AAD Attribute.","Name":"SubjectAlternativeNameFormatString","Option":"Write"},{"CIMType":"String","Description":"Custom format to use with SubjectNameFormat = Custom. Example: CN={{UserName}},E={{EmailAddress}},OU=Enterprise Users,O=Contoso Corporation,L=Redmond,ST=WA,C=US","Name":"SubjectNameFormatString","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphcustomSubjectAlternativeName[]","Description":"Custom Subject Alternative Name Settings. This collection can contain a maximum of 500 elements.","Name":"CustomSubjectAlternativeNames","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphextendedKeyUsage[]","Description":"Extended Key Usage (EKU) settings. This collection can contain a maximum of 500 elements.","Name":"ExtendedKeyUsages","Option":"Write"},{"CIMType":"String","Description":"Scale for the Certificate Validity Period. Possible values are: days, months, years.","Name":"CertificateValidityPeriodScale","Option":"Write","ValueMap":["days","months","years"],"Values":["days","months","years"]},{"CIMType":"UInt32","Description":"Value for the Certificate Validity Period","Name":"CertificateValidityPeriodValue","Option":"Write"},{"CIMType":"String","Description":"Key Storage Provider (KSP). Possible values are: useTpmKspOtherwiseUseSoftwareKsp, useTpmKspOtherwiseFail, usePassportForWorkKspOtherwiseFail, useSoftwareKsp.","Name":"KeyStorageProvider","Option":"Write","ValueMap":["useTpmKspOtherwiseUseSoftwareKsp","useTpmKspOtherwiseFail","usePassportForWorkKspOtherwiseFail","useSoftwareKsp"],"Values":["useTpmKspOtherwiseUseSoftwareKsp","useTpmKspOtherwiseFail","usePassportForWorkKspOtherwiseFail","useSoftwareKsp"]},{"CIMType":"UInt32","Description":"Certificate renewal threshold percentage. Valid values 1 to 99","Name":"RenewalThresholdPercentage","Option":"Write"},{"CIMType":"String","Description":"Certificate Subject Alternative Name Type. Possible values are: none, emailAddress, userPrincipalName, customAzureADAttribute, domainNameService, universalResourceIdentifier.","Name":"SubjectAlternativeNameType","Option":"Write","ValueMap":["none","emailAddress","userPrincipalName","customAzureADAttribute","domainNameService","universalResourceIdentifier"],"Values":["none","emailAddress","userPrincipalName","customAzureADAttribute","domainNameService","universalResourceIdentifier"]},{"CIMType":"String","Description":"Certificate Subject Name Format. Possible values are: commonName, commonNameIncludingEmail, commonNameAsEmail, custom, commonNameAsIMEI, commonNameAsSerialNumber, commonNameAsAadDeviceId, commonNameAsIntuneDeviceId, commonNameAsDurableDeviceId.","Name":"SubjectNameFormat","Option":"Write","ValueMap":["commonName","commonNameIncludingEmail","commonNameAsEmail","custom","commonNameAsIMEI","commonNameAsSerialNumber","commonNameAsAadDeviceId","commonNameAsIntuneDeviceId","commonNameAsDurableDeviceId"],"Values":["commonName","commonNameIncludingEmail","commonNameAsEmail","custom","commonNameAsIMEI","commonNameAsSerialNumber","commonNameAsAadDeviceId","commonNameAsIntuneDeviceId","commonNameAsDurableDeviceId"]},{"CIMType":"String","Description":"Trusted Root Certificate DisplayName","Name":"RootCertificateDisplayName","Option":"Write"},{"CIMType":"String","Description":"Trusted Root Certificate Id","Name":"RootCertificateId","Option":"Write"},{"CIMType":"String","Description":"Admin provided description of the Device Configuration.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Admin provided name of the device configuration.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Device Configuration Scep Certificate Policy for Windows10"},{"ClassName":"MSFT_IntuneDeviceConfigurationSecureAssessmentPolicyWindows10","Parameters":[{"CIMType":"Boolean","Description":"Indicates whether or not to allow the app from printing during the test.","Name":"AllowPrinting","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to allow screen capture capability during a test.","Name":"AllowScreenCapture","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to allow text suggestions during the test.","Name":"AllowTextSuggestion","Option":"Write"},{"CIMType":"String","Description":"Specifies the application user model ID of the assessment app launched when a user signs in to a secure assessment with a local guest account. Important notice: this property must be set with localGuestAccountName in order to make the local guest account sign-in experience work properly for secure assessments.","Name":"AssessmentAppUserModelId","Option":"Write"},{"CIMType":"String","Description":"The account used to configure the Windows device for taking the test. The user can be a domain account (domain/user), an AAD account (usernametenant.com) or a local account (username).","Name":"ConfigurationAccount","Option":"Write"},{"CIMType":"String","Description":"The account type used to by ConfigurationAccount. Possible values are: azureADAccount, domainAccount, localAccount, localGuestAccount.","Name":"ConfigurationAccountType","Option":"Write","ValueMap":["azureADAccount","domainAccount","localAccount","localGuestAccount"],"Values":["azureADAccount","domainAccount","localAccount","localGuestAccount"]},{"CIMType":"String","Description":"Url link to an assessment that's automatically loaded when the secure assessment browser is launched. It has to be a valid Url (https://msdn.microsoft.com/).","Name":"LaunchUri","Option":"Write"},{"CIMType":"String","Description":"Specifies the display text for the local guest account shown on the sign-in screen. Typically is the name of an assessment. When the user clicks the local guest account on the sign-in screen, an assessment app is launched with a specified assessment URL. Secure assessments can only be configured with local guest account sign-in on devices running Windows 10, version 1903 or later. Important notice: this property must be set with assessmentAppUserModelID in order to make the local guest account sign-in experience work properly for secure assessments.","Name":"LocalGuestAccountName","Option":"Write"},{"CIMType":"String","Description":"Admin provided description of the Device Configuration.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Admin provided name of the device configuration.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Device Configuration Secure Assessment Policy for Windows10"},{"ClassName":"MSFT_MicrosoftGraphSharedPCAccountManagerPolicy","Parameters":[{"CIMType":"String","Description":"Configures when accounts are deleted. Possible values are: immediate, diskSpaceThreshold, diskSpaceThresholdOrInactiveThreshold.","Name":"AccountDeletionPolicy","Option":"Write","ValueMap":["immediate","diskSpaceThreshold","diskSpaceThresholdOrInactiveThreshold"],"Values":["immediate","diskSpaceThreshold","diskSpaceThresholdOrInactiveThreshold"]},{"CIMType":"UInt32","Description":"Sets the percentage of available disk space a PC should have before it stops deleting cached shared PC accounts. Only applies when AccountDeletionPolicy is DiskSpaceThreshold or DiskSpaceThresholdOrInactiveThreshold. Valid values 0 to 100","Name":"CacheAccountsAboveDiskFreePercentage","Option":"Write"},{"CIMType":"UInt32","Description":"Specifies when the accounts will start being deleted when they have not been logged on during the specified period, given as number of days. Only applies when AccountDeletionPolicy is DiskSpaceThreshold or DiskSpaceThresholdOrInactiveThreshold.","Name":"InactiveThresholdDays","Option":"Write"},{"CIMType":"UInt32","Description":"Sets the percentage of disk space remaining on a PC before cached accounts will be deleted to free disk space. Accounts that have been inactive the longest will be deleted first. Only applies when AccountDeletionPolicy is DiskSpaceThresholdOrInactiveThreshold. Valid values 0 to 100","Name":"RemoveAccountsBelowDiskFreePercentage","Option":"Write"}],"Description":"Intune Device Configuration Shared Multi Device Policy for Windows10"},{"ClassName":"MSFT_IntuneDeviceConfigurationSharedMultiDevicePolicyWindows10","Parameters":[{"CIMType":"MSFT_MicrosoftGraphsharedPCAccountManagerPolicy","Description":"Specifies how accounts are managed on a shared PC. Only applies when disableAccountManager is false.","Name":"AccountManagerPolicy","Option":"Write"},{"CIMType":"String[]","Description":"Indicates which type of accounts are allowed to use on a shared PC. Possible values are: notConfigured, guest, domain.","Name":"AllowedAccounts","Option":"Write","ValueMap":["notConfigured","guest","domain"],"Values":["notConfigured","guest","domain"]},{"CIMType":"Boolean","Description":"Specifies whether local storage is allowed on a shared PC.","Name":"AllowLocalStorage","Option":"Write"},{"CIMType":"Boolean","Description":"Disables the account manager for shared PC mode.","Name":"DisableAccountManager","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies whether the default shared PC education environment policies should be disabled. For Windows 10 RS2 and later, this policy will be applied without setting Enabled to true.","Name":"DisableEduPolicies","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies whether the default shared PC power policies should be disabled.","Name":"DisablePowerPolicies","Option":"Write"},{"CIMType":"Boolean","Description":"Disables the requirement to sign in whenever the device wakes up from sleep mode.","Name":"DisableSignInOnResume","Option":"Write"},{"CIMType":"Boolean","Description":"Enables shared PC mode and applies the shared pc policies.","Name":"Enabled","Option":"Write"},{"CIMType":"String","Description":"Specifies whether to auto connect new non-admin Azure AD accounts to pre-configured candidate local accounts. Possible values are: notConfigured, enabled, disabled.","Name":"FastFirstSignIn","Option":"Write","ValueMap":["notConfigured","enabled","disabled"],"Values":["notConfigured","enabled","disabled"]},{"CIMType":"UInt32","Description":"Specifies the time in seconds that a device must sit idle before the PC goes to sleep. Setting this value to 0 prevents the sleep timeout from occurring.","Name":"IdleTimeBeforeSleepInSeconds","Option":"Write"},{"CIMType":"String","Description":"Specifies the display text for the account shown on the sign-in screen which launches the app specified by SetKioskAppUserModelId. Only applies when KioskAppUserModelId is set.","Name":"KioskAppDisplayName","Option":"Write"},{"CIMType":"String","Description":"Specifies the application user model ID of the app to use with assigned access.","Name":"KioskAppUserModelId","Option":"Write"},{"CIMType":"String","Description":"Specifies whether local storage is allowed on a shared PC. Possible values are: notConfigured, enabled, disabled.","Name":"LocalStorage","Option":"Write","ValueMap":["notConfigured","enabled","disabled"],"Values":["notConfigured","enabled","disabled"]},{"CIMType":"String","Description":"Specifies the daily start time of maintenance hour.","Name":"MaintenanceStartTime","Option":"Write"},{"CIMType":"String","Description":"Disables the account manager for shared PC mode. Possible values are: notConfigured, enabled, disabled.","Name":"SetAccountManager","Option":"Write","ValueMap":["notConfigured","enabled","disabled"],"Values":["notConfigured","enabled","disabled"]},{"CIMType":"String","Description":"Specifies whether the default shared PC education environment policies should be enabled/disabled/not configured. For Windows 10 RS2 and later, this policy will be applied without setting Enabled to true. Possible values are: notConfigured, enabled, disabled.","Name":"SetEduPolicies","Option":"Write","ValueMap":["notConfigured","enabled","disabled"],"Values":["notConfigured","enabled","disabled"]},{"CIMType":"String","Description":"Specifies whether the default shared PC power policies should be enabled/disabled. Possible values are: notConfigured, enabled, disabled.","Name":"SetPowerPolicies","Option":"Write","ValueMap":["notConfigured","enabled","disabled"],"Values":["notConfigured","enabled","disabled"]},{"CIMType":"String","Description":"Specifies the requirement to sign in whenever the device wakes up from sleep mode. Possible values are: notConfigured, enabled, disabled.","Name":"SignInOnResume","Option":"Write","ValueMap":["notConfigured","enabled","disabled"],"Values":["notConfigured","enabled","disabled"]},{"CIMType":"String","Description":"Admin provided description of the Device Configuration.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Admin provided name of the device configuration.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Device Configuration Shared Multi Device Policy for Windows10"},{"ClassName":"MSFT_IntuneDeviceConfigurationTrustedCertificatePolicyWindows10","Parameters":[{"CIMType":"String","Description":"File name to display in UI.","Name":"CertFileName","Option":"Write"},{"CIMType":"String","Description":"Destination store location for the Trusted Root Certificate. Possible values are: computerCertStoreRoot, computerCertStoreIntermediate, userCertStoreIntermediate.","Name":"DestinationStore","Option":"Write","ValueMap":["computerCertStoreRoot","computerCertStoreIntermediate","userCertStoreIntermediate"],"Values":["computerCertStoreRoot","computerCertStoreIntermediate","userCertStoreIntermediate"]},{"CIMType":"String","Description":"Trusted Root Certificate","Name":"TrustedRootCertificate","Option":"Write"},{"CIMType":"String","Description":"Admin provided description of the Device Configuration.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Admin provided name of the device configuration.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Device Configuration Trusted Certificate Policy for Windows10"},{"ClassName":"MSFT_MicrosoftGraphWindows10AssociatedApps","Parameters":[{"CIMType":"String","Description":"Application type. Possible values are: desktop, universal.","Name":"AppType","Option":"Write","ValueMap":["desktop","universal"],"Values":["desktop","universal"]},{"CIMType":"String","Description":"Identifier.","Name":"Identifier","Option":"Key"}],"Description":"Intune Device Configuration Vpn Policy for Windows10"},{"ClassName":"MSFT_MicrosoftGraphCryptographySuite","Parameters":[{"CIMType":"String","Description":"Authentication Transform Constants. Possible values are: md5_96, sha1_96, sha_256_128, aes128Gcm, aes192Gcm, aes256Gcm.","Name":"AuthenticationTransformConstants","Option":"Write","ValueMap":["md5_96","sha1_96","sha_256_128","aes128Gcm","aes192Gcm","aes256Gcm"],"Values":["md5_96","sha1_96","sha_256_128","aes128Gcm","aes192Gcm","aes256Gcm"]},{"CIMType":"String","Description":"Cipher Transform Constants. Possible values are: aes256, des, tripleDes, aes128, aes128Gcm, aes256Gcm, aes192, aes192Gcm, chaCha20Poly1305.","Name":"CipherTransformConstants","Option":"Write","ValueMap":["aes256","des","tripleDes","aes128","aes128Gcm","aes256Gcm","aes192","aes192Gcm","chaCha20Poly1305"],"Values":["aes256","des","tripleDes","aes128","aes128Gcm","aes256Gcm","aes192","aes192Gcm","chaCha20Poly1305"]},{"CIMType":"String","Description":"Diffie Hellman Group. Possible values are: group1, group2, group14, ecp256, ecp384, group24.","Name":"DhGroup","Option":"Write","ValueMap":["group1","group2","group14","ecp256","ecp384","group24"],"Values":["group1","group2","group14","ecp256","ecp384","group24"]},{"CIMType":"String","Description":"Encryption Method. Possible values are: aes256, des, tripleDes, aes128, aes128Gcm, aes256Gcm, aes192, aes192Gcm, chaCha20Poly1305.","Name":"EncryptionMethod","Option":"Write","ValueMap":["aes256","des","tripleDes","aes128","aes128Gcm","aes256Gcm","aes192","aes192Gcm","chaCha20Poly1305"],"Values":["aes256","des","tripleDes","aes128","aes128Gcm","aes256Gcm","aes192","aes192Gcm","chaCha20Poly1305"]},{"CIMType":"String","Description":"Integrity Check Method. Possible values are: sha2_256, sha1_96, sha1_160, sha2_384, sha2_512, md5.","Name":"IntegrityCheckMethod","Option":"Write","ValueMap":["sha2_256","sha1_96","sha1_160","sha2_384","sha2_512","md5"],"Values":["sha2_256","sha1_96","sha1_160","sha2_384","sha2_512","md5"]},{"CIMType":"String","Description":"Perfect Forward Secrecy Group. Possible values are: pfs1, pfs2, pfs2048, ecp256, ecp384, pfsMM, pfs24.","Name":"PfsGroup","Option":"Write","ValueMap":["pfs1","pfs2","pfs2048","ecp256","ecp384","pfsMM","pfs24"],"Values":["pfs1","pfs2","pfs2048","ecp256","ecp384","pfsMM","pfs24"]}],"Description":"Intune Device Configuration Vpn Policy for Windows10"},{"ClassName":"MSFT_MicrosoftGraphVpnDnsRule","Parameters":[{"CIMType":"Boolean","Description":"Automatically connect to the VPN when the device connects to this domain: Default False.","Name":"AutoTrigger","Option":"Write"},{"CIMType":"String","Description":"Name.","Name":"Name","Option":"Key"},{"CIMType":"Boolean","Description":"Keep this rule active even when the VPN is not connected: Default False","Name":"Persistent","Option":"Write"},{"CIMType":"String","Description":"Proxy Server Uri.","Name":"ProxyServerUri","Option":"Write"},{"CIMType":"String[]","Description":"Servers.","Name":"Servers","Option":"Write"}],"Description":"Intune Device Configuration Vpn Policy for Windows10"},{"ClassName":"MSFT_MicrosoftGraphWindows10VpnProxyServer","Parameters":[{"CIMType":"Boolean","Description":"Bypass proxy server for local address.","Name":"BypassProxyServerForLocalAddress","Option":"Write"},{"CIMType":"String","Description":"Address.","Name":"Address","Option":"Write"},{"CIMType":"String","Description":"Proxy's automatic configuration script url.","Name":"AutomaticConfigurationScriptUrl","Option":"Write"},{"CIMType":"UInt32","Description":"Port. Valid values 0 to 65535","Name":"Port","Option":"Write"},{"CIMType":"Boolean","Description":"Automatically detect proxy settings.","Name":"AutomaticallyDetectProxySettings","Option":"Write"},{"CIMType":"String","Description":"The type of the entity.","Name":"odataType","Option":"Write","ValueMap":["#microsoft.graph.windows10VpnProxyServer","#microsoft.graph.windows81VpnProxyServer"],"Values":["#microsoft.graph.windows10VpnProxyServer","#microsoft.graph.windows81VpnProxyServer"]}],"Description":"Intune Device Configuration Vpn Policy for Windows10"},{"ClassName":"MSFT_MicrosoftGraphVpnRoute","Parameters":[{"CIMType":"String","Description":"Destination prefix (IPv4/v6 address).","Name":"DestinationPrefix","Option":"Key"},{"CIMType":"UInt32","Description":"Prefix size. (1-32). Valid values 1 to 32","Name":"PrefixSize","Option":"Write"}],"Description":"Intune Device Configuration Vpn Policy for Windows10"},{"ClassName":"MSFT_MicrosoftGraphVpnTrafficRule","Parameters":[{"CIMType":"String","Description":"App identifier, if this traffic rule is triggered by an app.","Name":"AppId","Option":"Write"},{"CIMType":"String","Description":"App type, if this traffic rule is triggered by an app. Possible values are: none, desktop, universal.","Name":"AppType","Option":"Write","ValueMap":["none","desktop","universal"],"Values":["none","desktop","universal"]},{"CIMType":"String","Description":"Claims associated with this traffic rule.","Name":"Claims","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphIPv4Range[]","Description":"Local address range. This collection can contain a maximum of 500 elements.","Name":"LocalAddressRanges","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphNumberRange[]","Description":"Local port range can be set only when protocol is either TCP or UDP (6 or 17). This collection can contain a maximum of 500 elements.","Name":"LocalPortRanges","Option":"Write"},{"CIMType":"String","Description":"Name.","Name":"Name","Option":"Write"},{"CIMType":"UInt32","Description":"Protocols (0-255). Valid values 0 to 255","Name":"Protocols","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphIPv4Range[]","Description":"Remote address range. This collection can contain a maximum of 500 elements.","Name":"RemoteAddressRanges","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphNumberRange[]","Description":"Remote port range can be set only when protocol is either TCP or UDP (6 or 17). This collection can contain a maximum of 500 elements.","Name":"RemotePortRanges","Option":"Write"},{"CIMType":"String","Description":"When app triggered, indicates whether to enable split tunneling along this route. Possible values are: none, splitTunnel, forceTunnel.","Name":"RoutingPolicyType","Option":"Write","ValueMap":["none","splitTunnel","forceTunnel"],"Values":["none","splitTunnel","forceTunnel"]},{"CIMType":"String","Description":"Specify whether the rule applies to inbound traffic or outbound traffic. Possible values are: outbound, inbound, unknownFutureValue.","Name":"VpnTrafficDirection","Option":"Write","ValueMap":["outbound","inbound","unknownFutureValue"],"Values":["outbound","inbound","unknownFutureValue"]}],"Description":"Intune Device Configuration Vpn Policy for Windows10"},{"ClassName":"MSFT_MicrosoftGraphIPv4Range","Parameters":[{"CIMType":"String","Description":"Lower address.","Name":"LowerAddress","Option":"Write"},{"CIMType":"String","Description":"Upper address.","Name":"UpperAddress","Option":"Write"},{"CIMType":"String","Description":"IPv4 address in CIDR notation. Not nullable.","Name":"CidrAddress","Option":"Write"},{"CIMType":"String","Description":"The type of the entity.","Name":"odataType","Option":"Write","ValueMap":["#microsoft.graph.iPv4CidrRange","#microsoft.graph.iPv6CidrRange","#microsoft.graph.iPv4Range","#microsoft.graph.iPv6Range"],"Values":["#microsoft.graph.iPv4CidrRange","#microsoft.graph.iPv6CidrRange","#microsoft.graph.iPv4Range","#microsoft.graph.iPv6Range"]}],"Description":"Intune Device Configuration Vpn Policy for Windows10"},{"ClassName":"MSFT_MicrosoftGraphNumberRange","Parameters":[{"CIMType":"UInt32","Description":"Lower number.","Name":"LowerNumber","Option":"Write"},{"CIMType":"UInt32","Description":"Upper number.","Name":"UpperNumber","Option":"Write"}],"Description":"Intune Device Configuration Vpn Policy for Windows10"},{"ClassName":"MSFT_MicrosoftGraphVpnServer","Parameters":[{"CIMType":"String","Description":"Address (IP address, FQDN or URL)","Name":"Address","Option":"Write"},{"CIMType":"String","Description":"Description.","Name":"Description","Option":"Write"},{"CIMType":"Boolean","Description":"Default server.","Name":"IsDefaultServer","Option":"Write"}],"Description":"Intune Device Configuration Vpn Policy for Windows10"},{"ClassName":"MSFT_IntuneDeviceConfigurationVpnPolicyWindows10","Parameters":[{"CIMType":"MSFT_MicrosoftGraphwindows10AssociatedApps[]","Description":"Associated Apps. This collection can contain a maximum of 10000 elements.","Name":"AssociatedApps","Option":"Write"},{"CIMType":"String","Description":"Authentication method. Possible values are: certificate, usernameAndPassword, customEapXml, derivedCredential.","Name":"AuthenticationMethod","Option":"Write","ValueMap":["certificate","usernameAndPassword","customEapXml","derivedCredential"],"Values":["certificate","usernameAndPassword","customEapXml","derivedCredential"]},{"CIMType":"String","Description":"Connection type. Possible values are: pulseSecure, f5EdgeClient, dellSonicWallMobileConnect, checkPointCapsuleVpn, automatic, ikEv2, l2tp, pptp, citrix, paloAltoGlobalProtect, ciscoAnyConnect, unknownFutureValue, microsoftTunnel.","Name":"ConnectionType","Option":"Write","ValueMap":["pulseSecure","f5EdgeClient","dellSonicWallMobileConnect","checkPointCapsuleVpn","automatic","ikEv2","l2tp","pptp","citrix","paloAltoGlobalProtect","ciscoAnyConnect","unknownFutureValue","microsoftTunnel"],"Values":["pulseSecure","f5EdgeClient","dellSonicWallMobileConnect","checkPointCapsuleVpn","automatic","ikEv2","l2tp","pptp","citrix","paloAltoGlobalProtect","ciscoAnyConnect","unknownFutureValue","microsoftTunnel"]},{"CIMType":"MSFT_MicrosoftGraphcryptographySuite","Description":"Cryptography Suite security settings for IKEv2 VPN in Windows10 and above","Name":"CryptographySuite","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphvpnDnsRule[]","Description":"DNS rules. This collection can contain a maximum of 1000 elements.","Name":"DnsRules","Option":"Write"},{"CIMType":"String[]","Description":"Specify DNS suffixes to add to the DNS search list to properly route short names.","Name":"DnsSuffixes","Option":"Write"},{"CIMType":"String","Description":"Extensible Authentication Protocol (EAP) XML. (UTF8 encoded byte array)","Name":"EapXml","Option":"Write"},{"CIMType":"Boolean","Description":"Enable Always On mode.","Name":"EnableAlwaysOn","Option":"Write"},{"CIMType":"Boolean","Description":"Enable conditional access.","Name":"EnableConditionalAccess","Option":"Write"},{"CIMType":"Boolean","Description":"Enable device tunnel.","Name":"EnableDeviceTunnel","Option":"Write"},{"CIMType":"Boolean","Description":"Enable IP address registration with internal DNS.","Name":"EnableDnsRegistration","Option":"Write"},{"CIMType":"Boolean","Description":"Enable single sign-on (SSO) with alternate certificate.","Name":"EnableSingleSignOnWithAlternateCertificate","Option":"Write"},{"CIMType":"Boolean","Description":"Enable split tunneling.","Name":"EnableSplitTunneling","Option":"Write"},{"CIMType":"String","Description":"ID of the Microsoft Tunnel site associated with the VPN profile.","Name":"MicrosoftTunnelSiteId","Option":"Write"},{"CIMType":"Boolean","Description":"Only associated Apps can use connection (per-app VPN).","Name":"OnlyAssociatedAppsCanUseConnection","Option":"Write"},{"CIMType":"String","Description":"Profile target type. Possible values are: user, device, autoPilotDevice.","Name":"ProfileTarget","Option":"Write","ValueMap":["user","device","autoPilotDevice"],"Values":["user","device","autoPilotDevice"]},{"CIMType":"MSFT_MicrosoftGraphwindows10VpnProxyServer","Description":"Proxy Server.","Name":"ProxyServer","Option":"Write"},{"CIMType":"Boolean","Description":"Remember user credentials.","Name":"RememberUserCredentials","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphvpnRoute[]","Description":"Routes (optional for third-party providers). This collection can contain a maximum of 1000 elements.","Name":"Routes","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphextendedKeyUsage","Description":"Single sign-on Extended Key Usage (EKU).","Name":"SingleSignOnEku","Option":"Write"},{"CIMType":"String","Description":"Single sign-on issuer hash.","Name":"SingleSignOnIssuerHash","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphvpnTrafficRule[]","Description":"Traffic rules. This collection can contain a maximum of 1000 elements.","Name":"TrafficRules","Option":"Write"},{"CIMType":"String[]","Description":"Trusted Network Domains","Name":"TrustedNetworkDomains","Option":"Write"},{"CIMType":"String","Description":"Windows Information Protection (WIP) domain to associate with this connection.","Name":"WindowsInformationProtectionDomain","Option":"Write"},{"CIMType":"String","Description":"Connection name displayed to the user.","Name":"ConnectionName","Option":"Write"},{"CIMType":"String","Description":"Custom XML commands that configures the VPN connection. (UTF8 encoded byte array)","Name":"CustomXml","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphvpnServer[]","Description":"List of VPN Servers on the network. Make sure end users can access these network locations. This collection can contain a maximum of 500 elements.","Name":"ServerCollection","Option":"Write"},{"CIMType":"String","Description":"Admin provided description of the Device Configuration.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Admin provided name of the device configuration.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Device Configuration Vpn Policy for Windows10"},{"ClassName":"MSFT_IntuneDeviceConfigurationWindowsTeamPolicyWindows10","Parameters":[{"CIMType":"Boolean","Description":"Indicates whether or not to Block Azure Operational Insights.","Name":"AzureOperationalInsightsBlockTelemetry","Option":"Write"},{"CIMType":"String","Description":"The Azure Operational Insights workspace id.","Name":"AzureOperationalInsightsWorkspaceId","Option":"Write"},{"CIMType":"String","Description":"The Azure Operational Insights Workspace key.","Name":"AzureOperationalInsightsWorkspaceKey","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies whether to automatically launch the Connect app whenever a projection is initiated.","Name":"ConnectAppBlockAutoLaunch","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to Block setting a maintenance window for device updates.","Name":"MaintenanceWindowBlocked","Option":"Write"},{"CIMType":"UInt32","Description":"Maintenance window duration for device updates. Valid values 0 to 5","Name":"MaintenanceWindowDurationInHours","Option":"Write"},{"CIMType":"String","Description":"Maintenance window start time for device updates.","Name":"MaintenanceWindowStartTime","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to Block wireless projection.","Name":"MiracastBlocked","Option":"Write"},{"CIMType":"String","Description":"The channel. Possible values are: userDefined, one, two, three, four, five, six, seven, eight, nine, ten, eleven, thirtySix, forty, fortyFour, fortyEight, oneHundredFortyNine, oneHundredFiftyThree, oneHundredFiftySeven, oneHundredSixtyOne, oneHundredSixtyFive.","Name":"MiracastChannel","Option":"Write","ValueMap":["userDefined","one","two","three","four","five","six","seven","eight","nine","ten","eleven","thirtySix","forty","fortyFour","fortyEight","oneHundredFortyNine","oneHundredFiftyThree","oneHundredFiftySeven","oneHundredSixtyOne","oneHundredSixtyFive"],"Values":["userDefined","one","two","three","four","five","six","seven","eight","nine","ten","eleven","thirtySix","forty","fortyFour","fortyEight","oneHundredFortyNine","oneHundredFiftyThree","oneHundredFiftySeven","oneHundredSixtyOne","oneHundredSixtyFive"]},{"CIMType":"Boolean","Description":"Indicates whether or not to require a pin for wireless projection.","Name":"MiracastRequirePin","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies whether to disable the 'My meetings and files' feature in the Start menu, which shows the signed-in user's meetings and files from Office 365.","Name":"SettingsBlockMyMeetingsAndFiles","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies whether to allow the ability to resume a session when the session times out.","Name":"SettingsBlockSessionResume","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies whether to disable auto-populating of the sign-in dialog with invitees from scheduled meetings.","Name":"SettingsBlockSigninSuggestions","Option":"Write"},{"CIMType":"UInt32","Description":"Specifies the default volume value for a new session. Permitted values are 0-100. The default is 45. Valid values 0 to 100","Name":"SettingsDefaultVolume","Option":"Write"},{"CIMType":"UInt32","Description":"Specifies the number of minutes until the Hub screen turns off.","Name":"SettingsScreenTimeoutInMinutes","Option":"Write"},{"CIMType":"UInt32","Description":"Specifies the number of minutes until the session times out.","Name":"SettingsSessionTimeoutInMinutes","Option":"Write"},{"CIMType":"UInt32","Description":"Specifies the number of minutes until the Hub enters sleep mode.","Name":"SettingsSleepTimeoutInMinutes","Option":"Write"},{"CIMType":"String","Description":"The welcome screen background image URL. The URL must use the HTTPS protocol and return a PNG image.","Name":"WelcomeScreenBackgroundImageUrl","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether or not to Block the welcome screen from waking up automatically when someone enters the room.","Name":"WelcomeScreenBlockAutomaticWakeUp","Option":"Write"},{"CIMType":"String","Description":"The welcome screen meeting information shown. Possible values are: userDefined, showOrganizerAndTimeOnly, showOrganizerAndTimeAndSubject.","Name":"WelcomeScreenMeetingInformation","Option":"Write","ValueMap":["userDefined","showOrganizerAndTimeOnly","showOrganizerAndTimeAndSubject"],"Values":["userDefined","showOrganizerAndTimeOnly","showOrganizerAndTimeAndSubject"]},{"CIMType":"String","Description":"Admin provided description of the Device Configuration.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Admin provided name of the device configuration.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Device Configuration Windows Team Policy for Windows10"},{"ClassName":"MSFT_IntuneDeviceConfigurationWiredNetworkPolicyWindows10","Parameters":[{"CIMType":"UInt32","Description":"Specify the duration for which automatic authentication attempts will be blocked from occurring after a failed authentication attempt.","Name":"AuthenticationBlockPeriodInMinutes","Option":"Write"},{"CIMType":"String","Description":"Specify the authentication method. Possible values are: certificate, usernameAndPassword, derivedCredential. Possible values are: certificate, usernameAndPassword, derivedCredential, unknownFutureValue.","Name":"AuthenticationMethod","Option":"Write","ValueMap":["certificate","usernameAndPassword","derivedCredential","unknownFutureValue"],"Values":["certificate","usernameAndPassword","derivedCredential","unknownFutureValue"]},{"CIMType":"UInt32","Description":"Specify the number of seconds for the client to wait after an authentication attempt before failing. Valid range 1-3600.","Name":"AuthenticationPeriodInSeconds","Option":"Write"},{"CIMType":"UInt32","Description":"Specify the number of seconds between a failed authentication and the next authentication attempt. Valid range 1-3600.","Name":"AuthenticationRetryDelayPeriodInSeconds","Option":"Write"},{"CIMType":"String","Description":"Specify whether to authenticate the user, the device, either, or to use guest authentication (none). If you're using certificate authentication, make sure the certificate type matches the authentication type. Possible values are: none, user, machine, machineOrUser, guest. Possible values are: none, user, machine, machineOrUser, guest, unknownFutureValue.","Name":"AuthenticationType","Option":"Write","ValueMap":["none","user","machine","machineOrUser","guest","unknownFutureValue"],"Values":["none","user","machine","machineOrUser","guest","unknownFutureValue"]},{"CIMType":"Boolean","Description":"When TRUE, caches user credentials on the device so that users don't need to keep entering them each time they connect. When FALSE, do not cache credentials. Default value is FALSE.","Name":"CacheCredentials","Option":"Write"},{"CIMType":"Boolean","Description":"When TRUE, prevents the user from being prompted to authorize new servers for trusted certification authorities when EAP type is selected as PEAP. When FALSE, does not prevent the user from being prompted. Default value is FALSE.","Name":"DisableUserPromptForServerValidation","Option":"Write"},{"CIMType":"UInt32","Description":"Specify the number of seconds to wait before sending an EAPOL (Extensible Authentication Protocol over LAN) Start message. Valid range 1-3600.","Name":"EapolStartPeriodInSeconds","Option":"Write"},{"CIMType":"String","Description":"Extensible Authentication Protocol (EAP). Indicates the type of EAP protocol set on the Wi-Fi endpoint (router). Possible values are: eapTls, leap, eapSim, eapTtls, peap, eapFast, teap. Possible values are: eapTls, leap, eapSim, eapTtls, peap, eapFast, teap.","Name":"EapType","Option":"Write","ValueMap":["eapTls","leap","eapSim","eapTtls","peap","eapFast","teap"],"Values":["eapTls","leap","eapSim","eapTtls","peap","eapFast","teap"]},{"CIMType":"Boolean","Description":"When TRUE, the automatic configuration service for wired networks requires the use of 802.1X for port authentication. When FALSE, 802.1X is not required. Default value is FALSE.","Name":"Enforce8021X","Option":"Write"},{"CIMType":"Boolean","Description":"When TRUE, forces FIPS compliance. When FALSE, does not enable FIPS compliance. Default value is FALSE.","Name":"ForceFIPSCompliance","Option":"Write"},{"CIMType":"String","Description":"Specify inner authentication protocol for EAP TTLS. Possible values are: unencryptedPassword, challengeHandshakeAuthenticationProtocol, microsoftChap, microsoftChapVersionTwo. Possible values are: unencryptedPassword, challengeHandshakeAuthenticationProtocol, microsoftChap, microsoftChapVersionTwo.","Name":"InnerAuthenticationProtocolForEAPTTLS","Option":"Write","ValueMap":["unencryptedPassword","challengeHandshakeAuthenticationProtocol","microsoftChap","microsoftChapVersionTwo"],"Values":["unencryptedPassword","challengeHandshakeAuthenticationProtocol","microsoftChap","microsoftChapVersionTwo"]},{"CIMType":"UInt32","Description":"Specify the maximum authentication failures allowed for a set of credentials. Valid range 1-100.","Name":"MaximumAuthenticationFailures","Option":"Write"},{"CIMType":"UInt32","Description":"Specify the maximum number of EAPOL (Extensible Authentication Protocol over LAN) Start messages to be sent before returning failure. Valid range 1-100.","Name":"MaximumEAPOLStartMessages","Option":"Write"},{"CIMType":"String","Description":"Specify the string to replace usernames for privacy when using EAP TTLS or PEAP.","Name":"OuterIdentityPrivacyTemporaryValue","Option":"Write"},{"CIMType":"Boolean","Description":"When TRUE, enables verification of server's identity by validating the certificate when EAP type is selected as PEAP. When FALSE, the certificate is not validated. Default value is TRUE.","Name":"PerformServerValidation","Option":"Write"},{"CIMType":"Boolean","Description":"When TRUE, enables cryptographic binding when EAP type is selected as PEAP. When FALSE, does not enable cryptogrpahic binding. Default value is TRUE.","Name":"RequireCryptographicBinding","Option":"Write"},{"CIMType":"String","Description":"Specify the secondary authentication method. Possible values are: certificate, usernameAndPassword, derivedCredential. Possible values are: certificate, usernameAndPassword, derivedCredential, unknownFutureValue.","Name":"SecondaryAuthenticationMethod","Option":"Write","ValueMap":["certificate","usernameAndPassword","derivedCredential","unknownFutureValue"],"Values":["certificate","usernameAndPassword","derivedCredential","unknownFutureValue"]},{"CIMType":"String[]","Description":"Specify trusted server certificate names.","Name":"TrustedServerCertificateNames","Option":"Write"},{"CIMType":"String[]","Description":"Specify root certificates for server validation. This collection can contain a maximum of 500 elements.","Name":"RootCertificatesForServerValidationIds","Option":"Write"},{"CIMType":"String[]","Description":"Specify root certificate display names for server validation. This collection can contain a maximum of 500 elements.","Name":"RootCertificatesForServerValidationDisplayNames","Option":"Write"},{"CIMType":"String","Description":"Specify identity certificate for client authentication.","Name":"IdentityCertificateForClientAuthenticationId","Option":"Write"},{"CIMType":"String","Description":"Specify identity certificate display name for client authentication.","Name":"IdentityCertificateForClientAuthenticationDisplayName","Option":"Write"},{"CIMType":"String","Description":"Specify root certificate for client validation","Name":"SecondaryIdentityCertificateForClientAuthenticationId","Option":"Write"},{"CIMType":"String","Description":"Specify root certificate display name for client validation","Name":"SecondaryIdentityCertificateForClientAuthenticationDisplayName","Option":"Write"},{"CIMType":"String","Description":"Specify root certificate for client validation.","Name":"RootCertificateForClientValidationId","Option":"Write"},{"CIMType":"String","Description":"Specify root certificate display name for client validation.","Name":"RootCertificateForClientValidationDisplayName","Option":"Write"},{"CIMType":"String","Description":"Specify secondary root certificate for client validation.","Name":"SecondaryRootCertificateForClientValidationId","Option":"Write"},{"CIMType":"String","Description":"Specify secondary root certificate display name for client validation.","Name":"SecondaryRootCertificateForClientValidationDisplayName","Option":"Write"},{"CIMType":"String","Description":"Admin provided description of the Device Configuration.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Admin provided name of the device configuration.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Device Configuration Wired Network Policy for Windows10"},{"ClassName":"MSFT_ReusableStorageDeviceControlPolicySetting","Parameters":[{"CIMType":"String","Description":"The Bus ID of the logical bus where the device is connected to. Examples are USB, SCSI.","Name":"BusId","Option":"Write"},{"CIMType":"String","Description":"The Device ID of the device.","Name":"DeviceId","Option":"Write"},{"CIMType":"String","Description":"The Friendly Name of the device. Example is 'Generic Flash Disk USB Device'.","Name":"FriendlyNameId","Option":"Write"},{"CIMType":"String","Description":"The Hardware ID of the device. Example is 'USBSTOR\\\\DiskGeneric_Flash_Disk___8.07'.","Name":"HardwareId","Option":"Write"},{"CIMType":"String","Description":"The Instance Path ID of the device. Uniquely identifies the device in the system. Example is 'USBSTOR\\\\DISK&VEN_GENERIC&PROD_FLASH_DISK&REV_8.07\\\\8735B611&0'.","Name":"InstancePathId","Option":"Write"},{"CIMType":"String","Description":"The identifier of the reusable policy setting.","Name":"Name","Option":"Required"},{"CIMType":"String","Description":"The Product ID of the device. Example is '55E0'.","Name":"PID","Option":"Write"},{"CIMType":"String","Description":"The Primary ID of the device. Possible values are: RemovableMediaDevices, CdRomDevices, WpdDevices, and PrinterDevices","Name":"PrimaryId","Option":"Write","ValueMap":["CdRomDevices","PrinterDevices","RemovableMediaDevices","WpdDevices"],"Values":["CdRomDevices","PrinterDevices","RemovableMediaDevices","WpdDevices"]},{"CIMType":"String","Description":"The Serial Number ID of the device. Example is '03003324080520232521', which corresponds to 'USBSTOR\\\\DISK&VEN__USB&PROD__SANDISK_3.2GEN1&REV_1.00\\\\03003324080520232521&0'.","Name":"SerialNumberId","Option":"Write"},{"CIMType":"String","Description":"The Vendor ID of the device. Example is '0751'.","Name":"VID","Option":"Write"},{"CIMType":"String","Description":"The combination of Vendor and Product ID. Example is '0000_1111.","Name":"VID_PID","Option":"Write"}],"Description":"Intune Device Control Policy Setting"},{"ClassName":"MSFT_ReusablePrinterDeviceControlPolicySetting","Parameters":[{"CIMType":"String","Description":"The Friendly Name of the device. Example is 'Generic Printer'.","Name":"FriendlyNameId","Option":"Write"},{"CIMType":"String","Description":"The identifier of the reusable policy setting.","Name":"Name","Option":"Key"},{"CIMType":"SInt32","Description":"The Primary ID of the device. Possible values are: 0: Printer Devices","Name":"PrimaryId","Option":"Write","ValueMap":[0],"Values":[0]},{"CIMType":"SInt32","Description":"The Printer Connection Id. Possible values are: 0: USB, 1: Corporate, 2: Network, 3: Universal, 4: File, 5: Custom, 6: Local.","Name":"PrinterConnectionId","Option":"Write","ValueMap":[0,1,2,3,4,5,6],"Values":[0,1,2,3,4,5,6]},{"CIMType":"String","Description":"The combination of Vendor and Product ID. Example is '0000_1111.","Name":"VID_PID","Option":"Write"}],"Description":"Intune Device Control Policy Setting"},{"ClassName":"MSFT_IntuneDeviceControlPolicySetting","Parameters":[{"CIMType":"String","Description":"The match type of the policy settings. Possible values: Any, All","Name":"MatchType","Option":"Write","ValueMap":["Any","All"],"Values":["Any","All"]},{"CIMType":"MSFT_ReusablePrinterDeviceControlPolicySetting[]","Description":"The Printer Device Control policy settings.","Name":"PrinterPolicySettings","Option":"Write"},{"CIMType":"MSFT_ReusableStorageDeviceControlPolicySetting[]","Description":"The Storage Device Control policy settings.","Name":"StoragePolicySettings","Option":"Write"},{"CIMType":"String","Description":"Description of the setting.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Display Name of the setting.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Device Control Policy Setting"},{"ClassName":"MSFT_MicrosoftGraphIntuneSettingsCatalogPolicyRule","Parameters":[{"CIMType":"MSFT_MicrosoftGraphIntuneSettingsCatalogPolicyRuleEntry[]","Description":"Entry","Name":"Entry","Option":"Write"},{"CIMType":"String","Description":"Name","Name":"Name","Option":"Key"},{"CIMType":"String[]","Description":"Excluded ID","Name":"ExcludedIdList_GroupId","Option":"Write"},{"CIMType":"String[]","Description":"Included ID","Name":"IncludedIdList_GroupId","Option":"Write"}],"Description":"Intune Device Control Policy for Windows10"},{"ClassName":"MSFT_MicrosoftGraphIntuneSettingsCatalogPolicyRuleEntry","Parameters":[{"CIMType":"String","Description":"Type (allow: Allow, deny: Deny, auditallowed: AuditAllowed, auditdenied: AuditDenied)","Name":"Type","Option":"Write","ValueMap":["allow","deny","auditallowed","auditdenied"],"Values":["allow","deny","auditallowed","auditdenied"]},{"CIMType":"String","Description":"Options (0: None, 1: ShowNotification, 2: SendEvent, 3: SendNotificationAndEvent, 4: Disable)","Name":"Options","Option":"Write","ValueMap":["0","1","2","3","4"],"Values":["0","1","2","3","4"]},{"CIMType":"String","Description":"Sid","Name":"Sid","Option":"Write"},{"CIMType":"SInt32[]","Description":"Access mask (1: WDD_READ_ACCESS, 2: WDD_WRITE_ACCESS, 4: WDD_EXECUTE_ACCESS, 8: WDD_FS_READ_ACCESS, 16: WDD_FS_WRITE_ACCESS, 32: WDD_FS_EXECUTE_ACCESS, 64: WDD_PRINT_ACCESS)","Name":"AccessMask","Option":"Write","ValueMap":[1,2,4,8,16,32,64],"Values":[1,2,4,8,16,32,64]},{"CIMType":"String","Description":"Computer Sid","Name":"ComputerSid","Option":"Write"}],"Description":"Intune Device Control Policy for Windows10"},{"ClassName":"MSFT_IntuneDeviceControlPolicyWindows10","Parameters":[{"CIMType":"String","Description":"Policy description","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Policy name","Name":"DisplayName","Option":"Key"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphIntuneSettingsCatalogPolicyRule[]","Description":"The list of policy rules to apply.","Name":"PolicyRule","Option":"Write"},{"CIMType":"String","Description":"Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria (0: Disabled, 1: Enabled)","Name":"DeviceInstall_Allow_Deny_Layered","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Allow installation of devices that match any of these device IDs (0: Disabled, 1: Enabled)","Name":"DeviceInstall_IDs_Allow","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String[]","Description":"Allowed device IDs","Name":"DeviceInstall_IDs_Allow_List","Option":"Write"},{"CIMType":"String","Description":"Allow installation of devices that match any of these device instance IDs (0: Disabled, 1: Enabled)","Name":"DeviceInstall_Instance_IDs_Allow","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String[]","Description":"Allowed Instance IDs","Name":"DeviceInstall_Instance_IDs_Allow_List","Option":"Write"},{"CIMType":"String","Description":"Allow installation of devices using drivers that match these device setup classes (0: Disabled, 1: Enabled)","Name":"DeviceInstall_Classes_Allow","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String[]","Description":"Allowed classes","Name":"DeviceInstall_Classes_Allow_List","Option":"Write"},{"CIMType":"String","Description":"Prevent installation of devices not described by other policy settings (0: Disabled, 1: Enabled)","Name":"DeviceInstall_Unspecified_Deny","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Prevent installation of devices that match any of these device IDs (0: Disabled, 1: Enabled)","Name":"DeviceInstall_IDs_Deny","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String[]","Description":"Prevented device IDs","Name":"DeviceInstall_IDs_Deny_List","Option":"Write"},{"CIMType":"String","Description":"Also apply to matching devices that are already installed. (0: False, 1: True)","Name":"DeviceInstall_IDs_Deny_Retroactive","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Prevent installation of devices that match any of these device instance IDs (0: Disabled, 1: Enabled)","Name":"DeviceInstall_Instance_IDs_Deny","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Also apply to matching devices that are already installed. (Device) (0: False, 1: True)","Name":"DeviceInstall_Instance_IDs_Deny_Retroactive","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String[]","Description":"Prevented Instance IDs","Name":"DeviceInstall_Instance_IDs_Deny_List","Option":"Write"},{"CIMType":"String","Description":"Prevent installation of devices using drivers that match these device setup classes (0: Disabled, 1: Enabled)","Name":"DeviceInstall_Classes_Deny","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String[]","Description":"Prevented Classes","Name":"DeviceInstall_Classes_Deny_List","Option":"Write"},{"CIMType":"String","Description":"Also apply to matching devices that are already installed. (0: False, 1: True)","Name":"DeviceInstall_Classes_Deny_Retroactive","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Prevent installation of removable devices (0: Disabled, 1: Enabled)","Name":"DeviceInstall_Removable_Deny","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"WPD Devices: Deny read access (0: Disabled, 1: Enabled)","Name":"WPDDevices_DenyRead_Access_2","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"WPD Devices: Deny read access (User) (0: Disabled, 1: Enabled)","Name":"WPDDevices_DenyRead_Access_1","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"WPD Devices: Deny write access (0: Disabled, 1: Enabled)","Name":"WPDDevices_DenyWrite_Access_2","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"WPD Devices: Deny write access (User) (0: Disabled, 1: Enabled)","Name":"WPDDevices_DenyWrite_Access_1","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Allow Full Scan Removable Drive Scanning (0: Not allowed. Turns off scanning on removable drives., 1: Allowed. Scans removable drives.)","Name":"AllowFullScanRemovableDriveScanning","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Default Enforcement (1: Default Allow Enforcement, 2: Default Deny Enforcement)","Name":"DefaultEnforcement","Option":"Write","ValueMap":["1","2"],"Values":["1","2"]},{"CIMType":"String","Description":"Device Control Enabled (0: Device Control is disabled, 1: Device Control is enabled)","Name":"DeviceControlEnabled","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Allow Direct Memory Access (0: Not allowed., 1: Allowed.)","Name":"AllowDirectMemoryAccess","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Device Enumeration Policy (0: Block all (Most restrictive), 1: Only after log in/screen unlock, 2: Allow all (Least restrictive))","Name":"DeviceEnumerationPolicy","Option":"Write","ValueMap":["0","1","2"],"Values":["0","1","2"]},{"CIMType":"String","Description":"Removable Disk Deny Write Access (0: Disabled., 1: Enabled.)","Name":"RemovableDiskDenyWriteAccess","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Allow USB Connection (0: Not allowed., 1: Allowed.)","Name":"AllowUSBConnection","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Allow Bluetooth (0: Disallow Bluetooth. If this is set to 0, the radio in the Bluetooth control panel will be grayed out and the user will not be able to turn Bluetooth on., 1: Reserved. If this is set to 1, the radio in the Bluetooth control panel will be functional and the user will be able to turn Bluetooth on., 2: Allow Bluetooth. If this is set to 2, the radio in the Bluetooth control panel will be functional and the user will be able to turn Bluetooth on.)","Name":"AllowBluetooth","Option":"Write","ValueMap":["0","1","2"],"Values":["0","1","2"]},{"CIMType":"String","Description":"Allow Advertising (0: Not allowed. When set to 0, the device will not send out advertisements. To verify, use any Bluetooth LE app and enable it to do advertising. Then, verify that the advertisement is not received by the peripheral., 1: Allowed. When set to 1, the device will send out advertisements. To verify, use any Bluetooth LE app and enable it to do advertising. Then, verify that the advertisement is received by the peripheral.)","Name":"AllowAdvertising","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Allow Discoverable Mode (0: Not allowed. When set to 0, other devices will not be able to detect the device. To verify, open the Bluetooth control panel on the device. Then, go to another Bluetooth-enabled device, open the Bluetooth control panel, and verify that you cannot see the name of the device., 1: Allowed. When set to 1, other devices will be able to detect the device. To verify, open the Bluetooth control panel on the device. Then, go to another Bluetooth-enabled device, open the Bluetooth control panel and verify that you can discover it.)","Name":"AllowDiscoverableMode","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Allow Prepairing (0: Not allowed., 1: Allowed.)","Name":"AllowPrepairing","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Allow Prompted Proximal Connections (0: Disallow. Block users on these managed devices from using Swift Pair and other proximity based scenarios, 1: Allow. Allow users on these managed devices to use Swift Pair and other proximity based scenarios)","Name":"AllowPromptedProximalConnections","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String[]","Description":"Services Allowed List","Name":"ServicesAllowedList","Option":"Write"},{"CIMType":"String","Description":"Allow Storage Card (0: SD card use is not allowed and USB drives are disabled. This setting does not prevent programmatic access to the storage card., 1: Allow a storage card.)","Name":"AllowStorageCard","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Device Control Policy for Windows10"},{"ClassName":"MSFT_IntuneDeviceEnrollmentLimitRestriction","Parameters":[{"CIMType":"String","Description":"Id of the device enrollment limit restriction.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"Display name of the device enrollment limit restriction.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"Description of the device enrollment limit restriction.","Name":"Description","Option":"Write"},{"CIMType":"UInt32","Description":"Specifies the maximum number of devices a user can enroll","Name":"Limit","Option":"Write"},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Assignments of the policy.","Name":"Assignments","Option":"Write"},{"CIMType":"UInt32","Description":"Priority is used when a user exists in multiple groups that are assigned enrollment configuration. Users are subject only to the configuration with the lowest priority value.","Name":"Priority","Option":"Write"},{"CIMType":"String[]","Description":"RoleScopeTagIds of the device enrollment limit restriction policy.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"string","Description":"Present ensures the restriction exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Intune Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures the Intune device enrollment limit restrictions."},{"ClassName":"MSFT_DeviceEnrollmentPlatformRestriction","Parameters":[{"CIMType":"Boolean","Description":"Block the platform from enrolling.","Name":"PlatformBlocked","Option":"Write"},{"CIMType":"Boolean","Description":"Block personally owned devices from enrolling.","Name":"PersonalDeviceEnrollmentBlocked","Option":"Write"},{"CIMType":"String","Description":"Min OS version supported.","Name":"OsMinimumVersion","Option":"Write"},{"CIMType":"String","Description":"Max OS version supported.","Name":"OsMaximumVersion","Option":"Write"},{"CIMType":"String[]","Description":"Collection of blocked Manufacturers.","Name":"BlockedManufacturers","Option":"Write"},{"CIMType":"String[]","Description":"Collection of blocked Skus.","Name":"BlockedSkus","Option":"Write"}],"Description":"This resource configures the Intune device platform enrollment restrictions.\n\n### Restrictions\n\nAfter deploying the configuration, updating the policies is no longer possible. This is a restriction by the Microsoft Graph API. Any further updates to the policies have to be done using the Intune Portal.\n\n**Be aware**: To deploy a Android platform restriction policy, two individual configurations must exist:\n\n* The first one contains the key for `AndroidRestriction`\n* The second one contains the key for `AndroidForWorkRestriction`"},{"ClassName":"MSFT_IntuneDeviceEnrollmentPlatformRestriction","Parameters":[{"CIMType":"String","Description":"Identity of the device enrollment platform restriction.","Name":"Identity","Option":"Key"},{"CIMType":"String","Description":"Display name of the device enrollment platform restriction.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"Description of the device enrollment platform restriction.","Name":"Description","Option":"Write"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"MSFT_DeviceEnrollmentPlatformRestriction","Description":"Android for work restrictions based on platform, platform operating system version, and device ownership.","Name":"AndroidForWorkRestriction","Option":"Write"},{"CIMType":"MSFT_DeviceEnrollmentPlatformRestriction","Description":"Android restrictions based on platform, platform operating system version, and device ownership.","Name":"AndroidRestriction","Option":"Write"},{"CIMType":"MSFT_DeviceEnrollmentPlatformRestriction","Description":"Ios restrictions based on platform, platform operating system version, and device ownership.","Name":"IosRestriction","Option":"Write"},{"CIMType":"MSFT_DeviceEnrollmentPlatformRestriction","Description":"Mac restrictions based on platform, platform operating system version, and device ownership.","Name":"MacOSRestriction","Option":"Write"},{"CIMType":"MSFT_DeviceEnrollmentPlatformRestriction","Description":"Mac restrictions based on platform, platform operating system version, and device ownership.","Name":"MacRestriction","Option":"Write"},{"CIMType":"MSFT_DeviceEnrollmentPlatformRestriction","Description":"Windows Home Sku restrictions based on platform, platform operating system version, and device ownership.","Name":"WindowsHomeSkuRestriction","Option":"Write"},{"CIMType":"MSFT_DeviceEnrollmentPlatformRestriction","Description":"Windows mobile restrictions based on platform, platform operating system version, and device ownership.","Name":"WindowsMobileRestriction","Option":"Write"},{"CIMType":"MSFT_DeviceEnrollmentPlatformRestriction","Description":"Windows restrictions based on platform, platform operating system version, and device ownership.","Name":"WindowsRestriction","Option":"Write"},{"CIMType":"String","Description":"Support for Enrollment Configuration Type","Name":"DeviceEnrollmentConfigurationType","Option":"Write","ValueMap":["platformRestrictions","singlePlatformRestriction"],"Values":["platformRestrictions","singlePlatformRestriction"]},{"CIMType":"UInt32","Description":"Priority is used when a user exists in multiple groups that are assigned enrollment configuration. Users are subject only to the configuration with the lowest priority value.","Name":"Priority","Option":"Write"},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Assignments of the policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Intune Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Name of the Azure Active Directory tenant used for authentication. Format contoso.onmicrosoft.com","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures the Intune device platform enrollment restrictions.\n\n### Restrictions\n\nAfter deploying the configuration, updating the policies is no longer possible. This is a restriction by the Microsoft Graph API. Any further updates to the policies have to be done using the Intune Portal.\n\n**Be aware**: To deploy a Android platform restriction policy, two individual configurations must exist:\n\n* The first one contains the key for `AndroidRestriction`\n* The second one contains the key for `AndroidForWorkRestriction`"},{"ClassName":"MSFT_IntuneDeviceEnrollmentScopeConfigurationMam","Parameters":[{"CIMType":"String","Description":"Only valid value is 'Yes'.","Name":"IsSingleInstance","Option":"Key","ValueMap":["Yes"],"Values":["Yes"]},{"CIMType":"String","Description":"Indicates the user scope of the mobility management policy. The possible values are: none, all, selected.","Name":"AppliesTo","Option":"Write","ValueMap":["none","all","selected"],"Values":["none","all","selected"]},{"CIMType":"String","Description":"Compliance URL of the mobility management application.","Name":"ComplianceUrl","Option":"Write"},{"CIMType":"String","Description":"Discovery URL of the mobility management application.","Name":"DiscoveryUrl","Option":"Write"},{"CIMType":"String","Description":"Terms of Use URL of the mobility management application.","Name":"TermsOfUseUrl","Option":"Write"},{"CIMType":"String[]","Description":"The group display names that are included if the scope is set to 'Selected'.","Name":"IncludedGroups","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Device Enrollment Scope Configuration Mam"},{"ClassName":"MSFT_IntuneDeviceEnrollmentScopeConfigurationMdm","Parameters":[{"CIMType":"String","Description":"Only valid value is 'Yes'.","Name":"IsSingleInstance","Option":"Key","ValueMap":["Yes"],"Values":["Yes"]},{"CIMType":"Boolean","Description":"Controls the option if users in an automatic enrollment configuration on Microsoft Entra registered devices are prompted to MDM enroll their device in the Entra account registration flow.","Name":"IsMdmEnrollmentDuringRegistrationDisabled","Option":"Write"},{"CIMType":"String","Description":"Indicates the user scope of the mobility management policy. The possible values are: none, all, selected.","Name":"AppliesTo","Option":"Write","ValueMap":["none","all","selected"],"Values":["none","all","selected"]},{"CIMType":"String","Description":"Compliance URL of the mobility management application.","Name":"ComplianceUrl","Option":"Write"},{"CIMType":"String","Description":"Discovery URL of the mobility management application.","Name":"DiscoveryUrl","Option":"Write"},{"CIMType":"String","Description":"Terms of Use URL of the mobility management application.","Name":"TermsOfUseUrl","Option":"Write"},{"CIMType":"String[]","Description":"The group display names that are included if the scope is set to 'Selected'.","Name":"IncludedGroups","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Device Enrollment Scope Configuration Mdm"},{"ClassName":"MSFT_IntuneDeviceEnrollmentStatusPageWindows10","Parameters":[{"CIMType":"String","Description":"The display name of the device enrollment configuration","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"The description of the device enrollment configuration","Name":"Description","Option":"Write"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"Boolean","Description":"Allow or block device reset on installation failure","Name":"AllowDeviceResetOnInstallFailure","Option":"Write"},{"CIMType":"Boolean","Description":"Allow the user to continue using the device on installation failure","Name":"AllowDeviceUseOnInstallFailure","Option":"Write"},{"CIMType":"Boolean","Description":"Allow or block log collection on installation failure","Name":"AllowLogCollectionOnInstallFailure","Option":"Write"},{"CIMType":"Boolean","Description":"Install all required apps as non blocking apps during white glove","Name":"AllowNonBlockingAppInstallation","Option":"Write"},{"CIMType":"Boolean","Description":"Allow the user to retry the setup on installation failure","Name":"BlockDeviceSetupRetryByUser","Option":"Write"},{"CIMType":"String","Description":"Set custom error message to show upon installation failure","Name":"CustomErrorMessage","Option":"Write"},{"CIMType":"Boolean","Description":"Only show installation progress for first user post enrollment","Name":"DisableUserStatusTrackingAfterFirstUser","Option":"Write"},{"CIMType":"UInt32","Description":"Set installation progress timeout in minutes","Name":"InstallProgressTimeoutInMinutes","Option":"Write"},{"CIMType":"Boolean","Description":"Allows quality updates installation during OOBE","Name":"InstallQualityUpdates","Option":"Write"},{"CIMType":"String[]","Description":"Ids of selected applications to track the installation status. When this parameter is used, SelectedMobileAppNames is ignored","Name":"SelectedMobileAppIds","Option":"Write"},{"CIMType":"String[]","Description":"Names of selected applications to track the installation status. This parameter is ignored when SelectedMobileAppIds is also specified","Name":"SelectedMobileAppNames","Option":"Write"},{"CIMType":"Boolean","Description":"Show or hide installation progress to user","Name":"ShowInstallationProgress","Option":"Write"},{"CIMType":"Boolean","Description":"Only show installation progress for Autopilot enrollment scenarios","Name":"TrackInstallProgressForAutopilotOnly","Option":"Write"},{"CIMType":"UInt32","Description":"Priority is used when a user exists in multiple groups that are assigned enrollment configuration. Users are subject only to the configuration with the lowest priority value.","Name":"Priority","Option":"Write"},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Device Enrollment Status Page Configuration for Windows10\n\n**Please note:** If multiple resources are defined and they are not sorted by their priority increasing (meaning that the first resource e.g. has priority 2 and the next one has 1),\nit is possible that the priority cannot be set correctly because not enough policies exist in the tenant.\n\nTo prevent this issue from happening, either define the resources with their priority increasing or use the `DependsOn` property to define a relation to the one that needs to be processed first."},{"ClassName":"MSFT_airPrintDestination","Parameters":[{"CIMType":"String","Description":"The IP Address of the AirPrint destination.","Name":"ipAddress","Option":"Key"},{"CIMType":"String","Description":"The Resource Path associated with the printer. This corresponds to the rp parameter of the _ipps.tcp Bonjour record. For example: printers/Canon_MG5300_series, printers/Xerox_Phaser_7600, ipp/print, Epson_IPP_Printer.","Name":"resourcePath","Option":"Key"},{"CIMType":"uint32","Description":"The listening port of the AirPrint destination. If this key is not specified, AirPrint will use the default port. Available in iOS 11.0 and later.","Name":"port","Option":"Key"},{"CIMType":"Boolean","Description":"If true, AirPrint connections are secured by Transport Layer Security (TLS). Default is false. Available in iOS 11.0 and later.","Name":"forceTls","Option":"Write"}],"Description":"This resource configures an Intune Device Features Configuration Policy for iOS Device."},{"ClassName":"MSFT_iosWebContentFilterBase","Parameters":[{"CIMType":"String","Description":"url.","Name":"url","Option":"Key"},{"CIMType":"String","Description":"bookmarkFolder.","Name":"bookmarkFolder","Option":"Key"},{"CIMType":"String","Description":"displayName.","Name":"displayName","Option":"Key"}],"Description":"This resource configures an Intune Device Features Configuration Policy for iOS Device."},{"ClassName":"MSFT_iosWebContentFilterSpecificWebsitesAccess","Parameters":[{"CIMType":"String","Description":"The type of data.","Name":"dataType","Option":"Write"},{"CIMType":"MSFT_iosWebContentFilterBase[]","Description":"specificWebsitesOnly, embedded instance of iosWebContentFilterBase.","Name":"specificWebsitesOnly","Option":"Write"},{"CIMType":"MSFT_iosWebContentFilterBase[]","Description":"websiteList, embedded instance of iosWebContentFilterBase.","Name":"websiteList","Option":"Write"},{"CIMType":"String[]","Description":"allowedUrls.","Name":"allowedUrls","Option":"Write"},{"CIMType":"String[]","Description":"blockedUrls.","Name":"blockedUrls","Option":"Write"}],"Description":"This resource configures an Intune Device Features Configuration Policy for iOS Device."},{"ClassName":"MSFT_iosHomeScreenFolderPage","Parameters":[{"CIMType":"MSFT_iosHomeScreenApp[]","Description":"A list of apps, folders, and web clips to appear on a page. This collection can contain a maximum of 500 elements.","Name":"apps","Option":"Write"}],"Description":"This resource configures an Intune Device Features Configuration Policy for iOS Device."},{"ClassName":"MSFT_iosHomeScreenApp","Parameters":[{"CIMType":"String","Description":"Name of the app. Inherited from iosHomeScreenItem.","Name":"displayName","Option":"Write"},{"CIMType":"String","Description":"BundleID of the app if isWebClip is false or the URL of a web clip if isWebClip is true.","Name":"bundleID","Option":"Key"},{"CIMType":"Boolean","Description":"Is it a website URL or an app","Name":"isWebClip","Option":"Write"},{"CIMType":"MSFT_iosHomeScreenFolderPage[]","Description":"Pages of the folder.","Name":"pages","Option":"Write"}],"Description":"This resource configures an Intune Device Features Configuration Policy for iOS Device."},{"ClassName":"MSFT_iosHomeScreenItem","Parameters":[{"CIMType":"MSFT_iosHomeScreenApp[]","Description":"A list of apps, folders, and web clips to appear on a page. This collection can contain a maximum of 500 elements.","Name":"icons","Option":"Write"}],"Description":"This resource configures an Intune Device Features Configuration Policy for iOS Device."},{"ClassName":"MSFT_iosNotificationSettings","Parameters":[{"CIMType":"String","Description":"Bundle id of the app to which to apply these notification settings.","Name":"bundleID","Option":"Key"},{"CIMType":"String","Description":"Application name to be associated with the BundleID.","Name":"appName","Option":"Write"},{"CIMType":"String","Description":"Publisher to be associated with the BundleID.","Name":"publisher","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether notifications are allowed for this app.","Name":"enabled","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether notifications can be shown in the notification center.","Name":"showInNotificationCenter","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether notifications can be shown on the lock screen.","Name":"showOnLockScreen","Option":"Write"},{"CIMType":"String","Description":"Indicates the type of alert for notifications for this app. Possible values are: deviceDefault, banner, modal, none.","Name":"alertType","Option":"Write","ValueMap":["deviceDefault","banner","modal","none"],"Values":["deviceDefault","banner","modal","none"]},{"CIMType":"Boolean","Description":"Indicates whether badges are allowed for this app.","Name":"badgesEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether sounds are allowed for this app.","Name":"soundsEnabled","Option":"Write"},{"CIMType":"String","Description":"Overrides the notification preview policy set by the user on an iOS device. Possible values are: notConfigured, alwaysShow, hideWhenLocked, neverShow.","Name":"previewVisibility","Option":"Write","ValueMap":["notConfigured","alwaysShow","hideWhenLocked","neverShow"],"Values":["notConfigured","alwaysShow","hideWhenLocked","neverShow"]}],"Description":"This resource configures an Intune Device Features Configuration Policy for iOS Device."},{"ClassName":"MSFT_iosSingleSignOnSettings","Parameters":[{"CIMType":"MSFT_appListItem[]","Description":"List of app identifiers that are allowed to use this login. If this field is omitted, the login applies to all applications on the device. This collection can contain a maximum of 500 elements.","Name":"allowedAppsList","Option":"Write"},{"CIMType":"String[]","Description":"List of HTTP URLs that must be matched in order to use this login. With iOS 9.0 or later, wildcard characters may be used.","Name":"allowedUrls","Option":"Write"},{"CIMType":"String","Description":"The display name of login settings shown on the receiving device.","Name":"displayName","Option":"Write"},{"CIMType":"String","Description":"A Kerberos principal name. If not provided, the user is prompted for one during profile installation.","Name":"kerberosPrincipalName","Option":"Write"},{"CIMType":"String","Description":"A Kerberos realm name. Case sensitive.","Name":"kerberosRealm","Option":"Write"}],"Description":"This resource configures an Intune Device Features Configuration Policy for iOS Device."},{"ClassName":"MSFT_mimeContent","Parameters":[{"CIMType":"String","Description":"Indicates the content mime type.","Name":"type","Option":"Write"},{"CIMType":"String[]","Description":"The byte array that contains the actual content.","Name":"value","Option":"Write"}],"Description":"This resource configures an Intune Device Features Configuration Policy for iOS Device."},{"ClassName":"MSFT_keyTypedValuePair","Parameters":[{"CIMType":"String","Description":"The type of data.","Name":"dataType","Option":"Write"},{"CIMType":"String","Description":"Key for the custom data entry.","Name":"key","Option":"Write"},{"CIMType":"String","Description":"Value for the custom data entry.","Name":"value","Option":"Write"}],"Description":"This resource configures an Intune Device Features Configuration Policy for iOS Device."},{"ClassName":"MSFT_iosSingleSignOnExtension","Parameters":[{"CIMType":"String","Description":"The type of data.","Name":"dataType","Option":"Write"},{"CIMType":"String","Description":"The case-sensitive realm name for this profile.","Name":"Realm","Option":"Write"},{"CIMType":"String[]","Description":"A list of hosts or domain names for which the app extension performs SSO.","Name":"Domains","Option":"Write"},{"CIMType":"Boolean","Description":"Enables or disables Keychain usage.","Name":"BlockAutomaticLogin","Option":"Write"},{"CIMType":"String","Description":"The Generic Security Services name of the Kerberos cache to use for this profile.","Name":"CacheName","Option":"Write"},{"CIMType":"String[]","Description":"A list of app Bundle IDs allowed to access the Kerberos Ticket Granting Ticket.","Name":"CredentialBundleIdAccessControlList","Option":"Write"},{"CIMType":"String[]","Description":"A list of realms for custom domain-realm mapping. Realms are case sensitive.","Name":"DomainRealms","Option":"Write"},{"CIMType":"Boolean","Description":"When true, this profile's realm will be selected as the default. Necessary if multiple Kerberos-type profiles are configured.","Name":"IsDefaultRealm","Option":"Write"},{"CIMType":"Boolean","Description":"Enables or disables password changes.","Name":"PasswordBlockModification","Option":"Write"},{"CIMType":"Uint32","Description":"Overrides the default password expiration in days. For most domains, this value is calculated automatically.","Name":"PasswordExpirationDays","Option":"Write"},{"CIMType":"Uint32","Description":"The number of days until the user is notified that their password will expire (default is 15).","Name":"PasswordExpirationNotificationDays","Option":"Write"},{"CIMType":"String","Description":"The principal user name to use for this profile. The realm name does not need to be included.","Name":"UserPrincipalName","Option":"Write"},{"CIMType":"Boolean","Description":"Enables or disables whether passwords must meet Active Directory's complexity requirements.","Name":"PasswordRequireActiveDirectoryComplexity","Option":"Write"},{"CIMType":"Uint32","Description":"The number of previous passwords to block.","Name":"PasswordPreviousPasswordBlockCount","Option":"Write"},{"CIMType":"Uint32","Description":"The minimum length of a password.","Name":"PasswordMinimumLength","Option":"Write"},{"CIMType":"Uint32","Description":"The minimum number of days until a user can change their password again.","Name":"PasswordMinimumAgeDays","Option":"Write"},{"CIMType":"String","Description":"A description of the password complexity requirements.","Name":"PasswordRequirementsDescription","Option":"Write"},{"CIMType":"Boolean","Description":"Whether to require authentication via Touch ID, Face ID, or a passcode to access the keychain entry.","Name":"RequireUserPresence","Option":"Write"},{"CIMType":"String","Description":"The Active Directory site.","Name":"ActiveDirectorySiteCode","Option":"Write"},{"CIMType":"Boolean","Description":"Enables or disables password syncing. This won't affect users logged in with a mobile account on macOS.","Name":"PasswordEnableLocalSync","Option":"Write"},{"CIMType":"Boolean","Description":"Enables or disables whether the Kerberos extension can automatically determine its site name.","Name":"BlockActiveDirectorySiteAutoDiscovery","Option":"Write"},{"CIMType":"String","Description":"The URL that the user will be sent to when they initiate a password change.","Name":"PasswordChangeUrl","Option":"Write"},{"CIMType":"String","Description":"Text displayed to the user at the Kerberos sign-in window. Available for devices running iOS and iPadOS versions 14 and later.","Name":"SignInHelpText","Option":"Write"},{"CIMType":"Boolean","Description":"When set to True, the Kerberos extension allows managed apps, and any apps entered with the app bundle ID to access the credential. When set to False, the Kerberos extension allows all apps to access the credential. Available for devices running iOS and iPadOS versions 14 and later.","Name":"ManagedAppsInBundleIdACLIncluded","Option":"Write"},{"CIMType":"boolean","Description":"Enables or disables shared device mode.","Name":"EnableSharedDeviceMode","Option":"Write"},{"CIMType":"string[]","Description":"An optional list of additional bundle IDs allowed to use the AAD extension for single sign-on.","Name":"BundleIdAccessControlList","Option":"Write"},{"CIMType":"MSFT_keyTypedValuePair[]","Description":"Gets or sets a list of typed key-value pairs used to configure Credential-type profiles. This collection can contain a maximum of 500 elements.","Name":"Configurations","Option":"Write"},{"CIMType":"string","Description":"Gets or sets the bundle ID of the app extension that performs SSO for the specified URLs.","Name":"ExtensionIdentifier","Option":"Write"},{"CIMType":"string","Description":"Gets or sets the team ID of the app extension that performs SSO for the specified URLs.","Name":"TeamIdentifier","Option":"Write"},{"CIMType":"String[]","Description":"One or more URL prefixes of identity providers on whose behalf the app extension performs single sign-on. URLs must begin with http:// or https://. All URL prefixes must be unique for all profiles.","Name":"urlPrefixes","Option":"Write"}],"Description":"This resource configures an Intune Device Features Configuration Policy for iOS Device."},{"ClassName":"MSFT_deviceManagementApplicabilityRuleOsEdition","Parameters":[{"CIMType":"String","Description":"Name for object","Name":"Name","Option":"Write"},{"CIMType":"String[]","Description":"Applicability rule OS edition type","Name":"OsEditionTypes","Option":"Write"},{"CIMType":"String","Description":"Applicability Rule type","Name":"RuleType","Option":"Write","ValueMap":["include","exclude"],"Values":["include","exclude"]}],"Description":"This resource configures an Intune Device Features Configuration Policy for iOS Device."},{"ClassName":"MSFT_deviceManagementApplicabilityRuleOsVersion","Parameters":[{"CIMType":"String","Description":"Name for object","Name":"Name","Option":"Write"},{"CIMType":"String","Description":"Min OS version for Applicability Rule","Name":"MinOSVersion","Option":"Write"},{"CIMType":"String","Description":"Max OS version for Applicability Rule","Name":"MaxOSVersion","Option":"Write"},{"CIMType":"String","Description":"Applicability Rule type","Name":"RuleType","Option":"Write","ValueMap":["include","exclude"],"Values":["include","exclude"]}],"Description":"This resource configures an Intune Device Features Configuration Policy for iOS Device."},{"ClassName":"MSFT_deviceManagementApplicabilityRuleDeviceMode","Parameters":[{"CIMType":"String","Description":"Name for object","Name":"Name","Option":"Key"},{"CIMType":"String","Description":"Applicability rule for device mode","Name":"DeviceMode","Option":"Write","ValueMap":["standardConfiguration","sModeConfiguration"],"Values":["standardConfiguration","sModeConfiguration"]},{"CIMType":"String","Description":"Applicability Rule type","Name":"RuleType","Option":"Write","ValueMap":["include","exclude"],"Values":["include","exclude"]}],"Description":"This resource configures an Intune Device Features Configuration Policy for iOS Device."},{"ClassName":"MSFT_IntuneDeviceFeaturesConfigurationPolicyIOS","Parameters":[{"CIMType":"String","Description":"Id of the Intune policy.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"Display name of the Intune policy.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"Description of the Intune policy.","Name":"Description","Option":"Write"},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Intune Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance. Inherited from deviceConfiguration.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"MSFT_deviceManagementApplicabilityRuleOsEdition[]","Description":"The OS edition applicability for this Policy. Inherited from deviceConfiguration.","Name":"DeviceManagementApplicabilityRuleOsEdition","Option":"Write"},{"CIMType":"MSFT_deviceManagementApplicabilityRuleOsVersion[]","Description":"The OS version applicability rule for this Policy. Inherited from deviceConfiguration.","Name":"DeviceManagementApplicabilityRuleOsVersion","Option":"Write"},{"CIMType":"MSFT_deviceManagementApplicabilityRuleDeviceMode[]","Description":"The device mode applicability rule for this Policy. Inherited from deviceConfiguration.","Name":"DeviceManagementApplicabilityRuleDeviceMode","Option":"Write"},{"CIMType":"MSFT_airPrintDestination[]","Description":"An array of AirPrint printers that should always be shown.","Name":"AirPrintDestinations","Option":"Write"},{"CIMType":"String","Description":"Asset tag information for the device, displayed on the login window and lock screen.","Name":"AssetTagTemplate","Option":"Write"},{"CIMType":"MSFT_iosWebContentFilterSpecificWebsitesAccess[]","Description":"Gets or sets iOS Web Content Filter settings, supervised mode only.","Name":"ContentFilterSettings","Option":"Write"},{"CIMType":"String","Description":"A footnote displayed on the login window and lock screen. Available in iOS 9.3.1 and later.","Name":"LockScreenFootnote","Option":"Write"},{"CIMType":"MSFT_iosHomeScreenApp[]","Description":"A list of app and folders to appear on the Home Screen Dock. This collection can contain a maximum of 500 elements.","Name":"HomeScreenDockIcons","Option":"Write"},{"CIMType":"MSFT_iosHomeScreenItem[]","Description":"A list of pages on the Home Screen. This collection can contain a maximum of 500 elements.","Name":"HomeScreenPages","Option":"Write"},{"CIMType":"Uint32","Description":"Gets or sets the number of columns to render when configuring iOS home screen layout settings. If this value is configured, homeScreenGridHeight must be configured as well.","Name":"HomeScreenGridWidth","Option":"Write"},{"CIMType":"Uint32","Description":"Gets or sets the number of rows to render when configuring iOS home screen layout settings. If this value is configured, homeScreenGridWidth must be configured as well.","Name":"HomeScreenGridHeight","Option":"Write"},{"CIMType":"MSFT_iosNotificationSettings[]","Description":"Notification settings for each bundle id. Applicable to devices in supervised mode only (iOS 9.3 and later).","Name":"NotificationSettings","Option":"Write"},{"CIMType":"MSFT_iosSingleSignOnSettings[]","Description":"The Kerberos login settings that enable apps on receiving devices to authenticate smoothly.","Name":"SingleSignOnSettings","Option":"Write"},{"CIMType":"String","Description":"A wallpaper display location specifier. Possible values are: notConfigured, lockScreen, homeScreen, lockAndHomeScreens.","Name":"WallpaperDisplayLocation","Option":"Write","ValueMap":["notConfigured","lockScreen","homeScreen","lockAndHomeScreens"],"Values":["notConfigured","lockScreen","homeScreen","lockAndHomeScreens"]},{"CIMType":"MSFT_mimeContent[]","Description":"A wallpaper image must be in either PNG or JPEG format. It requires a supervised device with iOS 8 or later version.","Name":"WallpaperImage","Option":"Write"},{"CIMType":"MSFT_iosSingleSignOnExtension[]","Description":"Gets or sets a single sign-on extension profile.","Name":"IosSingleSignOnExtension","Option":"Write"}],"Description":"This resource configures an Intune Device Features Configuration Policy for iOS Device."},{"ClassName":"MSFT_IntuneDeviceManagementAndroidDeviceOwnerEnrollmentProfile","Parameters":[{"CIMType":"String","Description":"Display name for the enrollment profile.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"Unique GUID for the enrollment profile. Read-Only.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"Intune AccountId GUID the enrollment profile belongs to.","Name":"AccountId","Option":"Write"},{"CIMType":"String","Description":"Description for the enrollment profile.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Date time the most recently created token will expire.","Name":"TokenExpirationDateTime","Option":"Write"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"Boolean","Description":"Boolean that indicates that the Wi-Fi network should be configured during device provisioning. When set to TRUE, device provisioning will use Wi-Fi related properties to automatically connect to Wi-Fi networks. When set to FALSE or undefined, other Wi-Fi related properties will be ignored. Default value is TRUE. Returned by default.","Name":"ConfigureWifi","Option":"Write"},{"CIMType":"String","Description":"String that contains the wi-fi login ssid","Name":"WifiSsid","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"String that contains the wi-fi login password. The parameter is a PSCredential object.","Name":"WifiPassword","Option":"Write"},{"CIMType":"Boolean","Description":"Boolean that indicates if hidden wifi networks are enabled","Name":"WifiHidden","Option":"Write"},{"CIMType":"Boolean","Description":"Boolean indicating if this profile is an Android AOSP for Teams device profile.","Name":"IsTeamsDeviceProfile","Option":"Write"},{"CIMType":"string","Description":"Present ensures the instance exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Enrollment Profile used to enroll Android Enterprise devices using Google's Cloud Management."},{"ClassName":"MSFT_IntuneDeviceManagementComplianceSettings","Parameters":[{"CIMType":"String","Description":"Only valid value is 'Yes'.","Name":"IsSingleInstance","Option":"Key","ValueMap":["Yes"],"Values":["Yes"]},{"CIMType":"Boolean","Description":"Device should be noncompliant when there is no compliance policy targeted when this is true.","Name":"SecureByDefault","Option":"Write"},{"CIMType":"UInt32","Description":"The number of days a device is allowed to go without checking in to remain compliant. Must be between 1 and 120.","Name":"DeviceComplianceCheckinThresholdDays","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Credentials of the Intune Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures the settings of the device management compliance\nat the tenant level."},{"ClassName":"MSFT_IntuneDeviceManagementEnrollmentAndroidGooglePlay","Parameters":[{"CIMType":"String","Description":"Primary key identifier of the Android Managed Store Account Enterprise Setting.","Name":"Id","Option":"Key"},{"CIMType":"String","Description":"Binding status of the Android Managed Store Account Enterprise Setting (e.g., 'bound', 'notBound').","Name":"BindStatus","Option":"Write"},{"CIMType":"String","Description":"The user principal name of the owner of the Android Managed Store Account.","Name":"OwnerUserPrincipalName","Option":"Write"},{"CIMType":"String","Description":"The organization name of the owner of the Android Managed Store Account.","Name":"OwnerOrganizationName","Option":"Write"},{"CIMType":"String","Description":"Specifies the enrollment target for the account enterprise setting (e.g., 'defaultEnrollmentRestrictions', 'targetedAsEnrollmentRestrictions').","Name":"EnrollmentTarget","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies whether device owner management is enabled.","Name":"DeviceOwnerManagementEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies whether fully managed enrollment is enabled for Android devices.","Name":"AndroidDeviceOwnerFullyManagedEnrollmentEnabled","Option":"Write"},{"CIMType":"String","Description":"Present ensures the instance exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Absent","Present"],"Values":["Absent","Present"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin.","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Credential for the application secret used in authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether a Managed Identity is used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access tokens used for authentication in scenarios requiring multiple tokens.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures Android Enterprise enrollment settings for device management within Microsoft Intune.\nNote: Currently the bind API to enroll is waiting for the product team to make changes so the API can be called outside of an Intune portal. Until those changes are made, we can only unbind (disconnect/unenroll). For that reason we have commented out certain parameters that cannot be set. This will be uncommented once those changes are made."},{"ClassName":"MSFT_IntuneDeviceRemediationRunSchedule","Parameters":[{"CIMType":"String","Description":"The type of the schedule.","Name":"dataType","Option":"Write","ValueMap":["#microsoft.graph.deviceHealthScriptRunOnceSchedule","#microsoft.graph.deviceHealthScriptHourlySchedule","#microsoft.graph.deviceHealthScriptDailySchedule"],"Values":["#microsoft.graph.deviceHealthScriptRunOnceSchedule","#microsoft.graph.deviceHealthScriptHourlySchedule","#microsoft.graph.deviceHealthScriptDailySchedule"]},{"CIMType":"String","Description":"The date when to run the schedule. Only applicable when the odataType is a run once schedule. Format: 2024-01-01","Name":"Date","Option":"Write"},{"CIMType":"UInt32","Description":"The interval of the schedule. Must be 1 in case of a run once schedule.","Name":"Interval","Option":"Write"},{"CIMType":"String","Description":"The time when to run the schedule. Only applicable when the dataType is not an hourly schedule. Format: 01:00:00","Name":"Time","Option":"Write"},{"CIMType":"Boolean","Description":"If to use UTC as the time source. Only applicable when the dataType is not an hourly schedule.","Name":"UseUtc","Option":"Write"}],"Description":"Intune Device Remediation\n\n**Important:** Global scripts only allow the update of the following properties:\n\n* Assignments\n* RoleScopeTagIds\n* RunAs32Bit\n* RunAsAccount"},{"ClassName":"MSFT_IntuneDeviceRemediationPolicyAssignments","Parameters":[{"CIMType":"Boolean","Description":"If the remediation script should be run.","Name":"RunRemediationScript","Option":"Write"},{"CIMType":"MSFT_IntuneDeviceRemediationRunSchedule","Description":"The run schedule of the remediation.","Name":"RunSchedule","Option":"Write"},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments","Description":"Represents the assignment of the schedule.","Name":"Assignment","Option":"Write"}],"Description":"Intune Device Remediation\n\n**Important:** Global scripts only allow the update of the following properties:\n\n* Assignments\n* RoleScopeTagIds\n* RunAs32Bit\n* RunAsAccount"},{"ClassName":"MSFT_MicrosoftGraphDeviceHealthScriptParameter","Parameters":[{"CIMType":"Boolean","Description":"Whether Apply DefaultValue When Not Assigned","Name":"ApplyDefaultValueWhenNotAssigned","Option":"Write"},{"CIMType":"String","Description":"The description of the param","Name":"Description","Option":"Write"},{"CIMType":"Boolean","Description":"Whether the param is required","Name":"IsRequired","Option":"Write"},{"CIMType":"String","Description":"The name of the param","Name":"Name","Option":"Write"},{"CIMType":"Boolean","Description":"The default value of boolean param","Name":"DefaultValue","Option":"Write"},{"CIMType":"String","Description":"The type of the entity.","Name":"odataType","Option":"Write","ValueMap":["#microsoft.graph.deviceHealthScriptBooleanParameter","#microsoft.graph.deviceHealthScriptIntegerParameter","#microsoft.graph.deviceHealthScriptStringParameter"],"Values":["#microsoft.graph.deviceHealthScriptBooleanParameter","#microsoft.graph.deviceHealthScriptIntegerParameter","#microsoft.graph.deviceHealthScriptStringParameter"]}],"Description":"Intune Device Remediation\n\n**Important:** Global scripts only allow the update of the following properties:\n\n* Assignments\n* RoleScopeTagIds\n* RunAs32Bit\n* RunAsAccount"},{"ClassName":"MSFT_IntuneDeviceRemediation","Parameters":[{"CIMType":"String","Description":"Description of the device health script","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"The entire content of the detection powershell script","Name":"DetectionScriptContent","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphdeviceHealthScriptParameter[]","Description":"List of ComplexType DetectionScriptParameters objects.","Name":"DetectionScriptParameters","Option":"Write"},{"CIMType":"String","Description":"DeviceHealthScriptType for the script policy. Possible values are: deviceHealthScript, managedInstallerScript.","Name":"DeviceHealthScriptType","Option":"Write","ValueMap":["deviceHealthScript","managedInstallerScript"],"Values":["deviceHealthScript","managedInstallerScript"]},{"CIMType":"String","Description":"Name of the device health script","Name":"DisplayName","Option":"Key"},{"CIMType":"Boolean","Description":"Indicates whether the script signature needs be checked","Name":"EnforceSignatureCheck","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether the script is a global script provided by Microsoft","Name":"IsGlobalScript","Option":"Write"},{"CIMType":"String","Description":"Name of the device health script publisher","Name":"Publisher","Option":"Write"},{"CIMType":"String","Description":"The entire content of the remediation powershell script","Name":"RemediationScriptContent","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphdeviceHealthScriptParameter[]","Description":"List of ComplexType RemediationScriptParameters objects.","Name":"RemediationScriptParameters","Option":"Write"},{"CIMType":"String[]","Description":"List of Scope Tag IDs for the device health script","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"Boolean","Description":"Indicate whether PowerShell script(s) should run as 32-bit","Name":"RunAs32Bit","Option":"Write"},{"CIMType":"String","Description":"Indicates the type of execution context. Possible values are: system, user.","Name":"RunAsAccount","Option":"Write","ValueMap":["system","user"],"Values":["system","user"]},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"MSFT_IntuneDeviceRemediationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Device Remediation\n\n**Important:** Global scripts only allow the update of the following properties:\n\n* Assignments\n* RoleScopeTagIds\n* RunAs32Bit\n* RunAsAccount"},{"ClassName":"MSFT_IntuneDiskEncryptionFileVaultPolicyMacOS","Parameters":[{"CIMType":"String","Description":"Policy description","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Policy name","Name":"DisplayName","Option":"Key"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"Defer (true: Enabled)","Name":"Defer","Option":"Write","ValueMap":["true"],"Values":["true"]},{"CIMType":"String","Description":"Defer Dont Ask At User Logout (false: Disabled, true: Enabled)","Name":"DeferDontAskAtUserLogout","Option":"Write","ValueMap":["false","true"],"Values":["false","true"]},{"CIMType":"SInt32","Description":"Defer Force At User Login Max Bypass Attempts","Name":"DeferForceAtUserLoginMaxBypassAttempts","Option":"Write"},{"CIMType":"String","Description":"Enable (0: On, 1: Off)","Name":"Enable","Option":"Write","ValueMap":["On","Off"],"Values":["On","Off"]},{"CIMType":"SInt32","Description":"Recovery Key Rotation In Months (0: 0, 1: 1, 2: 2, 3: 3, 4: 4, 5: 5, 6: 6, 7: 7, 8: 8, 9: 9, 10: 10, 11: 11, 12: 12)","Name":"RecoveryKeyRotationInMonths","Option":"Write","ValueMap":[0,1,2,3,4,5,6,7,8,9,10,11,12],"Values":[0,1,2,3,4,5,6,7,8,9,10,11,12]},{"CIMType":"String","Description":"Use Recovery Key (true: Enabled)","Name":"UseRecoveryKey","Option":"Write","ValueMap":["true"],"Values":["true"]},{"CIMType":"String","Description":"Location where the key should be escrowed to.","Name":"Location","Option":"Write"},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Disk Encryption File Vault Policy for macOS"},{"ClassName":"MSFT_IntuneDiskEncryptionMacOS","Parameters":[{"CIMType":"String","Description":"The user given description","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Display name of the disk encryption file vault policy for MacOS","Name":"DisplayName","Option":"Key"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"Boolean","Description":"If not already enabled, FileVault will be enabled at the next logout.","Name":"Enabled","Option":"Write"},{"CIMType":"UInt32","Description":"Specify how frequently in months (1-12) the device's personal recovery key will rotate. Range: 1-12","Name":"PersonalRecoveryKeyRotationInMonths","Option":"Write"},{"CIMType":"Boolean","Description":"Disable the prompt for the user to enable FileVault when they sign out.","Name":"DisablePromptAtSignOut","Option":"Write"},{"CIMType":"String[]","Description":"Determine which type(s) of recovery key should be generated for this device. Only supported value is 'personalRecoveryKey'. Required, if Enabled is True.","Name":"SelectedRecoveryKeyTypes","Option":"Write"},{"CIMType":"Boolean","Description":"Defer the prompt until the user signs out. Only True is supported.","Name":"AllowDeferralUntilSignOut","Option":"Write"},{"CIMType":"sInt32","Description":"Number of times allowed to bypass (1-10). Special cases: -1 = Not Configured, 11 = No limit, always prompt. ","Name":"NumberOfTimesUserCanIgnore","Option":"Write"},{"CIMType":"Boolean","Description":"Hide recovery key.","Name":"HidePersonalRecoveryKey","Option":"Write"},{"CIMType":"String","Description":"Escrow location description of personal recovery key. Required, if Enabled is True.","Name":"PersonalRecoveryKeyHelpMessage","Option":"Write"},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Disk Encryption for macOS\n\nPlease note: Once the FileVault requirement is enabled, it cannot be disabled. To disable the requirement, the policy has to be deleted."},{"ClassName":"MSFT_IntuneDiskEncryptionPDEPolicyWindows10","Parameters":[{"CIMType":"String","Description":"Policy description","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Policy name","Name":"DisplayName","Option":"Key"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"SInt32","Description":"Enable Personal Data Encryption (User) (0: Disable Personal Data Encryption., 1: Enable Personal Data Encryption.)","Name":"EnablePersonalDataEncryption","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Protect Desktop (User) (Windows Insiders only) - Depends on EnablePersonalDataEncryption (0: Disable PDE on the folder. If the folder is currently protected by PDE, this will result in unprotecting the folder., 1: Enable PDE on the folder.)","Name":"ProtectDesktop","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Protect Pictures (User) (Windows Insiders only) - Depends on EnablePersonalDataEncryption (0: Disable PDE on the folder. If the folder is currently protected by PDE, this will result in unprotecting the folder., 1: Enable PDE on the folder.)","Name":"ProtectPictures","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Protect Documents (User) (Windows Insiders only) - Depends on EnablePersonalDataEncryption (0: Disable PDE on the folder. If the folder is currently protected by PDE, this will result in unprotecting the folder., 1: Enable PDE on the folder.)","Name":"ProtectDocuments","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Disk Encryption Personal Data Encryption Policy for Windows10"},{"ClassName":"MSFT_IntuneDiskEncryptionWindows10","Parameters":[{"CIMType":"String","Description":"Policy description","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Policy name","Name":"DisplayName","Option":"Key"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"Require Device Encryption (0: Disabled, 1: Enabled)","Name":"RequireDeviceEncryption","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Choose drive encryption method and cipher strength (Windows 10 [Version 1511] and later) (0: Disabled, 1: Enabled)","Name":"EncryptionMethodWithXts_Name","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Select the encryption method for operating system drives: (3: AES-CBC 128-bit, 4: AES-CBC 256-bit, 6: XTS-AES 128-bit (default), 7: XTS-AES 256-bit)","Name":"EncryptionMethodWithXtsOsDropDown_Name","Option":"Write","ValueMap":["3","4","6","7"],"Values":["3","4","6","7"]},{"CIMType":"String","Description":"Select the encryption method for fixed data drives: (3: AES-CBC 128-bit, 4: AES-CBC 256-bit, 6: XTS-AES 128-bit (default), 7: XTS-AES 256-bit)","Name":"EncryptionMethodWithXtsFdvDropDown_Name","Option":"Write","ValueMap":["3","4","6","7"],"Values":["3","4","6","7"]},{"CIMType":"String","Description":"Select the encryption method for removable data drives: (3: AES-CBC 128-bit  (default), 4: AES-CBC 256-bit, 6: XTS-AES 128-bit, 7: XTS-AES 256-bit)","Name":"EncryptionMethodWithXtsRdvDropDown_Name","Option":"Write","ValueMap":["3","4","6","7"],"Values":["3","4","6","7"]},{"CIMType":"String","Description":"Provide the unique identifiers for your organization (0: Disabled, 1: Enabled)","Name":"IdentificationField_Name","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"BitLocker identification field: (Device)","Name":"IdentificationField","Option":"Write"},{"CIMType":"String","Description":"Allowed BitLocker identification field: (Device)","Name":"SecIdentificationField","Option":"Write"},{"CIMType":"String","Description":"Allow Warning For Other Disk Encryption (0: Disabled, 1: Enabled)","Name":"AllowWarningForOtherDiskEncryption","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Allow Standard User Encryption (0: This is the default, when the policy is not set. If current logged on user is a standard user, 'RequireDeviceEncryption' policy will not try to enable encryption on any drive., 1: 'RequireDeviceEncryption' policy will try to enable encryption on all fixed drives even if a current logged in user is standard user.)","Name":"AllowStandardUserEncryption","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Configure Recovery Password Rotation (0: Refresh off (default), 1: Refresh on for Azure AD-joined devices, 2: Refresh on for both Azure AD-joined and hybrid-joined devices)","Name":"ConfigureRecoveryPasswordRotation","Option":"Write","ValueMap":["0","1","2"],"Values":["0","1","2"]},{"CIMType":"String","Description":"Enforce drive encryption type on operating system drives (0: Disabled, 1: Enabled)","Name":"OSEncryptionType_Name","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Select the encryption type: (Device) (0: Allow user to choose (default), 1: Full encryption, 2: Used Space Only encryption)","Name":"OSEncryptionTypeDropDown_Name","Option":"Write","ValueMap":["0","1","2"],"Values":["0","1","2"]},{"CIMType":"String","Description":"Require additional authentication at startup (0: Disabled, 1: Enabled)","Name":"ConfigureAdvancedStartup_Name","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Configure TPM startup key: (2: Allow startup key with TPM, 1: Require startup key with TPM, 0: Do not allow startup key with TPM)","Name":"ConfigureTPMStartupKeyUsageDropDown_Name","Option":"Write","ValueMap":["2","1","0"],"Values":["2","1","0"]},{"CIMType":"String","Description":"Configure TPM startup key and PIN: (2: Allow startup key and PIN with TPM, 1: Require startup key and PIN with TPM, 0: Do not allow startup key and PIN with TPM)","Name":"ConfigureTPMPINKeyUsageDropDown_Name","Option":"Write","ValueMap":["2","1","0"],"Values":["2","1","0"]},{"CIMType":"String","Description":"Configure TPM startup: (2: Allow TPM, 1: Require TPM, 0: Do not allow TPM)","Name":"ConfigureTPMUsageDropDown_Name","Option":"Write","ValueMap":["2","1","0"],"Values":["2","1","0"]},{"CIMType":"String","Description":"Allow BitLocker without a compatible TPM (requires a password or a startup key on a USB flash drive) (0: False, 1: True)","Name":"ConfigureNonTPMStartupKeyUsage_Name","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Configure TPM startup PIN: (2: Allow startup PIN with TPM, 1: Require startup PIN with TPM, 0: Do not allow startup PIN with TPM)","Name":"ConfigurePINUsageDropDown_Name","Option":"Write","ValueMap":["2","1","0"],"Values":["2","1","0"]},{"CIMType":"String","Description":"Configure minimum PIN length for startup (0: Disabled, 1: Enabled)","Name":"MinimumPINLength_Name","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"SInt32","Description":"Minimum characters:","Name":"MinPINLength","Option":"Write"},{"CIMType":"String","Description":"Allow enhanced PINs for startup (0: Disabled, 1: Enabled)","Name":"EnhancedPIN_Name","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Disallow standard users from changing the PIN or password (0: Disabled, 1: Enabled)","Name":"DisallowStandardUsersCanChangePIN_Name","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Allow devices compliant with InstantGo or HSTI to opt out of pre-boot PIN. (0: Disabled, 1: Enabled)","Name":"EnablePreBootPinExceptionOnDECapableDevice_Name","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Enable use of BitLocker authentication requiring preboot keyboard input on slates (0: Disabled, 1: Enabled)","Name":"EnablePrebootInputProtectorsOnSlates_Name","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Choose how BitLocker-protected operating system drives can be recovered (0: Disabled, 1: Enabled)","Name":"OSRecoveryUsage_Name","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Do not enable BitLocker until recovery information is stored to AD DS for operating system drives (0: False, 1: True)","Name":"OSRequireActiveDirectoryBackup_Name","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Save BitLocker recovery information to AD DS for operating system drives (0: False, 1: True)","Name":"OSActiveDirectoryBackup_Name","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Configure user storage of BitLocker recovery information: (2: Allow 48-digit recovery password, 1: Require 48-digit recovery password, 0: Do not allow 48-digit recovery password)","Name":"OSRecoveryPasswordUsageDropDown_Name","Option":"Write","ValueMap":["2","1","0"],"Values":["2","1","0"]},{"CIMType":"String","Description":"Omit recovery options from the BitLocker setup wizard (0: False, 1: True)","Name":"OSHideRecoveryPage_Name","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Allow data recovery agent (0: False, 1: True)","Name":"OSAllowDRA_Name","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Configure OS recovery key usage: (2: Allow 256-bit recovery key, 1: Require 256-bit recovery key, 0: Do not allow 256-bit recovery key)","Name":"OSRecoveryKeyUsageDropDown_Name","Option":"Write","ValueMap":["2","1","0"],"Values":["2","1","0"]},{"CIMType":"String","Description":"Configure storage of BitLocker recovery information to AD DS: (1: Store recovery passwords and key packages, 2: Store recovery passwords only)","Name":"OSActiveDirectoryBackupDropDown_Name","Option":"Write","ValueMap":["1","2"],"Values":["1","2"]},{"CIMType":"String","Description":"Configure pre-boot recovery message and URL (0: Disabled, 1: Enabled)","Name":"PrebootRecoveryInfo_Name","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Select an option for the pre-boot recovery message: (0: , 1: Use default recovery message and URL, 2: Use custom recovery message, 3: Use custom recovery URL)","Name":"PrebootRecoveryInfoDropDown_Name","Option":"Write","ValueMap":["0","1","2","3"],"Values":["0","1","2","3"]},{"CIMType":"String","Description":"Custom recovery URL option:","Name":"RecoveryUrl_Input","Option":"Write"},{"CIMType":"String","Description":"Custom recovery message option:","Name":"RecoveryMessage_Input","Option":"Write"},{"CIMType":"String","Description":"Enforce drive encryption type on fixed data drives (0: Disabled, 1: Enabled)","Name":"FDVEncryptionType_Name","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Select the encryption type: (Device) (0: Allow user to choose (default), 1: Full encryption, 2: Used Space Only encryption)","Name":"FDVEncryptionTypeDropDown_Name","Option":"Write","ValueMap":["0","1","2"],"Values":["0","1","2"]},{"CIMType":"String","Description":"Choose how BitLocker-protected fixed drives can be recovered (0: Disabled, 1: Enabled)","Name":"FDVRecoveryUsage_Name","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Save BitLocker recovery information to AD DS for fixed data drives (0: False, 1: True)","Name":"FDVActiveDirectoryBackup_Name","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Omit recovery options from the BitLocker setup wizard (0: False, 1: True)","Name":"FDVHideRecoveryPage_Name","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Configure user storage of BitLocker recovery information: (2: Allow 48-digit recovery password, 1: Require 48-digit recovery password, 0: Do not allow 48-digit recovery password)","Name":"FDVRecoveryPasswordUsageDropDown_Name","Option":"Write","ValueMap":["2","1","0"],"Values":["2","1","0"]},{"CIMType":"String","Description":"Do not enable BitLocker until recovery information is stored to AD DS for fixed data drives (0: False, 1: True)","Name":"FDVRequireActiveDirectoryBackup_Name","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Allow data recovery agent (0: False, 1: True)","Name":"FDVAllowDRA_Name","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Configure storage of BitLocker recovery information to AD DS: (1: Backup recovery passwords and key packages, 2: Backup recovery passwords only)","Name":"FDVActiveDirectoryBackupDropDown_Name","Option":"Write","ValueMap":["1","2"],"Values":["1","2"]},{"CIMType":"String","Description":"Select the fixed drive recovery key usage: (2: Allow 256-bit recovery key, 1: Require 256-bit recovery key, 0: Do not allow 256-bit recovery key)","Name":"FDVRecoveryKeyUsageDropDown_Name","Option":"Write","ValueMap":["2","1","0"],"Values":["2","1","0"]},{"CIMType":"String","Description":"Deny write access to fixed drives not protected by BitLocker (0: Disabled, 1: Enabled)","Name":"FDVDenyWriteAccess_Name","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Control use of BitLocker on removable drives (0: Disabled, 1: Enabled)","Name":"RDVConfigureBDE","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Allow users to apply BitLocker protection on removable data drives (Device) (0: False, 1: True)","Name":"RDVAllowBDE_Name","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Enforce drive encryption type on removable data drives (0: Disabled, 1: Enabled)","Name":"RDVEncryptionType_Name","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Select the encryption type: (Device) (0: Allow user to choose (default), 1: Full encryption, 2: Used Space Only encryption)","Name":"RDVEncryptionTypeDropDown_Name","Option":"Write","ValueMap":["0","1","2"],"Values":["0","1","2"]},{"CIMType":"String","Description":"Allow users to suspend and decrypt BitLocker protection on removable data drives (Device) (0: False, 1: True)","Name":"RDVDisableBDE_Name","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Deny write access to removable drives not protected by BitLocker (0: Disabled, 1: Enabled)","Name":"RDVDenyWriteAccess_Name","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Do not allow write access to devices configured in another organization (0: False, 1: True)","Name":"RDVCrossOrg","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Disk Encryption for Windows10"},{"ClassName":"MSFT_IntuneEndpointDetectionAndResponsePolicyLinux","Parameters":[{"CIMType":"String","Description":"Policy name","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"Policy description","Name":"Description","Option":"Write"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"Value of tag","Name":"tags_item_value","Option":"Write"},{"CIMType":"String","Description":"Type of tag (GROUP)","Name":"tags_item_key","Option":"Write","ValueMap":["GROUP"],"Values":["GROUP"]},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Endpoint Detection And Response Policy Linux"},{"ClassName":"MSFT_IntuneEndpointDetectionAndResponsePolicyMacOS","Parameters":[{"CIMType":"String","Description":"Policy name","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"Policy description","Name":"Description","Option":"Write"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"Value of tag","Name":"tags_item_value","Option":"Write"},{"CIMType":"String","Description":"Type of tag. (GROUP)","Name":"tags_item_key","Option":"Write","ValueMap":["GROUP"],"Values":["GROUP"]},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Endpoint Detection And Response Policy MacOS"},{"ClassName":"MSFT_IntuneEndpointDetectionAndResponsePolicyWindows10","Parameters":[{"CIMType":"String","Description":"Identity of the endpoint detection and response policy for Windows 10.","Name":"Identity","Option":"Write"},{"CIMType":"String","Description":"Display name of the endpoint detection and response policy for Windows 10.","Name":"DisplayName","Option":"Key"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"String","Description":"Description of the endpoint detection and response policy for Windows 10.","Name":"Description","Option":"Write"},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Assignments of the endpoint detection and response policy for Windows 10.","Name":"Assignments","Option":"Write"},{"CIMType":"SInt32","Description":"Return or set Windows Defender Advanced Threat Protection Sample Sharing configuration parameter: 0 - none, 1 - All","Name":"SampleSharing","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"String","Description":"Microsoft Defender for Endpoint endpoint detection and response capabilities provide advanced attack detections that are near real-time and actionable. Security analysts can prioritize alerts effectively, gain visibility into the full scope of a breach, and take response actions to remediate threats.","Name":"ConfigurationType","Option":"Write","ValueMap":["AutoFromConnector","Onboard","Offboard"],"Values":["AutoFromConnector","Onboard","Offboard"]},{"CIMType":"String","Description":"Set Windows Defender Advanced Threat Protection Onboarding blob and initiate onboarding to Windows Defender Advanced Threat Protection","Name":"ConfigurationBlob","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Intune Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Name of the Azure Active Directory tenant used for authentication. Format contoso.onmicrosoft.com","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures an Intune Endpoint Detection and Response Policy for Windows 10."},{"ClassName":"MSFT_IntuneEpmCertificatePolicySetting","Parameters":[{"CIMType":"String","Description":"Description of the setting.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Display Name of the setting.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"The base64 encoded certificate file content.","Name":"CertificateFile","Option":"Required"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Endpoint Privilege Management Certificate Policy Setting"},{"ClassName":"MSFT_MicrosoftGraphIntuneSettingsCatalogElevationRuleName","Parameters":[{"CIMType":"String","Description":"Child process behavior (allowrunelevated: AllowRunElevated, allowrunelevatedrulerequired: AllowRunElevatedRuleRequired, deny: Deny)","Name":"ChildProcessBehavior","Option":"Write","ValueMap":["allowrunelevated","allowrunelevatedrulerequired","deny"],"Values":["allowrunelevated","allowrunelevatedrulerequired","deny"]},{"CIMType":"String","Description":"File name","Name":"FileName","Option":"Required"},{"CIMType":"String","Description":"Rule name","Name":"Name","Option":"Key"},{"CIMType":"String","Description":"File path","Name":"FilePath","Option":"Write"},{"CIMType":"String","Description":"Product name","Name":"ProductName","Option":"Write"},{"CIMType":"String","Description":"Applies to (allusers: Allusers)","Name":"AppliesTo","Option":"Write","ValueMap":["allusers"],"Values":["allusers"]},{"CIMType":"String","Description":"Description","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Minimum version","Name":"FileVersion","Option":"Write"},{"CIMType":"String","Description":"Internal name","Name":"InternalName","Option":"Write"},{"CIMType":"String","Description":"File hash. Required, if no certificate is used.","Name":"FileHash","Option":"Write"},{"CIMType":"String","Description":"File description","Name":"FileDescription","Option":"Write"},{"CIMType":"SInt32","Description":"Signature source (0: ReusableCertificate, 1: NewCertificate)","Name":"SignatureSource","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"String","Description":"Certificate type (publisher: Publisher, issuingauthority: IssuingAuthority)","Name":"CertificateType","Option":"Write","ValueMap":["publisher","issuingauthority"],"Values":["publisher","issuingauthority"]},{"CIMType":"String","Description":"Certificate","Name":"CertificatePayloadWithReusableSetting","Option":"Write"},{"CIMType":"String","Description":"File upload","Name":"CertificateFileUpload","Option":"Write"},{"CIMType":"String","Description":"Elevation type (self: Userconfirmed, automatic: Automatic, deny: Deny, supportarbitrated: Supportapproved, userconfirmeduser: UserConfirmedUser)","Name":"Elevationtype","Option":"Required","ValueMap":["self","automatic","deny","supportarbitrated","userconfirmeduser"],"Values":["self","automatic","deny","supportarbitrated","userconfirmeduser"]},{"CIMType":"SInt32[]","Description":"User Confirmed User Validation (2: Windows Authentication)","Name":"UserConfirmedUserElevationTypeValidation","Option":"Write","ValueMap":[2],"Values":[2]},{"CIMType":"SInt32[]","Description":"Validation (1: Business Justification, 2: Windows Authentication)","Name":"ElevationTypeValidation","Option":"Write","ValueMap":[1,2],"Values":[1,2]},{"CIMType":"String","Description":"Restrict Arguments (allow: Allow)","Name":"RestrictArguments","Option":"Write","ValueMap":["allow"],"Values":["allow"]},{"CIMType":"String[]","Description":"Argument List","Name":"ArgumentList","Option":"Write"}],"Description":"Intune Epm Elevation Rules Policy for Windows10"},{"ClassName":"MSFT_IntuneEpmElevationRulesPolicyWindows10","Parameters":[{"CIMType":"String","Description":"Policy description","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Policy name","Name":"DisplayName","Option":"Key"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphIntuneSettingsCatalogElevationRuleName[]","Description":"Elevation Rule Name","Name":"ElevationRuleName","Option":"Write"},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Epm Elevation Rules Policy for Windows10"},{"ClassName":"MSFT_IntuneEpmElevationSettingsPolicyWindows10","Parameters":[{"CIMType":"String","Description":"Policy description","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Policy name","Name":"DisplayName","Option":"Key"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"SInt32","Description":"Endpoint Privilege Management (1: Enabled, 0: Disabled)","Name":"EndpointPrivilegeManagement","Option":"Write","ValueMap":[1,0],"Values":[1,0]},{"CIMType":"SInt32","Description":"Default elevation response - Depends on EndpointPrivilegeManagement (0: DenyAllRequests, 1: RequireUserConfirmation, 2: RequireSupportApproval)","Name":"DefaultElevationResponse","Option":"Write","ValueMap":[0,1,2],"Values":[0,1,2]},{"CIMType":"SInt32[]","Description":"Validation (0: Business Justification, 1: Windows Authentication)","Name":"DefaultBehaviorValidation","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"(Preview) Automatically detect elevations - Depends on EndpointPrivilegeManagement (0: No, 1: Yes)","Name":"AllowElevationDetection","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Send elevation data for reporting - Depends on EndpointPrivilegeManagement (1: Yes, 0: No)","Name":"SendDataToMicrosoft","Option":"Write","ValueMap":[1,0],"Values":[1,0]},{"CIMType":"SInt32","Description":"Reporting scope (1: DiagnosticDataAndManagedElevationsOnly, 2: DiagnosticDataAndAllEndpointElevations, 0: DiagnosticDataOnly)","Name":"ReportingScope","Option":"Write","ValueMap":[1,2,0],"Values":[1,2,0]},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Endpoint Privilege Management Elevation Settings Policy for Windows10"},{"ClassName":"MSFT_IntuneExploitProtectionPolicyWindows10SettingCatalog","Parameters":[{"CIMType":"String","Description":"Identity of the endpoint protection policy.","Name":"Identity","Option":"Write"},{"CIMType":"String","Description":"Display name of the endpoint protection policy.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"Description of the endpoint protection.","Name":"Description","Option":"Write"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"String","Description":"Enables the IT admin to push out a configuration representing the desired system and application mitigation options to all the devices in the organization. The configuration is represented by an XML.","Name":"ExploitProtectionSettings","Option":"Write"},{"CIMType":"SInt32","Description":"Prevent users from making changes to the exploit protection settings area in the Windows Defender Security Center.values 0:disable, 1:enable","Name":"DisallowExploitProtectionOverride","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Assignments of the endpoint protection.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Intune Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Name of the Azure Active Directory tenant used for authentication. Format contoso.onmicrosoft.com","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures an Intune Endpoint Protection Exploit Protection policy for a Windows 10 Device.\nEnables the IT admin to push out a configuration representing the desired system and application mitigation options to all the devices in the organization. The configuration is represented by an XML.\nFor more information Exploit Protection, see\n\n* Enable Exploit Protection on Devices and Import: <https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/enable-exploit-protection/>\n* Export, and deploy Exploit Protection configurations: <https://docs.microsoft.com/en-us/windows/threat-protection/windows-defender-exploit-guard/import-export-exploit-protection-emet-xml/>"},{"ClassName":"MSFT_ReusableFirewallPolicySetting","Parameters":[{"CIMType":"String[]","Description":"The addresses to resolve. Required, if AutoResolve is set to 'False'.","Name":"Addresses","Option":"Write"},{"CIMType":"Boolean","Description":"If the Firewall service should automatically resolve the IP addresses.","Name":"AutoResolve","Option":"Required"},{"CIMType":"String","Description":"The identifier of the reusable firewall policy setting.","Name":"Keyword","Option":"Key"}],"Description":"Intune Firewall Policy Setting"},{"ClassName":"MSFT_IntuneFirewallPolicySetting","Parameters":[{"CIMType":"MSFT_ReusableFirewallPolicySetting[]","Description":"The Firewall policy settings.","Name":"PolicySettings","Option":"Write"},{"CIMType":"String","Description":"Description of the setting.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Display Name of the setting.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Firewall Policy Setting"},{"ClassName":"MSFT_IntuneFirewallPolicyWindows10","Parameters":[{"CIMType":"String","Description":"Policy description","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Policy name","Name":"DisplayName","Option":"Key"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"Certificate revocation list verification (0: Disables CRL checking, 1: Specifies that CRL checking is attempted and that certificate validation fails only if the certificate is revoked. Other failures that are encountered during CRL checking (such as the revocation URL being unreachable) do not cause certificate validation to fail., 2: Means that checking is required and that certificate validation fails if any error is encountered during CRL processing)","Name":"CRLcheck","Option":"Write","ValueMap":["0","1","2"],"Values":["0","1","2"]},{"CIMType":"String","Description":"Disable Stateful Ftp (false: Stateful FTP enabled, true: Stateful FTP disabled)","Name":"DisableStatefulFtp","Option":"Write","ValueMap":["false","true"],"Values":["false","true"]},{"CIMType":"SInt32[]","Description":"Enable Packet Queue (0: Indicates that all queuing is to be disabled, 1: Specifies that inbound encrypted packets are to be queued, 2: Specifies that packets are to be queued after decryption is performed for forwarding)","Name":"EnablePacketQueue","Option":"Write","ValueMap":[0,1,2],"Values":[0,1,2]},{"CIMType":"SInt32[]","Description":"IPsec Exceptions (0: FW_GLOBAL_CONFIG_IPSEC_EXEMPT_NONE:  No IPsec exemptions., 1: FW_GLOBAL_CONFIG_IPSEC_EXEMPT_NEIGHBOR_DISC:  Exempt neighbor discover IPv6 ICMP type-codes from IPsec., 2: FW_GLOBAL_CONFIG_IPSEC_EXEMPT_ICMP:  Exempt ICMP from IPsec., 4: FW_GLOBAL_CONFIG_IPSEC_EXEMPT_ROUTER_DISC:  Exempt router discover IPv6 ICMP type-codes from IPsec., 8: FW_GLOBAL_CONFIG_IPSEC_EXEMPT_DHCP:  Exempt both IPv4 and IPv6 DHCP traffic from IPsec.)","Name":"IPsecExempt","Option":"Write","ValueMap":[0,1,2,4,8],"Values":[0,1,2,4,8]},{"CIMType":"String","Description":"Opportunistically Match Auth Set Per KM (false: FALSE, true: TRUE)","Name":"OpportunisticallyMatchAuthSetPerKM","Option":"Write","ValueMap":["false","true"],"Values":["false","true"]},{"CIMType":"String","Description":"Preshared Key Encoding (0: FW_GLOBAL_CONFIG_PRESHARED_KEY_ENCODING_NONE:  Preshared key is not encoded. Instead, it is kept in its wide-character format. This symbolic constant has a value of 0., 1: FW_GLOBAL_CONFIG_PRESHARED_KEY_ENCODING_UTF_8:  Encode the preshared key using UTF-8. This symbolic constant has a value of 1.)","Name":"PresharedKeyEncoding","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"SInt32","Description":"Security association idle time","Name":"SaIdleTime","Option":"Write"},{"CIMType":"String","Description":"Enable Domain Network Firewall (false: Disable Firewall, true: Enable Firewall)","Name":"DomainProfile_EnableFirewall","Option":"Write","ValueMap":["false","true"],"Values":["false","true"]},{"CIMType":"String","Description":"Disable Unicast Responses To Multicast Broadcast (false: Unicast Responses Not Blocked, true: Unicast Responses Blocked)","Name":"DomainProfile_DisableUnicastResponsesToMulticastBroadcast","Option":"Write","ValueMap":["false","true"],"Values":["false","true"]},{"CIMType":"String","Description":"Enable Log Ignored Rules (false: Disable Logging Of Ignored Rules, true: Enable Logging Of Ignored Rules)","Name":"DomainProfile_EnableLogIgnoredRules","Option":"Write","ValueMap":["false","true"],"Values":["false","true"]},{"CIMType":"String","Description":"Global Ports Allow User Pref Merge (false: GlobalPortsAllowUserPrefMerge Off, true: GlobalPortsAllowUserPrefMerge On)","Name":"DomainProfile_GlobalPortsAllowUserPrefMerge","Option":"Write","ValueMap":["false","true"],"Values":["false","true"]},{"CIMType":"String","Description":"Default Inbound Action for Domain Profile (0: Allow Inbound By Default, 1: Block Inbound By Default)","Name":"DomainProfile_DefaultInboundAction","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Disable Stealth Mode Ipsec Secured Packet Exemption (false: FALSE, true: TRUE)","Name":"DomainProfile_DisableStealthModeIpsecSecuredPacketExemption","Option":"Write","ValueMap":["false","true"],"Values":["false","true"]},{"CIMType":"String","Description":"Allow Local Policy Merge (false: AllowLocalPolicyMerge Off, true: AllowLocalPolicyMerge On)","Name":"DomainProfile_AllowLocalPolicyMerge","Option":"Write","ValueMap":["false","true"],"Values":["false","true"]},{"CIMType":"String","Description":"Enable Log Success Connections (false: Disable Logging Of Successful Connections, true: Enable Logging Of Successful Connections)","Name":"DomainProfile_EnableLogSuccessConnections","Option":"Write","ValueMap":["false","true"],"Values":["false","true"]},{"CIMType":"String","Description":"Allow Local Ipsec Policy Merge (false: AllowLocalIpsecPolicyMerge Off, true: AllowLocalIpsecPolicyMerge On)","Name":"DomainProfile_AllowLocalIpsecPolicyMerge","Option":"Write","ValueMap":["false","true"],"Values":["false","true"]},{"CIMType":"String","Description":"Log File Path","Name":"DomainProfile_LogFilePath","Option":"Write"},{"CIMType":"String","Description":"Disable Stealth Mode (false: Use Stealth Mode, true: Disable Stealth Mode)","Name":"DomainProfile_DisableStealthMode","Option":"Write","ValueMap":["false","true"],"Values":["false","true"]},{"CIMType":"String","Description":"Auth Apps Allow User Pref Merge (false: AuthAppsAllowUserPrefMerge Off, true: AuthAppsAllowUserPrefMerge On)","Name":"DomainProfile_AuthAppsAllowUserPrefMerge","Option":"Write","ValueMap":["false","true"],"Values":["false","true"]},{"CIMType":"String","Description":"Enable Log Dropped Packets (false: Disable Logging Of Dropped Packets, true: Enable Logging Of Dropped Packets)","Name":"DomainProfile_EnableLogDroppedPackets","Option":"Write","ValueMap":["false","true"],"Values":["false","true"]},{"CIMType":"String","Description":"Shielded (false: Shielding Off, true: Shielding On)","Name":"DomainProfile_Shielded","Option":"Write","ValueMap":["false","true"],"Values":["false","true"]},{"CIMType":"String","Description":"Default Outbound Action (0: Allow Outbound By Default, 1: Block Outbound By Default)","Name":"DomainProfile_DefaultOutboundAction","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Disable Inbound Notifications (false: Firewall May Display Notification, true: Firewall Must Not Display Notification)","Name":"DomainProfile_DisableInboundNotifications","Option":"Write","ValueMap":["false","true"],"Values":["false","true"]},{"CIMType":"SInt32","Description":"Log Max File Size","Name":"DomainProfile_LogMaxFileSize","Option":"Write"},{"CIMType":"String","Description":"Enable Private Network Firewall (false: Disable Firewall, true: Enable Firewall)","Name":"PrivateProfile_EnableFirewall","Option":"Write","ValueMap":["false","true"],"Values":["false","true"]},{"CIMType":"String","Description":"Allow Local Ipsec Policy Merge (false: AllowLocalIpsecPolicyMerge Off, true: AllowLocalIpsecPolicyMerge On)","Name":"PrivateProfile_AllowLocalIpsecPolicyMerge","Option":"Write","ValueMap":["false","true"],"Values":["false","true"]},{"CIMType":"String","Description":"Disable Stealth Mode Ipsec Secured Packet Exemption (false: FALSE, true: TRUE)","Name":"PrivateProfile_DisableStealthModeIpsecSecuredPacketExemption","Option":"Write","ValueMap":["false","true"],"Values":["false","true"]},{"CIMType":"String","Description":"Disable Inbound Notifications (false: Firewall May Display Notification, true: Firewall Must Not Display Notification)","Name":"PrivateProfile_DisableInboundNotifications","Option":"Write","ValueMap":["false","true"],"Values":["false","true"]},{"CIMType":"String","Description":"Shielded (false: Shielding Off, true: Shielding On)","Name":"PrivateProfile_Shielded","Option":"Write","ValueMap":["false","true"],"Values":["false","true"]},{"CIMType":"String","Description":"Allow Local Policy Merge (false: AllowLocalPolicyMerge Off, true: AllowLocalPolicyMerge On)","Name":"PrivateProfile_AllowLocalPolicyMerge","Option":"Write","ValueMap":["false","true"],"Values":["false","true"]},{"CIMType":"String","Description":"Default Outbound Action (0: Allow Outbound By Default, 1: Block Outbound By Default)","Name":"PrivateProfile_DefaultOutboundAction","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Auth Apps Allow User Pref Merge (false: AuthAppsAllowUserPrefMerge Off, true: AuthAppsAllowUserPrefMerge On)","Name":"PrivateProfile_AuthAppsAllowUserPrefMerge","Option":"Write","ValueMap":["false","true"],"Values":["false","true"]},{"CIMType":"String","Description":"Enable Log Ignored Rules (false: Disable Logging Of Ignored Rules, true: Enable Logging Of Ignored Rules)","Name":"PrivateProfile_EnableLogIgnoredRules","Option":"Write","ValueMap":["false","true"],"Values":["false","true"]},{"CIMType":"SInt32","Description":"Log Max File Size","Name":"PrivateProfile_LogMaxFileSize","Option":"Write"},{"CIMType":"String","Description":"Default Inbound Action for Private Profile (0: Allow Inbound By Default, 1: Block Inbound By Default)","Name":"PrivateProfile_DefaultInboundAction","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Disable Unicast Responses To Multicast Broadcast (false: Unicast Responses Not Blocked, true: Unicast Responses Blocked)","Name":"PrivateProfile_DisableUnicastResponsesToMulticastBroadcast","Option":"Write","ValueMap":["false","true"],"Values":["false","true"]},{"CIMType":"String","Description":"Log File Path","Name":"PrivateProfile_LogFilePath","Option":"Write"},{"CIMType":"String","Description":"Disable Stealth Mode (false: Use Stealth Mode, true: Disable Stealth Mode)","Name":"PrivateProfile_DisableStealthMode","Option":"Write","ValueMap":["false","true"],"Values":["false","true"]},{"CIMType":"String","Description":"Enable Log Success Connections (false: Disable Logging Of Successful Connections, true: Enable Logging Of Successful Connections)","Name":"PrivateProfile_EnableLogSuccessConnections","Option":"Write","ValueMap":["false","true"],"Values":["false","true"]},{"CIMType":"String","Description":"Global Ports Allow User Pref Merge (false: GlobalPortsAllowUserPrefMerge Off, true: GlobalPortsAllowUserPrefMerge On)","Name":"PrivateProfile_GlobalPortsAllowUserPrefMerge","Option":"Write","ValueMap":["false","true"],"Values":["false","true"]},{"CIMType":"String","Description":"Enable Log Dropped Packets (false: Disable Logging Of Dropped Packets, true: Enable Logging Of Dropped Packets)","Name":"PrivateProfile_EnableLogDroppedPackets","Option":"Write","ValueMap":["false","true"],"Values":["false","true"]},{"CIMType":"String","Description":"Enable Public Network Firewall (false: Disable Firewall, true: Enable Firewall)","Name":"PublicProfile_EnableFirewall","Option":"Write","ValueMap":["false","true"],"Values":["false","true"]},{"CIMType":"String","Description":"Default Outbound Action (0: Allow Outbound By Default, 1: Block Outbound By Default)","Name":"PublicProfile_DefaultOutboundAction","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Disable Inbound Notifications (false: Firewall May Display Notification, true: Firewall Must Not Display Notification)","Name":"PublicProfile_DisableInboundNotifications","Option":"Write","ValueMap":["false","true"],"Values":["false","true"]},{"CIMType":"String","Description":"Disable Stealth Mode Ipsec Secured Packet Exemption (false: FALSE, true: TRUE)","Name":"PublicProfile_DisableStealthModeIpsecSecuredPacketExemption","Option":"Write","ValueMap":["false","true"],"Values":["false","true"]},{"CIMType":"String","Description":"Shielded (false: Shielding Off, true: Shielding On)","Name":"PublicProfile_Shielded","Option":"Write","ValueMap":["false","true"],"Values":["false","true"]},{"CIMType":"String","Description":"Allow Local Policy Merge (false: AllowLocalPolicyMerge Off, true: AllowLocalPolicyMerge On)","Name":"PublicProfile_AllowLocalPolicyMerge","Option":"Write","ValueMap":["false","true"],"Values":["false","true"]},{"CIMType":"String","Description":"Auth Apps Allow User Pref Merge (false: AuthAppsAllowUserPrefMerge Off, true: AuthAppsAllowUserPrefMerge On)","Name":"PublicProfile_AuthAppsAllowUserPrefMerge","Option":"Write","ValueMap":["false","true"],"Values":["false","true"]},{"CIMType":"String","Description":"Log File Path","Name":"PublicProfile_LogFilePath","Option":"Write"},{"CIMType":"String","Description":"Default Inbound Action for Public Profile (0: Allow Inbound By Default, 1: Block Inbound By Default)","Name":"PublicProfile_DefaultInboundAction","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Disable Unicast Responses To Multicast Broadcast (false: Unicast Responses Not Blocked, true: Unicast Responses Blocked)","Name":"PublicProfile_DisableUnicastResponsesToMulticastBroadcast","Option":"Write","ValueMap":["false","true"],"Values":["false","true"]},{"CIMType":"String","Description":"Global Ports Allow User Pref Merge (false: GlobalPortsAllowUserPrefMerge Off, true: GlobalPortsAllowUserPrefMerge On)","Name":"PublicProfile_GlobalPortsAllowUserPrefMerge","Option":"Write","ValueMap":["false","true"],"Values":["false","true"]},{"CIMType":"String","Description":"Enable Log Success Connections (false: Disable Logging Of Successful Connections, true: Enable Logging Of Successful Connections)","Name":"PublicProfile_EnableLogSuccessConnections","Option":"Write","ValueMap":["false","true"],"Values":["false","true"]},{"CIMType":"String","Description":"Allow Local Ipsec Policy Merge (false: AllowLocalIpsecPolicyMerge Off, true: AllowLocalIpsecPolicyMerge On)","Name":"PublicProfile_AllowLocalIpsecPolicyMerge","Option":"Write","ValueMap":["false","true"],"Values":["false","true"]},{"CIMType":"String","Description":"Enable Log Dropped Packets (false: Disable Logging Of Dropped Packets, true: Enable Logging Of Dropped Packets)","Name":"PublicProfile_EnableLogDroppedPackets","Option":"Write","ValueMap":["false","true"],"Values":["false","true"]},{"CIMType":"String","Description":"Enable Log Ignored Rules (false: Disable Logging Of Ignored Rules, true: Enable Logging Of Ignored Rules)","Name":"PublicProfile_EnableLogIgnoredRules","Option":"Write","ValueMap":["false","true"],"Values":["false","true"]},{"CIMType":"SInt32","Description":"Log Max File Size","Name":"PublicProfile_LogMaxFileSize","Option":"Write"},{"CIMType":"String","Description":"Disable Stealth Mode (false: Use Stealth Mode, true: Disable Stealth Mode)","Name":"PublicProfile_DisableStealthMode","Option":"Write","ValueMap":["false","true"],"Values":["false","true"]},{"CIMType":"String","Description":"Object Access Audit Filtering Platform Connection (0: Off/None, 1: Success, 2: Failure, 3: Success+Failure)","Name":"ObjectAccess_AuditFilteringPlatformConnection","Option":"Write","ValueMap":["0","1","2","3"],"Values":["0","1","2","3"]},{"CIMType":"String","Description":"Object Access Audit Filtering Platform Packet Drop (0: Off/None, 1: Success, 2: Failure, 3: Success+Failure)","Name":"ObjectAccess_AuditFilteringPlatformPacketDrop","Option":"Write","ValueMap":["0","1","2","3"],"Values":["0","1","2","3"]},{"CIMType":"String[]","Description":"Allowed Tls Authentication Endpoints","Name":"AllowedTlsAuthenticationEndpoints","Option":"Write"},{"CIMType":"String","Description":"Configured Tls Authentication Network Name","Name":"ConfiguredTlsAuthenticationNetworkName","Option":"Write"},{"CIMType":"String","Description":"Hyper-V: Target (wsl: WSL)","Name":"Target","Option":"Write","ValueMap":["wsl"],"Values":["wsl"]},{"CIMType":"String","Description":"Hyper-V: Enable Domain Network Firewall (false: Disable Firewall, true: Enable Firewall)","Name":"HyperVVMSettings_DomainProfile_EnableFirewall","Option":"Write","ValueMap":["false","true"],"Values":["false","true"]},{"CIMType":"String","Description":"Hyper-V: Allow Local Policy Merge (false: AllowLocalPolicyMerge Off, true: AllowLocalPolicyMerge On)","Name":"HyperVVMSettings_DomainProfile_AllowLocalPolicyMerge","Option":"Write","ValueMap":["false","true"],"Values":["false","true"]},{"CIMType":"String","Description":"Hyper-V: Default Inbound Action (0: Allow Inbound By Default, 1: Block Inbound By Default)","Name":"HyperVVMSettings_DomainProfile_DefaultInboundAction","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Hyper-V: Default Outbound Action (0: Allow Outbound By Default, 1: Block Outbound By Default)","Name":"HyperVVMSettings_DomainProfile_DefaultOutboundAction","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Hyper-V: Enable Loopback (false: Disable loopback, true: Enable loopback)","Name":"EnableLoopback","Option":"Write","ValueMap":["false","true"],"Values":["false","true"]},{"CIMType":"String","Description":"Hyper-V: Enable Public Network Firewall (false: Disable Hyper-V Firewall, true: Enable Hyper-V Firewall)","Name":"HyperVVMSettings_PublicProfile_EnableFirewall","Option":"Write","ValueMap":["false","true"],"Values":["false","true"]},{"CIMType":"String","Description":"Hyper-V: Default Inbound Action (0: Allow Inbound By Default, 1: Block Inbound By Default)","Name":"HyperVVMSettings_PublicProfile_DefaultInboundAction","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Hyper-V: Default Outbound Action (0: Allow Outbound By Default, 1: Block Outbound By Default)","Name":"HyperVVMSettings_PublicProfile_DefaultOutboundAction","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Hyper-V: Allow Local Policy Merge (false: AllowLocalPolicyMerge Off, true: AllowLocalPolicyMerge On)","Name":"HyperVVMSettings_PublicProfile_AllowLocalPolicyMerge","Option":"Write","ValueMap":["false","true"],"Values":["false","true"]},{"CIMType":"String","Description":"Hyper-V: Enable Private Network Firewall (false: Disable Firewall, true: Enable Firewall)","Name":"HyperVVMSettings_PrivateProfile_EnableFirewall","Option":"Write","ValueMap":["false","true"],"Values":["false","true"]},{"CIMType":"String","Description":"Hyper-V: Default Outbound Action (0: Allow Outbound By Default, 1: Block Outbound By Default)","Name":"HyperVVMSettings_PrivateProfile_DefaultOutboundAction","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Hyper-V: Default Inbound Action (0: Allow Inbound By Default, 1: Block Inbound By Default)","Name":"HyperVVMSettings_PrivateProfile_DefaultInboundAction","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Hyper-V: Allow Local Policy Merge (false: AllowLocalPolicyMerge Off, true: AllowLocalPolicyMerge On)","Name":"HyperVVMSettings_PrivateProfile_AllowLocalPolicyMerge","Option":"Write","ValueMap":["false","true"],"Values":["false","true"]},{"CIMType":"String","Description":"Hyper-V: Allow Host Policy Merge (false: AllowHostPolicyMerge Off, true: AllowHostPolicyMerge On)","Name":"AllowHostPolicyMerge","Option":"Write","ValueMap":["false","true"],"Values":["false","true"]},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Firewall Policy for Windows10"},{"ClassName":"MSFT_MicrosoftGraphIntuneSettingsCatalogFirewallRuleName_IntuneFirewallRulesHyperVPolicyWindows10","Parameters":[{"CIMType":"String","Description":"Enabled - Depends on FirewallRuleName (0: Disabled, 1: Enabled)","Name":"Enabled","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Name - Depends on FirewallRuleName","Name":"Name","Option":"Key"},{"CIMType":"String","Description":"Direction - Depends on FirewallRuleName (in: The rule applies to inbound traffic., out: The rule applies to outbound traffic.)","Name":"Direction","Option":"Write","ValueMap":["IN","OUT"],"Values":["IN","OUT"]},{"CIMType":"SInt32","Description":"Priority - Depends on FirewallRuleName","Name":"Priority","Option":"Write"},{"CIMType":"SInt32[]","Description":"Profiles - Depends on FirewallRuleName (1: FW_PROFILE_TYPE_DOMAIN:  This value represents the profile for networks that are connected to domains., 2: FW_PROFILE_TYPE_STANDARD:  This value represents the standard profile for networks. These networks are classified as private by the administrators in the server host. The classification happens the first time the host connects to the network. Usually these networks are behind Network Address Translation (NAT) devices, routers, and other edge devices, and they are in a private location, such as a home or an office. AND FW_PROFILE_TYPE_PRIVATE:  This value represents the profile for private networks, which is represented by the same value as that used for FW_PROFILE_TYPE_STANDARD., 4: FW_PROFILE_TYPE_PUBLIC:  This value represents the profile for public networks. These networks are classified as public by the administrators in the server host. The classification happens the first time the host connects to the network. Usually these networks are those at airports, coffee shops, and other public places where the peers in the network or the network administrator are not trusted., 2147483647: FW_PROFILE_TYPE_ALL:  This value represents all these network sets and any future network sets.)","Name":"Profiles","Option":"Write","ValueMap":[1,2,4,2147483647],"Values":[1,2,4,2147483647]},{"CIMType":"String","Description":"Target - Depends on FirewallRuleName (wsl: WSL)","Name":"VMCreatorId","Option":"Write","ValueMap":["wsl"],"Values":["wsl"]},{"CIMType":"String","Description":"Action - Depends on FirewallRuleName (0: Block, 1: Allow)","Name":"Action","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String[]","Description":"Local Address Ranges - Depends on FirewallRuleName","Name":"LocalAddressRanges","Option":"Write"},{"CIMType":"String[]","Description":"Remote Address Ranges - Depends on FirewallRuleName","Name":"RemoteAddressRanges","Option":"Write"},{"CIMType":"String[]","Description":"Remote Port Ranges - Depends on FirewallRuleName","Name":"RemotePortRanges","Option":"Write"},{"CIMType":"SInt32","Description":"Protocol - Depends on FirewallRuleName","Name":"Protocol","Option":"Write"},{"CIMType":"String[]","Description":"Local Port Ranges - Depends on FirewallRuleName","Name":"LocalPortRanges","Option":"Write"}],"Description":"Intune Firewall Rules Hyper-V Policy for Windows10"},{"ClassName":"MSFT_IntuneFirewallRulesHyperVPolicyWindows10","Parameters":[{"CIMType":"String","Description":"Policy description","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Policy name","Name":"DisplayName","Option":"Key"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphIntuneSettingsCatalogFirewallRuleName_IntuneFirewallRulesHyperVPolicyWindows10[]","Description":"Firewall Rules","Name":"FirewallRuleName","Option":"Write"},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Firewall Rules Hyper-V Policy for Windows10"},{"ClassName":"MSFT_MicrosoftGraphIntuneSettingsCatalogFirewallRuleName","Parameters":[{"CIMType":"String","Description":"Enabled - Depends on FirewallRuleName (0: Disabled, 1: Enabled)","Name":"Enabled","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Name - Depends on FirewallRuleName","Name":"Name","Option":"Key"},{"CIMType":"String[]","Description":"Interface Types - Depends on FirewallRuleName (RemoteAccess, Wireless, Lan, MobileBroadband, MBB, All)","Name":"InterfaceTypes","Option":"Write","ValueMap":["RemoteAccess","Wireless","Lan","MobileBroadband","MBB","All"],"Values":["RemoteAccess","Wireless","Lan","MobileBroadband","MBB","All"]},{"CIMType":"String","Description":"File Path - Depends on FirewallRuleName","Name":"FilePath","Option":"Write"},{"CIMType":"String[]","Description":"Remote Port Ranges - Depends on FirewallRuleName","Name":"RemotePortRanges","Option":"Write"},{"CIMType":"String","Description":"Edge Traversal - Depends on FirewallRuleName (0: Disabled, 1: Enabled)","Name":"EdgeTraversal","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String[]","Description":"Local User Authorized List - Depends on FirewallRuleName","Name":"LocalUserAuthorizedList","Option":"Write"},{"CIMType":"SInt32[]","Description":"Network Types - Depends on FirewallRuleName (1: FW_PROFILE_TYPE_DOMAIN:  This value represents the profile for networks that are connected to domains., 2: FW_PROFILE_TYPE_STANDARD:  This value represents the standard profile for networks. These networks are classified as private by the administrators in the server host. The classification happens the first time the host connects to the network. Usually these networks are behind Network Address Translation (NAT) devices, routers, and other edge devices, and they are in a private location, such as a home or an office. AND FW_PROFILE_TYPE_PRIVATE:  This value represents the profile for private networks, which is represented by the same value as that used for FW_PROFILE_TYPE_STANDARD., 4: FW_PROFILE_TYPE_PUBLIC:  This value represents the profile for public networks. These networks are classified as public by the administrators in the server host. The classification happens the first time the host connects to the network. Usually these networks are those at airports, coffee shops, and other public places where the peers in the network or the network administrator are not trusted., 2147483647: FW_PROFILE_TYPE_ALL:  This value represents all these network sets and any future network sets., -2147483648: FW_PROFILE_TYPE_CURRENT:  This value represents the current profiles to which the firewall and advanced security components determine the host is connected at the moment of the call. This value can be specified only in method calls, and it cannot be combined with other flags.)","Name":"Profiles","Option":"Write","ValueMap":[1,2,4,2147483647,-2147483648],"Values":[1,2,4,2147483647,-2147483648]},{"CIMType":"String[]","Description":"Local Port Ranges - Depends on FirewallRuleName","Name":"LocalPortRanges","Option":"Write"},{"CIMType":"String","Description":"Description - Depends on FirewallRuleName","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Policy App Id - Depends on FirewallRuleName","Name":"PolicyAppId","Option":"Write"},{"CIMType":"String","Description":"Package Family Name - Depends on FirewallRuleName","Name":"PackageFamilyName","Option":"Write"},{"CIMType":"String[]","Description":"Local Address Ranges - Depends on FirewallRuleName","Name":"LocalAddressRanges","Option":"Write"},{"CIMType":"String","Description":"Direction - Depends on FirewallRuleName (IN: The rule applies to inbound traffic., OUT: The rule applies to outbound traffic.)","Name":"Direction","Option":"Write","ValueMap":["IN","OUT"],"Values":["in","out"]},{"CIMType":"String","Description":"Service Name - Depends on FirewallRuleName","Name":"ServiceName","Option":"Write"},{"CIMType":"String[]","Description":"Remote Address Ranges - Depends on FirewallRuleName","Name":"RemoteAddressRanges","Option":"Write"},{"CIMType":"String","Description":"Action - Depends on FirewallRuleName (0: Block, 1: Allow)","Name":"Type","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String[]","Description":"Reusable groups - Depends on FirewallRuleName","Name":"RemoteAddressDynamicKeywords","Option":"Write"},{"CIMType":"SInt32","Description":"Protocol - Depends on FirewallRuleName","Name":"Protocol","Option":"Write"},{"CIMType":"String[]","Description":"ICMP Types And Codes - Depends on FirewallRuleName","Name":"IcmpTypesAndCodes","Option":"Write"}],"Description":"Intune Firewall Rules Policy for Windows10"},{"ClassName":"MSFT_IntuneFirewallRulesPolicyWindows10","Parameters":[{"CIMType":"String","Description":"Policy description","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Policy name","Name":"DisplayName","Option":"Key"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphIntuneSettingsCatalogFirewallRuleName[]","Description":"Firewall Rules","Name":"FirewallRuleName","Option":"Write"},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Firewall Rules Policy for Windows10"},{"ClassName":"MSFT_MicrosoftGraphIntuneSettingsCatalogFirewallRuleName_IntuneFirewallRulesPolicyWindows10ConfigMgr","Parameters":[{"CIMType":"String","Description":"Enabled - Depends on FirewallRuleName (0: Disabled, 1: Enabled)","Name":"Enabled","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Name - Depends on FirewallRuleName","Name":"Name","Option":"Key"},{"CIMType":"String[]","Description":"Interface Types - Depends on FirewallRuleName (RemoteAccess, Wireless, Lan, MobileBroadband, MBB, All)","Name":"InterfaceTypes","Option":"Write","ValueMap":["RemoteAccess","Wireless","Lan","MobileBroadband","MBB","All"],"Values":["RemoteAccess","Wireless","Lan","MobileBroadband","MBB","All"]},{"CIMType":"String","Description":"File Path - Depends on FirewallRuleName","Name":"FilePath","Option":"Write"},{"CIMType":"String[]","Description":"Remote Port Ranges - Depends on FirewallRuleName","Name":"RemotePortRanges","Option":"Write"},{"CIMType":"String","Description":"Edge Traversal - Depends on FirewallRuleName (0: Disabled, 1: Enabled)","Name":"EdgeTraversal","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String[]","Description":"Local User Authorized List - Depends on FirewallRuleName","Name":"LocalUserAuthorizedList","Option":"Write"},{"CIMType":"SInt32[]","Description":"Network Types - Depends on FirewallRuleName (1: FW_PROFILE_TYPE_DOMAIN:  This value represents the profile for networks that are connected to domains., 2: FW_PROFILE_TYPE_STANDARD:  This value represents the standard profile for networks. These networks are classified as private by the administrators in the server host. The classification happens the first time the host connects to the network. Usually these networks are behind Network Address Translation (NAT) devices, routers, and other edge devices, and they are in a private location, such as a home or an office. AND FW_PROFILE_TYPE_PRIVATE:  This value represents the profile for private networks, which is represented by the same value as that used for FW_PROFILE_TYPE_STANDARD., 4: FW_PROFILE_TYPE_PUBLIC:  This value represents the profile for public networks. These networks are classified as public by the administrators in the server host. The classification happens the first time the host connects to the network. Usually these networks are those at airports, coffee shops, and other public places where the peers in the network or the network administrator are not trusted., 2147483647: FW_PROFILE_TYPE_ALL:  This value represents all these network sets and any future network sets., -2147483648: FW_PROFILE_TYPE_CURRENT:  This value represents the current profiles to which the firewall and advanced security components determine the host is connected at the moment of the call. This value can be specified only in method calls, and it cannot be combined with other flags.)","Name":"Profiles","Option":"Write","ValueMap":[1,2,4,2147483647,-2147483648],"Values":[1,2,4,2147483647,-2147483648]},{"CIMType":"String[]","Description":"Local Port Ranges - Depends on FirewallRuleName","Name":"LocalPortRanges","Option":"Write"},{"CIMType":"String","Description":"Description - Depends on FirewallRuleName","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Package Family Name - Depends on FirewallRuleName","Name":"PackageFamilyName","Option":"Write"},{"CIMType":"String[]","Description":"Local Address Ranges - Depends on FirewallRuleName","Name":"LocalAddressRanges","Option":"Write"},{"CIMType":"String","Description":"Direction - Depends on FirewallRuleName (IN: The rule applies to inbound traffic., OUT: The rule applies to outbound traffic.)","Name":"Direction","Option":"Write","ValueMap":["IN","OUT"],"Values":["IN","OUT"]},{"CIMType":"String","Description":"Service Name - Depends on FirewallRuleName","Name":"ServiceName","Option":"Write"},{"CIMType":"String[]","Description":"Remote Address Ranges - Depends on FirewallRuleName","Name":"RemoteAddressRanges","Option":"Write"},{"CIMType":"String","Description":"Action - Depends on FirewallRuleName (0: Block, 1: Allow)","Name":"Type","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"SInt32","Description":"Protocol - Depends on FirewallRuleName","Name":"Protocol","Option":"Write"}],"Description":"Intune Firewall Rules Policy for Windows10 ConfigMgr"},{"ClassName":"MSFT_IntuneFirewallRulesPolicyWindows10ConfigMgr","Parameters":[{"CIMType":"String","Description":"Policy description","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Policy name","Name":"DisplayName","Option":"Key"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphIntuneSettingsCatalogFirewallRuleName_IntuneFirewallRulesPolicyWindows10ConfigMgr[]","Description":"Firewall Rules","Name":"FirewallRuleName","Option":"Write"},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Firewall Rules Policy for Windows10 ConfigMgr"},{"ClassName":"MSFT_IntuneManagedInstallerPolicyWindows10","Parameters":[{"CIMType":"String","Description":"Description of the Managed Installer Policy.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Name of the Managed Installer Policy","Name":"DisplayName","Option":"Key"},{"CIMType":"Boolean","Description":"Indicates if Intune is considered a Managed Installer.","Name":"IsIntuneManagedInstaller","Option":"Write"},{"CIMType":"String[]","Description":"List of Scope Tag IDs for the device health script","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Managed Installer Policy for Windows 10"},{"ClassName":"MSFT_DeviceManagementMobileAppAssignment","Parameters":[{"CIMType":"String","Description":"The type of the target assignment.","Name":"dataType","Option":"Write","ValueMap":["#microsoft.graph.groupAssignmentTarget","#microsoft.graph.allLicensedUsersAssignmentTarget","#microsoft.graph.allDevicesAssignmentTarget","#microsoft.graph.exclusionGroupAssignmentTarget","#microsoft.graph.mobileAppAssignment"],"Values":["#microsoft.graph.groupAssignmentTarget","#microsoft.graph.allLicensedUsersAssignmentTarget","#microsoft.graph.allDevicesAssignmentTarget","#microsoft.graph.exclusionGroupAssignmentTarget","#microsoft.graph.mobileAppAssignment"]},{"CIMType":"String","Description":"The Id of the filter for the target assignment.","Name":"deviceAndAppManagementAssignmentFilterId","Option":"Write"},{"CIMType":"String","Description":"The display name of the filter for the target assignment.","Name":"deviceAndAppManagementAssignmentFilterDisplayName","Option":"Write"},{"CIMType":"String","Description":"The type of filter of the target assignment i.e. Exclude or Include. Possible values are: none, include, exclude.","Name":"deviceAndAppManagementAssignmentFilterType","Option":"Write","ValueMap":["none","include","exclude"],"Values":["none","include","exclude"]},{"CIMType":"String","Description":"The group Id that is the target of the assignment.","Name":"groupId","Option":"Write"},{"CIMType":"String","Description":"The group Display Name that is the target of the assignment.","Name":"groupDisplayName","Option":"Write"},{"CIMType":"String","Description":"Possible values for the install intent chosen by the admin.","Name":"intent","Option":"Write","ValueMap":["available","required","uninstall","availableWithoutEnrollment"],"Values":["available","required","uninstall","availableWithoutEnrollment"]}],"Description":"Intune Mobile Apps Built In Store App for Android and iOS"},{"ClassName":"MSFT_DeviceManagementMobileAppAssignmentSettings","Parameters":[{"CIMType":"String","Description":"The odata type of the assignment type.","Name":"odataType","Option":"Required","ValueMap":["#microsoft.graph.androidManagedStoreAppAssignmentSettings","#microsoft.graph.iosStoreAppAssignmentSettings","#microsoft.graph.iosLobAppAssignmentSettings","#microsoft.graph.macOsLobAppAssignmentSettings","#microsoft.graph.win32LobAppAssignmentSettings","#microsoft.graph.winGetAppAssignmentSettings","#microsoft.graph.windowsUniversalAppXAppAssignmentSettings"],"Values":["#microsoft.graph.androidManagedStoreAppAssignmentSettings","#microsoft.graph.iosLobAppAssignmentSettings","#microsoft.graph.iosStoreAppAssignmentSettings","#microsoft.graph.macOsLobAppAssignmentSettings","#microsoft.graph.win32LobAppAssignmentSettings","#microsoft.graph.winGetAppAssignmentSettings","#microsoft.graph.windowsUniversalAppXAppAssignmentSettings"]}],"Description":"Intune Mobile Apps Built In Store App for Android and iOS"},{"ClassName":"MSFT_DeviceManagementBuiltInStoreAppAssignmentSettings","Parameters":[{"CIMType":"String","Description":"Display name or Id of the VPN configuration profile associated with this policy.","Name":"vpnConfigurationId","Option":"Write"},{"CIMType":"Boolean","Description":"When TRUE, indicates that the app should be uninstalled when the device is removed from Intune. When FALSE, indicates that the app will not be uninstalled when the device is removed from Intune. By default, property is set to null which internally is treated as TRUE.","Name":"uninstallOnDeviceRemoval","Option":"Write"},{"CIMType":"Boolean","Description":"When TRUE, indicates that the app can be uninstalled by the user. When FALSE, indicates that the app cannot be uninstalled by the user. By default, this property is set to null which internally is treated as TRUE.","Name":"isRemovable","Option":"Write"},{"CIMType":"Boolean","Description":"When TRUE, indicates that the app should not be backed up to iCloud. When FALSE, indicates that the app may be backed up to iCloud. By default, this property is set to null which internally is treated as FALSE.","Name":"preventManagedAppBackup","Option":"Write"}],"Description":"Intune Mobile Apps Built In Store App for Android and iOS"},{"ClassName":"MSFT_DeviceManagementBuiltInStoreAppAssignment","Parameters":[{"CIMType":"MSFT_DeviceManagementBuiltInStoreAppAssignmentSettings","Description":"The settings of the assignment.","Name":"assignmentSettings","Option":"Write"}],"Description":"Intune Mobile Apps Built In Store App for Android and iOS"},{"ClassName":"MSFT_MicrosoftGraphIosDeviceType","Parameters":[{"CIMType":"Boolean","Description":"Whether the app should run on iPads.","Name":"IPad","Option":"Write"},{"CIMType":"Boolean","Description":"Whether the app should run on iPhones and iPods.","Name":"IPhoneAndIPod","Option":"Write"}],"Description":"Intune Mobile Apps Built In Store App for Android and iOS"},{"ClassName":"MSFT_MicrosoftGraphMinimumOperatingSystem","Parameters":[{"CIMType":"Boolean","Description":"Indicates the minimum version support required for the managed device. When 'True', OS Version 4.0 or later is required to install the app. If 'False', Version 8.0 is not the minimum version. Applicable only for the 'Android' TargetPlatform.","Name":"V4_0","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates the minimum version support required for the managed device. When 'True', OS Version 4.0.3 or later is required to install the app. If 'False', Version 8.0 is not the minimum version. Applicable only for the 'Android' TargetPlatform.","Name":"V4_0_3","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates the minimum version support required for the managed device. When 'True', OS Version 4.1 or later is required to install the app. If 'False', Version 8.0 is not the minimum version. Applicable only for the 'Android' TargetPlatform.","Name":"V4_1","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates the minimum version support required for the managed device. When 'True', OS Version 4.2 or later is required to install the app. If 'False', Version 8.0 is not the minimum version. Applicable only for the 'Android' TargetPlatform.","Name":"V4_2","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates the minimum version support required for the managed device. When 'True', OS Version 4.3 or later is required to install the app. If 'False', Version 8.0 is not the minimum version. Applicable only for the 'Android' TargetPlatform.","Name":"V4_3","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates the minimum version support required for the managed device. When 'True', OS Version 4.4 or later is required to install the app. If 'False', Version 8.0 is not the minimum version. Applicable only for the 'Android' TargetPlatform.","Name":"V4_4","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates the minimum version support required for the managed device. When 'True', OS Version 5.0 or later is required to install the app. If 'False', Version 8.0 is not the minimum version. Applicable only for the 'Android' TargetPlatform.","Name":"V5_0","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates the minimum version support required for the managed device. When 'True', OS Version 5.1 or later is required to install the app. If 'False', Version 8.0 is not the minimum version. Applicable only for the 'Android' TargetPlatform.","Name":"V5_1","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates the minimum version support required for the managed device. When 'True', OS Version 6.0 or later is required to install the app. If 'False', Version 8.0 is not the minimum version. Applicable only for the 'Android' TargetPlatform.","Name":"V6_0","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates the minimum version support required for the managed device. When 'True', OS Version 7.0 or later is required to install the app. If 'False', Version 8.0 is not the minimum version. Applicable only for the 'Android' TargetPlatform.","Name":"V7_0","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates the minimum version support required for the managed device. When 'True', OS Version 7.1 or later is required to install the app. If 'False', Version 8.0 is not the minimum version. Applicable only for the 'Android' TargetPlatform.","Name":"V7_1","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates the minimum version support required for the managed device. When 'True', OS Version 8.0 or later is required to install the app. If 'False', Version 8.0 is not the minimum version.","Name":"V8_0","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates the minimum version support required for the managed device. When 'True', OS Version 8.1 or later is required to install the app. If 'False', Version 8.0 is not the minimum version. Applicable only for the 'Android' TargetPlatform.","Name":"V8_1","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates the minimum version support required for the managed device. When 'True', OS Version 9.0 or later is required to install the app. If 'False', Version 9.0 is not the minimum version.","Name":"V9_0","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates the minimum version support required for the managed device. When 'True', OS Version 10.0 or later is required to install the app. If 'False', Version 10.0 is not the minimum version.","Name":"V10_0","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates the minimum version support required for the managed device. When 'True', OS Version 11.0 or later is required to install the app. If 'False', Version 11.0 is not the minimum version.","Name":"V11_0","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates the minimum version support required for the managed device. When 'True', OS Version 12.0 or later is required to install the app. If 'False', Version 12.0 is not the minimum version.","Name":"V12_0","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates the minimum version support required for the managed device. When 'True', OS Version 13.0 or later is required to install the app. If 'False', Version 13.0 is not the minimum version.","Name":"V13_0","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates the minimum version support required for the managed device. When 'True', OS Version 14.0 or later is required to install the app. If 'False', Version 14.0 is not the minimum version.","Name":"V14_0","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates the minimum version support required for the managed device. When 'True', OS Version 15.0 or later is required to install the app. If 'False', Version 15.0 is not the minimum version.","Name":"V15_0","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates the minimum version support required for the managed device. When 'True', OS Version 16.0 or later is required to install the app. If 'False', Version 16.0 is not the minimum version. Applicable only for the 'iOS' TargetPlatform.","Name":"V16_0","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates the minimum version support required for the managed device. When 'True', OS Version 17.0 or later is required to install the app. If 'False', Version 17.0 is not the minimum version. Applicable only for the 'iOS' TargetPlatform.","Name":"V17_0","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates the minimum version support required for the managed device. When 'True', OS Version 18.0 or later is required to install the app. If 'False', Version 18.0 is not the minimum version. Applicable only for the 'iOS' TargetPlatform.","Name":"V18_0","Option":"Write"}],"Description":"Intune Mobile Apps Built In Store App for Android and iOS"},{"ClassName":"MSFT_DeviceManagementMimeContent","Parameters":[{"CIMType":"String","Description":"Indicates the type of content mime.","Name":"Type","Option":"Write"},{"CIMType":"String","Description":"The Base64 encoded string content.","Name":"Value","Option":"Write"}],"Description":"Intune Mobile Apps Built In Store App for Android and iOS"},{"ClassName":"MSFT_DeviceManagementMobileAppCategory","Parameters":[{"CIMType":"String","Description":"The name of the app category.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"}],"Description":"Intune Mobile Apps Built In Store App for Android and iOS"},{"ClassName":"MSFT_IntuneMobileAppsBuiltInStoreApp","Parameters":[{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"The admin provided or imported title of the app.","Name":"DisplayName","Option":"Key"},{"CIMType":"MSFT_MicrosoftGraphiosDeviceType","Description":"The architecture for which this app can run on. Only applicable for the 'iOS' TargetPlatform.","Name":"ApplicableDeviceType","Option":"Write"},{"CIMType":"String","Description":"The App Store URL. Cannot be changed after creation.","Name":"AppStoreUrl","Option":"Write"},{"CIMType":"String","Description":"The Identity Name. Only applicable for the 'iOS' TargetPlatform.","Name":"BundleId","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphMinimumOperatingSystem","Description":"The value for the minimum applicable operating system.","Name":"MinimumSupportedOperatingSystem","Option":"Write"},{"CIMType":"String","Description":"The description of the app.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"The developer of the app.","Name":"Developer","Option":"Write"},{"CIMType":"String","Description":"The more information Url.","Name":"InformationUrl","Option":"Write"},{"CIMType":"Boolean","Description":"The value indicating whether the app is marked as featured by the admin.","Name":"IsFeatured","Option":"Write"},{"CIMType":"MSFT_DeviceManagementMimeContent","Description":"The large icon, to be displayed in the app details and used for upload of the icon.","Name":"LargeIcon","Option":"Write"},{"CIMType":"String","Description":"Notes for the app.","Name":"Notes","Option":"Write"},{"CIMType":"String","Description":"The owner of the app.","Name":"Owner","Option":"Write"},{"CIMType":"String","Description":"The app's package ID. Only applicable for the 'Android' TargetPlatform","Name":"PackageId","Option":"Write"},{"CIMType":"String","Description":"The privacy statement Url.","Name":"PrivacyInformationUrl","Option":"Write"},{"CIMType":"String","Description":"The publisher of the app.","Name":"Publisher","Option":"Write"},{"CIMType":"MSFT_DeviceManagementMobileAppCategory[]","Description":"The list of categories for this app.","Name":"Categories","Option":"Write"},{"CIMType":"String[]","Description":"List of scope tag ids for this mobile app.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"String","Description":"The target platform of the mobile app.","Name":"TargetPlatform","Option":"Required","ValueMap":["Android","IOS"],"Values":["Android","IOS"]},{"CIMType":"MSFT_DeviceManagementBuiltInStoreAppAssignment[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Mobile Apps Built In Store App for Android and iOS"},{"ClassName":"MSFT_MicrosoftGraphMacOSIncludedApp","Parameters":[{"CIMType":"String","Description":"The bundleId of the app. This maps to the CFBundleIdentifier in the app's bundle configuration.","Name":"BundleId","Option":"Write"},{"CIMType":"String","Description":"The version of the app. This maps to the CFBundleShortVersion in the app's bundle configuration.","Name":"BundleVersion","Option":"Write"}],"Description":"Intune Mobile Apps Bundle types Dmg and Pkg for macOS.\n\n**ATTENTION**: After creating an app, the content must be manually uploaded via the Intune portal."},{"ClassName":"MSFT_MicrosoftGraphMacOSMinimumOperatingSystem","Parameters":[{"CIMType":"Boolean","Description":"Indicates the minimum version support required for the managed device. When 'True', OS Version 10.7 or later is required to install the app. If 'False', Version 10.7 is not the minimum version.","Name":"V10_7","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates the minimum version support required for the managed device. When 'True', OS Version 10.8 or later is required to install the app. If 'False', Version 10.8 is not the minimum version.","Name":"V10_8","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates the minimum version support required for the managed device. When 'True', OS Version 10.9 or later is required to install the app. If 'False', Version 10.9 is not the minimum version.","Name":"V10_9","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates the minimum version support required for the managed device. When 'True', OS Version 10.10 or later is required to install the app. If 'False', Version 10.10 is not the minimum version.","Name":"V10_10","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates the minimum version support required for the managed device. When 'True', OS Version 10.11 or later is required to install the app. If 'False', Version 10.11 is not the minimum version.","Name":"V10_11","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates the minimum version support required for the managed device. When 'True', OS Version 10.12 or later is required to install the app. If 'False', Version 10.12 is not the minimum version.","Name":"V10_12","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates the minimum version support required for the managed device. When 'True', OS Version 10.13 or later is required to install the app. If 'False', Version 10.13 is not the minimum version.","Name":"V10_13","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates the minimum version support required for the managed device. When 'True', OS Version 10.14 or later is required to install the app. If 'False', Version 10.14 is not the minimum version.","Name":"V10_14","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates the minimum version support required for the managed device. When 'True', OS Version 10.15 or later is required to install the app. If 'False', Version 10.15 is not the minimum version.","Name":"V10_15","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates the minimum version support required for the managed device. When 'True', OS Version 11.0 or later is required to install the app. If 'False', Version 11.0 is not the minimum version.","Name":"V11_0","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates the minimum version support required for the managed device. When 'True', OS Version 12.0 or later is required to install the app. If 'False', Version 12.0 is not the minimum version.","Name":"V12_0","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates the minimum version support required for the managed device. When 'True', OS Version 13.0 or later is required to install the app. If 'False', Version 13.0 is not the minimum version.","Name":"V13_0","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates the minimum version support required for the managed device. When 'True', OS Version 14.0 or later is required to install the app. If 'False', Version 14.0 is not the minimum version.","Name":"V14_0","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates the minimum version support required for the managed device. When 'True', OS Version 15.0 or later is required to install the app. If 'False', Version 15.0 is not the minimum version.","Name":"V15_0","Option":"Write"}],"Description":"Intune Mobile Apps Bundle types Dmg and Pkg for macOS.\n\n**ATTENTION**: After creating an app, the content must be manually uploaded via the Intune portal."},{"ClassName":"MSFT_IntuneMobileAppsBundleMacOS","Parameters":[{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"The admin provided or imported title of the app.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"The bundle type. To change the app type, you have to first delete and then recreate it. Possible values are: Dmg, Pkg","Name":"PackageFileType","Option":"Write","ValueMap":["Dmg","Pkg"],"Values":["Dmg","Pkg"]},{"CIMType":"String","Description":"The description of the app.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"The developer of the app.","Name":"Developer","Option":"Write"},{"CIMType":"String","Description":"The file name of the app.","Name":"FileName","Option":"Write"},{"CIMType":"String","Description":"The more information Url.","Name":"InformationUrl","Option":"Write"},{"CIMType":"Boolean","Description":"The value indicating whether the app is marked as featured by the admin.","Name":"IsFeatured","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphMimeContent","Description":"The large icon, to be displayed in the app details and used for upload of the icon.","Name":"LargeIcon","Option":"Write"},{"CIMType":"String","Description":"Notes for the app.","Name":"Notes","Option":"Write"},{"CIMType":"String","Description":"The owner of the app.","Name":"Owner","Option":"Write"},{"CIMType":"String","Description":"The privacy statement Url.","Name":"PrivacyInformationUrl","Option":"Write"},{"CIMType":"String","Description":"The publisher of the app.","Name":"Publisher","Option":"Write"},{"CIMType":"MSFT_DeviceManagementMobileAppCategory[]","Description":"The list of categories for this app.","Name":"Categories","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphMacOSIncludedApp[]","Description":"The list of apps expected to be installed by the bundle.","Name":"IncludedApps","Option":"Write"},{"CIMType":"Boolean","Description":"When TRUE, indicates that the app's version will NOT be used to detect if the app is installed on a device. When FALSE, indicates that the app's version will be used to detect if the app is installed on a device. Set this to true for apps that use a self update feature.","Name":"IgnoreVersionDetection","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphMacOSMinimumOperatingSystem","Description":"Indicates the minimum operating system applicable for the application.","Name":"MinimumSupportedOperatingSystem","Option":"Write"},{"CIMType":"String","Description":"Contains the pre-install script for the app. This will execute on the macOS device before the app is installed.","Name":"PreInstallScript","Option":"Write"},{"CIMType":"String","Description":"Contains the post-install script for the app. This will execute on the macOS device after the app is installed.","Name":"PostInstallScript","Option":"Write"},{"CIMType":"String[]","Description":"List of scope tag ids for this mobile app.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"MSFT_DeviceManagementMobileAppAssignment[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Mobile Apps Bundle types Dmg and Pkg for macOS.\n\n**ATTENTION**: After creating an app, the content must be manually uploaded via the Intune portal."},{"ClassName":"MSFT_IntuneMobileAppsDefenderForEndpointMacOS","Parameters":[{"CIMType":"String","Description":"The admin provided or imported title of the app.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"The description of the app.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"The developer of the app.","Name":"Developer","Option":"Write"},{"CIMType":"String","Description":"The more information Url.","Name":"InformationUrl","Option":"Write"},{"CIMType":"Boolean","Description":"The value indicating whether the app is marked as featured by the admin.","Name":"IsFeatured","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphmimeContent","Description":"The large icon, to be displayed in the app details and used for upload of the icon.","Name":"LargeIcon","Option":"Write"},{"CIMType":"String","Description":"Notes for the app.","Name":"Notes","Option":"Write"},{"CIMType":"String","Description":"The owner of the app.","Name":"Owner","Option":"Write"},{"CIMType":"String","Description":"The privacy statement Url.","Name":"PrivacyInformationUrl","Option":"Write"},{"CIMType":"String","Description":"The publisher of the app.","Name":"Publisher","Option":"Write"},{"CIMType":"MSFT_DeviceManagementMobileAppCategory[]","Description":"The list of categories for this app.","Name":"Categories","Option":"Write"},{"CIMType":"String[]","Description":"List of scope tag ids for this mobile app.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"MSFT_DeviceManagementMobileAppAssignment[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Mobile Apps Defender For Endpoint for macOS"},{"ClassName":"MSFT_MicrosoftGraphAndroidMinimumOperatingSystem","Parameters":[{"CIMType":"Boolean","Description":"When TRUE, only Version 10.0 or later is supported. Default value is FALSE. Exactly one of the minimum operating system boolean values will be TRUE.","Name":"V10_0","Option":"Write"},{"CIMType":"Boolean","Description":"When TRUE, only Version 11.0 or later is supported. Default value is FALSE. Exactly one of the minimum operating system boolean values will be TRUE.","Name":"V11_0","Option":"Write"},{"CIMType":"Boolean","Description":"When TRUE, only Version 12.0 or later is supported. Default value is FALSE. Exactly one of the minimum operating system boolean values will be TRUE.","Name":"V12_0","Option":"Write"},{"CIMType":"Boolean","Description":"When TRUE, only Version 13.0 or later is supported. Default value is FALSE. Exactly one of the minimum operating system boolean values will be TRUE.","Name":"V13_0","Option":"Write"},{"CIMType":"Boolean","Description":"When TRUE, only Version 14.0 or later is supported. Default value is FALSE. Exactly one of the minimum operating system boolean values will be TRUE.","Name":"V14_0","Option":"Write"},{"CIMType":"Boolean","Description":"When TRUE, only Version 15.0 or later is supported. Default value is FALSE. Exactly one of the minimum operating system boolean values will be TRUE.","Name":"V15_0","Option":"Write"},{"CIMType":"Boolean","Description":"When TRUE, only Version 4.0 or later is supported. Default value is FALSE. Exactly one of the minimum operating system boolean values will be TRUE.","Name":"V4_0","Option":"Write"},{"CIMType":"Boolean","Description":"When TRUE, only Version 4.0.3 or later is supported. Default value is FALSE. Exactly one of the minimum operating system boolean values will be TRUE.","Name":"V4_0_3","Option":"Write"},{"CIMType":"Boolean","Description":"When TRUE, only Version 4.1 or later is supported. Default value is FALSE. Exactly one of the minimum operating system boolean values will be TRUE.","Name":"V4_1","Option":"Write"},{"CIMType":"Boolean","Description":"When TRUE, only Version 4.2 or later is supported. Default value is FALSE. Exactly one of the minimum operating system boolean values will be TRUE.","Name":"V4_2","Option":"Write"},{"CIMType":"Boolean","Description":"When TRUE, only Version 4.3 or later is supported. Default value is FALSE. Exactly one of the minimum operating system boolean values will be TRUE.","Name":"V4_3","Option":"Write"},{"CIMType":"Boolean","Description":"When TRUE, only Version 4.4 or later is supported. Default value is FALSE. Exactly one of the minimum operating system boolean values will be TRUE.","Name":"V4_4","Option":"Write"},{"CIMType":"Boolean","Description":"When TRUE, only Version 5.0 or later is supported. Default value is FALSE. Exactly one of the minimum operating system boolean values will be TRUE.","Name":"V5_0","Option":"Write"},{"CIMType":"Boolean","Description":"When TRUE, only Version 5.1 or later is supported. Default value is FALSE. Exactly one of the minimum operating system boolean values will be TRUE.","Name":"V5_1","Option":"Write"},{"CIMType":"Boolean","Description":"When TRUE, only Version 6.0 or later is supported. Default value is FALSE. Exactly one of the minimum operating system boolean values will be TRUE.","Name":"V6_0","Option":"Write"},{"CIMType":"Boolean","Description":"When TRUE, only Version 7.0 or later is supported. Default value is FALSE. Exactly one of the minimum operating system boolean values will be TRUE.","Name":"V7_0","Option":"Write"},{"CIMType":"Boolean","Description":"When TRUE, only Version 7.1 or later is supported. Default value is FALSE. Exactly one of the minimum operating system boolean values will be TRUE.","Name":"V7_1","Option":"Write"},{"CIMType":"Boolean","Description":"When TRUE, only Version 8.0 or later is supported. Default value is FALSE. Exactly one of the minimum operating system boolean values will be TRUE.","Name":"V8_0","Option":"Write"},{"CIMType":"Boolean","Description":"When TRUE, only Version 8.1 or later is supported. Default value is FALSE. Exactly one of the minimum operating system boolean values will be TRUE.","Name":"V8_1","Option":"Write"},{"CIMType":"Boolean","Description":"When TRUE, only Version 9.0 or later is supported. Default value is FALSE. Exactly one of the minimum operating system boolean values will be TRUE.","Name":"V9_0","Option":"Write"}],"Description":"Intune Mobile Apps Lob App for Android"},{"ClassName":"MSFT_IntuneMobileAppsLobAppAndroid","Parameters":[{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"The admin provided or imported title of the app.","Name":"DisplayName","Option":"Key"},{"CIMType":"MSFT_MicrosoftGraphAndroidMinimumOperatingSystem","Description":"The value for the minimum applicable operating system.","Name":"MinimumSupportedOperatingSystem","Option":"Write"},{"CIMType":"String","Description":"The package identifier.","Name":"PackageId","Option":"Write"},{"CIMType":"String","Description":"The platforms to which the application can be targeted. If not specified, will defauilt to Android Device Administrator. Cannot be changed after creation. Possible values are: androidDeviceAdministrator, androidOpenSourceProject, unknownFutureValue.","Name":"TargetedPlatforms","Option":"Write","ValueMap":["androidDeviceAdministrator","androidOpenSourceProject"],"Values":["androidDeviceAdministrator","androidOpenSourceProject"]},{"CIMType":"String","Description":"The name of the main Lob application file.","Name":"FileName","Option":"Write"},{"CIMType":"MSFT_DeviceManagementMobileAppCategory[]","Description":"The list of categories for this app.","Name":"Categories","Option":"Write"},{"CIMType":"String","Description":"The description of the app.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"The developer of the app.","Name":"Developer","Option":"Write"},{"CIMType":"String","Description":"The more information Url.","Name":"InformationUrl","Option":"Write"},{"CIMType":"Boolean","Description":"The value indicating whether the app is marked as featured by the admin.","Name":"IsFeatured","Option":"Write"},{"CIMType":"MSFT_DeviceManagementMimeContent","Description":"The large icon, to be displayed in the app details and used for upload of the icon.","Name":"LargeIcon","Option":"Write"},{"CIMType":"String","Description":"Notes for the app.","Name":"Notes","Option":"Write"},{"CIMType":"String","Description":"The owner of the app.","Name":"Owner","Option":"Write"},{"CIMType":"String","Description":"The privacy statement Url.","Name":"PrivacyInformationUrl","Option":"Write"},{"CIMType":"String","Description":"The publisher of the app.","Name":"Publisher","Option":"Write"},{"CIMType":"String[]","Description":"List of scope tag ids for this mobile app.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"MSFT_DeviceManagementMobileAppAssignment[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Mobile Apps Lob App for Android"},{"ClassName":"MSFT_DeviceManagementLobAppiOSAssignmentSettings","Parameters":[{"CIMType":"String","Description":"Display name or Id of the VPN configuration profile associated with this policy.","Name":"vpnConfigurationId","Option":"Write"},{"CIMType":"Boolean","Description":"When TRUE, indicates that the app should be uninstalled when the device is removed from Intune. When FALSE, indicates that the app will not be uninstalled when the device is removed from Intune. By default, property is set to null which internally is treated as TRUE.","Name":"uninstallOnDeviceRemoval","Option":"Write"},{"CIMType":"Boolean","Description":"When TRUE, indicates that the app can be uninstalled by the user. When FALSE, indicates that the app cannot be uninstalled by the user. By default, this property is set to null which internally is treated as TRUE.","Name":"isRemovable","Option":"Write"},{"CIMType":"Boolean","Description":"When TRUE, indicates that the app should not be backed up to iCloud. When FALSE, indicates that the app may be backed up to iCloud. By default, this property is set to null which internally is treated as FALSE.","Name":"preventManagedAppBackup","Option":"Write"}],"Description":"Intune Mobile Apps Lob App for iOS"},{"ClassName":"MSFT_DeviceManagementLobAppiOSAssignment","Parameters":[{"CIMType":"MSFT_DeviceManagementLobAppiOSAssignmentSettings","Description":"The settings of the assignment.","Name":"assignmentSettings","Option":"Write"}],"Description":"Intune Mobile Apps Lob App for iOS"},{"ClassName":"MSFT_MicrosoftGraphIosMinimumOperatingSystem","Parameters":[{"CIMType":"Boolean","Description":"Indicates the minimum iOS version support required for the managed device. When 'True', iOS with OS Version 10.0 or later is required to install the app. If 'False', iOS Version 10.0 is not the minimum version. Default value is False. Exactly one of the minimum operating system boolean values will be TRUE.","Name":"V10_0","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates the minimum iOS version support required for the managed device. When 'True', iOS with OS Version 11.0 or later is required to install the app. If 'False', iOS Version 11.0 is not the minimum version. Default value is False. Exactly one of the minimum operating system boolean values will be TRUE.","Name":"V11_0","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates the minimum iOS version support required for the managed device. When 'True', iOS with OS Version 12.0 or later is required to install the app. If 'False', iOS Version 12.0 is not the minimum version. Default value is False. Exactly one of the minimum operating system boolean values will be TRUE.","Name":"V12_0","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates the minimum iOS version support required for the managed device. When 'True', iOS with OS Version 13.0 or later is required to install the app. If 'False', iOS Version 13.0 is not the minimum version. Default value is False. Exactly one of the minimum operating system boolean values will be TRUE.","Name":"V13_0","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates the minimum iOS version support required for the managed device. When 'True', iOS with OS Version 14.0 or later is required to install the app. If 'False', iOS Version 14.0 is not the minimum version. Default value is False. Exactly one of the minimum operating system boolean values will be TRUE.","Name":"V14_0","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates the minimum iOS version support required for the managed device. When 'True', iOS with OS Version 15.0 or later is required to install the app. If 'False', iOS Version 15.0 is not the minimum version. Default value is False. Exactly one of the minimum operating system boolean values will be TRUE.","Name":"V15_0","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates the minimum iOS version support required for the managed device. When 'True', iOS with OS Version 16.0 or later is required to install the app. If 'False', iOS Version 16.0 is not the minimum version. Default value is False. Exactly one of the minimum operating system boolean values will be TRUE.","Name":"V16_0","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates the minimum iOS version support required for the managed device. When 'True', iOS with OS Version 17.0 or later is required to install the app. If 'False', iOS Version 17.0 is not the minimum version. Default value is False. Exactly one of the minimum operating system boolean values will be TRUE.","Name":"V17_0","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates the minimum iOS version support required for the managed device. When 'True', iOS with OS Version 18.0 or later is required to install the app. If 'False', iOS Version 18.0 is not the minimum version. Default value is False. Exactly one of the minimum operating system boolean values will be TRUE.","Name":"V18_0","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates the minimum iOS version support required for the managed device. When 'True', iOS with OS Version 8.0 or later is required to install the app. If 'False', iOS Version 8.0  is not the minimum version. Default value is False. Exactly one of the minimum operating system boolean values will be TRUE.","Name":"V8_0","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates the minimum iOS version support required for the managed device. When 'True', iOS with OS Version 9.0 or later is required to install the app. If 'False', iOS Version 9.0 is not the minimum version. Default value is False. Exactly one of the minimum operating system boolean values will be TRUE.","Name":"V9_0","Option":"Write"}],"Description":"Intune Mobile Apps Lob App for iOS"},{"ClassName":"MSFT_IntuneMobileAppsLobAppiOS","Parameters":[{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"The admin provided or imported title of the app.","Name":"DisplayName","Option":"Key"},{"CIMType":"MSFT_MicrosoftGraphIosDeviceType","Description":"The iOS architecture for which this app can run on.","Name":"ApplicableDeviceType","Option":"Write"},{"CIMType":"String","Description":"The build number of iOS Line of Business (LoB) app.","Name":"BuildNumber","Option":"Write"},{"CIMType":"String","Description":"The Identity Name.","Name":"BundleId","Option":"Write"},{"CIMType":"MSFT_DeviceManagementMobileAppCategory[]","Description":"The list of categories for this app.","Name":"Categories","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphIosMinimumOperatingSystem","Description":"The value for the minimum applicable operating system.","Name":"MinimumSupportedOperatingSystem","Option":"Write"},{"CIMType":"String","Description":"The version number of iOS Line of Business (LoB) app.","Name":"VersionNumber","Option":"Write"},{"CIMType":"String","Description":"The name of the main Lob application file.","Name":"FileName","Option":"Write"},{"CIMType":"String","Description":"The description of the app.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"The developer of the app.","Name":"Developer","Option":"Write"},{"CIMType":"String","Description":"The more information Url.","Name":"InformationUrl","Option":"Write"},{"CIMType":"Boolean","Description":"The value indicating whether the app is marked as featured by the admin.","Name":"IsFeatured","Option":"Write"},{"CIMType":"MSFT_DeviceManagementMimeContent","Description":"The large icon, to be displayed in the app details and used for upload of the icon.","Name":"LargeIcon","Option":"Write"},{"CIMType":"String","Description":"Notes for the app.","Name":"Notes","Option":"Write"},{"CIMType":"String","Description":"The owner of the app.","Name":"Owner","Option":"Write"},{"CIMType":"String","Description":"The privacy statement Url.","Name":"PrivacyInformationUrl","Option":"Write"},{"CIMType":"String","Description":"The publisher of the app.","Name":"Publisher","Option":"Write"},{"CIMType":"String[]","Description":"List of scope tag ids for this mobile app.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"MSFT_DeviceManagementLobAppiOSAssignment[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Mobile Apps Lob App for iOS"},{"ClassName":"MSFT_IntuneMobileAppsLobAppMsiWindows10","Parameters":[{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"The admin provided or imported title of the app.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"The name of the main Lob application file. Required for creating the app.","Name":"FileName","Option":"Write"},{"CIMType":"String","Description":"The description of the app.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"The developer of the app.","Name":"Developer","Option":"Write"},{"CIMType":"String","Description":"The more information Url.","Name":"InformationUrl","Option":"Write"},{"CIMType":"Boolean","Description":"The value indicating whether the app is marked as featured by the admin.","Name":"IsFeatured","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphMimeContent","Description":"The large icon, to be displayed in the app details and used for upload of the icon.","Name":"LargeIcon","Option":"Write"},{"CIMType":"String","Description":"Notes for the app.","Name":"Notes","Option":"Write"},{"CIMType":"String","Description":"The owner of the app.","Name":"Owner","Option":"Write"},{"CIMType":"String","Description":"The privacy statement Url.","Name":"PrivacyInformationUrl","Option":"Write"},{"CIMType":"String","Description":"The publisher of the app.","Name":"Publisher","Option":"Write"},{"CIMType":"String[]","Description":"List of scope tag ids for this mobile app.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"MSFT_DeviceManagementMobileAppCategory[]","Description":"The list of categories for this app.","Name":"Categories","Option":"Write"},{"CIMType":"String","Description":"The command line.","Name":"CommandLine","Option":"Write"},{"CIMType":"Boolean","Description":"A boolean to control whether the app's version will be used to detect the app after it is installed on a device. Set this to true for Windows Mobile MSI Line of Business (LoB) apps that use a self update feature.","Name":"IgnoreVersionDetection","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether to install a dual-mode MSI in the device context. If true, app will be installed for all users. If false, app will be installed per-user. If null, service will use the MSI package's default install context. In case of dual-mode MSI, this default will be per-user. Cannot be set for non-dual-mode apps. Cannot be changed after initial creation of the application.","Name":"UseDeviceContext","Option":"Write"},{"CIMType":"MSFT_DeviceManagementMobileAppAssignment[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Mobile Apps Lob App MSI for Windows10"},{"ClassName":"MSFT_DeviceManagementAppxMobileAppAssignmentSettings","Parameters":[{"CIMType":"Boolean","Description":"If true, uses device execution context for Windows Universal AppX mobile app. Device-context install is not allowed when this type of app is targeted with Available intent. Defaults to false.","Name":"useDeviceContext","Option":"Write"}],"Description":"Intune Mobile Apps Lob App for Windows10 for Appx, AppxBundle, Msix and MsixBundle applications."},{"ClassName":"MSFT_DeviceManagementAppxMobileAppAssignment","Parameters":[{"CIMType":"MSFT_DeviceManagementAppxMobileAppAssignmentSettings","Description":"The settings of the assignment.","Name":"assignmentSettings","Option":"Write"}],"Description":"Intune Mobile Apps Lob App for Windows10 for Appx, AppxBundle, Msix and MsixBundle applications."},{"ClassName":"MSFT_IntuneMobileAppsLobAppWindows10","Parameters":[{"CIMType":"String","Description":"The admin provided or imported title of the app.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"The name of the main Lob application file. Required for creating the resource.","Name":"FileName","Option":"Write"},{"CIMType":"String","Description":"The description of the app.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"The developer of the app.","Name":"Developer","Option":"Write"},{"CIMType":"String","Description":"The more information Url.","Name":"InformationUrl","Option":"Write"},{"CIMType":"Boolean","Description":"The value indicating whether the app is marked as featured by the admin.","Name":"IsFeatured","Option":"Write"},{"CIMType":"MSFT_DeviceManagementMimeContent","Description":"The large icon, to be displayed in the app details and used for upload of the icon.","Name":"LargeIcon","Option":"Write"},{"CIMType":"String","Description":"Notes for the app.","Name":"Notes","Option":"Write"},{"CIMType":"String","Description":"The owner of the app.","Name":"Owner","Option":"Write"},{"CIMType":"String","Description":"The privacy statement Url.","Name":"PrivacyInformationUrl","Option":"Write"},{"CIMType":"String","Description":"The publisher of the app.","Name":"Publisher","Option":"Write"},{"CIMType":"String[]","Description":"List of scope tag ids for this mobile app.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"MSFT_DeviceManagementMobileAppCategory[]","Description":"The list of categories for this app.","Name":"Categories","Option":"Write"},{"CIMType":"MSFT_DeviceManagementMobileAppAssignment[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Mobile Apps Lob App for Windows10 for Appx, AppxBundle, Msix and MsixBundle applications."},{"ClassName":"MSFT_DeviceManagementMacOSLobAppAssignmentSettings","Parameters":[{"CIMType":"Boolean","Description":"When TRUE, indicates that the app should be uninstalled when the device is removed from Intune. When FALSE, indicates that the app will not be uninstalled when the device is removed from Intune.","Name":"uninstallOnDeviceRemoval","Option":"Write"}],"Description":"This resource configures an Intune mobile app of MacOSLobApp type for MacOS devices."},{"ClassName":"MSFT_DeviceManagementMacOSLobAppAssignment","Parameters":[{"CIMType":"MSFT_DeviceManagementMacOSLobAppAssignmentSettings","Description":"The settings of the assignment.","Name":"assignmentSettings","Option":"Write"}],"Description":"This resource configures an Intune mobile app of MacOSLobApp type for MacOS devices."},{"ClassName":"MSFT_DeviceManagementMinimumOperatingSystem","Parameters":[{"CIMType":"Boolean","Description":"Indicates if Mac OS X 10.7 or later is required to install the app.","Name":"v10_7","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates if Mac OS X 10.8 or later is required to install the app.","Name":"v10_8","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates if Mac OS X 10.9 or later is required to install the app.","Name":"v10_9","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates if Mac OS X 10.10 or later is required to install the app.","Name":"v10_10","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates if Mac OS X 10.11 or later is required to install the app.","Name":"v10_11","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates if Mac OS X 10.12 or later is required to install the app.","Name":"v10_12","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates if Mac OS X 10.13 or later is required to install the app.","Name":"v10_13","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates if Mac OS X 10.14 or later is required to install the app.","Name":"v10_14","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates if Mac OS X 10.15 or later is required to install the app.","Name":"v10_15","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates if Mac OS X 11.0 or later is required to install the app.","Name":"v11_0","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates if Mac OS X 12.0 or later is required to install the app.","Name":"v12_0","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates if Mac OS X 13.0 or later is required to install the app.","Name":"v13_0","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates if Mac OS X 14.0 or later is required to install the app.","Name":"v14_0","Option":"Write"}],"Description":"This resource configures an Intune mobile app of MacOSLobApp type for MacOS devices."},{"ClassName":"MSFT_DeviceManagementMobileAppChildApp","Parameters":[{"CIMType":"String","Description":"The bundleId of the app.","Name":"BundleId","Option":"Key"},{"CIMType":"String","Description":"The build number of the app.","Name":"BuildNumber","Option":"Write"},{"CIMType":"String","Description":"The version number of the app.","Name":"VersionNumber","Option":"Write"}],"Description":"This resource configures an Intune mobile app of MacOSLobApp type for MacOS devices."},{"ClassName":"MSFT_IntuneMobileAppsMacOSLobApp","Parameters":[{"CIMType":"String","Description":"The admin provided or imported title of the app. Inherited from mobileApp.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only. Inherited from mobileApp object.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"The description of the app. Inherited from mobileApp.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"The dewveloper of the app. Inherited from mobileApp.","Name":"Developer","Option":"Write"},{"CIMType":"String","Description":"The InformationUrl of the app. Inherited from mobileApp.","Name":"InformationUrl","Option":"Write"},{"CIMType":"Boolean","Description":"The value indicating whether the app is marked as featured by the admin. Inherited from mobileApp.","Name":"IsFeatured","Option":"Write"},{"CIMType":"String","Description":"Notes for the app. Inherited from mobileApp.","Name":"Notes","Option":"Write"},{"CIMType":"String","Description":"The owner of the app. Inherited from mobileApp.","Name":"Owner","Option":"Write"},{"CIMType":"String","Description":"The privacy statement Url. Inherited from mobileApp.","Name":"PrivacyInformationUrl","Option":"Write"},{"CIMType":"String","Description":"The publisher of the app. Inherited from mobileApp.","Name":"Publisher","Option":"Write"},{"CIMType":"String","Description":"The bundleId of the app.","Name":"BundleId","Option":"Write"},{"CIMType":"String","Description":"The build number of the app.","Name":"BuildNumber","Option":"Write"},{"CIMType":"String","Description":"The version number of the app.","Name":"VersionNumber","Option":"Write"},{"CIMType":"String[]","Description":"List of Scope Tag IDs for mobile app.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"Boolean","Description":"Whether to ignore the version of the app or not.","Name":"IgnoreVersionDetection","Option":"Write"},{"CIMType":"Boolean","Description":"Install the app as managed. Requires macOS 11.0.","Name":"InstallAsManaged","Option":"Write"},{"CIMType":"MSFT_DeviceManagementMimeContent","Description":"The icon for this app.","Name":"LargeIcon","Option":"Write"},{"CIMType":"MSFT_DeviceManagementMinimumOperatingSystem","Description":"The minimum supported operating system to install the app.","Name":"MinimumSupportedOperatingSystem","Option":"Write"},{"CIMType":"MSFT_DeviceManagementMobileAppCategory[]","Description":"The list of categories for this app.","Name":"Categories","Option":"Write"},{"CIMType":"MSFT_DeviceManagementMacOSLobAppAssignment[]","Description":"The list of assignments for this app.","Name":"Assignments","Option":"Write"},{"CIMType":"MSFT_DeviceManagementMobileAppChildApp[]","Description":"The list of child apps for this app package.","Name":"ChildApps","Option":"Write"},{"CIMType":"String","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures an Intune mobile app of MacOSLobApp type for MacOS devices."},{"ClassName":"MSFT_DeviceManagementManagedGooglePlayMobileAppAssignmentSettings","Parameters":[{"CIMType":"String","Description":"Priority for automatic udpates for this app assignment. Possible values are: default, postponed, priority.","Name":"autoUpdateMode","Option":"Write","ValueMap":["default","postponed","priority"],"Values":["default","postponed","priority"]}],"Description":"Intune Mobile Apps Managed Google Play Store App for Android"},{"ClassName":"MSFT_DeviceManagementManagedGooglePlayMobileAppAssignment","Parameters":[{"CIMType":"MSFT_DeviceManagementManagedGooglePlayMobileAppAssignmentSettings","Description":"The settings of the assignment.","Name":"assignmentSettings","Option":"Write"}],"Description":"Intune Mobile Apps Managed Google Play Store App for Android"},{"ClassName":"MSFT_IntuneMobileAppsManagedGooglePlayApp","Parameters":[{"CIMType":"String","Description":"The admin provided or imported title of the app.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"The package identifier. Required to sync from Google Play Store. Cannot be changed after creation.","Name":"PackageId","Option":"Required"},{"CIMType":"String[]","Description":"List of scope tag ids for this mobile app.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"MSFT_DeviceManagementManagedGooglePlayMobileAppAssignment[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Mobile Apps Managed Google Play Store App for Android"},{"ClassName":"MSFT_IntuneMobileAppsMicrosoft365SuiteMacOS","Parameters":[{"CIMType":"String","Description":"The admin provided or imported title of the app.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"The description of the app.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"The developer of the app.","Name":"Developer","Option":"Write"},{"CIMType":"String","Description":"The more information Url.","Name":"InformationUrl","Option":"Write"},{"CIMType":"Boolean","Description":"The value indicating whether the app is marked as featured by the admin.","Name":"IsFeatured","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphmimeContent","Description":"The large icon, to be displayed in the app details and used for upload of the icon.","Name":"LargeIcon","Option":"Write"},{"CIMType":"String","Description":"Notes for the app.","Name":"Notes","Option":"Write"},{"CIMType":"String","Description":"The owner of the app.","Name":"Owner","Option":"Write"},{"CIMType":"String","Description":"The privacy statement Url.","Name":"PrivacyInformationUrl","Option":"Write"},{"CIMType":"String","Description":"The publisher of the app.","Name":"Publisher","Option":"Write"},{"CIMType":"MSFT_DeviceManagementMobileAppCategory[]","Description":"The list of categories for this app.","Name":"Categories","Option":"Write"},{"CIMType":"String[]","Description":"List of scope tag ids for this mobile app.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"MSFT_DeviceManagementMobileAppAssignment[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Mobile Apps Microsoft365 Suite for macOS"},{"ClassName":"MSFT_IntuneMobileAppsMicrosoftEdge","Parameters":[{"CIMType":"String","Description":"The admin provided or imported title of the app.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"The channel to install on target devices. Cannot be updated after creation. Instead, a new policy must be created. The possible values are dev, beta, and stable. By default, this property is set to dev. Possible values are: dev, beta, stable, unknownFutureValue.","Name":"Channel","Option":"Write","ValueMap":["dev","beta","stable","unknownFutureValue"],"Values":["dev","beta","stable","unknownFutureValue"]},{"CIMType":"String","Description":"The language locale to use when the Edge app displays text to the user. Only applicable for the 'windows' target platform.","Name":"DisplayLanguageLocale","Option":"Write"},{"CIMType":"String","Description":"The description of the app.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"The developer of the app.","Name":"Developer","Option":"Write"},{"CIMType":"String","Description":"The more information Url.","Name":"InformationUrl","Option":"Write"},{"CIMType":"Boolean","Description":"The value indicating whether the app is marked as featured by the admin.","Name":"IsFeatured","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphmimeContent","Description":"The large icon, to be displayed in the app details and used for upload of the icon.","Name":"LargeIcon","Option":"Write"},{"CIMType":"String","Description":"Notes for the app.","Name":"Notes","Option":"Write"},{"CIMType":"String","Description":"The owner of the app.","Name":"Owner","Option":"Write"},{"CIMType":"String","Description":"The privacy statement Url.","Name":"PrivacyInformationUrl","Option":"Write"},{"CIMType":"String","Description":"The publisher of the app.","Name":"Publisher","Option":"Write"},{"CIMType":"MSFT_DeviceManagementMobileAppCategory[]","Description":"The list of categories for this app.","Name":"Categories","Option":"Write"},{"CIMType":"String[]","Description":"List of scope tag ids for this mobile app.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"String","Description":"The target platform of the mobile app.","Name":"TargetPlatform","Option":"Required","ValueMap":["macOS","windows"],"Values":["macOS","windows"]},{"CIMType":"MSFT_DeviceManagementMobileAppAssignment[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Mobile Apps Microsoft Edge for the Windows and MacOS platform."},{"ClassName":"MSFT_DeviceManagementWinGetMobileAppAssignmentSettingsRestartSettings","Parameters":[{"CIMType":"SInt32","Description":"The number of minutes to wait before restarting the device after an app installation.","Name":"countdownDisplayBeforeRestartInMinutes","Option":"Write"},{"CIMType":"SInt32","Description":"The number of minutes before the restart time to display the countdown dialog for pending restarts.","Name":"gracePeriodInMinutes","Option":"Write"},{"CIMType":"SInt32","Description":"The number of minutes to snooze the restart notification dialog when the snooze button is selected.","Name":"restartNotificationSnoozeDurationInMinutes","Option":"Write"}],"Description":"Intune Mobile Apps Microsoft Store App for Windows10 (new experience)"},{"ClassName":"MSFT_DeviceManagementWinGetMobileAppAssignmentSettingsInstallTimeSettings","Parameters":[{"CIMType":"Boolean","Description":"Whether the local device time or UTC time should be used when determining the available and deadline times.","Name":"useLocalTime","Option":"Write"},{"CIMType":"String","Description":"The time at which the app should be available for installation.","Name":"startDateTime","Option":"Write"},{"CIMType":"String","Description":"The time at which the app should be installed.","Name":"deadlineDateTime","Option":"Write"}],"Description":"Intune Mobile Apps Microsoft Store App for Windows10 (new experience)"},{"ClassName":"MSFT_DeviceManagementWingetMobileAppAssignmentSettings","Parameters":[{"CIMType":"MSFT_DeviceManagementWinGetMobileAppAssignmentSettingsInstallTimeSettings","Description":"The install time settings to apply for this app assignment.","Name":"installTimeSettings","Option":"Write"},{"CIMType":"String","Description":"The notification status for this app assignment. Possible values are: showAll, showReboot, hideAll.","Name":"notifications","Option":"Write","ValueMap":["showAll","showReboot","hideAll"],"Values":["showAll","showReboot","hideAll"]},{"CIMType":"MSFT_DeviceManagementWinGetMobileAppAssignmentSettingsRestartSettings","Description":"The reboot settings to apply for this app assignment.","Name":"restartSettings","Option":"Write"}],"Description":"Intune Mobile Apps Microsoft Store App for Windows10 (new experience)"},{"ClassName":"MSFT_DeviceManagementWingetMobileAppAssignment","Parameters":[{"CIMType":"MSFT_DeviceManagementWingetMobileAppAssignmentSettings","Description":"The settings of the assignment.","Name":"assignmentSettings","Option":"Write"}],"Description":"Intune Mobile Apps Microsoft Store App for Windows10 (new experience)"},{"ClassName":"MSFT_MicrosoftGraphWinGetAppInstallExperience","Parameters":[{"CIMType":"String","Description":"Indicates the type of execution context the app setup runs in on target devices. Options include values of the RunAsAccountType enum, which are System and User. Required at creation time, cannot be modified on existing objects. Possible values are: system, user.","Name":"RunAsAccount","Option":"Write","ValueMap":["system","user"],"Values":["system","user"]}],"Description":"Intune Mobile Apps Microsoft Store App for Windows10 (new experience)"},{"ClassName":"MSFT_IntuneMobileAppsMicrosoftStoreAppWindows10","Parameters":[{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"The admin provided or imported title of the app.","Name":"DisplayName","Option":"Key"},{"CIMType":"MSFT_MicrosoftGraphwinGetAppInstallExperience","Description":"The install experience settings associated with this application, which are used to ensure the desired install experiences on the target device are taken into account. This includes the account type (System or User) that actions should be run as on target devices. Cannot be changed after creation.","Name":"InstallExperience","Option":"Write"},{"CIMType":"String","Description":"The PackageIdentifier from the WinGet source repository REST API. This also maps to the Id when using the WinGet client command line application. Required at creation time, cannot be modified on existing objects.","Name":"PackageIdentifier","Option":"Required"},{"CIMType":"String","Description":"The description of the app.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"The developer of the app.","Name":"Developer","Option":"Write"},{"CIMType":"String","Description":"The more information Url.","Name":"InformationUrl","Option":"Write"},{"CIMType":"Boolean","Description":"The value indicating whether the app is marked as featured by the admin.","Name":"IsFeatured","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphMimeContent","Description":"The large icon, to be displayed in the app details and used for upload of the icon.","Name":"LargeIcon","Option":"Write"},{"CIMType":"String","Description":"Notes for the app.","Name":"Notes","Option":"Write"},{"CIMType":"String","Description":"The owner of the app.","Name":"Owner","Option":"Write"},{"CIMType":"String","Description":"The privacy statement Url.","Name":"PrivacyInformationUrl","Option":"Write"},{"CIMType":"String","Description":"The publisher of the app.","Name":"Publisher","Option":"Write"},{"CIMType":"MSFT_DeviceManagementMobileAppCategory[]","Description":"The list of categories for this app.","Name":"Categories","Option":"Write"},{"CIMType":"String[]","Description":"List of scope tag ids for this mobile app.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"MSFT_DeviceManagementWingetMobileAppAssignment[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Mobile Apps Microsoft Store App for Windows10 (new experience)"},{"ClassName":"MSFT_DeviceManagementStoreMobileAppAssignmentSettings","Parameters":[{"CIMType":"String","Description":"Display name or Id of the VPN configuration profile associated with this policy.","Name":"vpnConfigurationId","Option":"Write"},{"CIMType":"Boolean","Description":"When TRUE, indicates that the app should be uninstalled when the device is removed from Intune. When FALSE, indicates that the app will not be uninstalled when the device is removed from Intune. By default, property is set to null which internally is treated as TRUE.","Name":"uninstallOnDeviceRemoval","Option":"Write"},{"CIMType":"Boolean","Description":"When TRUE, indicates that the app can be uninstalled by the user. When FALSE, indicates that the app cannot be uninstalled by the user. By default, this property is set to null which internally is treated as TRUE.","Name":"isRemovable","Option":"Write"},{"CIMType":"Boolean","Description":"When TRUE, indicates that the app should not be backed up to iCloud. When FALSE, indicates that the app may be backed up to iCloud. By default, this property is set to null which internally is treated as FALSE.","Name":"preventManagedAppBackup","Option":"Write"}],"Description":"Intune Mobile Apps Store App for Android and iOS"},{"ClassName":"MSFT_DeviceManagementStoreMobileAppAssignment","Parameters":[{"CIMType":"MSFT_DeviceManagementStoreMobileAppAssignmentSettings","Description":"The settings of the assignment.","Name":"assignmentSettings","Option":"Write"}],"Description":"Intune Mobile Apps Store App for Android and iOS"},{"ClassName":"MSFT_IntuneMobileAppsStoreApp","Parameters":[{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"The admin provided or imported title of the app.","Name":"DisplayName","Option":"Key"},{"CIMType":"MSFT_MicrosoftGraphiosDeviceType","Description":"The architecture for which this app can run on. Only applicable for the 'iOS' TargetPlatform.","Name":"ApplicableDeviceType","Option":"Write"},{"CIMType":"String","Description":"The App Store URL. Cannot be changed after creation.","Name":"AppStoreUrl","Option":"Write"},{"CIMType":"String","Description":"The Identity Name. Only applicable for the 'iOS' TargetPlatform.","Name":"BundleId","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphMinimumOperatingSystem","Description":"The value for the minimum applicable operating system.","Name":"MinimumSupportedOperatingSystem","Option":"Write"},{"CIMType":"String","Description":"The description of the app.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"The developer of the app.","Name":"Developer","Option":"Write"},{"CIMType":"String","Description":"The more information Url.","Name":"InformationUrl","Option":"Write"},{"CIMType":"Boolean","Description":"The value indicating whether the app is marked as featured by the admin.","Name":"IsFeatured","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphMimeContent","Description":"The large icon, to be displayed in the app details and used for upload of the icon.","Name":"LargeIcon","Option":"Write"},{"CIMType":"String","Description":"Notes for the app.","Name":"Notes","Option":"Write"},{"CIMType":"String","Description":"The owner of the app.","Name":"Owner","Option":"Write"},{"CIMType":"String","Description":"The privacy statement Url.","Name":"PrivacyInformationUrl","Option":"Write"},{"CIMType":"String","Description":"The publisher of the app.","Name":"Publisher","Option":"Write"},{"CIMType":"String[]","Description":"List of scope tag ids for this mobile app.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"String","Description":"The target platform of the mobile app.","Name":"TargetPlatform","Option":"Required","ValueMap":["android","ios"],"Values":["android","ios"]},{"CIMType":"MSFT_DeviceManagementMobileAppCategory[]","Description":"The list of categories for this app.","Name":"Categories","Option":"Write"},{"CIMType":"MSFT_DeviceManagementStoreMobileAppAssignment[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Mobile Apps Store App for Android and iOS"},{"ClassName":"MSFT_IntuneMobileAppsSystemAppAndroid","Parameters":[{"CIMType":"String","Description":"The app identifier. Cannot be changed after creation.","Name":"AppIdentifier","Option":"Required"},{"CIMType":"String","Description":"The admin provided or imported title of the app.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"The publisher of the app.","Name":"Publisher","Option":"Required"},{"CIMType":"String[]","Description":"List of scope tag ids for this mobile app.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"MSFT_DeviceManagementMobileAppAssignment[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Mobile Apps System App for Android"},{"ClassName":"MSFT_IntuneMobileAppsWebLink","Parameters":[{"CIMType":"String","Description":"The admin provided or imported title of the app.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"The description of the app.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"The developer of the app.","Name":"Developer","Option":"Write"},{"CIMType":"String","Description":"The more information Url.","Name":"InformationUrl","Option":"Write"},{"CIMType":"Boolean","Description":"The value indicating whether the app is marked as featured by the admin.","Name":"IsFeatured","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphmimeContent","Description":"The large icon, to be displayed in the app details and used for upload of the icon.","Name":"LargeIcon","Option":"Write"},{"CIMType":"String","Description":"Notes for the app.","Name":"Notes","Option":"Write"},{"CIMType":"String","Description":"The owner of the app.","Name":"Owner","Option":"Write"},{"CIMType":"String","Description":"The privacy statement Url.","Name":"PrivacyInformationUrl","Option":"Write"},{"CIMType":"String","Description":"The publisher of the app.","Name":"Publisher","Option":"Write"},{"CIMType":"MSFT_DeviceManagementMobileAppCategory[]","Description":"The list of categories for this app.","Name":"Categories","Option":"Write"},{"CIMType":"String[]","Description":"List of scope tag ids for this mobile app.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"MSFT_DeviceManagementMobileAppAssignment[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"},{"CIMType":"String","Description":"The target type of the web link.","Name":"TargetType","Option":"Required","ValueMap":["iosiPadOSWebClip","macOSWebClip","webApp","windowsWebApp"],"Values":["iosiPadOSWebClip","macOSWebClip","webApp","windowsWebApp"]},{"CIMType":"String","Description":"Indicates the web app URL. Example: 'https://www.contoso.com'. Cannot be updated after creation.","Name":"AppUrl","Option":"Write"},{"CIMType":"Boolean","Description":"Whether or not to use managed browser (on iOS it's Microsoft Edge). This property is only applicable 'webApp' and 'iosiPadOSWebClip' target type.","Name":"UseManagedBrowser","Option":"Write"},{"CIMType":"Boolean","Description":"Whether or not to open the web clip as a full-screen web app. Defaults to false. If TRUE, opens the web clip as a full-screen web app. If FALSE, the web clip opens inside of another app such as Safary or the app specified with targetApplicationBundleIdentifier. Only applicable for the 'iosiPadOSWebClip' and 'macOSWebClip' target type.","Name":"FullScreenEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"Whether or not the icon for the app is precomosed. Defaults to false. If TRUE, prevents SpringBoard from adding 'shine' to the icon. If FALSE, SpringBoard can add 'shine'. Only applicable for the 'iosiPadOSWebClip' and 'macOSWebClip' target type.","Name":"PreComposedIconEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"Whether or not a full screen web clip can navigate to an external web site without showing the Safari UI. Defaults to false. If FALSE, the Safari UI appears when navigating away. If TRUE, the Safari UI will not be shown. Only applicable for the 'iosiPadOSWebClip' target type.","Name":"IgnoreManifestScope","Option":"Write"},{"CIMType":"String","Description":"Specifies the application bundle identifier which opens the URL. Available in iOS 14 and later. Only applicable for the 'iosiPadOSWebClip' target type.","Name":"TargetApplicationBundleIdentifier","Option":"Write"}],"Description":"Intune Mobile Apps Web Link for the iOS, MacOS, Windows and general platform."},{"ClassName":"MSFT_DeviceManagementWin32MobileAppAssignmentSettingsRestartSettings","Parameters":[{"CIMType":"SInt32","Description":"The number of minutes to wait before restarting the device after an app installation.","Name":"countdownDisplayBeforeRestartInMinutes","Option":"Write"},{"CIMType":"SInt32","Description":"The number of minutes before the restart time to display the countdown dialog for pending restarts.","Name":"gracePeriodInMinutes","Option":"Write"},{"CIMType":"SInt32","Description":"The number of minutes to snooze the restart notification dialog when the snooze button is selected.","Name":"restartNotificationSnoozeDurationInMinutes","Option":"Write"}],"Description":"Intune Mobile Apps Win32 App for Windows10"},{"ClassName":"MSFT_DeviceManagementWin32MobileAppAssignmentSettingsAutoUpdateSettings","Parameters":[{"CIMType":"String","Description":"The auto-update superseded apps setting for the app assignment. Possible values are notConfigured and enabled. Default value is notConfigured.","Name":"autoUpdateSupersededAppsState","Option":"Write","ValueMap":["enabled","notConfigured"],"Values":["enabled","notConfigured"]}],"Description":"Intune Mobile Apps Win32 App for Windows10"},{"ClassName":"MSFT_DeviceManagementWin32MobileAppAssignmentSettingsInstallTimeSettings","Parameters":[{"CIMType":"Boolean","Description":"Whether the local device time or UTC time should be used when determining the available and deadline times.","Name":"useLocalTime","Option":"Write"},{"CIMType":"String","Description":"The time at which the app should be available for installation.","Name":"startDateTime","Option":"Write"},{"CIMType":"String","Description":"The time at which the app should be installed.","Name":"deadlineDateTime","Option":"Write"}],"Description":"Intune Mobile Apps Win32 App for Windows10"},{"ClassName":"MSFT_DeviceManagementWin32MobileAppAssignmentSettings","Parameters":[{"CIMType":"MSFT_DeviceManagementWin32MobileAppAssignmentSettingsAutoUpdateSettings","Description":"The auto-update settings to apply for this app assignment.","Name":"autoUpdateSettings","Option":"Write"},{"CIMType":"String","Description":"The delivery optimization priority for this app assignment. This setting is not supported in National Cloud environments. Possible values are: notConfigured, foreground.","Name":"deliveryOptimizationPriority","Option":"Write","ValueMap":["foreground","notConfigured"],"Values":["foreground","notConfigured"]},{"CIMType":"MSFT_DeviceManagementWin32MobileAppAssignmentSettingsInstallTimeSettings","Description":"The install time settings to apply for this app assignment.","Name":"installTimeSettings","Option":"Write"},{"CIMType":"String","Description":"The notification status for this app assignment. Possible values are: showAll, showReboot, hideAll.","Name":"notifications","Option":"Write","ValueMap":["showAll","showReboot","hideAll"],"Values":["showAll","showReboot","hideAll"]},{"CIMType":"MSFT_DeviceManagementWin32MobileAppAssignmentSettingsRestartSettings","Description":"The reboot settings to apply for this app assignment.","Name":"restartSettings","Option":"Write"}],"Description":"Intune Mobile Apps Win32 App for Windows10"},{"ClassName":"MSFT_DeviceManagementWin32MobileAppAssignment","Parameters":[{"CIMType":"MSFT_DeviceManagementWin32MobileAppAssignmentSettings","Description":"The settings of the assignment.","Name":"assignmentSettings","Option":"Write"}],"Description":"Intune Mobile Apps Win32 App for Windows10"},{"ClassName":"MSFT_MicrosoftGraphWin32LobAppRule","Parameters":[{"CIMType":"String","Description":"The provider rule type. Possible values are: FileSystem, PowerShellScript, Registry","Name":"OdataType","Option":"Required","ValueMap":["FileSystem","PowerShellScript","ProductCode","Registry"],"Values":["FileSystem","PowerShellScript","ProductCode","Registry"]},{"CIMType":"String","Description":"The type of rule. Possible values are: Detection, Requirement","Name":"RuleType","Option":"Required","ValueMap":["Detection","Requirement"],"Values":["Detection","Requirement"]},{"CIMType":"String","Description":"The value to compare. Not applicable for the 'ProductCode' odata type.","Name":"ComparisonValue","Option":"Write"},{"CIMType":"Boolean","Description":"A value indicating whether to checking 32-bit on 64-bit system. Only applicable for the 'FileSystem' and 'Registry' odata type.","Name":"Check32BitOn64System","Option":"Write"},{"CIMType":"String","Description":"The file or folder path to detect Win32 Line of Business (LoB) app. Only applicable for the 'FileSystem' odata type.","Name":"Path","Option":"Write"},{"CIMType":"String","Description":"The file or folder name to detect Win32 Line of Business (LoB) app. Only applicable for the 'FileSystem' odata type.","Name":"FileOrFolderName","Option":"Write"},{"CIMType":"String","Description":"The file system comparison operator type. Only applicable for the 'FileSystem' odata type. Possible values are: notConfigured, exists, modifiedDate, createdDate, version, sizeInMB, doesNotExist, sizeInBytes, appVersion.","Name":"FileSystemOperationType","Option":"Write","ValueMap":["notConfigured","exists","modifiedDate","createdDate","version","sizeInMB","doesNotExist","sizeInBytes","appVersion"],"Values":["notConfigured","exists","modifiedDate","createdDate","version","sizeInMB","doesNotExist","sizeInBytes","appVersion"]},{"CIMType":"String","Description":"The display name for the rule. Do not specify this value if the rule is used for detection.","Name":"DisplayName","Option":"Write"},{"CIMType":"Boolean","Description":"A value indicating whether signature check is enforced. Only Applicable for the 'PowerShellScript' odata type.","Name":"EnforceSignatureCheck","Option":"Write"},{"CIMType":"Boolean","Description":"A value indicating whether this script should run as 32-bit. Only Applicable for the 'PowerShellScript' odata type.","Name":"RunAs32Bit","Option":"Write"},{"CIMType":"String","Description":"Indicates the type of execution context the script runs in. Only Applicable for the 'PowerShellScript' odata type. Possible values are: system, user.","Name":"RunAsAccount","Option":"Write","ValueMap":["system","user"],"Values":["system","user"]},{"CIMType":"String","Description":"The PowerShell script. Only Applicable for the 'PowerShellScript' odata type.","Name":"Script","Option":"Write"},{"CIMType":"String","Description":"The comparison operator type for script output. Only Applicable for the 'PowerShellScript' odata type. Possible values are: notConfigured, string, dateTime, integer, float, version, boolean.","Name":"PowerShellScriptOperationType","Option":"Write","ValueMap":["notConfigured","string","dateTime","integer","float","version","boolean"],"Values":["notConfigured","string","dateTime","integer","float","version","boolean"]},{"CIMType":"String","Description":"The product code of Win32 Line of Business (LoB) app.","Name":"ProductCode","Option":"Write"},{"CIMType":"String","Description":"The product version of Win32 Line of Business (LoB) app.","Name":"ProductVersion","Option":"Write"},{"CIMType":"String","Description":"The registry key path to detect Win32 Line of Business (LoB) app.","Name":"KeyPath","Option":"Write"},{"CIMType":"String","Description":"The registry value name.","Name":"ValueName","Option":"Write"},{"CIMType":"String","Description":"The registry data comparison operator type. Only applicable for the 'Registry' odata type. Possible values are: notConfigured, exists, doesNotExist, string, integer, version.","Name":"RegistryOperationType","Option":"Write","ValueMap":["notConfigured","exists","doesNotExist","string","integer","version"],"Values":["notConfigured","exists","doesNotExist","string","integer","version"]}],"Description":"Intune Mobile Apps Win32 App for Windows10"},{"ClassName":"MSFT_MicrosoftGraphWin32LobAppInstallExperience","Parameters":[{"CIMType":"String","Description":"Indicates the type of execution context the app runs in. Possible values are: system, user.","Name":"RunAsAccount","Option":"Write","ValueMap":["system","user"],"Values":["system","user"]},{"CIMType":"SInt32","Description":"The number of minutes the system will wait for install program to finish. Default value is 60 minutes.","Name":"MaxRunTimeInMinutes","Option":"Write"},{"CIMType":"String","Description":"Device restart behavior. Possible values are: basedOnReturnCode, allow, suppress, force.","Name":"DeviceRestartBehavior","Option":"Write","ValueMap":["basedOnReturnCode","allow","suppress","force"],"Values":["basedOnReturnCode","allow","suppress","force"]}],"Description":"Intune Mobile Apps Win32 App for Windows10"},{"ClassName":"MSFT_MicrosoftGraphWin32LobAppReturnCode","Parameters":[{"CIMType":"SInt32","Description":"Return code.","Name":"ReturnCode","Option":"Write"},{"CIMType":"String","Description":"The type of return code. Possible values are: failed, success, softReboot, hardReboot, retry.","Name":"Type","Option":"Write","ValueMap":["failed","success","softReboot","hardReboot","retry"],"Values":["failed","success","softReboot","hardReboot","retry"]}],"Description":"Intune Mobile Apps Win32 App for Windows10"},{"ClassName":"MSFT_MicrosoftGraphWin32LobAppMsiInformation","Parameters":[{"CIMType":"String","Description":"The MSI product code.","Name":"ProductCode","Option":"Write"},{"CIMType":"String","Description":"The MSI product version.","Name":"ProductVersion","Option":"Write"},{"CIMType":"String","Description":"The MSI upgrade code.","Name":"UpgradeCode","Option":"Write"},{"CIMType":"Boolean","Description":"Whether the MSI app requires the machine to reboot to complete installation.","Name":"RequiresReboot","Option":"Write"},{"CIMType":"String","Description":"The MSI package type. Possible values are: perMachine, perUser, dualPurpose.","Name":"PackageType","Option":"Write","ValueMap":["perMachine","perUser","dualPurpose"],"Values":["perMachine","perUser","dualPurpose"]},{"CIMType":"String","Description":"The MSI product name.","Name":"ProductName","Option":"Write"},{"CIMType":"String","Description":"The MSI publisher","Name":"Publisher","Option":"Write"}],"Description":"Intune Mobile Apps Win32 App for Windows10"},{"ClassName":"MSFT_IntuneMobileAppsWin32AppWindows10","Parameters":[{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"The admin provided or imported title of the app.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"The description of the app.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"The developer of the app.","Name":"Developer","Option":"Write"},{"CIMType":"String","Description":"The more information Url.","Name":"InformationUrl","Option":"Write"},{"CIMType":"Boolean","Description":"The value indicating whether the app is marked as featured by the admin.","Name":"IsFeatured","Option":"Write"},{"CIMType":"MSFT_DeviceManagementMimeContent","Description":"The large icon, to be displayed in the app details and used for upload of the icon.","Name":"LargeIcon","Option":"Write"},{"CIMType":"String","Description":"Notes for the app.","Name":"Notes","Option":"Write"},{"CIMType":"String","Description":"The owner of the app.","Name":"Owner","Option":"Write"},{"CIMType":"String","Description":"The privacy statement Url.","Name":"PrivacyInformationUrl","Option":"Write"},{"CIMType":"String","Description":"The publisher of the app.","Name":"Publisher","Option":"Write"},{"CIMType":"String","Description":"The file name of the app. Required for creating the resource.","Name":"FileName","Option":"Write"},{"CIMType":"String[]","Description":"List of scope tag ids for this mobile app.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"MSFT_DeviceManagementMobileAppCategory[]","Description":"The list of categories for this app.","Name":"Categories","Option":"Write"},{"CIMType":"String","Description":"Indicates the command line to install this app. Used to install the Win32 app. Example: msiexec /i 'Orca.Msi' /qn.","Name":"InstallCommandLine","Option":"Write"},{"CIMType":"String","Description":"Indicates the command line to uninstall this app. Used to uninstall the app. Example: msiexec /x '{85F4CBCB-9BBC-4B50-A7D8-E1106771498D}' /qn.","Name":"UninstallCommandLine","Option":"Write"},{"CIMType":"String[]","Description":"Indicates the Windows architecture(s) this app should be installed on. The app will be treated as not applicable for devices with architectures not matching the selected value. The value 'none' cannot be combined with other values.","Name":"AllowedArchitectures","Option":"Write","ValueMap":["none","x86","x64","arm64"],"Values":["none","x86","x64","arm64"]},{"CIMType":"SInt32","Description":"Indicates the value for the minimum free disk space which is required to install this app.","Name":"MinimumFreeDiskSpaceInMB","Option":"Write"},{"CIMType":"SInt32","Description":"Indicates the value for the minimum physical memory which is required to install this app.","Name":"MinimumMemoryInMB","Option":"Write"},{"CIMType":"SInt32","Description":"Indicates the value for the minimum number of processors which is required to install this app.","Name":"MinimumNumberOfProcessors","Option":"Write"},{"CIMType":"SInt32","Description":"Indicates the value for the minimum CPU speed which is required to install this app.","Name":"MinimumCpuSpeedInMHz","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphWin32LobAppRule[]","Description":"Indicates the detection and requirement rules for this app.","Name":"Rules","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphWin32LobAppInstallExperience","Description":"Indicates the install experience for this app.","Name":"InstallExperience","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphWin32LobAppReturnCode[]","Description":"Indicates the return codes for post installation behavior.","Name":"ReturnCodes","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphWin32LobAppMsiInformation","Description":"Indicates the MSI details if this Win32 app is an MSI app.","Name":"MsiInformation","Option":"Write"},{"CIMType":"String","Description":"Indicates the relative path of the setup file in the encrypted Win32LobApp package.","Name":"SetupFilePath","Option":"Write"},{"CIMType":"String","Description":"Indicates the value for the minimum supported windows release. Format for Windows 10: <VersionNumber>, e.g. '1709' or '20H2'. For Windows 11: 'Windows11_<VersionNumber>', e.g. 'Windows11_21H2'","Name":"MinimumSupportedWindowsRelease","Option":"Write"},{"CIMType":"String","Description":"Indicates the version displayed in the UX for this app. Used to set the version of the app. Example: 1.0.3.215.","Name":"DisplayVersion","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether the uninstall is supported from the company portal for the Win32 app with an available assignment. When TRUE, indicates that uninstall is supported from the company portal for the Windows app (Win32) with an available assignment. When FALSE, indicates that uninstall is not supported for the Windows app (Win32) with an Available assignment.","Name":"AllowAvailableUninstall","Option":"Write"},{"CIMType":"MSFT_DeviceManagementWin32MobileAppAssignment[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Mobile Apps Win32 App for Windows10"},{"ClassName":"MSFT_DeviceManagementMobileAppExcludedApp","Parameters":[{"CIMType":"Boolean","Description":"Specifies whether to exclude Microsoft Office Access from the installation.","Name":"Access","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies whether to exclude Microsoft Search (Bing) as the default from the installation.","Name":"Bing","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies whether to exclude Microsoft Office Excel from the installation.","Name":"Excel","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies whether to exclude Microsoft Office OneDrive for Business (Groove) from the installation.","Name":"Groove","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies whether to exclude Microsoft Office InfoPath from the installation.","Name":"InfoPath","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies whether to exclude Microsoft Office Skype for Business (Lync) from the installation.","Name":"Lync","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies whether to exclude Microsoft Office OneDrive from the installation.","Name":"OneDrive","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies whether to exclude Microsoft Office OneNote from the installation.","Name":"OneNote","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies whether to exclude Microsoft Office Outlook from the installation.","Name":"Outlook","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies whether to exclude Microsoft Office PowerPoint from the installation.","Name":"PowerPoint","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies whether to exclude Microsoft Office Publisher from the installation.","Name":"Publisher","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies whether to exclude Microsoft Office SharePoint Designer from the installation.","Name":"SharePointDesigner","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies whether to exclude Microsoft Office Teams from the installation.","Name":"Teams","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies whether to exclude Microsoft Office Visio from the installation.","Name":"Visio","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies whether to exclude Microsoft Office Word from the installation.","Name":"Word","Option":"Write"}],"Description":"This resource configures an Intune mobile app of OfficeSuiteApp type for Windows devices."},{"ClassName":"MSFT_IntuneMobileAppsWindowsOfficeSuiteApp","Parameters":[{"CIMType":"String","Description":"The admin provided or imported title of the app. Inherited from mobileApp.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only. Inherited from mobileApp object.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"The description of the app. Inherited from mobileApp.","Name":"Description","Option":"Write"},{"CIMType":"Boolean","Description":"The value indicating whether the app is marked as featured by the admin. Inherited from mobileApp.","Name":"IsFeatured","Option":"Write"},{"CIMType":"String","Description":"The privacy statement Url. Inherited from mobileApp.","Name":"PrivacyInformationUrl","Option":"Write"},{"CIMType":"String","Description":"The InformationUrl of the app. Inherited from mobileApp.","Name":"InformationUrl","Option":"Write"},{"CIMType":"String","Description":"Notes for the app. Inherited from mobileApp.","Name":"Notes","Option":"Write"},{"CIMType":"String[]","Description":"List of Scope Tag IDs for mobile app.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies if the EULA is accepted automatically on the end user's device.","Name":"AutoAcceptEula","Option":"Write"},{"CIMType":"String[]","Description":"The Product IDs that represent the Office 365 Suite SKU, such as 'O365ProPlusRetail' or 'VisioProRetail'.","Name":"ProductIds","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether shared computer activation is used for Office installations.","Name":"UseSharedComputerActivation","Option":"Write"},{"CIMType":"String","Description":"Specifies the update channel for the Office 365 app suite, such as 'Current' or 'Deferred'.","Name":"UpdateChannel","Option":"Write"},{"CIMType":"String","Description":"Specifies the default file format type for Office apps, such as 'OfficeOpenXMLFormat' or 'OfficeOpenDocumentFormat'.","Name":"OfficeSuiteAppDefaultFileFormat","Option":"Write"},{"CIMType":"String","Description":"The architecture of the Office installation (e.g., 'X86', 'X64', or 'Arm64'). Cannot be changed after creation.","Name":"OfficePlatformArchitecture","Option":"Write"},{"CIMType":"String[]","Description":"Specifies the locales to be installed when the Office 365 apps are deployed. Uses the standard RFC 5646 format (e.g., 'en-US', 'fr-FR').","Name":"LocalesToInstall","Option":"Write"},{"CIMType":"String","Description":"Specifies the display level of the installation progress for Office apps. Use 'Full' to display the installation UI, or 'None' for a silent installation.","Name":"InstallProgressDisplayLevel","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether older versions of Office should be uninstalled when deploying the Office 365 app suite.","Name":"ShouldUninstallOlderVersionsOfOffice","Option":"Write"},{"CIMType":"String","Description":"The specific target version of the Office 365 app suite to be deployed.","Name":"TargetVersion","Option":"Write"},{"CIMType":"String","Description":"The update version in which the target version is available for the Office 365 app suite.","Name":"UpdateVersion","Option":"Write"},{"CIMType":"String","Description":"A base64-encoded XML configuration file that specifies Office ProPlus installation settings. Takes precedence over all other properties. When present, this XML file will be used to create the app.","Name":"OfficeConfigurationXml","Option":"Write"},{"CIMType":"MSFT_DeviceManagementMobileAppCategory[]","Description":"The list of categories for this app.","Name":"Categories","Option":"Write"},{"CIMType":"MSFT_DeviceManagementMobileAppAssignment[]","Description":"The list of assignments for this app.","Name":"Assignments","Option":"Write"},{"CIMType":"MSFT_DeviceManagementMobileAppExcludedApp","Description":"The property that represents the apps excluded from the selected Office 365 Product ID.","Name":"ExcludedApps","Option":"Write"},{"CIMType":"String","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures an Intune mobile app of OfficeSuiteApp type for Windows devices."},{"ClassName":"MSFT_IntuneMobileThreatDefenseConnector","Parameters":[{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Key"},{"CIMType":"String","Description":"The DisplayName of the Mobile Threat Defense Connector partner. NOTE: Hard coded for convenience, not returned by the Graph API.","Name":"DisplayName","Option":"Write"},{"CIMType":"Boolean","Description":"When TRUE, indicates the Mobile Threat Defense partner may collect metadata about installed applications from Intune for IOS devices. When FALSE, indicates the Mobile Threat Defense partner may not collect metadata about installed applications from Intune for IOS devices. Default value is FALSE.","Name":"AllowPartnerToCollectIosApplicationMetadata","Option":"Write"},{"CIMType":"Boolean","Description":"When TRUE, indicates the Mobile Threat Defense partner may collect metadata about personally installed applications from Intune for IOS devices. When FALSE, indicates the Mobile Threat Defense partner may not collect metadata about personally installed applications from Intune for IOS devices. Default value is FALSE.","Name":"AllowPartnerToCollectIosPersonalApplicationMetadata","Option":"Write"},{"CIMType":"Boolean","Description":"For Android, set whether Intune must receive data from the Mobile Threat Defense partner prior to marking a device compliant.","Name":"AndroidDeviceBlockedOnMissingPartnerData","Option":"Write"},{"CIMType":"Boolean","Description":"For Android, set whether data from the Mobile Threat Defense partner should be used during compliance evaluations.","Name":"AndroidEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"When TRUE, indicates that data from the Mobile Threat Defense partner can be used during Mobile Application Management (MAM) evaluations for Android devices. When FALSE, indicates that data from the Mobile Threat Defense partner should not be used during Mobile Application Management (MAM) evaluations for Android devices. Only one partner per platform may be enabled for Mobile Application Management (MAM) evaluation. Default value is FALSE.","Name":"AndroidMobileApplicationManagementEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"For IOS, set whether Intune must receive data from the Mobile Threat Defense partner prior to marking a device compliant.","Name":"IosDeviceBlockedOnMissingPartnerData","Option":"Write"},{"CIMType":"Boolean","Description":"For IOS, get or set whether data from the Mobile Threat Defense partner should be used during compliance evaluations.","Name":"IosEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"When TRUE, indicates that data from the Mobile Threat Defense partner can be used during Mobile Application Management (MAM) evaluations for IOS devices. When FALSE, indicates that data from the Mobile Threat Defense partner should not be used during Mobile Application Management (MAM) evaluations for IOS devices. Only one partner per platform may be enabled for Mobile Application Management (MAM) evaluation. Default value is FALSE.","Name":"IosMobileApplicationManagementEnabled","Option":"Write"},{"CIMType":"DateTime","Description":"DateTime of last Heartbeat received from the Mobile Threat Defense partner.","Name":"LastHeartbeatDateTime","Option":"Write"},{"CIMType":"Boolean","Description":"When TRUE, indicates that configuration profile management via Microsoft Defender for Endpoint is enabled. When FALSE, inidicates that configuration profile management via Microsoft Defender for Endpoint is disabled. Default value is FALSE.","Name":"MicrosoftDefenderForEndpointAttachEnabled","Option":"Write"},{"CIMType":"String","Description":"Partner state of this tenant.","Name":"PartnerState","Option":"Write"},{"CIMType":"Uint32","Description":"Get or Set days the per tenant tolerance to unresponsiveness for this partner integration.","Name":"PartnerUnresponsivenessThresholdInDays","Option":"Write"},{"CIMType":"Boolean","Description":"Get or set whether to block devices on the enabled platforms that do not meet the minimum version requirements of the Mobile Threat Defense partner.","Name":"PartnerUnsupportedOSVersionBlocked","Option":"Write"},{"CIMType":"Boolean","Description":"When TRUE, indicates that Intune must receive data from the Mobile Threat Defense partner prior to marking a device compliant for Windows. When FALSE, indicates that Intune may make a device compliant without receiving data from the Mobile Threat Defense partner for Windows. Default value is FALSE.","Name":"WindowsDeviceBlockedOnMissingPartnerData","Option":"Write"},{"CIMType":"Boolean","Description":"When TRUE, indicates that data from the Mobile Threat Defense partner can be used during compliance evaluations for Windows. When FALSE, it indicates that data from the Mobile Threat Defense partner should not be used during compliance evaluations for Windows. Default value is FALSE.","Name":"WindowsEnabled","Option":"Write"},{"CIMType":"string","Description":"Present ensures the instance exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures a connection to Mobile Threat Defense partner."},{"ClassName":"MSFT_DeviceManagementConfigurationPolicyItems","Parameters":[{"CIMType":"String","Description":"The type of policy the item represents.","Name":"dataType","Option":"Write"},{"CIMType":"String","Description":"The group Id of the policy the item represents.","Name":"payloadId","Option":"Write"},{"CIMType":"String","Description":"The collection display name of the policy the item represents","Name":"displayName","Option":"Key"},{"CIMType":"String","Description":"The type of policy the item represents.","Name":"itemType","Option":"Write"},{"CIMType":"String[]","Description":"Tags of the guided deployment","Name":"guidedDeploymentTags","Option":"Write"}],"Description":"Intune Policy Sets"},{"ClassName":"MSFT_IntunePolicySets","Parameters":[{"CIMType":"String","Description":"Description of the PolicySet.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"DisplayName of the PolicySet.","Name":"DisplayName","Option":"Key"},{"CIMType":"String[]","Description":"Tags of the guided deployment","Name":"GuidedDeploymentTags","Option":"Write"},{"CIMType":"String[]","Description":"RoleScopeTags of the PolicySet","Name":"RoleScopeTags","Option":"Write"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyItems[]","Description":"Represents the assignment to the Intune policy.","Name":"Items","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Policy Sets"},{"ClassName":"MSFT_IntuneRoleAssignment","Parameters":[{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"Description of the Role Assignment.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"The display or friendly name of the role Assignment.","Name":"DisplayName","Option":"Key"},{"CIMType":"String[]","Description":"List of ids of role scope member security groups. These are IDs from Azure Active Directory. Ignored if ScopeType is not 'ResourceScope'","Name":"ResourceScopes","Option":"Write"},{"CIMType":"String[]","Description":"List of DisplayName of role scope member security groups. These are Displayname from Azure Active Directory. Ignored if ScopeType is not 'ResourceScope'","Name":"ResourceScopesDisplayNames","Option":"Write"},{"CIMType":"String","Description":"Specifies the type of scope for a Role Assignment. Default type 'ResourceScope' allows assignment of ResourceScopes. Possible values are: resourceScope, allDevices, allLicensedUsers, allDevicesAndLicensedUsers.","Name":"ScopeType","Option":"Write"},{"CIMType":"String[]","Description":"The list of ids of role member security groups. These are IDs from Azure Active Directory.","Name":"Members","Option":"Write"},{"CIMType":"String[]","Description":"The list of Displaynames of role member security groups. These are Displaynamnes from Azure Active Directory.","Name":"MembersDisplayNames","Option":"Write"},{"CIMType":"String","Description":"The Role Definition Id.","Name":"RoleDefinition","Option":"Write"},{"CIMType":"String","Description":"The Role Definition Displayname.","Name":"RoleDefinitionDisplayName","Option":"Write"},{"CIMType":"string","Description":"Present ensures the Role exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Intune Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures an Intune Role Assignment."},{"ClassName":"MSFT_IntuneRoleAssignmentWindows365","Parameters":[{"CIMType":"String[]","Description":"Ids of the app specific scopes when the assignment scopes are app specific. The scopes of an assignment determine the set of resources for which the principal has access.","Name":"AppScopeIds","Option":"Write"},{"CIMType":"String","Description":"Description of the role assignment.","Name":"Description","Option":"Write"},{"CIMType":"String[]","Description":"Display Names of the groups that represent the scopes of the assignment.","Name":"DirectoryScopes","Option":"Write"},{"CIMType":"String","Description":"Name of the role assignment. Required.","Name":"DisplayName","Option":"Key"},{"CIMType":"String[]","Description":"Display name of the principals to which the assignment is granted.","Name":"Principals","Option":"Write"},{"CIMType":"String","Description":"Display name of the IntuneRoleDefinitionWindows365 the assignment is for.","Name":"RoleDefinition","Option":"Required"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Role Assignment Windows365\n\n**Please note:** Once a Role Assignment is created, the role of the assignment cannot be changed.\nIf you want to deploy a new assignment with the same name for another role definition, you must first remove the old assignment (`Ensure` = `Absent`) and then create a new one with the updated `RoleDefinition` property."},{"ClassName":"MSFT_IntuneRoleDefinition","Parameters":[{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"Description of the Role definition.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Display Name of the Role definition.","Name":"DisplayName","Option":"Key"},{"CIMType":"Boolean","Description":"Type of Role. Set to True if it is built-in, or set to False if it is a custom role definition.","Name":"IsBuiltIn","Option":"Write"},{"CIMType":"String[]","Description":"List of allowed resource actions","Name":"allowedResourceActions","Option":"Write"},{"CIMType":"String[]","Description":"List of not allowed resource actions","Name":"notAllowedResourceActions","Option":"Write"},{"CIMType":"String[]","Description":"Id of the Scope Tags to assign","Name":"roleScopeTagIds","Option":"Write"},{"CIMType":"string","Description":"Present ensures the Role exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Intune Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures an Intune Role Definition."},{"ClassName":"MSFT_MicrosoftGraphUnifiedRolePermission","Parameters":[{"CIMType":"String[]","Description":"Set of tasks that can be performed on a resource.","Name":"AllowedResourceActions","Option":"Write"}],"Description":"Intune Role Definition Windows365\n\n**Please note:** Built-in policies cannot be created, updated or removed. They are still provided as is for tenant monitoring purposes."},{"ClassName":"MSFT_IntuneRoleDefinitionWindows365","Parameters":[{"CIMType":"String","Description":"The description for the unifiedRoleDefinition. Read-only when isBuiltIn is true.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"The display name for the Windows 365 Role Definition.","Name":"DisplayName","Option":"Key"},{"CIMType":"Boolean","Description":"Flag indicating if the unifiedRoleDefinition is part of the default set included with the product or custom. Read-only.  Supports $filter (eq).","Name":"IsBuiltIn","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphunifiedRolePermission[]","Description":"List of permissions included in the role. Read-only when isBuiltIn is true. Required.","Name":"RolePermissions","Option":"Write"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Role Definition Windows365\n\n**Please note:** Built-in policies cannot be created, updated or removed. They are still provided as is for tenant monitoring purposes."},{"ClassName":"MSFT_IntuneRoleScopeTag","Parameters":[{"CIMType":"String","Description":"The display or friendly name of the Role Scope Tag.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"Description of the Role Scope Tag.","Name":"Description","Option":"Write"},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures an Intune Role Scope Tag"},{"ClassName":"MSFT_MicrosoftGraphIntuneSettingsCatalogDeviceSettings_IntuneSecurityBaselineDefenderForEndpoint","Parameters":[{"CIMType":"SInt32","Description":"Prevent installation of devices using drivers that match these device setup classes (0: Disabled, 1: Enabled)","Name":"DeviceInstall_Classes_Deny","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"String[]","Description":"Prevented Classes - Depends on DeviceInstall_Classes_Deny","Name":"DeviceInstall_Classes_Deny_List","Option":"Write"},{"CIMType":"SInt32","Description":"Also apply to matching devices that are already installed. - Depends on DeviceInstall_Classes_Deny (0: False, 1: True)","Name":"DeviceInstall_Classes_Deny_Retroactive","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Choose drive encryption method and cipher strength (Windows 10 [Version 1511] and later) (0: Disabled, 1: Enabled)","Name":"EncryptionMethodWithXts_Name","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"String","Description":"Select the encryption method for operating system drives: - Depends on EncryptionMethodWithXts_Name (3: AES-CBC 128-bit, 4: AES-CBC 256-bit, 6: XTS-AES 128-bit (default), 7: XTS-AES 256-bit)","Name":"EncryptionMethodWithXtsOsDropDown_Name","Option":"Write","ValueMap":["3","4","6","7"],"Values":["3","4","6","7"]},{"CIMType":"String","Description":"Select the encryption method for fixed data drives: - Depends on EncryptionMethodWithXts_Name (3: AES-CBC 128-bit, 4: AES-CBC 256-bit, 6: XTS-AES 128-bit (default), 7: XTS-AES 256-bit)","Name":"EncryptionMethodWithXtsFdvDropDown_Name","Option":"Write","ValueMap":["3","4","6","7"],"Values":["3","4","6","7"]},{"CIMType":"String","Description":"Select the encryption method for removable data drives: - Depends on EncryptionMethodWithXts_Name (3: AES-CBC 128-bit  (default), 4: AES-CBC 256-bit, 6: XTS-AES 128-bit, 7: XTS-AES 256-bit)","Name":"EncryptionMethodWithXtsRdvDropDown_Name","Option":"Write","ValueMap":["3","4","6","7"],"Values":["3","4","6","7"]},{"CIMType":"SInt32","Description":"Choose how BitLocker-protected fixed drives can be recovered (0: Disabled, 1: Enabled)","Name":"FDVRecoveryUsage_Name","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Save BitLocker recovery information to AD DS for fixed data drives - Depends on FDVRecoveryUsage_Name (0: False, 1: True)","Name":"FDVActiveDirectoryBackup_Name","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Omit recovery options from the BitLocker setup wizard - Depends on FDVRecoveryUsage_Name (0: False, 1: True)","Name":"FDVHideRecoveryPage_Name","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"String","Description":"Configure user storage of BitLocker recovery information: - Depends on FDVRecoveryUsage_Name (2: Allow 48-digit recovery password, 1: Require 48-digit recovery password, 0: Do not allow 48-digit recovery password)","Name":"FDVRecoveryPasswordUsageDropDown_Name","Option":"Write","ValueMap":["2","1","0"],"Values":["2","1","0"]},{"CIMType":"SInt32","Description":"Do not enable BitLocker until recovery information is stored to AD DS for fixed data drives - Depends on FDVRecoveryUsage_Name (0: False, 1: True)","Name":"FDVRequireActiveDirectoryBackup_Name","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow data recovery agent - Depends on FDVRecoveryUsage_Name (0: False, 1: True)","Name":"FDVAllowDRA_Name","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"String","Description":"Configure storage of BitLocker recovery information to AD DS: - Depends on FDVRecoveryUsage_Name (1: Backup recovery passwords and key packages, 2: Backup recovery passwords only)","Name":"FDVActiveDirectoryBackupDropDown_Name","Option":"Write","ValueMap":["1","2"],"Values":["1","2"]},{"CIMType":"String","Description":" - Depends on FDVRecoveryUsage_Name (2: Allow 256-bit recovery key, 1: Require 256-bit recovery key, 0: Do not allow 256-bit recovery key)","Name":"FDVRecoveryKeyUsageDropDown_Name","Option":"Write","ValueMap":["2","1","0"],"Values":["2","1","0"]},{"CIMType":"SInt32","Description":"Deny write access to fixed drives not protected by BitLocker (0: Disabled, 1: Enabled)","Name":"FDVDenyWriteAccess_Name","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Enforce drive encryption type on fixed data drives (0: Disabled, 1: Enabled)","Name":"FDVEncryptionType_Name","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"String","Description":"Select the encryption type: (Device) - Depends on FDVEncryptionType_Name (0: Allow user to choose (default), 1: Full encryption, 2: Used Space Only encryption)","Name":"FDVEncryptionTypeDropDown_Name","Option":"Write","ValueMap":["0","1","2"],"Values":["0","1","2"]},{"CIMType":"SInt32","Description":"Allow devices compliant with InstantGo or HSTI to opt out of pre-boot PIN. (0: Disabled, 1: Enabled)","Name":"EnablePreBootPinExceptionOnDECapableDevice_Name","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow enhanced PINs for startup (0: Disabled, 1: Enabled)","Name":"EnhancedPIN_Name","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Choose how BitLocker-protected operating system drives can be recovered (0: Disabled, 1: Enabled)","Name":"OSRecoveryUsage_Name","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Do not enable BitLocker until recovery information is stored to AD DS for operating system drives - Depends on OSRecoveryUsage_Name (0: False, 1: True)","Name":"OSRequireActiveDirectoryBackup_Name","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Save BitLocker recovery information to AD DS for operating system drives - Depends on OSRecoveryUsage_Name (0: False, 1: True)","Name":"OSActiveDirectoryBackup_Name","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"String","Description":"Configure user storage of BitLocker recovery information: - Depends on OSRecoveryUsage_Name (2: Allow 48-digit recovery password, 1: Require 48-digit recovery password, 0: Do not allow 48-digit recovery password)","Name":"OSRecoveryPasswordUsageDropDown_Name","Option":"Write","ValueMap":["2","1","0"],"Values":["2","1","0"]},{"CIMType":"SInt32","Description":"Omit recovery options from the BitLocker setup wizard - Depends on OSRecoveryUsage_Name (0: False, 1: True)","Name":"OSHideRecoveryPage_Name","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow data recovery agent - Depends on OSRecoveryUsage_Name (0: False, 1: True)","Name":"OSAllowDRA_Name","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"String","Description":" - Depends on OSRecoveryUsage_Name (2: Allow 256-bit recovery key, 1: Require 256-bit recovery key, 0: Do not allow 256-bit recovery key)","Name":"OSRecoveryKeyUsageDropDown_Name","Option":"Write","ValueMap":["2","1","0"],"Values":["2","1","0"]},{"CIMType":"String","Description":"Configure storage of BitLocker recovery information to AD DS: - Depends on OSRecoveryUsage_Name (1: Store recovery passwords and key packages, 2: Store recovery passwords only)","Name":"OSActiveDirectoryBackupDropDown_Name","Option":"Write","ValueMap":["1","2"],"Values":["1","2"]},{"CIMType":"SInt32","Description":"Enable use of BitLocker authentication requiring preboot keyboard input on slates (0: Disabled, 1: Enabled)","Name":"EnablePrebootInputProtectorsOnSlates_Name","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Enforce drive encryption type on operating system drives (0: Disabled, 1: Enabled)","Name":"OSEncryptionType_Name","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"String","Description":"Select the encryption type: (Device) - Depends on OSEncryptionType_Name (0: Allow user to choose (default), 1: Full encryption, 2: Used Space Only encryption)","Name":"OSEncryptionTypeDropDown_Name","Option":"Write","ValueMap":["0","1","2"],"Values":["0","1","2"]},{"CIMType":"SInt32","Description":"Require additional authentication at startup (0: Disabled, 1: Enabled)","Name":"ConfigureAdvancedStartup_Name","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"String","Description":"Configure TPM startup key: - Depends on ConfigureAdvancedStartup_Name (2: Allow startup key with TPM, 1: Require startup key with TPM, 0: Do not allow startup key with TPM)","Name":"ConfigureTPMStartupKeyUsageDropDown_Name","Option":"Write","ValueMap":["2","1","0"],"Values":["2","1","0"]},{"CIMType":"String","Description":"Configure TPM startup key and PIN: - Depends on ConfigureAdvancedStartup_Name (2: Allow startup key and PIN with TPM, 1: Require startup key and PIN with TPM, 0: Do not allow startup key and PIN with TPM)","Name":"ConfigureTPMPINKeyUsageDropDown_Name","Option":"Write","ValueMap":["2","1","0"],"Values":["2","1","0"]},{"CIMType":"String","Description":"Configure TPM startup: - Depends on ConfigureAdvancedStartup_Name (2: Allow TPM, 1: Require TPM, 0: Do not allow TPM)","Name":"ConfigureTPMUsageDropDown_Name","Option":"Write","ValueMap":["2","1","0"],"Values":["2","1","0"]},{"CIMType":"SInt32","Description":"Allow BitLocker without a compatible TPM (requires a password or a startup key on a USB flash drive) - Depends on ConfigureAdvancedStartup_Name (0: False, 1: True)","Name":"ConfigureNonTPMStartupKeyUsage_Name","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"String","Description":"Configure TPM startup PIN: - Depends on ConfigureAdvancedStartup_Name (2: Allow startup PIN with TPM, 1: Require startup PIN with TPM, 0: Do not allow startup PIN with TPM)","Name":"ConfigurePINUsageDropDown_Name","Option":"Write","ValueMap":["2","1","0"],"Values":["2","1","0"]},{"CIMType":"SInt32","Description":"Control use of BitLocker on removable drives (0: Disabled, 1: Enabled)","Name":"RDVConfigureBDE","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow users to apply BitLocker protection on removable data drives (Device) - Depends on RDVConfigureBDE (0: False, 1: True)","Name":"RDVAllowBDE_Name","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Enforce drive encryption type on removable data drives (0: Disabled, 1: Enabled)","Name":"RDVEncryptionType_Name","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"String","Description":"Select the encryption type: (Device) (0: Allow user to choose (default), 1: Full encryption, 2: Used Space Only encryption)","Name":"RDVEncryptionTypeDropDown_Name","Option":"Write","ValueMap":["0","1","2"],"Values":["0","1","2"]},{"CIMType":"SInt32","Description":"Allow users to suspend and decrypt BitLocker protection on removable data drives (Device) - Depends on RDVConfigureBDE (0: False, 1: True)","Name":"RDVDisableBDE_Name","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Deny write access to removable drives not protected by BitLocker (0: Disabled, 1: Enabled)","Name":"RDVDenyWriteAccess_Name","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Do not allow write access to devices configured in another organization - Depends on RDVDenyWriteAccess_Name (0: False, 1: True)","Name":"RDVCrossOrg","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Configure Windows Defender SmartScreen (0: Disabled, 1: Enabled)","Name":"EnableSmartScreen","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"String","Description":"Pick one of the following settings: (Device) - Depends on EnableSmartScreen (block: Warn and prevent bypass, warn: Warn)","Name":"EnableSmartScreenDropdown","Option":"Write","ValueMap":["Block","Warn"],"Values":["Block","Warn"]},{"CIMType":"SInt32","Description":"Prevent bypassing SmartScreen Filter warnings about files that are not commonly downloaded from the Internet (0: Disabled, 1: Enabled)","Name":"DisableSafetyFilterOverrideForAppRepUnknown","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Prevent managing SmartScreen Filter (0: Disabled, 1: Enabled)","Name":"Disable_Managing_Safety_Filter_IE9","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"String","Description":"Select SmartScreen Filter mode - Depends on Disable_Managing_Safety_Filter_IE9 (0: Off, 1: On)","Name":"IE9SafetyFilterOptions","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"SInt32","Description":"Allow Warning For Other Disk Encryption (0: Disabled, 1: Enabled)","Name":"AllowWarningForOtherDiskEncryption","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow Standard User Encryption - Depends on AllowWarningForOtherDiskEncryption (0: This is the default, when the policy is not set. If current logged on user is a standard user, 'RequireDeviceEncryption' policy will not try to enable encryption on any drive., 1: 'RequireDeviceEncryption' policy will try to enable encryption on all fixed drives even if a current logged in user is standard user.)","Name":"AllowStandardUserEncryption","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"String","Description":"Configure Recovery Password Rotation (0: Refresh off (default), 1: Refresh on for Azure AD-joined devices, 2: Refresh on for both Azure AD-joined and hybrid-joined devices)","Name":"ConfigureRecoveryPasswordRotation","Option":"Write","ValueMap":["0","1","2"],"Values":["0","1","2"]},{"CIMType":"String","Description":"Require Device Encryption (0: Disabled, 1: Enabled)","Name":"RequireDeviceEncryption","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"SInt32","Description":"Allow Archive Scanning (0: Not allowed. Turns off scanning on archived files., 1: Allowed. Scans the archive files.)","Name":"AllowArchiveScanning","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow Behavior Monitoring (0: Not allowed. Turns off behavior monitoring., 1: Allowed. Turns on real-time behavior monitoring.)","Name":"AllowBehaviorMonitoring","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow Cloud Protection (0: Not allowed. Turns off the Microsoft Active Protection Service., 1: Allowed. Turns on the Microsoft Active Protection Service.)","Name":"AllowCloudProtection","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow Email Scanning (0: Not allowed. Turns off email scanning., 1: Allowed. Turns on email scanning.)","Name":"AllowEmailScanning","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow Full Scan Removable Drive Scanning (0: Not allowed. Turns off scanning on removable drives., 1: Allowed. Scans removable drives.)","Name":"AllowFullScanRemovableDriveScanning","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow On Access Protection (0: Not allowed., 1: Allowed.)","Name":"AllowOnAccessProtection","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow Realtime Monitoring (0: Not allowed. Turns off the real-time monitoring service., 1: Allowed. Turns on and runs the real-time monitoring service.)","Name":"AllowRealtimeMonitoring","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow Scanning Network Files (0: Not allowed. Turns off scanning of network files., 1: Allowed. Scans network files.)","Name":"AllowScanningNetworkFiles","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow scanning of all downloaded files and attachments (0: Not allowed., 1: Allowed.)","Name":"AllowIOAVProtection","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow Script Scanning (0: Not allowed., 1: Allowed.)","Name":"AllowScriptScanning","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow User UI Access (0: Not allowed. Prevents users from accessing UI., 1: Allowed. Lets users access UI.)","Name":"AllowUserUIAccess","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"String","Description":"Block execution of potentially obfuscated scripts - Depends on AttackSurfaceReductionRules (off: Off, block: Block, audit: Audit, warn: Warn)","Name":"BlockExecutionOfPotentiallyObfuscatedScripts","Option":"Write","ValueMap":["off","block","audit","warn"],"Values":["off","block","audit","warn"]},{"CIMType":"String[]","Description":"ASR Only Per Rule Exclusions","Name":"BlockExecutionOfPotentiallyObfuscatedScripts_ASROnlyPerRuleExclusions","Option":"Write"},{"CIMType":"String","Description":"Block Win32 API calls from Office macros - Depends on AttackSurfaceReductionRules (off: Off, block: Block, audit: Audit, warn: Warn)","Name":"BlockWin32APICallsFromOfficeMacros","Option":"Write","ValueMap":["off","block","audit","warn"],"Values":["off","block","audit","warn"]},{"CIMType":"String[]","Description":"ASR Only Per Rule Exclusions","Name":"BlockWin32APICallsFromOfficeMacros_ASROnlyPerRuleExclusions","Option":"Write"},{"CIMType":"String","Description":"Block executable files from running unless they meet a prevalence, age, or trusted list criterion - Depends on AttackSurfaceReductionRules (off: Off, block: Block, audit: Audit, warn: Warn)","Name":"BlockExecutableFilesRunningUnlessTheyMeetPrevalenceAgeTrustedListCriterion","Option":"Write","ValueMap":["off","block","audit","warn"],"Values":["off","block","audit","warn"]},{"CIMType":"String[]","Description":"ASR Only Per Rule Exclusions","Name":"BlockExecutableFilesRunningUnlessTheyMeetPrevalenceAgeTrustedListCriterion_ASROnlyPerRuleExclusions","Option":"Write"},{"CIMType":"String","Description":"Block Office communication application from creating child processes - Depends on AttackSurfaceReductionRules (off: Off, block: Block, audit: Audit, warn: Warn)","Name":"BlockOfficeCommunicationAppFromCreatingChildProcesses","Option":"Write","ValueMap":["off","block","audit","warn"],"Values":["off","block","audit","warn"]},{"CIMType":"String[]","Description":"ASR Only Per Rule Exclusions","Name":"BlockOfficeCommunicationAppFromCreatingChildProcesses_ASROnlyPerRuleExclusions","Option":"Write"},{"CIMType":"String","Description":"Block all Office applications from creating child processes - Depends on AttackSurfaceReductionRules (off: Off, block: Block, audit: Audit, warn: Warn)","Name":"BlockAllOfficeApplicationsFromCreatingChildProcesses","Option":"Write","ValueMap":["off","block","audit","warn"],"Values":["off","block","audit","warn"]},{"CIMType":"String[]","Description":"ASR Only Per Rule Exclusions","Name":"BlockAllOfficeApplicationsFromCreatingChildProcesses_ASROnlyPerRuleExclusions","Option":"Write"},{"CIMType":"String","Description":"Block Adobe Reader from creating child processes - Depends on AttackSurfaceReductionRules (off: Off, block: Block, audit: Audit, warn: Warn)","Name":"BlockAdobeReaderFromCreatingChildProcesses","Option":"Write","ValueMap":["off","block","audit","warn"],"Values":["off","block","audit","warn"]},{"CIMType":"String[]","Description":"ASR Only Per Rule Exclusions","Name":"BlockAdobeReaderFromCreatingChildProcesses_ASROnlyPerRuleExclusions","Option":"Write"},{"CIMType":"String","Description":"Block credential stealing from the Windows local security authority subsystem - Depends on AttackSurfaceReductionRules (off: Off, block: Block, audit: Audit, warn: Warn)","Name":"BlockCredentialStealingFromWindowsLocalSecurityAuthoritySubsystem","Option":"Write","ValueMap":["off","block","audit","warn"],"Values":["off","block","audit","warn"]},{"CIMType":"String[]","Description":"ASR Only Per Rule Exclusions","Name":"BlockCredentialStealingFromWindowsLocalSecurityAuthoritySubsystem_ASROnlyPerRuleExclusions","Option":"Write"},{"CIMType":"String","Description":"Block JavaScript or VBScript from launching downloaded executable content - Depends on AttackSurfaceReductionRules (off: Off, block: Block, audit: Audit, warn: Warn)","Name":"BlockJavaScriptOrVBScriptFromLaunchingDownloadedExecutableContent","Option":"Write","ValueMap":["off","block","audit","warn"],"Values":["off","block","audit","warn"]},{"CIMType":"String[]","Description":"ASR Only Per Rule Exclusions","Name":"BlockJavaScriptOrVBScriptFromLaunchingDownloadedExecutableContent_ASROnlyPerRuleExclusions","Option":"Write"},{"CIMType":"String","Description":"Block Webshell creation for Servers - Depends on AttackSurfaceReductionRules (off: Off, block: Block, audit: Audit, warn: Warn)","Name":"BlockWebshellCreationForServers","Option":"Write","ValueMap":["off","block","audit","warn"],"Values":["off","block","audit","warn"]},{"CIMType":"String[]","Description":"ASR Only Per Rule Exclusions","Name":"BlockWebshellCreationForServers_ASROnlyPerRuleExclusions","Option":"Write"},{"CIMType":"String","Description":"Block untrusted and unsigned processes that run from USB - Depends on AttackSurfaceReductionRules (off: Off, block: Block, audit: Audit, warn: Warn)","Name":"BlockUntrustedUnsignedProcessesThatRunFromUSB","Option":"Write","ValueMap":["off","block","audit","warn"],"Values":["off","block","audit","warn"]},{"CIMType":"String[]","Description":"ASR Only Per Rule Exclusions","Name":"BlockUntrustedUnsignedProcessesThatRunFromUSB_ASROnlyPerRuleExclusions","Option":"Write"},{"CIMType":"String","Description":"Block persistence through WMI event subscription - Depends on AttackSurfaceReductionRules (off: Off, block: Block, audit: Audit, warn: Warn)","Name":"BlockPersistenceThroughWMIEventSubscription","Option":"Write","ValueMap":["off","block","audit","warn"],"Values":["off","block","audit","warn"]},{"CIMType":"String","Description":"[PREVIEW] Block use of copied or impersonated system tools - Depends on AttackSurfaceReductionRules (off: Off, block: Block, audit: Audit, warn: Warn)","Name":"BlockUseOfCopiedOrImpersonatedSystemTools","Option":"Write","ValueMap":["off","block","audit","warn"],"Values":["off","block","audit","warn"]},{"CIMType":"String[]","Description":"ASR Only Per Rule Exclusions","Name":"BlockUseOfCopiedOrImpersonatedSystemTools_ASROnlyPerRuleExclusions","Option":"Write"},{"CIMType":"String","Description":"Block abuse of exploited vulnerable signed drivers (Device) - Depends on AttackSurfaceReductionRules (off: Off, block: Block, audit: Audit, warn: Warn)","Name":"BlockAbuseOfExploitedVulnerableSignedDrivers","Option":"Write","ValueMap":["off","block","audit","warn"],"Values":["off","block","audit","warn"]},{"CIMType":"String[]","Description":"ASR Only Per Rule Exclusions","Name":"BlockAbuseOfExploitedVulnerableSignedDrivers_ASROnlyPerRuleExclusions","Option":"Write"},{"CIMType":"String","Description":"Block process creations originating from PSExec and WMI commands - Depends on AttackSurfaceReductionRules (off: Off, block: Block, audit: Audit, warn: Warn)","Name":"BlockProcessCreationsFromPSExecAndWMICommands","Option":"Write","ValueMap":["off","block","audit","warn"],"Values":["off","block","audit","warn"]},{"CIMType":"String[]","Description":"ASR Only Per Rule Exclusions","Name":"BlockProcessCreationsFromPSExecAndWMICommands_ASROnlyPerRuleExclusions","Option":"Write"},{"CIMType":"String","Description":"Block Office applications from creating executable content - Depends on AttackSurfaceReductionRules (off: Off, block: Block, audit: Audit, warn: Warn)","Name":"BlockOfficeApplicationsFromCreatingExecutableContent","Option":"Write","ValueMap":["off","block","audit","warn"],"Values":["off","block","audit","warn"]},{"CIMType":"String[]","Description":"ASR Only Per Rule Exclusions","Name":"BlockOfficeApplicationsFromCreatingExecutableContent_ASROnlyPerRuleExclusions","Option":"Write"},{"CIMType":"String","Description":"Block Office applications from injecting code into other processes - Depends on AttackSurfaceReductionRules (off: Off, block: Block, audit: Audit, warn: Warn)","Name":"BlockOfficeApplicationsFromInjectingCodeIntoOtherProcesses","Option":"Write","ValueMap":["off","block","audit","warn"],"Values":["off","block","audit","warn"]},{"CIMType":"String[]","Description":"ASR Only Per Rule Exclusions","Name":"BlockOfficeApplicationsFromInjectingCodeIntoOtherProcesses_ASROnlyPerRuleExclusions","Option":"Write"},{"CIMType":"String","Description":"[PREVIEW] Block rebooting machine in Safe Mode - Depends on AttackSurfaceReductionRules (off: Off, block: Block, audit: Audit, warn: Warn)","Name":"BlockRebootingMachineInSafeMode","Option":"Write","ValueMap":["off","block","audit","warn"],"Values":["off","block","audit","warn"]},{"CIMType":"String[]","Description":"ASR Only Per Rule Exclusions","Name":"BlockRebootingMachineInSafeMode_ASROnlyPerRuleExclusions","Option":"Write"},{"CIMType":"String","Description":"Use advanced protection against ransomware - Depends on AttackSurfaceReductionRules (off: Off, block: Block, audit: Audit, warn: Warn)","Name":"UseAdvancedProtectionAgainstRansomware","Option":"Write","ValueMap":["off","block","audit","warn"],"Values":["off","block","audit","warn"]},{"CIMType":"String[]","Description":"ASR Only Per Rule Exclusions","Name":"UseAdvancedProtectionAgainstRansomware_ASROnlyPerRuleExclusions","Option":"Write"},{"CIMType":"String","Description":"Block executable content from email client and webmail - Depends on AttackSurfaceReductionRules (off: Off, block: Block, audit: Audit, warn: Warn)","Name":"BlockExecutableContentFromEmailClientAndWebmail","Option":"Write","ValueMap":["off","block","audit","warn"],"Values":["off","block","audit","warn"]},{"CIMType":"String[]","Description":"ASR Only Per Rule Exclusions","Name":"BlockExecutableContentFromEmailClientAndWebmail_ASROnlyPerRuleExclusions","Option":"Write"},{"CIMType":"SInt32","Description":"Check For Signatures Before Running Scan (0: Disabled, 1: Enabled)","Name":"CheckForSignaturesBeforeRunningScan","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Cloud Block Level (0: NotConfigured, 2: High, 4: HighPlus, 6: ZeroTolerance)","Name":"CloudBlockLevel","Option":"Write","ValueMap":[0,2,4,6],"Values":[0,2,4,6]},{"CIMType":"SInt32","Description":"Cloud Extended Timeout","Name":"CloudExtendedTimeout","Option":"Write"},{"CIMType":"SInt32","Description":"Disable Local Admin Merge (0: Enable Local Admin Merge, 1: Disable Local Admin Merge)","Name":"DisableLocalAdminMerge","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Enable Network Protection (0: Disabled, 1: Enabled (block mode), 2: Enabled (audit mode))","Name":"EnableNetworkProtection","Option":"Write","ValueMap":[0,1,2],"Values":[0,1,2]},{"CIMType":"SInt32","Description":"Hide Exclusions From Local Admins (1: If you enable this setting, local admins will no longer be able to see the exclusion list in Windows Security App or via PowerShell., 0: If you disable or do not configure this setting, local admins will be able to see exclusions in the Windows Security App and via PowerShell.)","Name":"HideExclusionsFromLocalAdmins","Option":"Write","ValueMap":[1,0],"Values":[1,0]},{"CIMType":"SInt32","Description":"Hide Exclusions From Local Users (1: If you enable this setting, local users will no longer be able to see the exclusion list in Windows Security App or via PowerShell., 0: If you disable or do not configure this setting, local users will be able to see exclusions in the Windows Security App and via PowerShell.)","Name":"HideExclusionsFromLocalUsers","Option":"Write","ValueMap":[1,0],"Values":[1,0]},{"CIMType":"SInt32","Description":"Oobe Enable Rtp And Sig Update (1: If you enable this setting, real-time protection and Security Intelligence Updates are enabled during OOBE., 0: If you either disable or do not configure this setting, real-time protection and Security Intelligence Updates during OOBE is not enabled.)","Name":"OobeEnableRtpAndSigUpdate","Option":"Write","ValueMap":[1,0],"Values":[1,0]},{"CIMType":"SInt32","Description":"PUA Protection (0: PUA Protection off. Windows Defender will not protect against potentially unwanted applications., 1: PUA Protection on. Detected items are blocked. They will show in history along with other threats., 2: Audit mode. Windows Defender will detect potentially unwanted applications, but take no action. You can review information about the applications Windows Defender would have taken action against by searching for events created by Windows Defender in the Event Viewer.)","Name":"PUAProtection","Option":"Write","ValueMap":[0,1,2],"Values":[0,1,2]},{"CIMType":"SInt32","Description":"Real Time Scan Direction (0: Monitor all files (bi-directional)., 1: Monitor incoming files., 2: Monitor outgoing files.)","Name":"RealTimeScanDirection","Option":"Write","ValueMap":[0,1,2],"Values":[0,1,2]},{"CIMType":"SInt32","Description":"Scan Parameter (1: Quick scan, 2: Full scan)","Name":"ScanParameter","Option":"Write","ValueMap":[1,2],"Values":[1,2]},{"CIMType":"SInt32","Description":"Schedule Quick Scan Time","Name":"ScheduleQuickScanTime","Option":"Write"},{"CIMType":"SInt32","Description":"Schedule Scan Day (0: Every day, 1: Sunday, 2: Monday, 3: Tuesday, 4: Wednesday, 5: Thursday, 6: Friday, 7: Saturday, 8: No scheduled scan)","Name":"ScheduleScanDay","Option":"Write","ValueMap":[0,1,2,3,4,5,6,7,8],"Values":[0,1,2,3,4,5,6,7,8]},{"CIMType":"SInt32","Description":"Schedule Scan Time","Name":"ScheduleScanTime","Option":"Write"},{"CIMType":"SInt32","Description":"Signature Update Interval","Name":"SignatureUpdateInterval","Option":"Write"},{"CIMType":"SInt32","Description":"Submit Samples Consent (0: Always prompt., 1: Send safe samples automatically., 2: Never send., 3: Send all samples automatically.)","Name":"SubmitSamplesConsent","Option":"Write","ValueMap":[0,1,2,3],"Values":[0,1,2,3]},{"CIMType":"SInt32","Description":"Credential Guard (0: (Disabled) Turns off Credential Guard remotely if configured previously without UEFI Lock., 1: (Enabled with UEFI lock) Turns on Credential Guard with UEFI lock., 2: (Enabled without lock) Turns on Credential Guard without UEFI lock.)","Name":"LsaCfgFlags","Option":"Write","ValueMap":[0,1,2],"Values":[0,1,2]},{"CIMType":"SInt32","Description":"Device Enumeration Policy (0: Block all (Most restrictive), 1: Only after log in/screen unlock, 2: Allow all (Least restrictive))","Name":"DeviceEnumerationPolicy","Option":"Write","ValueMap":[0,1,2],"Values":[0,1,2]},{"CIMType":"SInt32","Description":"Configure Microsoft Defender SmartScreen (0: Disabled, 1: Enabled)","Name":"SmartScreenEnabled","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Configure Microsoft Defender SmartScreen to block potentially unwanted apps (0: Disabled, 1: Enabled)","Name":"SmartScreenPuaEnabled","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Enable Microsoft Defender SmartScreen DNS requests (0: Disabled, 1: Enabled)","Name":"SmartScreenDnsRequestsEnabled","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Enable new SmartScreen library (0: Disabled, 1: Enabled)","Name":"NewSmartScreenLibraryEnabled","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Force Microsoft Defender SmartScreen checks on downloads from trusted sources (0: Disabled, 1: Enabled)","Name":"SmartScreenForTrustedDownloadsEnabled","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Prevent bypassing Microsoft Defender SmartScreen prompts for sites (0: Disabled, 1: Enabled)","Name":"PreventSmartScreenPromptOverride","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Prevent bypassing of Microsoft Defender SmartScreen warnings about downloads (0: Disabled, 1: Enabled)","Name":"PreventSmartScreenPromptOverrideForFiles","Option":"Write","ValueMap":[0,1],"Values":[0,1]}],"Description":"Intune Security Baseline Defender For Endpoint"},{"ClassName":"MSFT_MicrosoftGraphIntuneSettingsCatalogUserSettings_IntuneSecurityBaselineDefenderForEndpoint","Parameters":[{"CIMType":"SInt32","Description":"Prevent bypassing SmartScreen Filter warnings about files that are not commonly downloaded from the Internet (User) (0: Disabled, 1: Enabled)","Name":"DisableSafetyFilterOverrideForAppRepUnknown","Option":"Write","ValueMap":[0,1],"Values":[0,1]}],"Description":"Intune Security Baseline Defender For Endpoint"},{"ClassName":"MSFT_IntuneSecurityBaselineDefenderForEndpoint","Parameters":[{"CIMType":"String","Description":"Policy description","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Policy name","Name":"DisplayName","Option":"Key"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphIntuneSettingsCatalogDeviceSettings_IntuneSecurityBaselineDefenderForEndpoint","Description":"Scope for Device Setting","Name":"DeviceSettings","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphIntuneSettingsCatalogUserSettings_IntuneSecurityBaselineDefenderForEndpoint","Description":"Scope for Device Setting","Name":"UserSettings","Option":"Write"},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Security Baseline Defender For Endpoint"},{"ClassName":"MSFT_IntuneSecurityBaselineHoloLens2Advanced","Parameters":[{"CIMType":"String","Description":"Policy description","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Policy name","Name":"DisplayName","Option":"Key"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"SInt32","Description":"Deletion Policy (0: Delete immediately upon device returning to a state with no currently active users, 1: Delete at storage capacity threshold, 2: Delete at both storage capacity threshold and profile inactivity threshold)","Name":"DeletionPolicy","Option":"Write","ValueMap":[0,1,2],"Values":[0,1,2]},{"CIMType":"String","Description":"Enable Profile Manager (false: False, true: True)","Name":"EnableProfileManager","Option":"Write","ValueMap":["false","true"],"Values":["false","true"]},{"CIMType":"SInt32","Description":"Profile Inactivity Threshold","Name":"ProfileInactivityThreshold","Option":"Write"},{"CIMType":"SInt32","Description":"Storage Capacity Start Deletion","Name":"StorageCapacityStartDeletion","Option":"Write"},{"CIMType":"SInt32","Description":"Storage Capacity Stop Deletion","Name":"StorageCapacityStopDeletion","Option":"Write"},{"CIMType":"SInt32","Description":"Allow Microsoft Account Connection (0: Not allowed., 1: Allowed.)","Name":"AllowMicrosoftAccountConnection","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Turn off the display (plugged in) (0: Disabled, 1: Enabled)","Name":"VideoPowerDownTimeOutAC_2","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"When plugged in, turn display off after (seconds) - Depends on VideoPowerDownTimeOutAC_2","Name":"EnterVideoACPowerDownTimeOut","Option":"Write"},{"CIMType":"SInt32","Description":"Allow Autofill (0: Prevented/Not allowed., 1: Allowed.)","Name":"AllowAutofill","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow Cookies (0: Block all cookies from all sites, 1: Block only cookies from third party websites, 2: Allow all cookies from all sites)","Name":"AllowCookies","Option":"Write","ValueMap":[0,1,2],"Values":[0,1,2]},{"CIMType":"SInt32","Description":"Allow Do Not Track (0: Never send tracking information., 1: Send tracking information.)","Name":"AllowDoNotTrack","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow Password Manager (0: Not allowed., 1: Allowed.)","Name":"AllowPasswordManager","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow Popups (0: Turn off Pop-up Blocker letting pop-up windows open., 1: Turn on Pop-up Blocker stopping pop-up windows from opening.)","Name":"AllowPopups","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow Search Suggestionsin Address Bar (0: Prevented/Not allowed. Hide the search suggestions., 1: Allowed. Show the search suggestions.)","Name":"AllowSearchSuggestionsinAddressBar","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow Smart Screen (0: Turned off. Do not protect users from potential threats and prevent users from turning it on., 1: Turned on. Protect users from potential threats and prevent users from turning it off.)","Name":"AllowSmartScreen","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow Bluetooth (0: Disallow Bluetooth. If this is set to 0, the radio in the Bluetooth control panel will be grayed out and the user will not be able to turn Bluetooth on., 1: Reserved. If this is set to 1, the radio in the Bluetooth control panel will be functional and the user will be able to turn Bluetooth on., 2: Allow Bluetooth. If this is set to 2, the radio in the Bluetooth control panel will be functional and the user will be able to turn Bluetooth on.)","Name":"AllowBluetooth","Option":"Write","ValueMap":[0,1,2],"Values":[0,1,2]},{"CIMType":"SInt32","Description":"Allow USB Connection (0: Not allowed., 1: Allowed.)","Name":"AllowUSBConnection","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Device Password Enabled (0: Enabled, 1: Disabled)","Name":"DevicePasswordEnabled","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Device Password Expiration - Depends on DevicePasswordEnabled","Name":"DevicePasswordExpiration","Option":"Write"},{"CIMType":"SInt32","Description":"Min Device Password Length - Depends on DevicePasswordEnabled","Name":"MinDevicePasswordLength","Option":"Write"},{"CIMType":"SInt32","Description":"Alphanumeric Device Password Required - Depends on DevicePasswordEnabled (0: Password or Alphanumeric PIN required., 1: Password or Numeric PIN required., 2: Password, Numeric PIN, or Alphanumeric PIN required.)","Name":"AlphanumericDevicePasswordRequired","Option":"Write","ValueMap":[0,1,2],"Values":[0,1,2]},{"CIMType":"SInt32","Description":"Max Device Password Failed Attempts - Depends on DevicePasswordEnabled","Name":"MaxDevicePasswordFailedAttempts","Option":"Write"},{"CIMType":"SInt32","Description":"Min Device Password Complex Characters - Depends on DevicePasswordEnabled (1: Digits only, 2: Digits and lowercase letters are required, 3: Digits lowercase letters and uppercase letters are required. Not supported in desktop Microsoft accounts and domain accounts, 4: Digits lowercase letters uppercase letters and special characters are required. Not supported in desktop)","Name":"MinDevicePasswordComplexCharacters","Option":"Write","ValueMap":[1,2,3,4],"Values":[1,2,3,4]},{"CIMType":"SInt32","Description":"Max Inactivity Time Device Lock - Depends on DevicePasswordEnabled","Name":"MaxInactivityTimeDeviceLock","Option":"Write"},{"CIMType":"SInt32","Description":"Device Password History - Depends on DevicePasswordEnabled","Name":"DevicePasswordHistory","Option":"Write"},{"CIMType":"SInt32","Description":"Allow Simple Device Password - Depends on DevicePasswordEnabled (0: Not allowed., 1: Allowed.)","Name":"AllowSimpleDevicePassword","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow Manual MDM Unenrollment (0: Not allowed., 1: Allowed.)","Name":"AllowManualMDMUnenrollment","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow All Trusted Apps (0: Explicit deny., 1: Explicit allow unlock., 65535: Not configured.)","Name":"AllowAllTrustedApps","Option":"Write","ValueMap":[0,1,65535],"Values":[0,1,65535]},{"CIMType":"SInt32","Description":"Allow apps from the Microsoft app store to auto update (0: Not allowed., 1: Allowed., 2: Not configured.)","Name":"AllowAppStoreAutoUpdate","Option":"Write","ValueMap":[0,1,2],"Values":[0,1,2]},{"CIMType":"SInt32","Description":"Allow Developer Unlock (0: Explicit deny., 1: Explicit allow unlock., 65535: Not configured.)","Name":"AllowDeveloperUnlock","Option":"Write","ValueMap":[0,1,65535],"Values":[0,1,65535]},{"CIMType":"SInt32","Description":"Block third party cookies (0: Disabled, 1: Enabled)","Name":"BlockThirdPartyCookies","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Configure Do Not Track (0: Disabled, 1: Enabled)","Name":"ConfigureDoNotTrack","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Default pop-up window setting (0: Disabled, 1: Enabled)","Name":"MicrosoftEdge_ContentSettings_DefaultPopupsSetting","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Default pop-up window setting (Device) - Depends on MicrosoftEdge_ContentSettings_DefaultPopupsSetting (1: Allow all sites to show pop-ups, 2: Do not allow any site to show popups)","Name":"DefaultPopupsSetting_DefaultPopupsSetting","Option":"Write","ValueMap":[1,2],"Values":[1,2]},{"CIMType":"SInt32","Description":"Enable AutoFill for addresses (0: Disabled, 1: Enabled)","Name":"AutofillAddressEnabled","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Enable AutoFill for payment instruments (0: Disabled, 1: Enabled)","Name":"AutofillCreditCardEnabled","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Enable search suggestions (0: Disabled, 1: Enabled)","Name":"SearchSuggestEnabled","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Control which extensions cannot be installed (0: Disabled, 1: Enabled)","Name":"ExtensionInstallBlocklist","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"String[]","Description":"Extension IDs the user should be prevented from installing (or * for all) (Device) - Depends on ExtensionInstallBlocklist","Name":"ExtensionInstallBlocklistDesc","Option":"Write"},{"CIMType":"SInt32","Description":"Configures a setting that asks users to enter their device password while using password autofill (0: Disabled, 1: Enabled)","Name":"MicrosoftEdge_PasswordManager_PrimaryPasswordSetting","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Configures a setting that asks users to enter their device password while using password autofill (Device) - Depends on MicrosoftEdge_PasswordManager_PrimaryPasswordSetting (0: Automatically, 1: With device password, 2: With custom primary password, 3: Autofill off)","Name":"PrimaryPasswordSetting_PrimaryPasswordSetting","Option":"Write","ValueMap":[0,1,2,3],"Values":[0,1,2,3]},{"CIMType":"SInt32","Description":"Enable saving passwords to the password manager (0: Disabled, 1: Enabled)","Name":"PasswordManagerEnabled","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Configure Microsoft Defender SmartScreen (0: Disabled, 1: Enabled)","Name":"SmartScreenEnabled","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"AAD Group Membership Cache Validity In Days","Name":"AADGroupMembershipCacheValidityInDays","Option":"Write"},{"CIMType":"SInt32","Description":"Let Apps Access Account Info (0: User in control., 1: Force allow., 2: Force deny.)","Name":"LetAppsAccessAccountInfo","Option":"Write","ValueMap":[0,1,2],"Values":[0,1,2]},{"CIMType":"String[]","Description":"Let Apps Access Account Info Force Allow These Apps","Name":"LetAppsAccessAccountInfo_ForceAllowTheseApps","Option":"Write"},{"CIMType":"SInt32","Description":"Let Apps Access Background Spatial Perception (0: User in control., 1: Force allow., 2: Force deny.)","Name":"LetAppsAccessBackgroundSpatialPerception","Option":"Write","ValueMap":[0,1,2],"Values":[0,1,2]},{"CIMType":"String[]","Description":"Let Apps Access Background Spatial Perception Force Allow These Apps","Name":"LetAppsAccessBackgroundSpatialPerception_ForceAllowTheseApps","Option":"Write"},{"CIMType":"SInt32","Description":"Let Apps Access Camera (0: User in control., 1: Force allow., 2: Force deny.)","Name":"LetAppsAccessCamera","Option":"Write","ValueMap":[0,1,2],"Values":[0,1,2]},{"CIMType":"String[]","Description":"Let Apps Access Camera Force Allow These Apps","Name":"LetAppsAccessCamera_ForceAllowTheseApps","Option":"Write"},{"CIMType":"SInt32","Description":"Let Apps Access Microphone (0: User in control., 1: Force allow., 2: Force deny.)","Name":"LetAppsAccessMicrophone","Option":"Write","ValueMap":[0,1,2],"Values":[0,1,2]},{"CIMType":"String[]","Description":"Let Apps Access Microphone Force Allow These Apps","Name":"LetAppsAccessMicrophone_ForceAllowTheseApps","Option":"Write"},{"CIMType":"SInt32","Description":"Allow Search To Use Location (0: Not allowed., 1: Allowed.)","Name":"AllowSearchToUseLocation","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow Add Provisioning Package (0: Not allowed., 1: Allowed.)","Name":"AllowAddProvisioningPackage","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow VPN (0: Not allowed., 1: Allowed.)","Name":"AllowVPN","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"String","Description":"Page Visibility List","Name":"PageVisibilityList","Option":"Write"},{"CIMType":"SInt32","Description":"Allow Storage Card (0: SD card use is not allowed and USB drives are disabled. This setting does not prevent programmatic access to the storage card., 1: Allow a storage card.)","Name":"AllowStorageCard","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow Telemetry (0: Security. Information that is required to help keep Windows more secure, including data about the Connected User Experience and Telemetry component settings, the Malicious Software Removal Tool, and Windows Defender, 1: Basic. Basic device info, including: quality-related data, app compatibility, app usage data, and data from the Security level, 3: Full. All data necessary to identify and help to fix problems, plus data from the Security, Basic, and Enhanced levels.)","Name":"AllowTelemetry","Option":"Write","ValueMap":[0,1,3],"Values":[0,1,3]},{"CIMType":"SInt32","Description":"Allow Manual Wi Fi Configuration (0: No Wi-Fi connection outside of MDM provisioned network is allowed., 1: Adding new network SSIDs beyond the already MDM provisioned ones is allowed.)","Name":"AllowManualWiFiConfiguration","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"String","Description":"Enable Pin Recovery - Depends on TenantId (false: Disabled, true: Enabled)","Name":"EnablePinRecovery","Option":"Write","ValueMap":["false","true"],"Values":["false","true"]},{"CIMType":"String","Description":"Restrict use of TPM 1.2 - Depends on TenantId (false: Disabled, true: Enabled)","Name":"TPM12","Option":"Write","ValueMap":["false","true"],"Values":["false","true"]},{"CIMType":"SInt32","Description":"Digits - Depends on TenantId (0: Allows the use of digits in PIN., 1: Requires the use of at least one digits in PIN., 2: Does not allow the use of digits in PIN.)","Name":"Digits","Option":"Write","ValueMap":[0,1,2],"Values":[0,1,2]},{"CIMType":"SInt32","Description":"Expiration - Depends on TenantId","Name":"Expiration","Option":"Write"},{"CIMType":"SInt32","Description":"PIN History - Depends on TenantId","Name":"History","Option":"Write"},{"CIMType":"SInt32","Description":"Lowercase Letters - Depends on TenantId (0: Allows the use of lowercase letters in PIN., 1: Requires the use of at least one lowercase letters in PIN., 2: Does not allow the use of lowercase letters in PIN.)","Name":"LowercaseLetters","Option":"Write","ValueMap":[0,1,2],"Values":[0,1,2]},{"CIMType":"SInt32","Description":"Maximum PIN Length - Depends on TenantId","Name":"MaximumPINLength","Option":"Write"},{"CIMType":"SInt32","Description":"Minimum PIN Length - Depends on TenantId","Name":"MinimumPINLength","Option":"Write"},{"CIMType":"SInt32","Description":"Special Characters - Depends on TenantId (0: Allows the use of special characters in PIN., 1: Requires the use of at least one special characters in PIN., 2: Does not allow the use of special characters in PIN.)","Name":"SpecialCharacters","Option":"Write","ValueMap":[0,1,2],"Values":[0,1,2]},{"CIMType":"SInt32","Description":"Uppercase Letters - Depends on TenantId (0: Allows the use of uppercase letters in PIN., 1: Requires the use of at least one uppercase letters in PIN., 2: Does not allow the use of uppercase letters in PIN.)","Name":"UppercaseLetters","Option":"Write","ValueMap":[0,1,2],"Values":[0,1,2]},{"CIMType":"String","Description":"Require Security Device - Depends on TenantId (false: Disabled, true: Enabled)","Name":"RequireSecurityDevice","Option":"Write","ValueMap":["false","true"],"Values":["false","true"]},{"CIMType":"String","Description":"Use Certificate For On Prem Auth - Depends on TenantId (false: Disabled, true: Enabled)","Name":"UseCertificateForOnPremAuth","Option":"Write","ValueMap":["false","true"],"Values":["false","true"]},{"CIMType":"String","Description":"Use Hello Certificates As Smart Card Certificates - Depends on TenantId (false: Disabled, true: Enabled)","Name":"UseHelloCertificatesAsSmartCardCertificates","Option":"Write","ValueMap":["false","true"],"Values":["false","true"]},{"CIMType":"String","Description":"Use Windows Hello For Business (Device) - Depends on TenantId (false: Disabled, true: Enabled)","Name":"UsePassportForWork","Option":"Write","ValueMap":["false","true"],"Values":["false","true"]},{"CIMType":"SInt32","Description":"Allow Update Service (0: Not allowed., 1: Allowed.)","Name":"AllowUpdateService","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Manage Preview Builds (0: Disable Preview builds, 1: Disable Preview builds once the next release is public, 2: Enable Preview builds, 3: Preview builds is left to user selection)","Name":"ManagePreviewBuilds","Option":"Write","ValueMap":[0,1,2,3],"Values":[0,1,2,3]},{"CIMType":"String","Description":"Require Network In OOBE (Device) (true: true, false: false)","Name":"RequireNetworkInOOBE","Option":"Write","ValueMap":["true","false"],"Values":["true","false"]},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Security Baseline HoloLens2 Advanced"},{"ClassName":"MSFT_IntuneSecurityBaselineHoloLens2Standard","Parameters":[{"CIMType":"String","Description":"Policy description","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Policy name","Name":"DisplayName","Option":"Key"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"SInt32","Description":"Allow Microsoft Account Connection (0: Not allowed., 1: Allowed.)","Name":"AllowMicrosoftAccountConnection","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Turn off the display (plugged in) (0: Disabled, 1: Enabled)","Name":"VideoPowerDownTimeOutAC_2","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"When plugged in, turn display off after (seconds) - Depends on VideoPowerDownTimeOutAC_2","Name":"EnterVideoACPowerDownTimeOut","Option":"Write"},{"CIMType":"SInt32","Description":"Allow Cookies (0: Block all cookies from all sites, 1: Block only cookies from third party websites, 2: Allow all cookies from all sites)","Name":"AllowCookies","Option":"Write","ValueMap":[0,1,2],"Values":[0,1,2]},{"CIMType":"SInt32","Description":"Allow Password Manager (0: Not allowed., 1: Allowed.)","Name":"AllowPasswordManager","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow Smart Screen (0: Turned off. Do not protect users from potential threats and prevent users from turning it on., 1: Turned on. Protect users from potential threats and prevent users from turning it off.)","Name":"AllowSmartScreen","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow USB Connection (0: Not allowed., 1: Allowed.)","Name":"AllowUSBConnection","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Device Password Enabled (0: Enabled, 1: Disabled)","Name":"DevicePasswordEnabled","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Device Password Expiration - Depends on DevicePasswordEnabled","Name":"DevicePasswordExpiration","Option":"Write"},{"CIMType":"SInt32","Description":"Min Device Password Length - Depends on DevicePasswordEnabled","Name":"MinDevicePasswordLength","Option":"Write"},{"CIMType":"SInt32","Description":"Alphanumeric Device Password Required - Depends on DevicePasswordEnabled (0: Password or Alphanumeric PIN required., 1: Password or Numeric PIN required., 2: Password, Numeric PIN, or Alphanumeric PIN required.)","Name":"AlphanumericDevicePasswordRequired","Option":"Write","ValueMap":[0,1,2],"Values":[0,1,2]},{"CIMType":"SInt32","Description":"Max Device Password Failed Attempts - Depends on DevicePasswordEnabled","Name":"MaxDevicePasswordFailedAttempts","Option":"Write"},{"CIMType":"SInt32","Description":"Min Device Password Complex Characters - Depends on DevicePasswordEnabled (1: Digits only, 2: Digits and lowercase letters are required, 3: Digits lowercase letters and uppercase letters are required. Not supported in desktop Microsoft accounts and domain accounts, 4: Digits lowercase letters uppercase letters and special characters are required. Not supported in desktop)","Name":"MinDevicePasswordComplexCharacters","Option":"Write","ValueMap":[1,2,3,4],"Values":[1,2,3,4]},{"CIMType":"SInt32","Description":"Max Inactivity Time Device Lock - Depends on DevicePasswordEnabled","Name":"MaxInactivityTimeDeviceLock","Option":"Write"},{"CIMType":"SInt32","Description":"Device Password History - Depends on DevicePasswordEnabled","Name":"DevicePasswordHistory","Option":"Write"},{"CIMType":"SInt32","Description":"Allow Simple Device Password - Depends on DevicePasswordEnabled (0: Not allowed., 1: Allowed.)","Name":"AllowSimpleDevicePassword","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow Manual MDM Unenrollment (0: Not allowed., 1: Allowed.)","Name":"AllowManualMDMUnenrollment","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow All Trusted Apps (0: Explicit deny., 1: Explicit allow unlock., 65535: Not configured.)","Name":"AllowAllTrustedApps","Option":"Write","ValueMap":[0,1,65535],"Values":[0,1,65535]},{"CIMType":"SInt32","Description":"Allow apps from the Microsoft app store to auto update (0: Not allowed., 1: Allowed., 2: Not configured.)","Name":"AllowAppStoreAutoUpdate","Option":"Write","ValueMap":[0,1,2],"Values":[0,1,2]},{"CIMType":"SInt32","Description":"Allow Developer Unlock (0: Explicit deny., 1: Explicit allow unlock., 65535: Not configured.)","Name":"AllowDeveloperUnlock","Option":"Write","ValueMap":[0,1,65535],"Values":[0,1,65535]},{"CIMType":"SInt32","Description":"Block third party cookies (0: Disabled, 1: Enabled)","Name":"BlockThirdPartyCookies","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Control which extensions cannot be installed (0: Disabled, 1: Enabled)","Name":"ExtensionInstallBlocklist","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"String[]","Description":"Extension IDs the user should be prevented from installing (or * for all) (Device) - Depends on ExtensionInstallBlocklist","Name":"ExtensionInstallBlocklistDesc","Option":"Write"},{"CIMType":"SInt32","Description":"Enable saving passwords to the password manager (0: Disabled, 1: Enabled)","Name":"PasswordManagerEnabled","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Configure Microsoft Defender SmartScreen (0: Disabled, 1: Enabled)","Name":"SmartScreenEnabled","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"AAD Group Membership Cache Validity In Days","Name":"AADGroupMembershipCacheValidityInDays","Option":"Write"},{"CIMType":"SInt32","Description":"Allow VPN (0: Not allowed., 1: Allowed.)","Name":"AllowVPN","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"String","Description":"Page Visibility List","Name":"PageVisibilityList","Option":"Write"},{"CIMType":"SInt32","Description":"Allow Storage Card (0: SD card use is not allowed and USB drives are disabled. This setting does not prevent programmatic access to the storage card., 1: Allow a storage card.)","Name":"AllowStorageCard","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"String","Description":"Enable Pin Recovery - Depends on TenantId (false: Disabled, true: Enabled)","Name":"EnablePinRecovery","Option":"Write","ValueMap":["false","true"],"Values":["false","true"]},{"CIMType":"String","Description":"Restrict use of TPM 1.2 - Depends on TenantId (false: Disabled, true: Enabled)","Name":"TPM12","Option":"Write","ValueMap":["false","true"],"Values":["false","true"]},{"CIMType":"SInt32","Description":"Digits - Depends on TenantId (0: Allows the use of digits in PIN., 1: Requires the use of at least one digits in PIN., 2: Does not allow the use of digits in PIN.)","Name":"Digits","Option":"Write","ValueMap":[0,1,2],"Values":[0,1,2]},{"CIMType":"SInt32","Description":"Expiration - Depends on TenantId","Name":"Expiration","Option":"Write"},{"CIMType":"SInt32","Description":"PIN History - Depends on TenantId","Name":"History","Option":"Write"},{"CIMType":"SInt32","Description":"Lowercase Letters - Depends on TenantId (0: Allows the use of lowercase letters in PIN., 1: Requires the use of at least one lowercase letters in PIN., 2: Does not allow the use of lowercase letters in PIN.)","Name":"LowercaseLetters","Option":"Write","ValueMap":[0,1,2],"Values":[0,1,2]},{"CIMType":"SInt32","Description":"Maximum PIN Length - Depends on TenantId","Name":"MaximumPINLength","Option":"Write"},{"CIMType":"SInt32","Description":"Minimum PIN Length - Depends on TenantId","Name":"MinimumPINLength","Option":"Write"},{"CIMType":"SInt32","Description":"Special Characters - Depends on TenantId (0: Allows the use of special characters in PIN., 1: Requires the use of at least one special characters in PIN., 2: Does not allow the use of special characters in PIN.)","Name":"SpecialCharacters","Option":"Write","ValueMap":[0,1,2],"Values":[0,1,2]},{"CIMType":"SInt32","Description":"Uppercase Letters - Depends on TenantId (0: Allows the use of uppercase letters in PIN., 1: Requires the use of at least one uppercase letters in PIN., 2: Does not allow the use of uppercase letters in PIN.)","Name":"UppercaseLetters","Option":"Write","ValueMap":[0,1,2],"Values":[0,1,2]},{"CIMType":"String","Description":"Require Security Device - Depends on TenantId (false: Disabled, true: Enabled)","Name":"RequireSecurityDevice","Option":"Write","ValueMap":["false","true"],"Values":["false","true"]},{"CIMType":"String","Description":"Use Certificate For On Prem Auth - Depends on TenantId (false: Disabled, true: Enabled)","Name":"UseCertificateForOnPremAuth","Option":"Write","ValueMap":["false","true"],"Values":["false","true"]},{"CIMType":"String","Description":"Use Hello Certificates As Smart Card Certificates - Depends on TenantId (false: Disabled, true: Enabled)","Name":"UseHelloCertificatesAsSmartCardCertificates","Option":"Write","ValueMap":["false","true"],"Values":["false","true"]},{"CIMType":"String","Description":"Use Windows Hello For Business (Device) - Depends on TenantId (false: Disabled, true: Enabled)","Name":"UsePassportForWork","Option":"Write","ValueMap":["false","true"],"Values":["false","true"]},{"CIMType":"String","Description":"Allow Update Service (0: Not allowed., 1: Allowed.)","Name":"AllowUpdateService","Option":"Write","ValueMap":["0","1"],"Values":["0","1"]},{"CIMType":"String","Description":"Manage Preview Builds (0: Disable Preview builds, 1: Disable Preview builds once the next release is public, 2: Enable Preview builds, 3: Preview builds is left to user selection)","Name":"ManagePreviewBuilds","Option":"Write","ValueMap":["0","1","2","3"],"Values":["0","1","2","3"]},{"CIMType":"String","Description":"Require Network In OOBE (Device) (true: true, false: false)","Name":"RequireNetworkInOOBE","Option":"Write","ValueMap":["true","false"],"Values":["true","false"]},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Security Baseline HoloLens2 Standard"},{"ClassName":"MSFT_MicrosoftGraphIntuneSettingsCatalogDeviceSettings_IntuneSecurityBaselineMicrosoft365AppsForEnterprise","Parameters":[{"CIMType":"SInt32","Description":"Block Flash activation in Office documents (0: Disabled, 1: Enabled)","Name":"Pol_SecGuide_A001_Block_Flash","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"String","Description":"Block Flash player in Office (Device) - Depends on Pol_SecGuide_A001_Block_Flash (block all flash activation: Block all activation, block embedded flash activation only: Block embedding/linking, allow other activation, allow all flash activation: Allow all activation)","Name":"Pol_SecGuide_Block_Flash","Option":"Write","ValueMap":["block all flash activation","block embedded flash activation only","allow all flash activation"],"Values":["block all flash activation","block embedded flash activation only","allow all flash activation"]},{"CIMType":"SInt32","Description":"Restrict legacy JScript execution for Office (0: Disabled, 1: Enabled)","Name":"Pol_SecGuide_Legacy_JScript","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"PowerPoint: (Device) - Depends on Pol_SecGuide_Legacy_JScript","Name":"POL_SG_powerpnt","Option":"Write"},{"CIMType":"SInt32","Description":"OneNote: (Device) - Depends on Pol_SecGuide_Legacy_JScript","Name":"POL_SG_onenote","Option":"Write"},{"CIMType":"SInt32","Description":"Publisher: (Device) - Depends on Pol_SecGuide_Legacy_JScript","Name":"POL_SG_mspub","Option":"Write"},{"CIMType":"SInt32","Description":"Access: (Device) - Depends on Pol_SecGuide_Legacy_JScript","Name":"POL_SG_msaccess","Option":"Write"},{"CIMType":"SInt32","Description":"Project: (Device) - Depends on Pol_SecGuide_Legacy_JScript","Name":"POL_SG_winproj","Option":"Write"},{"CIMType":"SInt32","Description":"Visio: (Device) - Depends on Pol_SecGuide_Legacy_JScript","Name":"POL_SG_visio","Option":"Write"},{"CIMType":"SInt32","Description":"Outlook: (Device) - Depends on Pol_SecGuide_Legacy_JScript","Name":"POL_SG_outlook","Option":"Write"},{"CIMType":"SInt32","Description":"Word: (Device) - Depends on Pol_SecGuide_Legacy_JScript","Name":"POL_SG_winword","Option":"Write"},{"CIMType":"SInt32","Description":"Excel: (Device) - Depends on Pol_SecGuide_Legacy_JScript","Name":"POL_SG_excel","Option":"Write"},{"CIMType":"SInt32","Description":"Configure SIP security mode (0: Disabled, 1: Enabled)","Name":"L_PolicyEnableSIPHighSecurityMode","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Disable HTTP fallback for SIP connection (0: Disabled, 1: Enabled)","Name":"L_PolicyDisableHttpConnect","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Add-on Management (0: Disabled, 1: Enabled)","Name":"L_AddonManagement","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"powerpnt.exe (Device) - Depends on L_AddonManagement (0: False, 1: True)","Name":"L_powerpntexe17","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"excel.exe (Device) - Depends on L_AddonManagement (0: False, 1: True)","Name":"L_excelexe15","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"visio.exe (Device) - Depends on L_AddonManagement (0: False, 1: True)","Name":"L_visioexe19","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"onent.exe (Device) - Depends on L_AddonManagement (0: False, 1: True)","Name":"L_onenoteexe26","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"outlook.exe (Device) - Depends on L_AddonManagement (0: False, 1: True)","Name":"L_outlookexe22","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"pptview.exe (Device) - Depends on L_AddonManagement (0: False, 1: True)","Name":"L_pptviewexe18","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"winword.exe (Device) - Depends on L_AddonManagement (0: False, 1: True)","Name":"L_winwordexe21","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"exprwd.exe (Device) - Depends on L_AddonManagement (0: False, 1: True)","Name":"L_exprwdexe24","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"spDesign.exe (Device) - Depends on L_AddonManagement (0: False, 1: True)","Name":"L_spdesignexe23","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"winproj.exe (Device) - Depends on L_AddonManagement (0: False, 1: True)","Name":"L_winprojexe20","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"groove.exe (Device) - Depends on L_AddonManagement (0: False, 1: True)","Name":"L_grooveexe14","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"mspub.exe (Device) - Depends on L_AddonManagement (0: False, 1: True)","Name":"L_mspubexe16","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"mse7.exe (Device) - Depends on L_AddonManagement (0: False, 1: True)","Name":"L_mse7exe27","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"msaccess.exe (Device) - Depends on L_AddonManagement (0: False, 1: True)","Name":"L_msaccessexe25","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Consistent Mime Handling (0: Disabled, 1: Enabled)","Name":"L_ConsistentMimeHandling","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"excel.exe (Device) - Depends on L_ConsistentMimeHandling (0: False, 1: True)","Name":"L_excelexe43","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"spDesign.exe (Device) - Depends on L_ConsistentMimeHandling (0: False, 1: True)","Name":"L_spdesignexe51","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"onent.exe (Device) - Depends on L_ConsistentMimeHandling (0: False, 1: True)","Name":"L_onenoteexe54","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"outlook.exe (Device) - Depends on L_ConsistentMimeHandling (0: False, 1: True)","Name":"L_outlookexe50","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"pptview.exe (Device) - Depends on L_ConsistentMimeHandling (0: False, 1: True)","Name":"L_pptviewexe46","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"mspub.exe (Device) - Depends on L_ConsistentMimeHandling (0: False, 1: True)","Name":"L_mspubexe44","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"visio.exe (Device) - Depends on L_ConsistentMimeHandling (0: False, 1: True)","Name":"L_visioexe47","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"winproj.exe (Device) - Depends on L_ConsistentMimeHandling (0: False, 1: True)","Name":"L_winprojexe48","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"msaccess.exe (Device) - Depends on L_ConsistentMimeHandling (0: False, 1: True)","Name":"L_msaccessexe53","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"powerpnt.exe (Device) - Depends on L_ConsistentMimeHandling (0: False, 1: True)","Name":"L_powerpntexe45","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"groove.exe (Device) - Depends on L_ConsistentMimeHandling (0: False, 1: True)","Name":"L_grooveexe42","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"mse7.exe (Device) - Depends on L_ConsistentMimeHandling (0: False, 1: True)","Name":"L_mse7exe55","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"winword.exe (Device) - Depends on L_ConsistentMimeHandling (0: False, 1: True)","Name":"L_winwordexe49","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"exprwd.exe (Device) - Depends on L_ConsistentMimeHandling (0: False, 1: True)","Name":"L_exprwdexe52","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Disable user name and password (0: Disabled, 1: Enabled)","Name":"L_Disableusernameandpassword","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"excel.exe (Device) - Depends on L_Disableusernameandpassword (0: False, 1: True)","Name":"L_excelexe127","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"groove.exe (Device) - Depends on L_Disableusernameandpassword (0: False, 1: True)","Name":"L_grooveexe126","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"onent.exe (Device) - Depends on L_Disableusernameandpassword (0: False, 1: True)","Name":"L_onenoteexe138","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"mse7.exe (Device) - Depends on L_Disableusernameandpassword (0: False, 1: True)","Name":"L_mse7exe139","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"mspub.exe (Device) - Depends on L_Disableusernameandpassword (0: False, 1: True)","Name":"L_mspubexe128","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"visio.exe (Device) - Depends on L_Disableusernameandpassword (0: False, 1: True)","Name":"L_visioexe131","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"exprwd.exe (Device) - Depends on L_Disableusernameandpassword (0: False, 1: True)","Name":"L_exprwdexe136","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"msaccess.exe (Device) - Depends on L_Disableusernameandpassword (0: False, 1: True)","Name":"L_msaccessexe137","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"spDesign.exe (Device) - Depends on L_Disableusernameandpassword (0: False, 1: True)","Name":"L_spdesignexe135","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"winword.exe (Device) - Depends on L_Disableusernameandpassword (0: False, 1: True)","Name":"L_winwordexe133","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"powerpnt.exe (Device) - Depends on L_Disableusernameandpassword (0: False, 1: True)","Name":"L_powerpntexe129","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"outlook.exe (Device) - Depends on L_Disableusernameandpassword (0: False, 1: True)","Name":"L_outlookexe134","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"winproj.exe (Device) - Depends on L_Disableusernameandpassword (0: False, 1: True)","Name":"L_winprojexe132","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"pptview.exe (Device) - Depends on L_Disableusernameandpassword (0: False, 1: True)","Name":"L_pptviewexe130","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Information Bar (0: Disabled, 1: Enabled)","Name":"L_Informationbar","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"excel.exe (Device) - Depends on L_Informationbar (0: False, 1: True)","Name":"L_excelexe113","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"mspub.exe (Device) - Depends on L_Informationbar (0: False, 1: True)","Name":"L_mspubexe114","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"msaccess.exe (Device) - Depends on L_Informationbar (0: False, 1: True)","Name":"L_msaccessexe123","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"onent.exe (Device) - Depends on L_Informationbar (0: False, 1: True)","Name":"L_onenoteexe124","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"outlook.exe (Device) - Depends on L_Informationbar (0: False, 1: True)","Name":"L_outlookexe120","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"winproj.exe (Device) - Depends on L_Informationbar (0: False, 1: True)","Name":"L_winprojexe118","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"powerpnt.exe (Device) - Depends on L_Informationbar (0: False, 1: True)","Name":"L_powerpntexe115","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"spDesign.exe (Device) - Depends on L_Informationbar (0: False, 1: True)","Name":"L_spdesignexe121","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"groove.exe (Device) - Depends on L_Informationbar (0: False, 1: True)","Name":"L_grooveexe112","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"visio.exe (Device) - Depends on L_Informationbar (0: False, 1: True)","Name":"L_visioexe117","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"mse7.exe (Device) - Depends on L_Informationbar (0: False, 1: True)","Name":"L_mse7exe125","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"winword.exe (Device) - Depends on L_Informationbar (0: False, 1: True)","Name":"L_winwordexe119","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"exprwd.exe (Device) - Depends on L_Informationbar (0: False, 1: True)","Name":"L_exprwdexe122","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"pptview.exe (Device) - Depends on L_Informationbar (0: False, 1: True)","Name":"L_pptviewexe116","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Local Machine Zone Lockdown Security (0: Disabled, 1: Enabled)","Name":"L_LocalMachineZoneLockdownSecurity","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"mse7.exe (Device) - Depends on L_LocalMachineZoneLockdownSecurity (0: False, 1: True)","Name":"L_mse7exe41","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"powerpnt.exe (Device) - Depends on L_LocalMachineZoneLockdownSecurity (0: False, 1: True)","Name":"L_powerpntexe31","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"mspub.exe (Device) - Depends on L_LocalMachineZoneLockdownSecurity (0: False, 1: True)","Name":"L_mspubexe30","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"outlook.exe (Device) - Depends on L_LocalMachineZoneLockdownSecurity (0: False, 1: True)","Name":"L_outlookexe36","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"pptview.exe (Device) - Depends on L_LocalMachineZoneLockdownSecurity (0: False, 1: True)","Name":"L_pptviewexe32","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"excel.exe (Device) - Depends on L_LocalMachineZoneLockdownSecurity (0: False, 1: True)","Name":"L_excelexe29","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"exprwd.exe (Device) - Depends on L_LocalMachineZoneLockdownSecurity (0: False, 1: True)","Name":"L_exprwdexe38","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"groove.exe (Device) - Depends on L_LocalMachineZoneLockdownSecurity (0: False, 1: True)","Name":"L_grooveexe28","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"winword.exe (Device) - Depends on L_LocalMachineZoneLockdownSecurity (0: False, 1: True)","Name":"L_winwordexe35","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"msaccess.exe (Device) - Depends on L_LocalMachineZoneLockdownSecurity (0: False, 1: True)","Name":"L_msaccessexe39","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"spDesign.exe (Device) - Depends on L_LocalMachineZoneLockdownSecurity (0: False, 1: True)","Name":"L_spdesignexe37","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"visio.exe (Device) - Depends on L_LocalMachineZoneLockdownSecurity (0: False, 1: True)","Name":"L_visioexe33","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"onent.exe (Device) - Depends on L_LocalMachineZoneLockdownSecurity (0: False, 1: True)","Name":"L_onenoteexe40","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"winproj.exe (Device) - Depends on L_LocalMachineZoneLockdownSecurity (0: False, 1: True)","Name":"L_winprojexe34","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Mime Sniffing Safety Feature (0: Disabled, 1: Enabled)","Name":"L_MimeSniffingSafetyFature","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"powerpnt.exe (Device) - Depends on L_MimeSniffingSafetyFature (0: False, 1: True)","Name":"L_powerpntexe59","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"exprwd.exe (Device) - Depends on L_MimeSniffingSafetyFature (0: False, 1: True)","Name":"L_exprwdexe66","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"groove.exe (Device) - Depends on L_MimeSniffingSafetyFature (0: False, 1: True)","Name":"L_grooveexe56","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"visio.exe (Device) - Depends on L_MimeSniffingSafetyFature (0: False, 1: True)","Name":"L_visioexe61","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"outlook.exe (Device) - Depends on L_MimeSniffingSafetyFature (0: False, 1: True)","Name":"L_outlookexe64","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"mspub.exe (Device) - Depends on L_MimeSniffingSafetyFature (0: False, 1: True)","Name":"L_mspubexe58","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"mse7.exe (Device) - Depends on L_MimeSniffingSafetyFature (0: False, 1: True)","Name":"L_mse7exe69","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"msaccess.exe (Device) - Depends on L_MimeSniffingSafetyFature (0: False, 1: True)","Name":"L_msaccessexe67","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"pptview.exe (Device) - Depends on L_MimeSniffingSafetyFature (0: False, 1: True)","Name":"L_pptviewexe60","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"winproj.exe (Device) - Depends on L_MimeSniffingSafetyFature (0: False, 1: True)","Name":"L_winprojexe62","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"spDesign.exe (Device) - Depends on L_MimeSniffingSafetyFature (0: False, 1: True)","Name":"L_spdesignexe65","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"onent.exe (Device) - Depends on L_MimeSniffingSafetyFature (0: False, 1: True)","Name":"L_onenoteexe68","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"winword.exe (Device) - Depends on L_MimeSniffingSafetyFature (0: False, 1: True)","Name":"L_winwordexe63","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"excel.exe (Device) - Depends on L_MimeSniffingSafetyFature (0: False, 1: True)","Name":"L_excelexe57","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Navigate URL (0: Disabled, 1: Enabled)","Name":"L_NavigateURL","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"spDesign.exe (Device) - Depends on L_NavigateURL (0: False, 1: True)","Name":"L_spdesignexe177","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"onent.exe (Device) - Depends on L_NavigateURL (0: False, 1: True)","Name":"L_onenoteexe180","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"pptview.exe (Device) - Depends on L_NavigateURL (0: False, 1: True)","Name":"L_pptviewexe172","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"outlook.exe (Device) - Depends on L_NavigateURL (0: False, 1: True)","Name":"L_outlookexe176","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"winproj.exe (Device) - Depends on L_NavigateURL (0: False, 1: True)","Name":"L_winprojexe174","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"msaccess.exe (Device) - Depends on L_NavigateURL (0: False, 1: True)","Name":"L_msaccessexe179","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"winword.exe (Device) - Depends on L_NavigateURL (0: False, 1: True)","Name":"L_winwordexe175","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"excel.exe (Device) - Depends on L_NavigateURL (0: False, 1: True)","Name":"L_excelexe169","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"mspub.exe (Device) - Depends on L_NavigateURL (0: False, 1: True)","Name":"L_mspubexe170","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"exprwd.exe (Device) - Depends on L_NavigateURL (0: False, 1: True)","Name":"L_exprwdexe178","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"powerpnt.exe (Device) - Depends on L_NavigateURL (0: False, 1: True)","Name":"L_powerpntexe171","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"visio.exe (Device) - Depends on L_NavigateURL (0: False, 1: True)","Name":"L_visioexe173","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"mse7.exe (Device) - Depends on L_NavigateURL (0: False, 1: True)","Name":"L_mse7exe181","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"groove.exe (Device) - Depends on L_NavigateURL (0: False, 1: True)","Name":"L_grooveexe168","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Object Caching Protection (0: Disabled, 1: Enabled)","Name":"L_ObjectCachingProtection","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"winword.exe (Device) - Depends on L_ObjectCachingProtection (0: False, 1: True)","Name":"L_winwordexe77","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"powerpnt.exe (Device) - Depends on L_ObjectCachingProtection (0: False, 1: True)","Name":"L_powerpntexe73","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"spDesign.exe (Device) - Depends on L_ObjectCachingProtection (0: False, 1: True)","Name":"L_spdesignexe79","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"mse7.exe (Device) - Depends on L_ObjectCachingProtection (0: False, 1: True)","Name":"L_mse7exe83","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"mspub.exe (Device) - Depends on L_ObjectCachingProtection (0: False, 1: True)","Name":"L_mspubexe72","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"msaccess.exe (Device) - Depends on L_ObjectCachingProtection (0: False, 1: True)","Name":"L_msaccessexe81","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"onent.exe (Device) - Depends on L_ObjectCachingProtection (0: False, 1: True)","Name":"L_onenoteexe82","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"outlook.exe (Device) - Depends on L_ObjectCachingProtection (0: False, 1: True)","Name":"L_outlookexe78","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"groove.exe (Device) - Depends on L_ObjectCachingProtection (0: False, 1: True)","Name":"L_grooveexe70","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"excel.exe (Device) - Depends on L_ObjectCachingProtection (0: False, 1: True)","Name":"L_excelexe71","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"visio.exe (Device) - Depends on L_ObjectCachingProtection (0: False, 1: True)","Name":"L_visioexe75","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"pptview.exe (Device) - Depends on L_ObjectCachingProtection (0: False, 1: True)","Name":"L_pptviewexe74","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"winproj.exe (Device) - Depends on L_ObjectCachingProtection (0: False, 1: True)","Name":"L_winprojexe76","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"exprwd.exe (Device) - Depends on L_ObjectCachingProtection (0: False, 1: True)","Name":"L_exprwdexe80","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Protection From Zone Elevation (0: Disabled, 1: Enabled)","Name":"L_ProtectionFromZoneElevation","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"mspub.exe (Device) - Depends on L_ProtectionFromZoneElevation (0: False, 1: True)","Name":"L_mspubexe100","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"visio.exe (Device) - Depends on L_ProtectionFromZoneElevation (0: False, 1: True)","Name":"L_visioexe103","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"powerpnt.exe (Device) - Depends on L_ProtectionFromZoneElevation (0: False, 1: True)","Name":"L_powerpntexe101","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"excel.exe (Device) - Depends on L_ProtectionFromZoneElevation (0: False, 1: True)","Name":"L_excelexe99","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"mse7.exe (Device) - Depends on L_ProtectionFromZoneElevation (0: False, 1: True)","Name":"L_mse7exe111","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"winword.exe (Device) - Depends on L_ProtectionFromZoneElevation (0: False, 1: True)","Name":"L_winwordexe105","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"exprwd.exe (Device) - Depends on L_ProtectionFromZoneElevation (0: False, 1: True)","Name":"L_exprwdexe108","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"msaccess.exe (Device) - Depends on L_ProtectionFromZoneElevation (0: False, 1: True)","Name":"L_msaccessexe109","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"spDesign.exe (Device) - Depends on L_ProtectionFromZoneElevation (0: False, 1: True)","Name":"L_spdesignexe107","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"onent.exe (Device) - Depends on L_ProtectionFromZoneElevation (0: False, 1: True)","Name":"L_onenoteexe110","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"pptview.exe (Device) - Depends on L_ProtectionFromZoneElevation (0: False, 1: True)","Name":"L_pptviewexe102","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"winproj.exe (Device) - Depends on L_ProtectionFromZoneElevation (0: False, 1: True)","Name":"L_winprojexe104","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"groove.exe (Device) - Depends on L_ProtectionFromZoneElevation (0: False, 1: True)","Name":"L_grooveexe98","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"outlook.exe (Device) - Depends on L_ProtectionFromZoneElevation (0: False, 1: True)","Name":"L_outlookexe106","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Restrict ActiveX Install (0: Disabled, 1: Enabled)","Name":"L_RestrictActiveXInstall","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"mse7.exe (Device) - Depends on L_RestrictActiveXInstall (0: False, 1: True)","Name":"L_mse7exe","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"powerpnt.exe (Device) - Depends on L_RestrictActiveXInstall (0: False, 1: True)","Name":"L_powerpntexe","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"spDesign.exe (Device) - Depends on L_RestrictActiveXInstall (0: False, 1: True)","Name":"L_spDesignexe","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"onent.exe (Device) - Depends on L_RestrictActiveXInstall (0: False, 1: True)","Name":"L_onenoteexe","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"excel.exe (Device) - Depends on L_RestrictActiveXInstall (0: False, 1: True)","Name":"L_excelexe","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"mspub.exe (Device) - Depends on L_RestrictActiveXInstall (0: False, 1: True)","Name":"L_mspubexe","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"visio.exe (Device) - Depends on L_RestrictActiveXInstall (0: False, 1: True)","Name":"L_visioexe","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"exprwd.exe (Device) - Depends on L_RestrictActiveXInstall (0: False, 1: True)","Name":"L_exprwdexe","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"outlook.exe (Device) - Depends on L_RestrictActiveXInstall (0: False, 1: True)","Name":"L_outlookexe","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"pptview.exe (Device) - Depends on L_RestrictActiveXInstall (0: False, 1: True)","Name":"L_pptviewexe","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"winproj.exe (Device) - Depends on L_RestrictActiveXInstall (0: False, 1: True)","Name":"L_winprojexe","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"winword.exe (Device) - Depends on L_RestrictActiveXInstall (0: False, 1: True)","Name":"L_winwordexe","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"groove.exe (Device) - Depends on L_RestrictActiveXInstall (0: False, 1: True)","Name":"L_grooveexe","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"msaccess.exe (Device) - Depends on L_RestrictActiveXInstall (0: False, 1: True)","Name":"L_msaccessexe","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Restrict File Download (0: Disabled, 1: Enabled)","Name":"L_RestrictFileDownload","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"visio.exe (Device) - Depends on L_RestrictFileDownload (0: False, 1: True)","Name":"L_visioexe5","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"winproj.exe (Device) - Depends on L_RestrictFileDownload (0: False, 1: True)","Name":"L_winprojexe6","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"msaccess.exe (Device) - Depends on L_RestrictFileDownload (0: False, 1: True)","Name":"L_msaccessexe11","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"spDesign.exe (Device) - Depends on L_RestrictFileDownload (0: False, 1: True)","Name":"L_spdesignexe9","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"excel.exe (Device) - Depends on L_RestrictFileDownload (0: False, 1: True)","Name":"L_excelexe1","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"powerpnt.exe (Device) - Depends on L_RestrictFileDownload (0: False, 1: True)","Name":"L_powerpntexe3","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"mspub.exe (Device) - Depends on L_RestrictFileDownload (0: False, 1: True)","Name":"L_mspubexe2","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"exprwd.exe (Device) - Depends on L_RestrictFileDownload (0: False, 1: True)","Name":"L_exprwdexe10","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"outlook.exe (Device) - Depends on L_RestrictFileDownload (0: False, 1: True)","Name":"L_outlookexe8","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"pptview.exe (Device) - Depends on L_RestrictFileDownload (0: False, 1: True)","Name":"L_pptviewexe4","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"winword.exe (Device) - Depends on L_RestrictFileDownload (0: False, 1: True)","Name":"L_winwordexe7","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"onent.exe (Device) - Depends on L_RestrictFileDownload (0: False, 1: True)","Name":"L_onenoteexe12","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"mse7.exe (Device) - Depends on L_RestrictFileDownload (0: False, 1: True)","Name":"L_mse7exe13","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"groove.exe (Device) - Depends on L_RestrictFileDownload (0: False, 1: True)","Name":"L_grooveexe0","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Saved from URL (0: Disabled, 1: Enabled)","Name":"L_SavedfromURL","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"pptview.exe (Device) - Depends on L_SavedfromURL (0: False, 1: True)","Name":"L_pptviewexe158","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"exprwd.exe (Device) - Depends on L_SavedfromURL (0: False, 1: True)","Name":"L_exprwdexe164","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"mse7.exe (Device) - Depends on L_SavedfromURL (0: False, 1: True)","Name":"L_mse7exe167","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"spDesign.exe (Device) - Depends on L_SavedfromURL (0: False, 1: True)","Name":"L_spdesignexe163","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"winproj.exe (Device) - Depends on L_SavedfromURL (0: False, 1: True)","Name":"L_winprojexe160","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"mspub.exe (Device) - Depends on L_SavedfromURL (0: False, 1: True)","Name":"L_mspubexe156","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"visio.exe (Device) - Depends on L_SavedfromURL (0: False, 1: True)","Name":"L_visioexe159","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"winword.exe (Device) - Depends on L_SavedfromURL (0: False, 1: True)","Name":"L_winwordexe161","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"msaccess.exe (Device) - Depends on L_SavedfromURL (0: False, 1: True)","Name":"L_msaccessexe165","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"onent.exe (Device) - Depends on L_SavedfromURL (0: False, 1: True)","Name":"L_onenoteexe166","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"outlook.exe (Device) - Depends on L_SavedfromURL (0: False, 1: True)","Name":"L_outlookexe162","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"groove.exe (Device) - Depends on L_SavedfromURL (0: False, 1: True)","Name":"L_grooveexe154","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"excel.exe (Device) - Depends on L_SavedfromURL (0: False, 1: True)","Name":"L_excelexe155","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"powerpnt.exe (Device) - Depends on L_SavedfromURL (0: False, 1: True)","Name":"L_powerpntexe157","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Scripted Window Security Restrictions (0: Disabled, 1: Enabled)","Name":"L_ScriptedWindowSecurityRestrictions","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"exprwd.exe (Device) - Depends on L_ScriptedWindowSecurityRestrictions (0: False, 1: True)","Name":"L_exprwdexe94","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"mse7.exe (Device) - Depends on L_ScriptedWindowSecurityRestrictions (0: False, 1: True)","Name":"L_mse7exe97","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"mspub.exe (Device) - Depends on L_ScriptedWindowSecurityRestrictions (0: False, 1: True)","Name":"L_mspubexe86","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"outlook.exe (Device) - Depends on L_ScriptedWindowSecurityRestrictions (0: False, 1: True)","Name":"L_outlookexe92","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"msaccess.exe (Device) - Depends on L_ScriptedWindowSecurityRestrictions (0: False, 1: True)","Name":"L_msaccessexe95","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"powerpnt.exe (Device) - Depends on L_ScriptedWindowSecurityRestrictions (0: False, 1: True)","Name":"L_powerpntexe87","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"groove.exe (Device) - Depends on L_ScriptedWindowSecurityRestrictions (0: False, 1: True)","Name":"L_grooveexe84","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"excel.exe (Device) - Depends on L_ScriptedWindowSecurityRestrictions (0: False, 1: True)","Name":"L_excelexe85","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"pptview.exe (Device) - Depends on L_ScriptedWindowSecurityRestrictions (0: False, 1: True)","Name":"L_pptviewexe88","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"spDesign.exe (Device) - Depends on L_ScriptedWindowSecurityRestrictions (0: False, 1: True)","Name":"L_spdesignexe93","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"visio.exe (Device) - Depends on L_ScriptedWindowSecurityRestrictions (0: False, 1: True)","Name":"L_visioexe89","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"onent.exe (Device) - Depends on L_ScriptedWindowSecurityRestrictions (0: False, 1: True)","Name":"L_onenoteexe96","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"winproj.exe (Device) - Depends on L_ScriptedWindowSecurityRestrictions (0: False, 1: True)","Name":"L_winprojexe90","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"winword.exe (Device) - Depends on L_ScriptedWindowSecurityRestrictions (0: False, 1: True)","Name":"L_winwordexe91","Option":"Write","ValueMap":[0,1],"Values":[0,1]}],"Description":"Intune Security Baseline Microsoft365 Apps For Enterprise"},{"ClassName":"MSFT_MicrosoftGraphIntuneSettingsCatalogUserSettings_IntuneSecurityBaselineMicrosoft365AppsForEnterprise","Parameters":[{"CIMType":"SInt32","Description":"Block macros from running in Office files from the Internet (User) (0: Disabled, 1: Enabled)","Name":"MicrosoftAccess_Security_TrustCenter_L_BlockMacroExecutionFromInternet","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Disable Trust Bar Notification for unsigned application add-ins and block them (User) (0: Disabled, 1: Enabled)","Name":"MicrosoftAccess_Security_TrustCenter_L_DisableTrustBarNotificationforunsigned","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Require that application add-ins are signed by Trusted Publisher (User) (0: Disabled, 1: Enabled)","Name":"MicrosoftAccess_Security_TrustCenter_L_RequirethatApplicationExtensionsaresigned","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow Trusted Locations on the network (User) (0: Disabled, 1: Enabled)","Name":"MicrosoftAccess_Security_TrustCenterTrustedLocations_L_AllowTrustedLocationsOnTheNetwork","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"VBA Macro Notification Settings (User) (0: Disabled, 1: Enabled)","Name":"MicrosoftAccess_Security_TrustCenter_L_VBAWarningsPolicy","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":" - Depends on MicrosoftAccess_Security_TrustCenter_L_VBAWarningsPolicy (2: Disable all with notification, 3: Disable all except digitally signed macros, 4: Disable all without notification, 1: Enable all macros (not recommended))","Name":"MicrosoftAccess_Security_TrustCenter_L_VBAWarningsPolicy_L_Empty","Option":"Write","ValueMap":[2,3,4,1],"Values":[2,3,4,1]},{"CIMType":"SInt32","Description":"Do not show data extraction options when opening corrupt workbooks (User) (0: Disabled, 1: Enabled)","Name":"L_Donotshowdataextractionoptionswhenopeningcorruptworkbooks","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Ask to update automatic links (User) (0: Disabled, 1: Enabled)","Name":"L_Asktoupdateautomaticlinks","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Load pictures from Web pages not created in Excel (User) (0: Disabled, 1: Enabled)","Name":"L_LoadpicturesfromWebpagesnotcreatedinExcel","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Disable AutoRepublish (User) (0: Disabled, 1: Enabled)","Name":"L_DisableAutoRepublish","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Do not show AutoRepublish warning alert (User) (0: Disabled, 1: Enabled)","Name":"L_DoNotShowAutoRepublishWarningAlert","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Force file extension to match file type (User) (0: Disabled, 1: Enabled)","Name":"L_Forcefileextenstionstomatch","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":" - Depends on L_Forcefileextenstionstomatch (0: Allow different, 1: Allow different, but warn, 2: Always match file type)","Name":"L_Forcefileextenstionstomatch_L_Empty","Option":"Write","ValueMap":[0,1,2],"Values":[0,1,2]},{"CIMType":"SInt32","Description":"Scan encrypted macros in Excel Open XML workbooks (User) (0: Disabled, 1: Enabled)","Name":"L_DeterminewhethertoforceencryptedExcel","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":" - Depends on L_DeterminewhethertoforceencryptedExcel (0: Scan encrypted macros (default), 1: Scan if anti-virus software available, 2: Load macros without scanning)","Name":"L_DeterminewhethertoforceencryptedExcelDropID","Option":"Write","ValueMap":[0,1,2],"Values":[0,1,2]},{"CIMType":"SInt32","Description":"Block Excel XLL Add-ins that come from an untrusted source (User) (0: Disabled, 1: Enabled)","Name":"L_BlockXLLFromInternet","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":" - Depends on L_BlockXLLFromInternet (1: Block, 0: Show Additional Warning, 2: Allow)","Name":"L_BlockXLLFromInternetEnum","Option":"Write","ValueMap":[1,0,2],"Values":[1,0,2]},{"CIMType":"SInt32","Description":"Block macros from running in Office files from the Internet (User) (0: Disabled, 1: Enabled)","Name":"MicrosoftExcel_Security_TrustCenter_L_BlockMacroExecutionFromInternet","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Disable Trust Bar Notification for unsigned application add-ins and block them (User) (Deprecated) (0: Disabled, 1: Enabled)","Name":"MicrosoftExcel_Security_TrustCenter_L_DisableTrustBarNotificationforunsigned","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Always prevent untrusted Microsoft Query files from opening (User) (0: Disabled, 1: Enabled)","Name":"L_EnableBlockUnsecureQueryFiles","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"dBase III / IV files (User) (0: Disabled, 1: Enabled)","Name":"L_DBaseIIIANDIVFiles","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"File block setting: (User) - Depends on L_DBaseIIIANDIVFiles (0: Do not block, 2: Open/Save blocked, use open policy)","Name":"L_DBaseIIIANDIVFilesDropID","Option":"Write","ValueMap":[0,2],"Values":[0,2]},{"CIMType":"SInt32","Description":"Dif and Sylk files (User) (0: Disabled, 1: Enabled)","Name":"L_DifAndSylkFiles","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"File block setting: (User) - Depends on L_DifAndSylkFiles (0: Do not block, 1: Save blocked, 2: Open/Save blocked, use open policy)","Name":"L_DifAndSylkFilesDropID","Option":"Write","ValueMap":[0,1,2],"Values":[0,1,2]},{"CIMType":"SInt32","Description":"Excel 2 macrosheets and add-in files (User) (0: Disabled, 1: Enabled)","Name":"L_Excel2MacrosheetsAndAddInFiles","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"File block setting: (User) - Depends on L_Excel2MacrosheetsAndAddInFiles (0: Do not block, 2: Open/Save blocked, use open policy, 3: Block, 4: Open in Protected View, 5: Allow editing and open in Protected View)","Name":"L_Excel2MacrosheetsAndAddInFilesDropID","Option":"Write","ValueMap":[0,2,3,4,5],"Values":[0,2,3,4,5]},{"CIMType":"SInt32","Description":"Excel 2 worksheets (User) (0: Disabled, 1: Enabled)","Name":"L_Excel2Worksheets","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"File block setting: (User) - Depends on L_Excel2Worksheets (0: Do not block, 2: Open/Save blocked, use open policy, 3: Block, 4: Open in Protected View, 5: Allow editing and open in Protected View)","Name":"L_Excel2WorksheetsDropID","Option":"Write","ValueMap":[0,2,3,4,5],"Values":[0,2,3,4,5]},{"CIMType":"SInt32","Description":"Excel 3 macrosheets and add-in files (User) (0: Disabled, 1: Enabled)","Name":"L_Excel3MacrosheetsAndAddInFiles","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"File block setting: (User) - Depends on L_Excel3MacrosheetsAndAddInFiles (0: Do not block, 2: Open/Save blocked, use open policy, 3: Block, 4: Open in Protected View, 5: Allow editing and open in Protected View)","Name":"L_Excel3MacrosheetsAndAddInFilesDropID","Option":"Write","ValueMap":[0,2,3,4,5],"Values":[0,2,3,4,5]},{"CIMType":"SInt32","Description":"Excel 3 worksheets (User) (0: Disabled, 1: Enabled)","Name":"L_Excel3Worksheets","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"File block setting: (User) - Depends on L_Excel3Worksheets (0: Do not block, 2: Open/Save blocked, use open policy, 3: Block, 4: Open in Protected View, 5: Allow editing and open in Protected View)","Name":"L_Excel3WorksheetsDropID","Option":"Write","ValueMap":[0,2,3,4,5],"Values":[0,2,3,4,5]},{"CIMType":"SInt32","Description":"Excel 4 macrosheets and add-in files (User) (0: Disabled, 1: Enabled)","Name":"L_Excel4MacrosheetsAndAddInFiles","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"File block setting: (User) - Depends on L_Excel4MacrosheetsAndAddInFiles (0: Do not block, 2: Open/Save blocked, use open policy, 3: Block, 4: Open in Protected View, 5: Allow editing and open in Protected View)","Name":"L_Excel4MacrosheetsAndAddInFilesDropID","Option":"Write","ValueMap":[0,2,3,4,5],"Values":[0,2,3,4,5]},{"CIMType":"SInt32","Description":"Excel 4 workbooks (User) (0: Disabled, 1: Enabled)","Name":"L_Excel4Workbooks","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"File block setting: (User) - Depends on L_Excel4Workbooks (0: Do not block, 2: Open/Save blocked, use open policy, 3: Block, 4: Open in Protected View, 5: Allow editing and open in Protected View)","Name":"L_Excel4WorkbooksDropID","Option":"Write","ValueMap":[0,2,3,4,5],"Values":[0,2,3,4,5]},{"CIMType":"SInt32","Description":"Excel 4 worksheets (User) (0: Disabled, 1: Enabled)","Name":"L_Excel4Worksheets","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"File block setting: (User) - Depends on L_Excel4Worksheets (0: Do not block, 2: Open/Save blocked, use open policy, 3: Block, 4: Open in Protected View, 5: Allow editing and open in Protected View)","Name":"L_Excel4WorksheetsDropID","Option":"Write","ValueMap":[0,2,3,4,5],"Values":[0,2,3,4,5]},{"CIMType":"SInt32","Description":"Excel 95 workbooks (User) (0: Disabled, 1: Enabled)","Name":"L_Excel95Workbooks","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"File block setting: (User) - Depends on L_Excel95Workbooks (0: Do not block, 1: Save blocked, 2: Open/Save blocked, use open policy, 3: Block, 4: Open in Protected View, 5: Allow editing and open in Protected View)","Name":"L_Excel95WorkbooksDropID","Option":"Write","ValueMap":[0,1,2,3,4,5],"Values":[0,1,2,3,4,5]},{"CIMType":"SInt32","Description":"Excel 95-97 workbooks and templates (User) (0: Disabled, 1: Enabled)","Name":"L_Excel9597WorkbooksAndTemplates","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"File block setting: (User) - Depends on L_Excel9597WorkbooksAndTemplates (0: Do not block, 2: Open/Save blocked, use open policy, 3: Block, 4: Open in Protected View, 5: Allow editing and open in Protected View)","Name":"L_Excel9597WorkbooksAndTemplatesDropID","Option":"Write","ValueMap":[0,2,3,4,5],"Values":[0,2,3,4,5]},{"CIMType":"SInt32","Description":"Excel 97-2003 workbooks and templates (User) (0: Disabled, 1: Enabled)","Name":"L_Excel972003WorkbooksAndTemplates","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"File block setting: (User) - Depends on L_Excel972003WorkbooksAndTemplates (0: Do not block, 1: Save blocked, 2: Open/Save blocked, use open policy, 3: Block, 4: Open in Protected View, 5: Allow editing and open in Protected View)","Name":"L_Excel972003WorkbooksAndTemplatesDropID","Option":"Write","ValueMap":[0,1,2,3,4,5],"Values":[0,1,2,3,4,5]},{"CIMType":"SInt32","Description":"Set default file block behavior (User) (0: Disabled, 1: Enabled)","Name":"MicrosoftExcel_Security_TrustCenterFileBlockSettings_L_SetDefaultFileBlockBehavior","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":" - Depends on MicrosoftExcel_Security_TrustCenterFileBlockSettings_L_SetDefaultFileBlockBehavior (0: Blocked files are not opened, 1: Blocked files open in Protected View and can not be edited, 2: Blocked files open in Protected View and can be edited)","Name":"MicrosoftExcel_Security_TrustCenterFileBlockSettings_L_SetDefaultFileBlockBehaviorDropID","Option":"Write","ValueMap":[0,1,2],"Values":[0,1,2]},{"CIMType":"SInt32","Description":"Web pages and Excel 2003 XML spreadsheets (User) (0: Disabled, 1: Enabled)","Name":"L_WebPagesAndExcel2003XMLSpreadsheets","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"File block setting: (User) - Depends on L_WebPagesAndExcel2003XMLSpreadsheets (0: Do not block, 1: Save blocked, 2: Open/Save blocked, use open policy, 3: Block, 4: Open in Protected View, 5: Allow editing and open in Protected View)","Name":"L_WebPagesAndExcel2003XMLSpreadsheetsDropID","Option":"Write","ValueMap":[0,1,2,3,4,5],"Values":[0,1,2,3,4,5]},{"CIMType":"SInt32","Description":"Prevent Excel from running XLM macros (User) (0: Disabled, 1: Enabled)","Name":"L_XL4KillSwitchPolicy","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Always open untrusted database files in Protected View (User) (0: Disabled, 1: Enabled)","Name":"L_EnableDataBaseFileProtectedView","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Do not open files from the Internet zone in Protected View (User) (0: Disabled, 1: Enabled)","Name":"MicrosoftExcel_Security_TrustCenterProtectedView_L_DoNotOpenFilesFromTheInternetZoneInProtectedView","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Do not open files in unsafe locations in Protected View (User) (0: Disabled, 1: Enabled)","Name":"MicrosoftExcel_Security_TrustCenterProtectedView_L_DoNotOpenFilesInUnsafeLocationsInProtectedView","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Set document behavior if file validation fails (User) (0: Disabled, 1: Enabled)","Name":"MicrosoftExcel_Security_TrustCenterProtectedView_L_SetDocumentBehaviorIfFileValidationFails","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Checked: Allow edit.  Unchecked: Do not allow edit. (User) - Depends on MicrosoftExcel_Security_TrustCenterProtectedView_L_SetDocumentBehaviorIfFileValidationFails (0: False, 1: True)","Name":"MicrosoftExcel_Security_TrustCenterProtectedView_L_SetDocumentBehaviorIfFileValidationFailsStr3","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":" - Depends on MicrosoftExcel_Security_TrustCenterProtectedView_L_SetDocumentBehaviorIfFileValidationFails (0: Block files, 1: Open in Protected View)","Name":"MicrosoftExcel_Security_TrustCenterProtectedView_L_SetDocumentBehaviorIfFileValidationFailsDropID","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Turn off Protected View for attachments opened from Outlook (User) (0: Disabled, 1: Enabled)","Name":"MicrosoftExcel_Security_TrustCenterProtectedView_L_TurnOffProtectedViewForAttachmentsOpenedFromOutlook","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Require that application add-ins are signed by Trusted Publisher (User) (0: Disabled, 1: Enabled)","Name":"MicrosoftExcel_Security_TrustCenter_L_RequirethatApplicationExtensionsaresigned","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Disable Trust Bar Notification for unsigned application add-ins and block them (User) - Depends on MicrosoftExcel_Security_TrustCenter_L_RequirethatApplicationExtensionsaresigned (0: Disabled, 1: Enabled)","Name":"MicrosoftExcel_Security_TrustCenter_L_DisableTrustBarNotificationforunsigned_v2","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow Trusted Locations on the network (User) (0: Disabled, 1: Enabled)","Name":"MicrosoftExcel_Security_TrustCenterTrustedLocations_L_AllowTrustedLocationsOnTheNetwork","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"VBA Macro Notification Settings (User) (0: Disabled, 1: Enabled)","Name":"MicrosoftExcel_Security_TrustCenter_L_VBAWarningsPolicy","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":" - Depends on MicrosoftExcel_Security_TrustCenter_L_VBAWarningsPolicy (2: Disable VBA macros with notification, 3: Disable VBA macros except digitally signed macros, 4: Disable VBA macros without notification, 1: Enable VBA macros (not recommended))","Name":"L_empty4","Option":"Write","ValueMap":[2,3,4,1],"Values":[2,3,4,1]},{"CIMType":"SInt32","Description":"Turn off file validation (User) (0: Disabled, 1: Enabled)","Name":"MicrosoftExcel_Security_L_TurnOffFileValidation","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"WEBSERVICE Function Notification Settings (User) (0: Disabled, 1: Enabled)","Name":"L_WebContentWarningLevel","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":" - Depends on L_WebContentWarningLevel (0: Enable all WEBSERVICE functions (not recommended), 1: Disable all with notification, 2: Disable all without notification)","Name":"L_WebContentWarningLevelValue","Option":"Write","ValueMap":[0,1,2],"Values":[0,1,2]},{"CIMType":"SInt32","Description":"Disable UI extending from documents and templates (User) (0: Disabled, 1: Enabled)","Name":"L_NoExtensibilityCustomizationFromDocumentPolicy","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Disallow in Word (User) - Depends on L_NoExtensibilityCustomizationFromDocumentPolicy (0: False, 1: True)","Name":"L_NoExtensibilityCustomizationFromDocumentPolicyWord","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Disallow in Excel (User) - Depends on L_NoExtensibilityCustomizationFromDocumentPolicy (0: False, 1: True)","Name":"L_NoExtensibilityCustomizationFromDocumentPolicyExcel","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Disallow in Visio (User) - Depends on L_NoExtensibilityCustomizationFromDocumentPolicy (0: False, 1: True)","Name":"L_NoExtensibilityCustomizationFromDocumentPolicyVisio","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Disallow in PowerPoint (User) - Depends on L_NoExtensibilityCustomizationFromDocumentPolicy (0: False, 1: True)","Name":"L_NoExtensibilityCustomizationFromDocumentPolicyPowerPoint","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Disallow in Publisher (User) - Depends on L_NoExtensibilityCustomizationFromDocumentPolicy (0: False, 1: True)","Name":"L_NoExtensibilityCustomizationFromDocumentPolicyPublisher","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Disallow in Outlook (User) - Depends on L_NoExtensibilityCustomizationFromDocumentPolicy (0: False, 1: True)","Name":"L_NoExtensibilityCustomizationFromDocumentPolicyOutlook","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Disallow in Project (User) - Depends on L_NoExtensibilityCustomizationFromDocumentPolicy (0: False, 1: True)","Name":"L_NoExtensibilityCustomizationFromDocumentPolicyProject","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Disallow in Access (User) - Depends on L_NoExtensibilityCustomizationFromDocumentPolicy (0: False, 1: True)","Name":"L_NoExtensibilityCustomizationFromDocumentPolicyAccess","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Disallow in InfoPath (User) - Depends on L_NoExtensibilityCustomizationFromDocumentPolicy (0: False, 1: True)","Name":"L_NoExtensibilityCustomizationFromDocumentPolicyInfoPath","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"ActiveX Control Initialization (User) (0: Disabled, 1: Enabled)","Name":"L_ActiveXControlInitialization","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"ActiveX Control Initialization: (User) - Depends on L_ActiveXControlInitialization (1: 1, 2: 2, 3: 3, 4: 4, 5: 5, 6: 6)","Name":"L_ActiveXControlInitializationcolon","Option":"Write","ValueMap":[1,2,3,4,5,6],"Values":[1,2,3,4,5,6]},{"CIMType":"SInt32","Description":"Allow Basic Authentication prompts from network proxies (User) (0: Disabled, 1: Enabled)","Name":"L_BasicAuthProxyBehavior","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow VBA to load typelib references by path from untrusted intranet locations (User) (0: Disabled, 1: Enabled)","Name":"L_AllowVbaIntranetRefs","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Automation Security (User) (0: Disabled, 1: Enabled)","Name":"L_AutomationSecurity","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Set the Automation Security level (User) - Depends on L_AutomationSecurity (3: Disable macros by default, 2: Use application macro security level, 1: Macros enabled (default))","Name":"L_SettheAutomationSecuritylevel","Option":"Write","ValueMap":[3,2,1],"Values":[3,2,1]},{"CIMType":"SInt32","Description":"Control how Office handles form-based sign-in prompts (User) (0: Disabled, 1: Enabled)","Name":"L_AuthenticationFBABehavior","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"String","Description":"Specify hosts allowed to show form-based sign-in prompts to users: (User) - Depends on L_AuthenticationFBABehavior","Name":"L_AuthenticationFBAEnabledHostsID","Option":"Write"},{"CIMType":"SInt32","Description":"Behavior: (User) - Depends on L_AuthenticationFBABehavior (1: Block all prompts, 2: Ask the user what to do for each new host, 3: Show prompts only from allowed hosts)","Name":"L_authenticationFBABehaviorEnum","Option":"Write","ValueMap":[1,2,3],"Values":[1,2,3]},{"CIMType":"SInt32","Description":"Disable additional security checks on VBA library references that may refer to unsafe locations on the local machine (User) (0: Disabled, 1: Enabled)","Name":"L_DisableStrictVbaRefsSecurityPolicy","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Disable all Trust Bar notifications for security issues (User) (0: Disabled, 1: Enabled)","Name":"L_DisableallTrustBarnotificationsfor","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Encryption mode for Information Rights Management (IRM) (User) (0: Disabled, 1: Enabled)","Name":"L_Encryptiontypeforirm","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"IRM Encryption Mode: (User) - Depends on L_Encryptiontypeforirm (1: Cipher Block Chaining (CBC), 2: Electronic Codebook (ECB))","Name":"L_Encryptiontypeforirmcolon","Option":"Write","ValueMap":[1,2],"Values":[1,2]},{"CIMType":"SInt32","Description":"Encryption type for password protected Office 97-2003 files (User) (0: Disabled, 1: Enabled)","Name":"L_Encryptiontypeforpasswordprotectedoffice972003","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"String","Description":"Encryption type: (User) - Depends on L_Encryptiontypeforpasswordprotectedoffice972003","Name":"L_encryptiontypecolon318","Option":"Write"},{"CIMType":"SInt32","Description":"Encryption type for password protected Office Open XML files (User) (0: Disabled, 1: Enabled)","Name":"L_Encryptiontypeforpasswordprotectedofficeopen","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"String","Description":"Encryption type: (User) - Depends on L_Encryptiontypeforpasswordprotectedofficeopen","Name":"L_Encryptiontypecolon","Option":"Write"},{"CIMType":"SInt32","Description":"Load Controls in Forms3 (User) (0: Disabled, 1: Enabled)","Name":"L_LoadControlsinForms3","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Load Controls in Forms3: (User) - Depends on L_LoadControlsinForms3 (1: 1, 2: 2, 3: 3, 4: 4)","Name":"L_LoadControlsinForms3colon","Option":"Write","ValueMap":[1,2,3,4],"Values":[1,2,3,4]},{"CIMType":"SInt32","Description":"Macro Runtime Scan Scope (User) (0: Disabled, 1: Enabled)","Name":"L_MacroRuntimeScanScope","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":" - Depends on L_MacroRuntimeScanScope (0: Disable for all documents, 1: Enable for low trust documents, 2: Enable for all documents)","Name":"L_MacroRuntimeScanScopeEnum","Option":"Write","ValueMap":[0,1,2],"Values":[0,1,2]},{"CIMType":"SInt32","Description":"Protect document metadata for rights managed Office Open XML Files (User) (0: Disabled, 1: Enabled)","Name":"L_Protectdocumentmetadataforrightsmanaged","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow mix of policy and user locations (User) (0: Disabled, 1: Enabled)","Name":"L_Allowmixofpolicyanduserlocations","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Disable the Office client from polling the SharePoint Server for published links (User) (0: Disabled, 1: Enabled)","Name":"L_DisabletheOfficeclientfrompolling","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Disable Smart Document's use of manifests (User) (0: Disabled, 1: Enabled)","Name":"L_DisableSmartDocumentsuseofmanifests","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Outlook Security Mode (User) (0: Disabled, 1: Enabled)","Name":"L_OutlookSecurityMode","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Configure Outlook object model prompt when reading address information (User) - Depends on L_OutlookSecurityMode (0: Disabled, 1: Enabled)","Name":"L_OOMAddressAccess","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Guard behavior: (User) (1: Prompt User, 2: Automatically Approve, 0: Automatically Deny, 3: Prompt user based on computer security)","Name":"L_OOMAddressAccess_Setting","Option":"Write","ValueMap":[1,2,0,3],"Values":[1,2,0,3]},{"CIMType":"SInt32","Description":"Configure Outlook object model prompt when responding to meeting and task requests (User) - Depends on L_OutlookSecurityMode (0: Disabled, 1: Enabled)","Name":"L_OOMMeetingTaskRequest","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Guard behavior: (User) (1: Prompt User, 2: Automatically Approve, 0: Automatically Deny, 3: Prompt user based on computer security)","Name":"L_OOMMeetingTaskRequest_Setting","Option":"Write","ValueMap":[1,2,0,3],"Values":[1,2,0,3]},{"CIMType":"SInt32","Description":"Configure Outlook object model prompt when sending mail (User) - Depends on L_OutlookSecurityMode (0: Disabled, 1: Enabled)","Name":"L_OOMSend","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Guard behavior: (User) (1: Prompt User, 2: Automatically Approve, 0: Automatically Deny, 3: Prompt user based on computer security)","Name":"L_OOMSend_Setting","Option":"Write","ValueMap":[1,2,0,3],"Values":[1,2,0,3]},{"CIMType":"SInt32","Description":"Prevent users from customizing attachment security settings (User) - Depends on L_OutlookSecurityMode (0: Disabled, 1: Enabled)","Name":"L_Preventusersfromcustomizingattachmentsecuritysettings","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Retrieving CRLs (Certificate Revocation Lists) (User) - Depends on L_OutlookSecurityMode (0: Disabled, 1: Enabled)","Name":"L_RetrievingCRLsCertificateRevocationLists","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":" (0: Use system Default, 1: When online always retreive the CRL, 2: Never retreive the CRL)","Name":"L_empty31","Option":"Write","ValueMap":[0,1,2],"Values":[0,1,2]},{"CIMType":"SInt32","Description":"Configure Outlook object model prompt When accessing the Formula property of a UserProperty object (User) - Depends on L_OutlookSecurityMode (0: Disabled, 1: Enabled)","Name":"L_OOMFormula","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Guard behavior: (User) (1: Prompt User, 2: Automatically Approve, 0: Automatically Deny, 3: Prompt user based on computer security)","Name":"L_OOMFormula_Setting","Option":"Write","ValueMap":[1,2,0,3],"Values":[1,2,0,3]},{"CIMType":"SInt32","Description":"Authentication with Exchange Server (User) - Depends on L_OutlookSecurityMode (0: Disabled, 1: Enabled)","Name":"L_AuthenticationwithExchangeServer","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"String","Description":"Select the authentication with Exchange server. (User) (9: Kerberos/NTLM Password Authentication, 16: Kerberos Password Authentication, 10: NTLM Password Authentication, 2147545088: Insert a smart card)","Name":"L_SelecttheauthenticationwithExchangeserver","Option":"Write","ValueMap":["9","16","10","2147545088"],"Values":["9","16","10","2147545088"]},{"CIMType":"SInt32","Description":"Enable RPC encryption (User) - Depends on L_OutlookSecurityMode (0: Disabled, 1: Enabled)","Name":"L_EnableRPCEncryption","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow hyperlinks in suspected phishing e-mail messages (User) - Depends on L_OutlookSecurityMode (0: Disabled, 1: Enabled)","Name":"L_Enablelinksinemailmessages","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Configure Outlook object model prompt when accessing an address book (User) - Depends on L_OutlookSecurityMode (0: Disabled, 1: Enabled)","Name":"L_OOMAddressBook","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Guard behavior: (User) (1: Prompt User, 2: Automatically Approve, 0: Automatically Deny, 3: Prompt user based on computer security)","Name":"L_OOMAddressBook_Setting","Option":"Write","ValueMap":[1,2,0,3],"Values":[1,2,0,3]},{"CIMType":"SInt32","Description":"Outlook Security Policy: (User) - Depends on L_OutlookSecurityMode (0: Outlook Default Security, 1: Use Security Form from 'Outlook Security Settings' Public Folder, 2: Use Security Form from 'Outlook 10 Security Settings' Public Folder, 3: Use Outlook Security Group Policy)","Name":"L_OutlookSecurityPolicy","Option":"Write","ValueMap":[0,1,2,3],"Values":[0,1,2,3]},{"CIMType":"SInt32","Description":"Allow users to demote attachments to Level 2 (User) - Depends on L_OutlookSecurityMode (0: Disabled, 1: Enabled)","Name":"L_AllowUsersToLowerAttachments","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow Active X One Off Forms (User) - Depends on L_OutlookSecurityMode (0: Disabled, 1: Enabled)","Name":"L_AllowActiveXOneOffForms","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Sets which ActiveX controls to allow. (0: Load only Outlook Controls, 1: Allows only Safe Controls, 2: Allows all ActiveX Controls)","Name":"L_empty29","Option":"Write","ValueMap":[0,1,2],"Values":[0,1,2]},{"CIMType":"SInt32","Description":"Allow scripts in one-off Outlook forms (User) - Depends on L_OutlookSecurityMode (0: Disabled, 1: Enabled)","Name":"L_EnableScriptsInOneOffForms","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Remove file extensions blocked as Level 2 (User) - Depends on L_OutlookSecurityMode (0: Disabled, 1: Enabled)","Name":"L_Level2RemoveFilePolicy","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"String","Description":"Removed Extensions: (User)","Name":"L_removedextensions25","Option":"Write"},{"CIMType":"SInt32","Description":"Use Unicode format when dragging e-mail message to file system (User) - Depends on L_OutlookSecurityMode (0: Disabled, 1: Enabled)","Name":"L_MSGUnicodeformatwhendraggingtofilesystem","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Set Outlook object model custom actions execution prompt (User) - Depends on L_OutlookSecurityMode (0: Disabled, 1: Enabled)","Name":"L_OnExecuteCustomActionOOM","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"When executing a custom action: (User) (1: Prompt User, 2: Automatically Approve, 0: Automatically Deny, 3: Prompt user based on computer security)","Name":"L_OnExecuteCustomActionOOM_Setting","Option":"Write","ValueMap":[1,2,0,3],"Values":[1,2,0,3]},{"CIMType":"SInt32","Description":"Do not allow Outlook object model scripts to run for public folders (User) - Depends on L_OutlookSecurityMode (0: Disabled, 1: Enabled)","Name":"L_DisableOutlookobjectmodelscriptsforpublicfolders","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Include Internet in Safe Zones for Automatic Picture Download (User) - Depends on L_OutlookSecurityMode (0: Disabled, 1: Enabled)","Name":"L_BlockInternet","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Security setting for macros (User) - Depends on L_OutlookSecurityMode (0: Disabled, 1: Enabled)","Name":"L_SecurityLevelOutlook","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Security Level (User) (2: Always warn, 4: Never warn, disable all, 3: Warn for signed, disable unsigned, 1: No security check)","Name":"L_SecurityLevel","Option":"Write","ValueMap":[2,4,3,1],"Values":[2,4,3,1]},{"CIMType":"SInt32","Description":"Remove file extensions blocked as Level 1 (User) - Depends on L_OutlookSecurityMode (0: Disabled, 1: Enabled)","Name":"L_Level1RemoveFilePolicy","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"String","Description":"Removed Extensions: (User)","Name":"L_RemovedExtensions","Option":"Write"},{"CIMType":"SInt32","Description":"Signature Warning (User) - Depends on L_OutlookSecurityMode (0: Disabled, 1: Enabled)","Name":"L_SignatureWarning","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Signature Warning (User) (0: Let user decide if they want to be warned, 1: Always warn about invalid signatures, 2: Never warn about invalid signatures)","Name":"L_signaturewarning30","Option":"Write","ValueMap":[0,1,2],"Values":[0,1,2]},{"CIMType":"SInt32","Description":"Display Level 1 attachments (User) - Depends on L_OutlookSecurityMode (0: Disabled, 1: Enabled)","Name":"L_Level1Attachments","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Minimum encryption settings (User) - Depends on L_OutlookSecurityMode (0: Disabled, 1: Enabled)","Name":"L_Minimumencryptionsettings","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Minimum key size (in bits): (User)","Name":"L_Minimumkeysizeinbits","Option":"Write"},{"CIMType":"SInt32","Description":"Do not allow Outlook object model scripts to run for shared folders (User) - Depends on L_OutlookSecurityMode (0: Disabled, 1: Enabled)","Name":"L_DisableOutlookobjectmodelscripts","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Configure Outlook object model prompt when executing Save As (User) - Depends on L_OutlookSecurityMode (0: Disabled, 1: Enabled)","Name":"L_OOMSaveAs","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Guard behavior: (User) (1: Prompt User, 2: Automatically Approve, 0: Automatically Deny, 3: Prompt user based on computer security)","Name":"L_OOMSaveAs_Setting","Option":"Write","ValueMap":[1,2,0,3],"Values":[1,2,0,3]},{"CIMType":"SInt32","Description":"Junk E-mail protection level (User) - Depends on L_OutlookSecurityMode (0: Disabled, 1: Enabled)","Name":"L_JunkEmailprotectionlevel","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"String","Description":"Select level: (User) (4294967295: No Protection, 6: Low (Default), 3: High, 2147483648: Trusted Lists Only)","Name":"L_Selectlevel","Option":"Write","ValueMap":["4294967295","6","3","2147483648"],"Values":["4294967295","6","3","2147483648"]},{"CIMType":"SInt32","Description":"Run Programs (User) (0: Disabled, 1: Enabled)","Name":"L_RunPrograms","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":" - Depends on L_RunPrograms (0: disable (don't run any programs), 1: enable (prompt user before running), 2: enable all (run without prompting))","Name":"L_RunPrograms_L_Empty","Option":"Write","ValueMap":[0,1,2],"Values":[0,1,2]},{"CIMType":"SInt32","Description":"Scan encrypted macros in PowerPoint Open XML presentations (User) (0: Disabled, 1: Enabled)","Name":"L_Determinewhethertoforceencryptedppt","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":" - Depends on L_Determinewhethertoforceencryptedppt (0: Scan encrypted macros (default), 1: Scan if anti-virus software available, 2: Load macros without scanning)","Name":"L_DeterminewhethertoforceencryptedpptDropID","Option":"Write","ValueMap":[0,1,2],"Values":[0,1,2]},{"CIMType":"SInt32","Description":"Block macros from running in Office files from the Internet (User) (0: Disabled, 1: Enabled)","Name":"MicrosoftPowerPoint_Security_TrustCenter_L_BlockMacroExecutionFromInternet","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Disable Trust Bar Notification for unsigned application add-ins and block them (User) (Deprecated) (0: Disabled, 1: Enabled)","Name":"MicrosoftPowerPoint_Security_TrustCenter_L_DisableTrustBarNotificationforunsigned","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"PowerPoint 97-2003 presentations, shows, templates and add-in files (User) (0: Disabled, 1: Enabled)","Name":"L_PowerPoint972003PresentationsShowsTemplatesandAddInFiles","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"File block setting: (User) - Depends on L_PowerPoint972003PresentationsShowsTemplatesandAddInFiles (0: Do not block, 1: Save blocked, 2: Open/Save blocked, use open policy, 3: Block, 4: Open in Protected View, 5: Allow editing and open in Protected View)","Name":"L_PowerPoint972003PresentationsShowsTemplatesandAddInFilesDropID","Option":"Write","ValueMap":[0,1,2,3,4,5],"Values":[0,1,2,3,4,5]},{"CIMType":"SInt32","Description":"Set default file block behavior (User) (0: Disabled, 1: Enabled)","Name":"MicrosoftPowerPoint_Security_TrustCenterFileBlockSettings_L_SetDefaultFileBlockBehavior","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":" - Depends on MicrosoftPowerPoint_Security_TrustCenterFileBlockSettings_L_SetDefaultFileBlockBehavior (0: Blocked files are not opened, 1: Blocked files open in Protected View and can not be edited, 2: Blocked files open in Protected View and can be edited)","Name":"MicrosoftPowerPoint_Security_TrustCenterFileBlockSettings_L_SetDefaultFileBlockBehaviorDropID","Option":"Write","ValueMap":[0,1,2],"Values":[0,1,2]},{"CIMType":"SInt32","Description":"Do not open files from the Internet zone in Protected View (User) (0: Disabled, 1: Enabled)","Name":"MicrosoftPowerPoint_Security_TrustCenterProtectedView_L_DoNotOpenFilesFromTheInternetZoneInProtectedView","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Do not open files in unsafe locations in Protected View (User) (0: Disabled, 1: Enabled)","Name":"MicrosoftPowerPoint_Security_TrustCenterProtectedView_L_DoNotOpenFilesInUnsafeLocationsInProtectedView","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Set document behavior if file validation fails (User) (0: Disabled, 1: Enabled)","Name":"MicrosoftPowerPoint_Security_TrustCenterProtectedView_L_SetDocumentBehaviorIfFileValidationFails","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Checked: Allow edit.  Unchecked: Do not allow edit. (User) - Depends on MicrosoftPowerPoint_Security_TrustCenterProtectedView_L_SetDocumentBehaviorIfFileValidationFails (0: False, 1: True)","Name":"MicrosoftPowerPoint_Security_TrustCenterProtectedView_L_SetDocumentBehaviorIfFileValidationFailsStr3","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":" - Depends on MicrosoftPowerPoint_Security_TrustCenterProtectedView_L_SetDocumentBehaviorIfFileValidationFails (0: Block files, 1: Open in Protected View)","Name":"MicrosoftPowerPoint_Security_TrustCenterProtectedView_L_SetDocumentBehaviorIfFileValidationFailsDropID","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Turn off Protected View for attachments opened from Outlook (User) (0: Disabled, 1: Enabled)","Name":"MicrosoftPowerPoint_Security_TrustCenterProtectedView_L_TurnOffProtectedViewForAttachmentsOpenedFromOutlook","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Require that application add-ins are signed by Trusted Publisher (User) (0: Disabled, 1: Enabled)","Name":"MicrosoftPowerPoint_Security_TrustCenter_L_RequirethatApplicationExtensionsaresigned","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Disable Trust Bar Notification for unsigned application add-ins and block them (User) - Depends on MicrosoftPowerPoint_Security_TrustCenter_L_RequirethatApplicationExtensionsaresigned (0: Disabled, 1: Enabled)","Name":"MicrosoftPowerPoint_Security_TrustCenter_L_DisableTrustBarNotificationforunsigned_v2","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow Trusted Locations on the network (User) (0: Disabled, 1: Enabled)","Name":"MicrosoftPowerPoint_Security_TrustCenterTrustedLocations_L_AllowTrustedLocationsOnTheNetwork","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"VBA Macro Notification Settings (User) (0: Disabled, 1: Enabled)","Name":"MicrosoftPowerPoint_Security_TrustCenter_L_VBAWarningsPolicy","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":" - Depends on MicrosoftPowerPoint_Security_TrustCenter_L_VBAWarningsPolicy (2: Disable all with notification, 3: Disable all except digitally signed macros, 4: Disable all without notification, 1: Enable all macros (not recommended))","Name":"L_empty3","Option":"Write","ValueMap":[2,3,4,1],"Values":[2,3,4,1]},{"CIMType":"SInt32","Description":"Turn off file validation (User) (0: Disabled, 1: Enabled)","Name":"MicrosoftPowerPoint_Security_L_TurnOffFileValidation","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow Trusted Locations on the network (User) (0: Disabled, 1: Enabled)","Name":"MicrosoftProject_Security_TrustCenter_L_AllowTrustedLocationsOnTheNetwork","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Disable Trust Bar Notification for unsigned application add-ins and block them (User) (Deprecated) (0: Disabled, 1: Enabled)","Name":"MicrosoftProject_Security_TrustCenter_L_DisableTrustBarNotificationforunsigned","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Require that application add-ins are signed by Trusted Publisher (User) (0: Disabled, 1: Enabled)","Name":"MicrosoftProject_Security_TrustCenter_L_RequirethatApplicationExtensionsaresigned","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Disable Trust Bar Notification for unsigned application add-ins and block them (User) - Depends on MicrosoftProject_Security_TrustCenter_L_RequirethatApplicationExtensionsaresigned (0: Disabled, 1: Enabled)","Name":"MicrosoftProject_Security_TrustCenter_L_DisableTrustBarNotificationforunsigned_v2","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"VBA Macro Notification Settings (User) (0: Disabled, 1: Enabled)","Name":"MicrosoftProject_Security_TrustCenter_L_VBAWarningsPolicy","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":" - Depends on MicrosoftProject_Security_TrustCenter_L_VBAWarningsPolicy (2: Disable all with notification, 3: Disable all except digitally signed macros, 4: Disable all without notification, 1: Enable all macros (not recommended))","Name":"MicrosoftProject_Security_TrustCenter_L_VBAWarningsPolicy_L_Empty","Option":"Write","ValueMap":[2,3,4,1],"Values":[2,3,4,1]},{"CIMType":"SInt32","Description":"Publisher Automation Security Level (User) (0: Disabled, 1: Enabled)","Name":"L_PublisherAutomationSecurityLevel","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":" - Depends on L_PublisherAutomationSecurityLevel (1: Low (enabled), 2: By UI (prompted), 3: High (disabled))","Name":"L_PublisherAutomationSecurityLevel_L_Empty","Option":"Write","ValueMap":[1,2,3],"Values":[1,2,3]},{"CIMType":"SInt32","Description":"Block macros from running in Office files from the internet (User) (0: Disabled, 1: Enabled)","Name":"MicrosoftPublisherV3_Security_TrustCenter_L_BlockMacroExecutionFromInternet","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Disable Trust Bar Notification for unsigned application add-ins (User) (Deprecated) (0: Disabled, 1: Enabled)","Name":"MicrosoftPublisherV2_Security_TrustCenter_L_DisableTrustBarNotificationforunsigned","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Require that application add-ins are signed by Trusted Publisher (User) (0: Disabled, 1: Enabled)","Name":"MicrosoftPublisherV2_Security_TrustCenter_L_RequirethatApplicationExtensionsaresigned","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Disable Trust Bar Notification for unsigned application add-ins (User) - Depends on MicrosoftPublisherV2_Security_TrustCenter_L_RequirethatApplicationExtensionsaresigned (0: Disabled, 1: Enabled)","Name":"MicrosoftPublisherV2_Security_TrustCenter_L_DisableTrustBarNotificationforunsigned_v2","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"VBA Macro Notification Settings (User) (0: Disabled, 1: Enabled)","Name":"MicrosoftPublisherV2_Security_TrustCenter_L_VBAWarningsPolicy","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":" - Depends on MicrosoftPublisherV2_Security_TrustCenter_L_VBAWarningsPolicy (2: Disable all with notification, 3: Disable all except digitally signed macros, 4: Disable all without notification, 1: Enable all macros (not recommended))","Name":"L_empty0","Option":"Write","ValueMap":[2,3,4,1],"Values":[2,3,4,1]},{"CIMType":"SInt32","Description":"Allow Trusted Locations on the network (User) (0: Disabled, 1: Enabled)","Name":"MicrosoftVisio_Security_TrustCenter_L_AllowTrustedLocationsOnTheNetwork","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Block macros from running in Office files from the Internet (User) (0: Disabled, 1: Enabled)","Name":"MicrosoftVisio_Security_TrustCenter_L_BlockMacroExecutionFromInternet","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Disable Trust Bar Notification for unsigned application add-ins and block them (User) (Deprecated) (0: Disabled, 1: Enabled)","Name":"MicrosoftVisio_Security_TrustCenter_L_DisableTrustBarNotificationforunsigned","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Visio 2000-2002 Binary Drawings, Templates and Stencils (User) (0: Disabled, 1: Enabled)","Name":"L_Visio2000Files","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"File block setting: (User) - Depends on L_Visio2000Files (0: Do not block, 2: Open/Save blocked)","Name":"L_Visio2000FilesDropID","Option":"Write","ValueMap":[0,2],"Values":[0,2]},{"CIMType":"SInt32","Description":"Visio 2003-2010 Binary Drawings, Templates and Stencils (User) (0: Disabled, 1: Enabled)","Name":"L_Visio2003Files","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"File block setting: (User) - Depends on L_Visio2003Files (0: Do not block, 1: Save blocked, 2: Open/Save blocked)","Name":"L_Visio2003FilesDropID","Option":"Write","ValueMap":[0,1,2],"Values":[0,1,2]},{"CIMType":"SInt32","Description":"Visio 5.0 or earlier Binary Drawings, Templates and Stencils (User) (0: Disabled, 1: Enabled)","Name":"L_Visio50AndEarlierFiles","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"File block setting: (User) - Depends on L_Visio50AndEarlierFiles (0: Do not block, 2: Open/Save blocked)","Name":"L_Visio50AndEarlierFilesDropID","Option":"Write","ValueMap":[0,2],"Values":[0,2]},{"CIMType":"SInt32","Description":"Require that application add-ins are signed by Trusted Publisher (User) (0: Disabled, 1: Enabled)","Name":"MicrosoftVisio_Security_TrustCenter_L_RequirethatApplicationExtensionsaresigned","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Disable Trust Bar Notification for unsigned application add-ins and block them (User) - Depends on MicrosoftVisio_Security_TrustCenter_L_RequirethatApplicationExtensionsaresigned (0: Disabled, 1: Enabled)","Name":"MicrosoftVisio_Security_TrustCenter_L_DisableTrustBarNotificationforunsigned_v2","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"VBA Macro Notification Settings (User) (0: Disabled, 1: Enabled)","Name":"MicrosoftVisio_Security_TrustCenter_L_VBAWarningsPolicy","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":" - Depends on MicrosoftVisio_Security_TrustCenter_L_VBAWarningsPolicy (2: Disable all with notification, 3: Disable all except digitally signed macros, 4: Disable all without notification, 1: Enable all macros (not recommended))","Name":"MicrosoftVisio_Security_TrustCenter_L_VBAWarningsPolicy_L_Empty","Option":"Write","ValueMap":[2,3,4,1],"Values":[2,3,4,1]},{"CIMType":"SInt32","Description":"Block macros from running in Office files from the Internet (User) (0: Disabled, 1: Enabled)","Name":"MicrosoftWord_Security_TrustCenter_L_BlockMacroExecutionFromInternet","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Disable Trust Bar Notification for unsigned application add-ins and block them (User) (Deprecated) (0: Disabled, 1: Enabled)","Name":"MicrosoftWord_Security_TrustCenter_L_DisableTrustBarNotificationforunsigned","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Dynamic Data Exchange (User) (0: Disabled, 1: Enabled)","Name":"L_AllowDDE","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Dynamic Data Exchange setting (User) - Depends on L_AllowDDE (1: Limited Dynamic Data Exchange, 2: Allow Dynamic Data Exchange)","Name":"L_AllowDDEDropID","Option":"Write","ValueMap":[1,2],"Values":[1,2]},{"CIMType":"SInt32","Description":"Set default file block behavior (User) (0: Disabled, 1: Enabled)","Name":"MicrosoftWord_Security_TrustCenterFileBlockSettings_L_SetDefaultFileBlockBehavior","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":" - Depends on MicrosoftWord_Security_TrustCenterFileBlockSettings_L_SetDefaultFileBlockBehavior (0: Blocked files are not opened, 1: Blocked files open in Protected View and can not be edited, 2: Blocked files open in Protected View and can be edited)","Name":"MicrosoftWord_Security_TrustCenterFileBlockSettings_L_SetDefaultFileBlockBehaviorDropID","Option":"Write","ValueMap":[0,1,2],"Values":[0,1,2]},{"CIMType":"SInt32","Description":"Word 2 and earlier binary documents and templates (User) (0: Disabled, 1: Enabled)","Name":"L_Word2AndEarlierBinaryDocumentsAndTemplates","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"File block setting: (User) - Depends on L_Word2AndEarlierBinaryDocumentsAndTemplates (0: Do not block, 2: Open/Save blocked, use open policy, 3: Block, 4: Open in Protected View, 5: Allow editing and open in Protected View)","Name":"L_Word2AndEarlierBinaryDocumentsAndTemplatesDropID","Option":"Write","ValueMap":[0,2,3,4,5],"Values":[0,2,3,4,5]},{"CIMType":"SInt32","Description":"Word 2000 binary documents and templates (User) (0: Disabled, 1: Enabled)","Name":"L_Word2000BinaryDocumentsAndTemplates","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"File block setting: (User) - Depends on L_Word2000BinaryDocumentsAndTemplates (0: Do not block, 2: Open/Save blocked, use open policy, 3: Block, 4: Open in Protected View, 5: Allow editing and open in Protected View)","Name":"L_Word2000BinaryDocumentsAndTemplatesDropID","Option":"Write","ValueMap":[0,2,3,4,5],"Values":[0,2,3,4,5]},{"CIMType":"SInt32","Description":"Word 2003 binary documents and templates (User) (0: Disabled, 1: Enabled)","Name":"L_Word2003BinaryDocumentsAndTemplates","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"File block setting: (User) - Depends on L_Word2003BinaryDocumentsAndTemplates (0: Do not block, 2: Open/Save blocked, use open policy, 3: Block, 4: Open in Protected View, 5: Allow editing and open in Protected View)","Name":"L_Word2003BinaryDocumentsAndTemplatesDropID","Option":"Write","ValueMap":[0,2,3,4,5],"Values":[0,2,3,4,5]},{"CIMType":"SInt32","Description":"Word 2007 and later binary documents and templates (User) (0: Disabled, 1: Enabled)","Name":"L_Word2007AndLaterBinaryDocumentsAndTemplates","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"File block setting: (User) - Depends on L_Word2007AndLaterBinaryDocumentsAndTemplates (0: Do not block, 1: Save blocked, 2: Open/Save blocked, use open policy, 3: Block, 4: Open in Protected View, 5: Allow editing and open in Protected View)","Name":"L_Word2007AndLaterBinaryDocumentsAndTemplatesDropID","Option":"Write","ValueMap":[0,1,2,3,4,5],"Values":[0,1,2,3,4,5]},{"CIMType":"SInt32","Description":"Word 6.0 binary documents and templates (User) (0: Disabled, 1: Enabled)","Name":"L_Word6Pt0BinaryDocumentsAndTemplates","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"File block setting: (User) - Depends on L_Word6Pt0BinaryDocumentsAndTemplates (0: Do not block, 2: Open/Save blocked, use open policy, 3: Block, 4: Open in Protected View, 5: Allow editing and open in Protected View)","Name":"L_Word6Pt0BinaryDocumentsAndTemplatesDropID","Option":"Write","ValueMap":[0,2,3,4,5],"Values":[0,2,3,4,5]},{"CIMType":"SInt32","Description":"Word 95 binary documents and templates (User) (0: Disabled, 1: Enabled)","Name":"L_Word95BinaryDocumentsAndTemplates","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"File block setting: (User) - Depends on L_Word95BinaryDocumentsAndTemplates (0: Do not block, 2: Open/Save blocked, use open policy, 3: Block, 4: Open in Protected View, 5: Allow editing and open in Protected View)","Name":"L_Word95BinaryDocumentsAndTemplatesDropID","Option":"Write","ValueMap":[0,2,3,4,5],"Values":[0,2,3,4,5]},{"CIMType":"SInt32","Description":"Word 97 binary documents and templates (User) (0: Disabled, 1: Enabled)","Name":"L_Word97BinaryDocumentsAndTemplates","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"File block setting: (User) - Depends on L_Word97BinaryDocumentsAndTemplates (0: Do not block, 2: Open/Save blocked, use open policy, 3: Block, 4: Open in Protected View, 5: Allow editing and open in Protected View)","Name":"L_Word97BinaryDocumentsAndTemplatesDropID","Option":"Write","ValueMap":[0,2,3,4,5],"Values":[0,2,3,4,5]},{"CIMType":"SInt32","Description":"Word XP binary documents and templates (User) (0: Disabled, 1: Enabled)","Name":"L_WordXPBinaryDocumentsAndTemplates","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"File block setting: (User) - Depends on L_WordXPBinaryDocumentsAndTemplates (0: Do not block, 2: Open/Save blocked, use open policy, 3: Block, 4: Open in Protected View, 5: Allow editing and open in Protected View)","Name":"L_WordXPBinaryDocumentsAndTemplatesDropID","Option":"Write","ValueMap":[0,2,3,4,5],"Values":[0,2,3,4,5]},{"CIMType":"SInt32","Description":"Do not open files from the Internet zone in Protected View (User) (0: Disabled, 1: Enabled)","Name":"MicrosoftWord_Security_TrustCenterProtectedView_L_DoNotOpenFilesFromTheInternetZoneInProtectedView","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Do not open files in unsafe locations in Protected View (User) (0: Disabled, 1: Enabled)","Name":"MicrosoftWord_Security_TrustCenterProtectedView_L_DoNotOpenFilesInUnsafeLocationsInProtectedView","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Set document behavior if file validation fails (User) (0: Disabled, 1: Enabled)","Name":"MicrosoftWord_Security_TrustCenterProtectedView_L_SetDocumentBehaviorIfFileValidationFails","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":" - Depends on MicrosoftWord_Security_TrustCenterProtectedView_L_SetDocumentBehaviorIfFileValidationFails (0: Block files, 1: Open in Protected View)","Name":"MicrosoftWord_Security_TrustCenterProtectedView_L_SetDocumentBehaviorIfFileValidationFailsDropID","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Checked: Allow edit.  Unchecked: Do not allow edit. (User) - Depends on MicrosoftWord_Security_TrustCenterProtectedView_L_SetDocumentBehaviorIfFileValidationFails (0: False, 1: True)","Name":"MicrosoftWord_Security_TrustCenterProtectedView_L_SetDocumentBehaviorIfFileValidationFailsStr3","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Turn off Protected View for attachments opened from Outlook (User) (0: Disabled, 1: Enabled)","Name":"MicrosoftWord_Security_TrustCenterProtectedView_L_TurnOffProtectedViewForAttachmentsOpenedFromOutlook","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Require that application add-ins are signed by Trusted Publisher (User) (0: Disabled, 1: Enabled)","Name":"MicrosoftWord_Security_TrustCenter_L_RequirethatApplicationExtensionsaresigned","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Disable Trust Bar Notification for unsigned application add-ins and block them (User) - Depends on MicrosoftWord_Security_TrustCenter_L_RequirethatApplicationExtensionsaresigned (0: Disabled, 1: Enabled)","Name":"MicrosoftWord_Security_TrustCenter_L_DisableTrustBarNotificationforunsigned_v2","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Scan encrypted macros in Word Open XML documents (User) (0: Disabled, 1: Enabled)","Name":"L_DeterminewhethertoforceencryptedWord","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":" - Depends on L_DeterminewhethertoforceencryptedWord (0: Scan encrypted macros (default), 1: Scan if anti-virus software available, 2: Load macros without scanning)","Name":"L_DeterminewhethertoforceencryptedWordDropID","Option":"Write","ValueMap":[0,1,2],"Values":[0,1,2]},{"CIMType":"SInt32","Description":"VBA Macro Notification Settings (User) (0: Disabled, 1: Enabled)","Name":"MicrosoftWord_Security_TrustCenter_L_VBAWarningsPolicy","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":" - Depends on MicrosoftWord_Security_TrustCenter_L_VBAWarningsPolicy (2: Disable all with notification, 3: Disable all except digitally signed macros, 4: Disable all without notification, 1: Enable all macros (not recommended))","Name":"L_empty19","Option":"Write","ValueMap":[2,3,4,1],"Values":[2,3,4,1]},{"CIMType":"SInt32","Description":"Turn off file validation (User) (0: Disabled, 1: Enabled)","Name":"MicrosoftWord_Security_L_TurnOffFileValidation","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow Trusted Locations on the network (User) (0: Disabled, 1: Enabled)","Name":"MicrosoftWord_Security_TrustCenterTrustedLocations_L_AllowTrustedLocationsOnTheNetwork","Option":"Write","ValueMap":[0,1],"Values":[0,1]}],"Description":"Intune Security Baseline Microsoft365 Apps For Enterprise"},{"ClassName":"MSFT_IntuneSecurityBaselineMicrosoft365AppsForEnterprise","Parameters":[{"CIMType":"String","Description":"Policy description","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Policy name","Name":"DisplayName","Option":"Key"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphIntuneSettingsCatalogDeviceSettings_IntuneSecurityBaselineMicrosoft365AppsForEnterprise","Description":"The policy settings for the device scope","Name":"DeviceSettings","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphIntuneSettingsCatalogUserSettings_IntuneSecurityBaselineMicrosoft365AppsForEnterprise","Description":"The policy settings for the user scope","Name":"UserSettings","Option":"Write"},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Security Baseline Microsoft365 Apps For Enterprise"},{"ClassName":"MSFT_IntuneSecurityBaselineMicrosoftEdge","Parameters":[{"CIMType":"String","Description":"Policy description","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Policy name","Name":"DisplayName","Option":"Key"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"SInt32","Description":"Allow unconfigured sites to be reloaded in Internet Explorer mode (0: Disabled, 1: Enabled)","Name":"InternetExplorerIntegrationReloadInIEModeAllowed","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow users to proceed from the HTTPS warning page (0: Disabled, 1: Enabled)","Name":"SSLErrorOverrideAllowed","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Automatically open downloaded MHT or MHTML files from the web in Internet Explorer mode (0: Disabled, 1: Enabled)","Name":"InternetExplorerIntegrationZoneIdentifierMhtFileAllowed","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Dynamic Code Settings (0: Disabled, 1: Enabled)","Name":"edge_DynamicCodeSettings","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Dynamic Code Settings (Device) - Depends on edge_DynamicCodeSettings (0: Default dynamic code settings, 1: Prevent the browser process from creating dynamic code)","Name":"DynamicCodeSettings_DynamicCodeSettings","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Enable Application Bound Encryption (0: Disabled, 1: Enabled)","Name":"ApplicationBoundEncryptionEnabled","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Enable browser legacy extension point blocking (0: Disabled, 1: Enabled)","Name":"BrowserLegacyExtensionPointsBlockingEnabled","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Enable site isolation for every site (0: Disabled, 1: Enabled)","Name":"SitePerProcess","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Enhance images enabled (0: Disabled, 1: Enabled)","Name":"EdgeEnhanceImagesEnabled","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Control which extensions cannot be installed (0: Disabled, 1: Enabled)","Name":"ExtensionInstallBlocklist","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"String[]","Description":"Extension IDs the user should be prevented from installing (or * for all) (Device) - Depends on ExtensionInstallBlocklist","Name":"ExtensionInstallBlocklistDesc","Option":"Write"},{"CIMType":"SInt32","Description":"Force WebSQL to be enabled (0: Disabled, 1: Enabled)","Name":"WebSQLAccess","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow Basic authentication for HTTP (0: Disabled, 1: Enabled)","Name":"BasicAuthOverHttpEnabled","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Supported authentication schemes (0: Disabled, 1: Enabled)","Name":"MicrosoftEdge_HTTPAuthentication_AuthSchemes","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"String","Description":"Supported authentication schemes (Device) - Depends on MicrosoftEdge_HTTPAuthentication_AuthSchemes","Name":"AuthSchemes_AuthSchemes","Option":"Write"},{"CIMType":"SInt32","Description":"Allow user-level native messaging hosts (installed without admin permissions) (0: Disabled, 1: Enabled)","Name":"NativeMessagingUserLevelHosts","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Specifies whether to allow insecure websites to make requests to more-private network endpoints (0: Disabled, 1: Enabled)","Name":"InsecurePrivateNetworkRequestsAllowed","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Show the Reload in Internet Explorer mode button in the toolbar (0: Disabled, 1: Enabled)","Name":"InternetExplorerModeToolbarButtonEnabled","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Configure Microsoft Defender SmartScreen (0: Disabled, 1: Enabled)","Name":"SmartScreenEnabled","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Configure Microsoft Defender SmartScreen to block potentially unwanted apps (0: Disabled, 1: Enabled)","Name":"SmartScreenPuaEnabled","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Prevent bypassing Microsoft Defender SmartScreen prompts for sites (0: Disabled, 1: Enabled)","Name":"PreventSmartScreenPromptOverride","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Prevent bypassing of Microsoft Defender SmartScreen warnings about downloads (0: Disabled, 1: Enabled)","Name":"PreventSmartScreenPromptOverrideForFiles","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Specifies whether SharedArrayBuffers can be used in a non cross-origin-isolated context (0: Disabled, 1: Enabled)","Name":"SharedArrayBufferUnrestrictedAccessAllowed","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Configure Edge TyposquattingChecker (0: Disabled, 1: Enabled)","Name":"TyposquattingCheckerEnabled","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Security Baseline Microsoft Edge"},{"ClassName":"MSFT_MicrosoftGraphIntuneSettingsCatalogpol_hardenedpaths","Parameters":[{"CIMType":"String","Description":"Value","Name":"value","Option":"Write"},{"CIMType":"String","Description":"Name","Name":"key","Option":"Key"}],"Description":"Intune Security Baseline for Windows10"},{"ClassName":"MSFT_MicrosoftGraphIntuneSettingsCatalogDeviceSettings_IntuneSecurityBaselineWindows10","Parameters":[{"CIMType":"SInt32","Description":"Prevent enabling lock screen camera (0: Disabled, 1: Enabled)","Name":"CPL_Personalization_NoLockScreenCamera","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Prevent enabling lock screen slide show (0: Disabled, 1: Enabled)","Name":"CPL_Personalization_NoLockScreenSlideshow","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Apply UAC restrictions to local accounts on network logons (0: Disabled, 1: Enabled)","Name":"Pol_SecGuide_0201_LATFP","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Configure SMB v1 client driver (0: Disabled, 1: Enabled)","Name":"Pol_SecGuide_0002_SMBv1_ClientDriver","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Configure MrxSmb10 driver - Depends on Pol_SecGuide_0002_SMBv1_ClientDriver (4: Disable driver (recommended), 3: Manual start (default for Win7/2008/2008R2/2012), 2: Automatic start (default for Win8.1/2012R2/newer))","Name":"Pol_SecGuide_SMB1ClientDriver","Option":"Write","ValueMap":[4,3,2],"Values":[4,3,2]},{"CIMType":"SInt32","Description":"Configure SMB v1 server (0: Disabled, 1: Enabled)","Name":"Pol_SecGuide_0001_SMBv1_Server","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Enable Structured Exception Handling Overwrite Protection (SEHOP) (0: Disabled, 1: Enabled)","Name":"Pol_SecGuide_0102_SEHOP","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"WDigest Authentication (disabling may require KB2871997) (0: Disabled, 1: Enabled)","Name":"Pol_SecGuide_0202_WDigestAuthn","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"MSS: (DisableIPSourceRouting IPv6) IP source routing protection level (protects against packet spoofing) (0: Disabled, 1: Enabled)","Name":"Pol_MSS_DisableIPSourceRoutingIPv6","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"DisableIPSourceRoutingIPv6 (Device) - Depends on Pol_MSS_DisableIPSourceRoutingIPv6 (0: No additional protection, source routed packets are allowed, 1: Medium, source routed packets ignored when IP forwarding is enabled, 2: Highest protection, source routing is completely disabled)","Name":"DisableIPSourceRoutingIPv6","Option":"Write","ValueMap":[0,1,2],"Values":[0,1,2]},{"CIMType":"SInt32","Description":"MSS: (DisableIPSourceRouting) IP source routing protection level (protects against packet spoofing) (0: Disabled, 1: Enabled)","Name":"Pol_MSS_DisableIPSourceRouting","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"DisableIPSourceRouting (Device) - Depends on Pol_MSS_DisableIPSourceRouting (0: No additional protection, source routed packets are allowed, 1: Medium, source routed packets ignored when IP forwarding is enabled, 2: Highest protection, source routing is completely disabled)","Name":"DisableIPSourceRouting","Option":"Write","ValueMap":[0,1,2],"Values":[0,1,2]},{"CIMType":"SInt32","Description":"MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes (0: Disabled, 1: Enabled)","Name":"Pol_MSS_EnableICMPRedirect","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"MSS: (NoNameReleaseOnDemand) Allow the computer to ignore NetBIOS name release requests except from WINS servers (0: Disabled, 1: Enabled)","Name":"Pol_MSS_NoNameReleaseOnDemand","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Turn off multicast name resolution (0: Disabled, 1: Enabled)","Name":"Turn_Off_Multicast","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Prohibit use of Internet Connection Sharing on your DNS domain network (0: Disabled, 1: Enabled)","Name":"NC_ShowSharedAccessUI","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Hardened UNC Paths (0: Disabled, 1: Enabled)","Name":"hardeneduncpaths_Pol_HardenedPaths","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"MSFT_MicrosoftGraphIntuneSettingsCatalogpol_hardenedpaths[]","Description":"Hardened UNC Paths: (Device) - Depends on hardeneduncpaths_Pol_HardenedPaths","Name":"pol_hardenedpaths","Option":"Write"},{"CIMType":"SInt32","Description":"Prohibit connection to non-domain networks when connected to domain authenticated network (0: Disabled, 1: Enabled)","Name":"WCM_BlockNonDomain","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Configure Redirection Guard (0: Disabled, 1: Enabled)","Name":"ConfigureRedirectionGuardPolicy","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Redirection Guard Options (Device) - Depends on ConfigureRedirectionGuardPolicy (0: Redirection Guard Disabled, 1: Redirection Guard Enabled, 2: Redirection Guard Audit Only)","Name":"RedirectionGuardPolicy_Enum","Option":"Write","ValueMap":[0,1,2],"Values":[0,1,2]},{"CIMType":"SInt32","Description":"Configure RPC connection settings (0: Disabled, 1: Enabled)","Name":"ConfigureRpcConnectionPolicy","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Use authentication for outgoing RPC connections: (Device) - Depends on ConfigureRpcConnectionPolicy (0: Default, 1: Authentication enabled, 2: Authentication disabled)","Name":"RpcConnectionAuthentication_Enum","Option":"Write","ValueMap":[0,1,2],"Values":[0,1,2]},{"CIMType":"SInt32","Description":"Protocol to use for outgoing RPC connections: (Device) - Depends on ConfigureRpcConnectionPolicy (0: RPC over TCP, 1: RPC over named pipes)","Name":"RpcConnectionProtocol_Enum","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Configure RPC listener settings (0: Disabled, 1: Enabled)","Name":"ConfigureRpcListenerPolicy","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Authentication protocol to use for incoming RPC connections: (Device) - Depends on ConfigureRpcListenerPolicy (0: Negotiate, 1: Kerberos)","Name":"RpcAuthenticationProtocol_Enum","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Protocols to allow for incoming RPC connections: (Device) - Depends on ConfigureRpcListenerPolicy (3: RPC over named pipes, 5: RPC over TCP, 7: RPC over named pipes and TCP)","Name":"RpcListenerProtocols_Enum","Option":"Write","ValueMap":[3,5,7],"Values":[3,5,7]},{"CIMType":"SInt32","Description":"Configure RPC over TCP port (0: Disabled, 1: Enabled)","Name":"ConfigureRpcTcpPort","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"RPC over TCP port: (Device) - Depends on ConfigureRpcTcpPort","Name":"RpcTcpPort","Option":"Write"},{"CIMType":"SInt32","Description":"Limits print driver installation to Administrators (0: Disabled, 1: Enabled)","Name":"RestrictDriverInstallationToAdministrators","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Manage processing of Queue-specific files (0: Disabled, 1: Enabled)","Name":"ConfigureCopyFilesPolicy","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Manage processing of Queue-Specific files: (Device) - Depends on ConfigureCopyFilesPolicy (0: Do not allow Queue-specific files, 1: Limit Queue-specific files to Color profiles, 2: Allow all Queue-specific files)","Name":"CopyFilesPolicy_Enum","Option":"Write","ValueMap":[0,1,2],"Values":[0,1,2]},{"CIMType":"SInt32","Description":"Encryption Oracle Remediation (0: Disabled, 1: Enabled)","Name":"AllowEncryptionOracle","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Protection Level: (Device) - Depends on AllowEncryptionOracle (0: Force Updated Clients, 1: Mitigated, 2: Vulnerable)","Name":"AllowEncryptionOracleDrop","Option":"Write","ValueMap":[0,1,2],"Values":[0,1,2]},{"CIMType":"SInt32","Description":"Remote host allows delegation of non-exportable credentials (0: Disabled, 1: Enabled)","Name":"AllowProtectedCreds","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Prevent installation of devices using drivers that match these device setup classes (0: Disabled, 1: Enabled)","Name":"DeviceInstall_Classes_Deny","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"String[]","Description":"Prevented Classes - Depends on DeviceInstall_Classes_Deny","Name":"DeviceInstall_Classes_Deny_List","Option":"Write"},{"CIMType":"SInt32","Description":"Also apply to matching devices that are already installed. - Depends on DeviceInstall_Classes_Deny (0: False, 1: True)","Name":"DeviceInstall_Classes_Deny_Retroactive","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Boot-Start Driver Initialization Policy (0: Disabled, 1: Enabled)","Name":"POL_DriverLoadPolicy_Name","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Choose the boot-start drivers that can be initialized: - Depends on POL_DriverLoadPolicy_Name (8: Good only, 1: Good and unknown, 3: Good, unknown and bad but critical, 7: All)","Name":"SelectDriverLoadPolicy","Option":"Write","ValueMap":[8,1,3,7],"Values":[8,1,3,7]},{"CIMType":"SInt32","Description":"Configure registry policy processing (0: Disabled, 1: Enabled)","Name":"CSE_Registry","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Do not apply during periodic background processing (Device) - Depends on CSE_Registry (0: False, 1: True)","Name":"CSE_NOBACKGROUND10","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Process even if the Group Policy objects have not changed (Device) - Depends on CSE_Registry (0: False, 1: True)","Name":"CSE_NOCHANGES10","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Turn off downloading of print drivers over HTTP (0: Disabled, 1: Enabled)","Name":"DisableWebPnPDownload_2","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Turn off Internet download for Web publishing and online ordering wizards (0: Disabled, 1: Enabled)","Name":"ShellPreventWPWDownload_2","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow Custom SSPs and APs to be loaded into LSASS (0: Disabled, 1: Enabled)","Name":"AllowCustomSSPsAPs","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow standby states (S1-S3) when sleeping (on battery) (0: Disabled, 1: Enabled)","Name":"AllowStandbyStatesDC_2","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow standby states (S1-S3) when sleeping (plugged in) (0: Disabled, 1: Enabled)","Name":"AllowStandbyStatesAC_2","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Require a password when a computer wakes (on battery) (0: Disabled, 1: Enabled)","Name":"DCPromptForPasswordOnResume_2","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Require a password when a computer wakes (plugged in) (0: Disabled, 1: Enabled)","Name":"ACPromptForPasswordOnResume_2","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Configure Solicited Remote Assistance (0: Disabled, 1: Enabled)","Name":"RA_Solicit","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Maximum ticket time (units): - Depends on RA_Solicit (0: Minutes, 1: Hours, 2: Days)","Name":"RA_Solicit_ExpireUnits_List","Option":"Write","ValueMap":[0,1,2],"Values":[0,1,2]},{"CIMType":"SInt32","Description":"Maximum ticket time (value): - Depends on RA_Solicit","Name":"RA_Solicit_ExpireValue_Edt","Option":"Write"},{"CIMType":"SInt32","Description":"Permit remote control of this computer: - Depends on RA_Solicit (1: Allow helpers to remotely control the computer, 0: Allow helpers to only view the computer)","Name":"RA_Solicit_Control_List","Option":"Write","ValueMap":[1,0],"Values":[1,0]},{"CIMType":"SInt32","Description":"Method for sending email invitations: - Depends on RA_Solicit (0: Simple MAPI, 1: Mailto)","Name":"RA_Solicit_Mailto_List","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Restrict Unauthenticated RPC clients (0: Disabled, 1: Enabled)","Name":"RpcRestrictRemoteClients","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"RPC Runtime Unauthenticated Client Restriction to Apply: - Depends on RpcRestrictRemoteClients (0: None, 1: Authenticated, 2: Authenticated without exceptions)","Name":"RpcRestrictRemoteClientsList","Option":"Write","ValueMap":[0,1,2],"Values":[0,1,2]},{"CIMType":"SInt32","Description":"Allow Microsoft accounts to be optional (0: Disabled, 1: Enabled)","Name":"AppxRuntimeMicrosoftAccountsOptional","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Disallow Autoplay for non-volume devices (0: Disabled, 1: Enabled)","Name":"NoAutoplayfornonVolume","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Set the default behavior for AutoRun (0: Disabled, 1: Enabled)","Name":"NoAutorun","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Default AutoRun Behavior - Depends on NoAutorun (1: Do not execute any autorun commands, 2: Automatically execute autorun commands)","Name":"NoAutorun_Dropdown","Option":"Write","ValueMap":[1,2],"Values":[1,2]},{"CIMType":"SInt32","Description":"Turn off Autoplay (0: Disabled, 1: Enabled)","Name":"Autorun","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Turn off Autoplay on: - Depends on Autorun (181: CD-ROM and removable media drives, 255: All drives)","Name":"Autorun_Box","Option":"Write","ValueMap":[181,255],"Values":[181,255]},{"CIMType":"SInt32","Description":"Deny write access to fixed drives not protected by BitLocker (0: Disabled, 1: Enabled)","Name":"FDVDenyWriteAccess_Name","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Deny write access to removable drives not protected by BitLocker (0: Disabled, 1: Enabled)","Name":"RDVDenyWriteAccess_Name","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Do not allow write access to devices configured in another organization - Depends on RDVDenyWriteAccess_Name (0: False, 1: True)","Name":"RDVCrossOrg","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Enumerate administrator accounts on elevation (0: Disabled, 1: Enabled)","Name":"EnumerateAdministrators","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Specify the maximum log file size (KB) (0: Disabled, 1: Enabled)","Name":"Channel_LogMaxSize_1","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Maximum Log Size (KB) - Depends on Channel_LogMaxSize_1","Name":"Channel_LogMaxSize_1_Channel_LogMaxSize","Option":"Write"},{"CIMType":"SInt32","Description":"Specify the maximum log file size (KB) (0: Disabled, 1: Enabled)","Name":"Channel_LogMaxSize_2","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Maximum Log Size (KB) - Depends on Channel_LogMaxSize_2","Name":"Channel_LogMaxSize_2_Channel_LogMaxSize","Option":"Write"},{"CIMType":"SInt32","Description":"Specify the maximum log file size (KB) (0: Disabled, 1: Enabled)","Name":"Channel_LogMaxSize_4","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Maximum Log Size (KB) - Depends on Channel_LogMaxSize_4","Name":"Channel_LogMaxSize_4_Channel_LogMaxSize","Option":"Write"},{"CIMType":"SInt32","Description":"Configure Windows Defender SmartScreen (0: Disabled, 1: Enabled)","Name":"EnableSmartScreen","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"String","Description":"Pick one of the following settings: (Device) - Depends on EnableSmartScreen (block: Warn and prevent bypass, warn: Warn)","Name":"EnableSmartScreenDropdown","Option":"Write","ValueMap":["block","warn"],"Values":["block","warn"]},{"CIMType":"SInt32","Description":"Turn off Data Execution Prevention for Explorer (0: Disabled, 1: Enabled)","Name":"NoDataExecutionPrevention","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Turn off heap termination on corruption (0: Disabled, 1: Enabled)","Name":"NoHeapTerminationOnCorruption","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow software to run or install even if the signature is invalid (0: Disabled, 1: Enabled)","Name":"Advanced_InvalidSignatureBlock","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Check for server certificate revocation (0: Disabled, 1: Enabled)","Name":"Advanced_CertificateRevocation","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Check for signatures on downloaded programs (0: Disabled, 1: Enabled)","Name":"Advanced_DownloadSignatures","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Do not allow ActiveX controls to run in Protected Mode when Enhanced Protected Mode is enabled (0: Disabled, 1: Enabled)","Name":"Advanced_DisableEPMCompat","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Turn off encryption support (0: Disabled, 1: Enabled)","Name":"Advanced_SetWinInetProtocols","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"String","Description":"Secure Protocol combinations - Depends on Advanced_SetWinInetProtocols (0: Use no secure protocols, 8: Only use SSL 2.0, 32: Only use SSL 3.0, 40: Use SSL 2.0 and SSL 3.0, 128: Only use TLS 1.0, 136: Use SSL 2.0 and TLS 1.0, 160: Use SSL 3.0 and TLS 1.0, 168: Use SSL 2.0, SSL 3.0, and TLS 1.0, 512: Only use TLS 1.1, 520: Use SSL 2.0 and TLS 1.1, 544: Use SSL 3.0 and TLS 1.1, 552: Use SSL 2.0, SSL 3.0, and TLS 1.1, 640: Use TLS 1.0 and TLS 1.1, 648: Use SSL 2.0, TLS 1.0, and TLS 1.1, 672: Use SSL 3.0, TLS 1.0, and TLS 1.1, 680: Use SSL 2.0, SSL 3.0, TLS 1.0, and TLS 1.1, 2048: Only use TLS 1.2, 2056: Use SSL 2.0 and TLS 1.2, 2080: Use SSL 3.0 and TLS 1.2, 2088: Use SSL 2.0, SSL 3.0, and TLS 1.2, 2176: Use TLS 1.0 and TLS 1.2, 2184: Use SSL 2.0, TLS 1.0, and TLS 1.2, 2208: Use SSL 3.0, TLS 1.0, and TLS 1.2, 2216: Use SSL 2.0, SSL 3.0, TLS 1.0, and TLS 1.2, 2560: Use TLS 1.1 and TLS 1.2, 2568: Use SSL 2.0, TLS 1.1, and TLS 1.2, 2592: Use SSL 3.0, TLS 1.1, and TLS 1.2, 2600: Use SSL 2.0, SSL 3.0, TLS 1.1, and TLS 1.2, 2688: Use TLS 1.0, TLS 1.1, and TLS 1.2, 2696: Use SSL 2.0, TLS 1.0, TLS 1.1, and TLS 1.2, 2720: Use SSL 3.0, TLS 1.0, TLS 1.1, and TLS 1.2, 2728: Use SSL 2.0, SSL 3.0, TLS 1.0, TLS 1.1, and TLS 1.2, 8192: Only use TLS 1.3, 10240: Use TLS 1.2 and TLS 1.3, 10752: Use TLS 1.1, TLS 1.2, and TLS 1.3, 10880: Use TLS 1.0, TLS 1.1, TLS 1.2, and TLS 1.3, 10912: Use SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2, and TLS 1.3)","Name":"Advanced_WinInetProtocolOptions","Option":"Write","ValueMap":["0","8","32","40","128","136","160","168","512","520","544","552","640","648","672","680","2048","2056","2080","2088","2176","2184","2208","2216","2560","2568","2592","2600","2688","2696","2720","2728","8192","10240","10752","10880","10912"],"Values":["0","8","32","40","128","136","160","168","512","520","544","552","640","648","672","680","2048","2056","2080","2088","2176","2184","2208","2216","2560","2568","2592","2600","2688","2696","2720","2728","8192","10240","10752","10880","10912"]},{"CIMType":"SInt32","Description":"Turn on 64-bit tab processes when running in Enhanced Protected Mode on 64-bit versions of Windows (0: Disabled, 1: Enabled)","Name":"Advanced_EnableEnhancedProtectedMode64Bit","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Turn on Enhanced Protected Mode (0: Disabled, 1: Enabled)","Name":"Advanced_EnableEnhancedProtectedMode","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Prevent ignoring certificate errors (0: Disabled, 1: Enabled)","Name":"NoCertError","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Access data sources across domains (0: Disabled, 1: Enabled)","Name":"IZ_PolicyAccessDataSourcesAcrossDomains_1","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Access data sources across domains - Depends on IZ_PolicyAccessDataSourcesAcrossDomains_1 (0: Enable, 3: Disable, 1: Prompt)","Name":"IZ_PolicyAccessDataSourcesAcrossDomains_1_IZ_Partname1406","Option":"Write","ValueMap":[0,3,1],"Values":[0,3,1]},{"CIMType":"SInt32","Description":"Allow cut, copy or paste operations from the clipboard via script (0: Disabled, 1: Enabled)","Name":"IZ_PolicyAllowPasteViaScript_1","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow paste operations via script - Depends on IZ_PolicyAllowPasteViaScript_1 (0: Enable, 3: Disable, 1: Prompt)","Name":"IZ_PolicyAllowPasteViaScript_1_IZ_Partname1407","Option":"Write","ValueMap":[0,3,1],"Values":[0,3,1]},{"CIMType":"SInt32","Description":"Allow drag and drop or copy and paste files (0: Disabled, 1: Enabled)","Name":"IZ_PolicyDropOrPasteFiles_1","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow drag and drop or copy and paste files - Depends on IZ_PolicyDropOrPasteFiles_1 (0: Enable, 3: Disable, 1: Prompt)","Name":"IZ_PolicyDropOrPasteFiles_1_IZ_Partname1802","Option":"Write","ValueMap":[0,3,1],"Values":[0,3,1]},{"CIMType":"SInt32","Description":"Allow loading of XAML files (0: Disabled, 1: Enabled)","Name":"IZ_Policy_XAML_1","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"XAML Files - Depends on IZ_Policy_XAML_1 (0: Enable, 3: Disable, 1: Prompt)","Name":"IZ_Policy_XAML_1_IZ_Partname2402","Option":"Write","ValueMap":[0,3,1],"Values":[0,3,1]},{"CIMType":"SInt32","Description":"Allow only approved domains to use ActiveX controls without prompt (0: Disabled, 1: Enabled)","Name":"IZ_PolicyOnlyAllowApprovedDomainsToUseActiveXWithoutPrompt_Both_Internet","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Only allow approved domains to use ActiveX controls without prompt - Depends on IZ_PolicyOnlyAllowApprovedDomainsToUseActiveXWithoutPrompt_Both_Internet (3: Enable, 0: Disable)","Name":"IZ_PolicyOnlyAllowApprovedDomainsToUseActiveXWithoutPrompt_Both_Internet_IZ_Partname120b","Option":"Write","ValueMap":[3,0],"Values":[3,0]},{"CIMType":"SInt32","Description":"Allow only approved domains to use the TDC ActiveX control (0: Disabled, 1: Enabled)","Name":"IZ_PolicyAllowTDCControl_Both_Internet","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Only allow approved domains to use the TDC ActiveX control - Depends on IZ_PolicyAllowTDCControl_Both_Internet (3: Enable, 0: Disable)","Name":"IZ_PolicyAllowTDCControl_Both_Internet_IZ_Partname120c","Option":"Write","ValueMap":[3,0],"Values":[3,0]},{"CIMType":"SInt32","Description":"Allow script-initiated windows without size or position constraints (0: Disabled, 1: Enabled)","Name":"IZ_PolicyWindowsRestrictionsURLaction_1","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow script-initiated windows without size or position constraints - Depends on IZ_PolicyWindowsRestrictionsURLaction_1 (0: Enable, 3: Disable)","Name":"IZ_PolicyWindowsRestrictionsURLaction_1_IZ_Partname2102","Option":"Write","ValueMap":[0,3],"Values":[0,3]},{"CIMType":"SInt32","Description":"Allow scripting of Internet Explorer WebBrowser controls (0: Disabled, 1: Enabled)","Name":"IZ_Policy_WebBrowserControl_1","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Internet Explorer web browser control - Depends on IZ_Policy_WebBrowserControl_1 (0: Enable, 3: Disable)","Name":"IZ_Policy_WebBrowserControl_1_IZ_Partname1206","Option":"Write","ValueMap":[0,3],"Values":[0,3]},{"CIMType":"SInt32","Description":"Allow scriptlets (0: Disabled, 1: Enabled)","Name":"IZ_Policy_AllowScriptlets_1","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Scriptlets - Depends on IZ_Policy_AllowScriptlets_1 (0: Enable, 3: Disable)","Name":"IZ_Policy_AllowScriptlets_1_IZ_Partname1209","Option":"Write","ValueMap":[0,3],"Values":[0,3]},{"CIMType":"SInt32","Description":"Allow updates to status bar via script (0: Disabled, 1: Enabled)","Name":"IZ_Policy_ScriptStatusBar_1","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Status bar updates via script - Depends on IZ_Policy_ScriptStatusBar_1 (0: Enable, 3: Disable)","Name":"IZ_Policy_ScriptStatusBar_1_IZ_Partname2103","Option":"Write","ValueMap":[0,3],"Values":[0,3]},{"CIMType":"SInt32","Description":"Allow VBScript to run in Internet Explorer (0: Disabled, 1: Enabled)","Name":"IZ_PolicyAllowVBScript_1","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow VBScript to run in Internet Explorer - Depends on IZ_PolicyAllowVBScript_1 (0: Enable, 3: Disable, 1: Prompt)","Name":"IZ_PolicyAllowVBScript_1_IZ_Partname140C","Option":"Write","ValueMap":[0,3,1],"Values":[0,3,1]},{"CIMType":"SInt32","Description":"Automatic prompting for file downloads (0: Disabled, 1: Enabled)","Name":"IZ_PolicyNotificationBarDownloadURLaction_1","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Automatic prompting for file downloads - Depends on IZ_PolicyNotificationBarDownloadURLaction_1 (0: Enable, 3: Disable)","Name":"IZ_PolicyNotificationBarDownloadURLaction_1_IZ_Partname2200","Option":"Write","ValueMap":[0,3],"Values":[0,3]},{"CIMType":"SInt32","Description":"Don't run antimalware programs against ActiveX controls (0: Disabled, 1: Enabled)","Name":"IZ_PolicyAntiMalwareCheckingOfActiveXControls_1","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Don't run antimalware programs against ActiveX controls - Depends on IZ_PolicyAntiMalwareCheckingOfActiveXControls_1 (3: Enable, 0: Disable)","Name":"IZ_PolicyAntiMalwareCheckingOfActiveXControls_1_IZ_Partname270C","Option":"Write","ValueMap":[3,0],"Values":[3,0]},{"CIMType":"SInt32","Description":"Download signed ActiveX controls (0: Disabled, 1: Enabled)","Name":"IZ_PolicyDownloadSignedActiveX_1","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Download signed ActiveX controls - Depends on IZ_PolicyDownloadSignedActiveX_1 (0: Enable, 3: Disable, 1: Prompt)","Name":"IZ_PolicyDownloadSignedActiveX_1_IZ_Partname1001","Option":"Write","ValueMap":[0,3,1],"Values":[0,3,1]},{"CIMType":"SInt32","Description":"Download unsigned ActiveX controls (0: Disabled, 1: Enabled)","Name":"IZ_PolicyDownloadUnsignedActiveX_1","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Download unsigned ActiveX controls - Depends on IZ_PolicyDownloadUnsignedActiveX_1 (0: Enable, 3: Disable, 1: Prompt)","Name":"IZ_PolicyDownloadUnsignedActiveX_1_IZ_Partname1004","Option":"Write","ValueMap":[0,3,1],"Values":[0,3,1]},{"CIMType":"SInt32","Description":"Enable dragging of content from different domains across windows (0: Disabled, 1: Enabled)","Name":"IZ_PolicyDragDropAcrossDomainsAcrossWindows_Both_Internet","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Enable dragging of content from different domains across windows - Depends on IZ_PolicyDragDropAcrossDomainsAcrossWindows_Both_Internet (0: Enable, 3: Disable)","Name":"IZ_PolicyDragDropAcrossDomainsAcrossWindows_Both_Internet_IZ_Partname2709","Option":"Write","ValueMap":[0,3],"Values":[0,3]},{"CIMType":"SInt32","Description":"Enable dragging of content from different domains within a window (0: Disabled, 1: Enabled)","Name":"IZ_PolicyDragDropAcrossDomainsWithinWindow_Both_Internet","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Enable dragging of content from different domains within a window - Depends on IZ_PolicyDragDropAcrossDomainsWithinWindow_Both_Internet (0: Enable, 3: Disable)","Name":"IZ_PolicyDragDropAcrossDomainsWithinWindow_Both_Internet_IZ_Partname2708","Option":"Write","ValueMap":[0,3],"Values":[0,3]},{"CIMType":"SInt32","Description":"Include local path when user is uploading files to a server (0: Disabled, 1: Enabled)","Name":"IZ_Policy_LocalPathForUpload_1","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Include local directory path when uploading files to a server - Depends on IZ_Policy_LocalPathForUpload_1 (0: Enable, 3: Disable)","Name":"IZ_Policy_LocalPathForUpload_1_IZ_Partname160A","Option":"Write","ValueMap":[0,3],"Values":[0,3]},{"CIMType":"SInt32","Description":"Initialize and script ActiveX controls not marked as safe (0: Disabled, 1: Enabled)","Name":"IZ_PolicyScriptActiveXNotMarkedSafe_1","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Initialize and script ActiveX controls not marked as safe - Depends on IZ_PolicyScriptActiveXNotMarkedSafe_1 (0: Enable, 3: Disable, 1: Prompt)","Name":"IZ_PolicyScriptActiveXNotMarkedSafe_1_IZ_Partname1201","Option":"Write","ValueMap":[0,3,1],"Values":[0,3,1]},{"CIMType":"SInt32","Description":"Java permissions (0: Disabled, 1: Enabled)","Name":"IZ_PolicyJavaPermissions_1","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"String","Description":"Java permissions - Depends on IZ_PolicyJavaPermissions_1 (65536: High safety, 131072: Medium safety, 196608: Low safety, 8388608: Custom, 0: Disable Java)","Name":"IZ_PolicyJavaPermissions_1_IZ_Partname1C00","Option":"Write","ValueMap":["65536","131072","196608","8388608","0"],"Values":["65536","131072","196608","8388608","0"]},{"CIMType":"SInt32","Description":"Launching applications and files in an IFRAME (0: Disabled, 1: Enabled)","Name":"IZ_PolicyLaunchAppsAndFilesInIFRAME_1","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Launching applications and files in an IFRAME - Depends on IZ_PolicyLaunchAppsAndFilesInIFRAME_1 (0: Enable, 3: Disable, 1: Prompt)","Name":"IZ_PolicyLaunchAppsAndFilesInIFRAME_1_IZ_Partname1804","Option":"Write","ValueMap":[0,3,1],"Values":[0,3,1]},{"CIMType":"SInt32","Description":"Logon options (0: Disabled, 1: Enabled)","Name":"IZ_PolicyLogon_1","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"String","Description":"Logon options - Depends on IZ_PolicyLogon_1 (196608: Anonymous logon, 131072: Automatic logon only in Intranet zone, 0: Automatic logon with current username and password, 65536: Prompt for user name and password)","Name":"IZ_PolicyLogon_1_IZ_Partname1A00","Option":"Write","ValueMap":["196608","131072","0","65536"],"Values":["196608","131072","0","65536"]},{"CIMType":"SInt32","Description":"Navigate windows and frames across different domains (0: Disabled, 1: Enabled)","Name":"IZ_PolicyNavigateSubframesAcrossDomains_1","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Navigate windows and frames across different domains - Depends on IZ_PolicyNavigateSubframesAcrossDomains_1 (0: Enable, 3: Disable, 1: Prompt)","Name":"IZ_PolicyNavigateSubframesAcrossDomains_1_IZ_Partname1607","Option":"Write","ValueMap":[0,3,1],"Values":[0,3,1]},{"CIMType":"SInt32","Description":"Run .NET Framework-reliant components not signed with Authenticode (0: Disabled, 1: Enabled)","Name":"IZ_PolicyUnsignedFrameworkComponentsURLaction_1","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Run .NET Framework-reliant components not signed with Authenticode - Depends on IZ_PolicyUnsignedFrameworkComponentsURLaction_1 (0: Enable, 3: Disable, 1: Prompt)","Name":"IZ_PolicyUnsignedFrameworkComponentsURLaction_1_IZ_Partname2004","Option":"Write","ValueMap":[0,3,1],"Values":[0,3,1]},{"CIMType":"SInt32","Description":"Run .NET Framework-reliant components signed with Authenticode (0: Disabled, 1: Enabled)","Name":"IZ_PolicySignedFrameworkComponentsURLaction_1","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Run .NET Framework-reliant components signed with Authenticode - Depends on IZ_PolicySignedFrameworkComponentsURLaction_1 (0: Enable, 3: Disable, 1: Prompt)","Name":"IZ_PolicySignedFrameworkComponentsURLaction_1_IZ_Partname2001","Option":"Write","ValueMap":[0,3,1],"Values":[0,3,1]},{"CIMType":"SInt32","Description":"Show security warning for potentially unsafe files (0: Disabled, 1: Enabled)","Name":"IZ_Policy_UnsafeFiles_1","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Launching programs and unsafe files - Depends on IZ_Policy_UnsafeFiles_1 (0: Enable, 3: Disable, 1: Prompt)","Name":"IZ_Policy_UnsafeFiles_1_IZ_Partname1806","Option":"Write","ValueMap":[0,3,1],"Values":[0,3,1]},{"CIMType":"SInt32","Description":"Turn on Cross-Site Scripting Filter (0: Disabled, 1: Enabled)","Name":"IZ_PolicyTurnOnXSSFilter_Both_Internet","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Turn on Cross-Site Scripting (XSS) Filter - Depends on IZ_PolicyTurnOnXSSFilter_Both_Internet (0: Enable, 3: Disable)","Name":"IZ_PolicyTurnOnXSSFilter_Both_Internet_IZ_Partname1409","Option":"Write","ValueMap":[0,3],"Values":[0,3]},{"CIMType":"SInt32","Description":"Turn on Protected Mode (0: Disabled, 1: Enabled)","Name":"IZ_Policy_TurnOnProtectedMode_1","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Protected Mode - Depends on IZ_Policy_TurnOnProtectedMode_1 (0: Enable, 3: Disable)","Name":"IZ_Policy_TurnOnProtectedMode_1_IZ_Partname2500","Option":"Write","ValueMap":[0,3],"Values":[0,3]},{"CIMType":"SInt32","Description":"Turn on SmartScreen Filter scan (0: Disabled, 1: Enabled)","Name":"IZ_Policy_Phishing_1","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Use SmartScreen Filter - Depends on IZ_Policy_Phishing_1 (0: Enable, 3: Disable)","Name":"IZ_Policy_Phishing_1_IZ_Partname2301","Option":"Write","ValueMap":[0,3],"Values":[0,3]},{"CIMType":"SInt32","Description":"Use Pop-up Blocker (0: Disabled, 1: Enabled)","Name":"IZ_PolicyBlockPopupWindows_1","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Use Pop-up Blocker - Depends on IZ_PolicyBlockPopupWindows_1 (0: Enable, 3: Disable)","Name":"IZ_PolicyBlockPopupWindows_1_IZ_Partname1809","Option":"Write","ValueMap":[0,3],"Values":[0,3]},{"CIMType":"SInt32","Description":"Userdata persistence (0: Disabled, 1: Enabled)","Name":"IZ_PolicyUserdataPersistence_1","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Userdata persistence - Depends on IZ_PolicyUserdataPersistence_1 (0: Enable, 3: Disable)","Name":"IZ_PolicyUserdataPersistence_1_IZ_Partname1606","Option":"Write","ValueMap":[0,3],"Values":[0,3]},{"CIMType":"SInt32","Description":"Web sites in less privileged Web content zones can navigate into this zone (0: Disabled, 1: Enabled)","Name":"IZ_PolicyZoneElevationURLaction_1","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Web sites in less privileged Web content zones can navigate into this zone - Depends on IZ_PolicyZoneElevationURLaction_1 (0: Enable, 3: Disable, 1: Prompt)","Name":"IZ_PolicyZoneElevationURLaction_1_IZ_Partname2101","Option":"Write","ValueMap":[0,3,1],"Values":[0,3,1]},{"CIMType":"SInt32","Description":"Intranet Sites: Include all network paths (UNCs) (0: Disabled, 1: Enabled)","Name":"IZ_UNCAsIntranet","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Don't run antimalware programs against ActiveX controls (0: Disabled, 1: Enabled)","Name":"IZ_PolicyAntiMalwareCheckingOfActiveXControls_3","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Don't run antimalware programs against ActiveX controls - Depends on IZ_PolicyAntiMalwareCheckingOfActiveXControls_3 (3: Enable, 0: Disable)","Name":"IZ_PolicyAntiMalwareCheckingOfActiveXControls_3_IZ_Partname270C","Option":"Write","ValueMap":[3,0],"Values":[3,0]},{"CIMType":"SInt32","Description":"Initialize and script ActiveX controls not marked as safe (0: Disabled, 1: Enabled)","Name":"IZ_PolicyScriptActiveXNotMarkedSafe_3","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Initialize and script ActiveX controls not marked as safe - Depends on IZ_PolicyScriptActiveXNotMarkedSafe_3 (0: Enable, 3: Disable, 1: Prompt)","Name":"IZ_PolicyScriptActiveXNotMarkedSafe_3_IZ_Partname1201","Option":"Write","ValueMap":[0,3,1],"Values":[0,3,1]},{"CIMType":"SInt32","Description":"Java permissions (0: Disabled, 1: Enabled)","Name":"IZ_PolicyJavaPermissions_3","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"String","Description":"Java permissions - Depends on IZ_PolicyJavaPermissions_3 (65536: High safety, 131072: Medium safety, 196608: Low safety, 8388608: Custom, 0: Disable Java)","Name":"IZ_PolicyJavaPermissions_3_IZ_Partname1C00","Option":"Write","ValueMap":["65536","131072","196608","8388608","0"],"Values":["65536","131072","196608","8388608","0"]},{"CIMType":"SInt32","Description":"Don't run antimalware programs against ActiveX controls (0: Disabled, 1: Enabled)","Name":"IZ_PolicyAntiMalwareCheckingOfActiveXControls_9","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Don't run antimalware programs against ActiveX controls - Depends on IZ_PolicyAntiMalwareCheckingOfActiveXControls_9 (3: Enable, 0: Disable)","Name":"IZ_PolicyAntiMalwareCheckingOfActiveXControls_9_IZ_Partname270C","Option":"Write","ValueMap":[3,0],"Values":[3,0]},{"CIMType":"SInt32","Description":"Java permissions (0: Disabled, 1: Enabled)","Name":"IZ_PolicyJavaPermissions_9","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"String","Description":"Java permissions - Depends on IZ_PolicyJavaPermissions_9 (65536: High safety, 131072: Medium safety, 196608: Low safety, 8388608: Custom, 0: Disable Java)","Name":"IZ_PolicyJavaPermissions_9_IZ_Partname1C00","Option":"Write","ValueMap":["65536","131072","196608","8388608","0"],"Values":["65536","131072","196608","8388608","0"]},{"CIMType":"SInt32","Description":"Turn on SmartScreen Filter scan (0: Disabled, 1: Enabled)","Name":"IZ_Policy_Phishing_2","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Use SmartScreen Filter - Depends on IZ_Policy_Phishing_2 (0: Enable, 3: Disable)","Name":"IZ_Policy_Phishing_2_IZ_Partname2301","Option":"Write","ValueMap":[0,3],"Values":[0,3]},{"CIMType":"SInt32","Description":"Java permissions (0: Disabled, 1: Enabled)","Name":"IZ_PolicyJavaPermissions_4","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"String","Description":"Java permissions - Depends on IZ_PolicyJavaPermissions_4 (65536: High safety, 131072: Medium safety, 196608: Low safety, 8388608: Custom, 0: Disable Java)","Name":"IZ_PolicyJavaPermissions_4_IZ_Partname1C00","Option":"Write","ValueMap":["65536","131072","196608","8388608","0"],"Values":["65536","131072","196608","8388608","0"]},{"CIMType":"SInt32","Description":"Java permissions (0: Disabled, 1: Enabled)","Name":"IZ_PolicyJavaPermissions_10","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"String","Description":"Java permissions - Depends on IZ_PolicyJavaPermissions_10 (65536: High safety, 131072: Medium safety, 196608: Low safety, 8388608: Custom, 0: Disable Java)","Name":"IZ_PolicyJavaPermissions_10_IZ_Partname1C00","Option":"Write","ValueMap":["65536","131072","196608","8388608","0"],"Values":["65536","131072","196608","8388608","0"]},{"CIMType":"SInt32","Description":"Java permissions (0: Disabled, 1: Enabled)","Name":"IZ_PolicyJavaPermissions_8","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"String","Description":"Java permissions - Depends on IZ_PolicyJavaPermissions_8 (65536: High safety, 131072: Medium safety, 196608: Low safety, 8388608: Custom, 0: Disable Java)","Name":"IZ_PolicyJavaPermissions_8_IZ_Partname1C00","Option":"Write","ValueMap":["65536","131072","196608","8388608","0"],"Values":["65536","131072","196608","8388608","0"]},{"CIMType":"SInt32","Description":"Turn on SmartScreen Filter scan (0: Disabled, 1: Enabled)","Name":"IZ_Policy_Phishing_8","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Use SmartScreen Filter - Depends on IZ_Policy_Phishing_8 (0: Enable, 3: Disable)","Name":"IZ_Policy_Phishing_8_IZ_Partname2301","Option":"Write","ValueMap":[0,3],"Values":[0,3]},{"CIMType":"SInt32","Description":"Java permissions (0: Disabled, 1: Enabled)","Name":"IZ_PolicyJavaPermissions_6","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"String","Description":"Java permissions - Depends on IZ_PolicyJavaPermissions_6 (65536: High safety, 131072: Medium safety, 196608: Low safety, 8388608: Custom, 0: Disable Java)","Name":"IZ_PolicyJavaPermissions_6_IZ_Partname1C00","Option":"Write","ValueMap":["65536","131072","196608","8388608","0"],"Values":["65536","131072","196608","8388608","0"]},{"CIMType":"SInt32","Description":"Access data sources across domains (0: Disabled, 1: Enabled)","Name":"IZ_PolicyAccessDataSourcesAcrossDomains_7","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Access data sources across domains - Depends on IZ_PolicyAccessDataSourcesAcrossDomains_7 (0: Enable, 3: Disable, 1: Prompt)","Name":"IZ_PolicyAccessDataSourcesAcrossDomains_7_IZ_Partname1406","Option":"Write","ValueMap":[0,3,1],"Values":[0,3,1]},{"CIMType":"SInt32","Description":"Allow active scripting (0: Disabled, 1: Enabled)","Name":"IZ_PolicyActiveScripting_7","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow active scripting - Depends on IZ_PolicyActiveScripting_7 (0: Enable, 3: Disable, 1: Prompt)","Name":"IZ_Partname1400","Option":"Write","ValueMap":[0,3,1],"Values":[0,3,1]},{"CIMType":"SInt32","Description":"Allow binary and script behaviors (0: Disabled, 1: Enabled)","Name":"IZ_PolicyBinaryBehaviors_7","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow Binary and Script Behaviors - Depends on IZ_PolicyBinaryBehaviors_7 (0: Enable, 65536: Administrator approved, 3: Disable)","Name":"IZ_Partname2000","Option":"Write","ValueMap":[0,65536,3],"Values":[0,65536,3]},{"CIMType":"SInt32","Description":"Allow cut, copy or paste operations from the clipboard via script (0: Disabled, 1: Enabled)","Name":"IZ_PolicyAllowPasteViaScript_7","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow paste operations via script - Depends on IZ_PolicyAllowPasteViaScript_7 (0: Enable, 3: Disable, 1: Prompt)","Name":"IZ_PolicyAllowPasteViaScript_7_IZ_Partname1407","Option":"Write","ValueMap":[0,3,1],"Values":[0,3,1]},{"CIMType":"SInt32","Description":"Allow drag and drop or copy and paste files (0: Disabled, 1: Enabled)","Name":"IZ_PolicyDropOrPasteFiles_7","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow drag and drop or copy and paste files - Depends on IZ_PolicyDropOrPasteFiles_7 (0: Enable, 3: Disable, 1: Prompt)","Name":"IZ_PolicyDropOrPasteFiles_7_IZ_Partname1802","Option":"Write","ValueMap":[0,3,1],"Values":[0,3,1]},{"CIMType":"SInt32","Description":"Allow file downloads (0: Disabled, 1: Enabled)","Name":"IZ_PolicyFileDownload_7","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow file downloads - Depends on IZ_PolicyFileDownload_7 (0: Enable, 3: Disable)","Name":"IZ_Partname1803","Option":"Write","ValueMap":[0,3],"Values":[0,3]},{"CIMType":"SInt32","Description":"Allow loading of XAML files (0: Disabled, 1: Enabled)","Name":"IZ_Policy_XAML_7","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"XAML Files - Depends on IZ_Policy_XAML_7 (0: Enable, 3: Disable, 1: Prompt)","Name":"IZ_Policy_XAML_7_IZ_Partname2402","Option":"Write","ValueMap":[0,3,1],"Values":[0,3,1]},{"CIMType":"SInt32","Description":"Allow META REFRESH (0: Disabled, 1: Enabled)","Name":"IZ_PolicyAllowMETAREFRESH_7","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow META REFRESH - Depends on IZ_PolicyAllowMETAREFRESH_7 (0: Enable, 3: Disable)","Name":"IZ_Partname1608","Option":"Write","ValueMap":[0,3],"Values":[0,3]},{"CIMType":"SInt32","Description":"Allow only approved domains to use ActiveX controls without prompt (0: Disabled, 1: Enabled)","Name":"IZ_PolicyOnlyAllowApprovedDomainsToUseActiveXWithoutPrompt_Both_Restricted","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Only allow approved domains to use ActiveX controls without prompt - Depends on IZ_PolicyOnlyAllowApprovedDomainsToUseActiveXWithoutPrompt_Both_Restricted (3: Enable, 0: Disable)","Name":"IZ_PolicyOnlyAllowApprovedDomainsToUseActiveXWithoutPrompt_Both_Restricted_IZ_Partname120b","Option":"Write","ValueMap":[3,0],"Values":[3,0]},{"CIMType":"SInt32","Description":"Allow only approved domains to use the TDC ActiveX control (0: Disabled, 1: Enabled)","Name":"IZ_PolicyAllowTDCControl_Both_Restricted","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Only allow approved domains to use the TDC ActiveX control - Depends on IZ_PolicyAllowTDCControl_Both_Restricted (3: Enable, 0: Disable)","Name":"IZ_PolicyAllowTDCControl_Both_Restricted_IZ_Partname120c","Option":"Write","ValueMap":[3,0],"Values":[3,0]},{"CIMType":"SInt32","Description":"Allow script-initiated windows without size or position constraints (0: Disabled, 1: Enabled)","Name":"IZ_PolicyWindowsRestrictionsURLaction_7","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow script-initiated windows without size or position constraints - Depends on IZ_PolicyWindowsRestrictionsURLaction_7 (0: Enable, 3: Disable)","Name":"IZ_PolicyWindowsRestrictionsURLaction_7_IZ_Partname2102","Option":"Write","ValueMap":[0,3],"Values":[0,3]},{"CIMType":"SInt32","Description":"Allow scripting of Internet Explorer WebBrowser controls (0: Disabled, 1: Enabled)","Name":"IZ_Policy_WebBrowserControl_7","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Internet Explorer web browser control - Depends on IZ_Policy_WebBrowserControl_7 (0: Enable, 3: Disable)","Name":"IZ_Policy_WebBrowserControl_7_IZ_Partname1206","Option":"Write","ValueMap":[0,3],"Values":[0,3]},{"CIMType":"SInt32","Description":"Allow scriptlets (0: Disabled, 1: Enabled)","Name":"IZ_Policy_AllowScriptlets_7","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Scriptlets - Depends on IZ_Policy_AllowScriptlets_7 (0: Enable, 3: Disable)","Name":"IZ_Policy_AllowScriptlets_7_IZ_Partname1209","Option":"Write","ValueMap":[0,3],"Values":[0,3]},{"CIMType":"SInt32","Description":"Allow updates to status bar via script (0: Disabled, 1: Enabled)","Name":"IZ_Policy_ScriptStatusBar_7","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Status bar updates via script - Depends on IZ_Policy_ScriptStatusBar_7 (0: Enable, 3: Disable)","Name":"IZ_Policy_ScriptStatusBar_7_IZ_Partname2103","Option":"Write","ValueMap":[0,3],"Values":[0,3]},{"CIMType":"SInt32","Description":"Allow VBScript to run in Internet Explorer (0: Disabled, 1: Enabled)","Name":"IZ_PolicyAllowVBScript_7","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow VBScript to run in Internet Explorer - Depends on IZ_PolicyAllowVBScript_7 (0: Enable, 3: Disable, 1: Prompt)","Name":"IZ_PolicyAllowVBScript_7_IZ_Partname140C","Option":"Write","ValueMap":[0,3,1],"Values":[0,3,1]},{"CIMType":"SInt32","Description":"Automatic prompting for file downloads (0: Disabled, 1: Enabled)","Name":"IZ_PolicyNotificationBarDownloadURLaction_7","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Automatic prompting for file downloads - Depends on IZ_PolicyNotificationBarDownloadURLaction_7 (0: Enable, 3: Disable)","Name":"IZ_PolicyNotificationBarDownloadURLaction_7_IZ_Partname2200","Option":"Write","ValueMap":[0,3],"Values":[0,3]},{"CIMType":"SInt32","Description":"Don't run antimalware programs against ActiveX controls (0: Disabled, 1: Enabled)","Name":"IZ_PolicyAntiMalwareCheckingOfActiveXControls_7","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Don't run antimalware programs against ActiveX controls - Depends on IZ_PolicyAntiMalwareCheckingOfActiveXControls_7 (3: Enable, 0: Disable)","Name":"IZ_PolicyAntiMalwareCheckingOfActiveXControls_7_IZ_Partname270C","Option":"Write","ValueMap":[3,0],"Values":[3,0]},{"CIMType":"SInt32","Description":"Download signed ActiveX controls (0: Disabled, 1: Enabled)","Name":"IZ_PolicyDownloadSignedActiveX_7","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Download signed ActiveX controls - Depends on IZ_PolicyDownloadSignedActiveX_7 (0: Enable, 3: Disable, 1: Prompt)","Name":"IZ_PolicyDownloadSignedActiveX_7_IZ_Partname1001","Option":"Write","ValueMap":[0,3,1],"Values":[0,3,1]},{"CIMType":"SInt32","Description":"Download unsigned ActiveX controls (0: Disabled, 1: Enabled)","Name":"IZ_PolicyDownloadUnsignedActiveX_7","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Download unsigned ActiveX controls - Depends on IZ_PolicyDownloadUnsignedActiveX_7 (0: Enable, 3: Disable, 1: Prompt)","Name":"IZ_PolicyDownloadUnsignedActiveX_7_IZ_Partname1004","Option":"Write","ValueMap":[0,3,1],"Values":[0,3,1]},{"CIMType":"SInt32","Description":"Enable dragging of content from different domains across windows (0: Disabled, 1: Enabled)","Name":"IZ_PolicyDragDropAcrossDomainsAcrossWindows_Both_Restricted","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Enable dragging of content from different domains across windows - Depends on IZ_PolicyDragDropAcrossDomainsAcrossWindows_Both_Restricted (0: Enable, 3: Disable)","Name":"IZ_PolicyDragDropAcrossDomainsAcrossWindows_Both_Restricted_IZ_Partname2709","Option":"Write","ValueMap":[0,3],"Values":[0,3]},{"CIMType":"SInt32","Description":"Enable dragging of content from different domains within a window (0: Disabled, 1: Enabled)","Name":"IZ_PolicyDragDropAcrossDomainsWithinWindow_Both_Restricted","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Enable dragging of content from different domains within a window - Depends on IZ_PolicyDragDropAcrossDomainsWithinWindow_Both_Restricted (0: Enable, 3: Disable)","Name":"IZ_PolicyDragDropAcrossDomainsWithinWindow_Both_Restricted_IZ_Partname2708","Option":"Write","ValueMap":[0,3],"Values":[0,3]},{"CIMType":"SInt32","Description":"Include local path when user is uploading files to a server (0: Disabled, 1: Enabled)","Name":"IZ_Policy_LocalPathForUpload_7","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Include local directory path when uploading files to a server - Depends on IZ_Policy_LocalPathForUpload_7 (0: Enable, 3: Disable)","Name":"IZ_Policy_LocalPathForUpload_7_IZ_Partname160A","Option":"Write","ValueMap":[0,3],"Values":[0,3]},{"CIMType":"SInt32","Description":"Initialize and script ActiveX controls not marked as safe (0: Disabled, 1: Enabled)","Name":"IZ_PolicyScriptActiveXNotMarkedSafe_7","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Initialize and script ActiveX controls not marked as safe - Depends on IZ_PolicyScriptActiveXNotMarkedSafe_7 (0: Enable, 3: Disable, 1: Prompt)","Name":"IZ_PolicyScriptActiveXNotMarkedSafe_7_IZ_Partname1201","Option":"Write","ValueMap":[0,3,1],"Values":[0,3,1]},{"CIMType":"SInt32","Description":"Java permissions (0: Disabled, 1: Enabled)","Name":"IZ_PolicyJavaPermissions_7","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"String","Description":"Java permissions - Depends on IZ_PolicyJavaPermissions_7 (65536: High safety, 131072: Medium safety, 196608: Low safety, 8388608: Custom, 0: Disable Java)","Name":"IZ_PolicyJavaPermissions_7_IZ_Partname1C00","Option":"Write","ValueMap":["65536","131072","196608","8388608","0"],"Values":["65536","131072","196608","8388608","0"]},{"CIMType":"SInt32","Description":"Launching applications and files in an IFRAME (0: Disabled, 1: Enabled)","Name":"IZ_PolicyLaunchAppsAndFilesInIFRAME_7","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Launching applications and files in an IFRAME - Depends on IZ_PolicyLaunchAppsAndFilesInIFRAME_7 (0: Enable, 3: Disable, 1: Prompt)","Name":"IZ_PolicyLaunchAppsAndFilesInIFRAME_7_IZ_Partname1804","Option":"Write","ValueMap":[0,3,1],"Values":[0,3,1]},{"CIMType":"SInt32","Description":"Logon options (0: Disabled, 1: Enabled)","Name":"IZ_PolicyLogon_7","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"String","Description":"Logon options - Depends on IZ_PolicyLogon_7 (196608: Anonymous logon, 131072: Automatic logon only in Intranet zone, 0: Automatic logon with current username and password, 65536: Prompt for user name and password)","Name":"IZ_PolicyLogon_7_IZ_Partname1A00","Option":"Write","ValueMap":["196608","131072","0","65536"],"Values":["196608","131072","0","65536"]},{"CIMType":"SInt32","Description":"Navigate windows and frames across different domains (0: Disabled, 1: Enabled)","Name":"IZ_PolicyNavigateSubframesAcrossDomains_7","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Navigate windows and frames across different domains - Depends on IZ_PolicyNavigateSubframesAcrossDomains_7 (0: Enable, 3: Disable, 1: Prompt)","Name":"IZ_PolicyNavigateSubframesAcrossDomains_7_IZ_Partname1607","Option":"Write","ValueMap":[0,3,1],"Values":[0,3,1]},{"CIMType":"SInt32","Description":"Run .NET Framework-reliant components not signed with Authenticode (0: Disabled, 1: Enabled)","Name":"IZ_PolicyUnsignedFrameworkComponentsURLaction_7","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Run .NET Framework-reliant components not signed with Authenticode - Depends on IZ_PolicyUnsignedFrameworkComponentsURLaction_7 (0: Enable, 3: Disable, 1: Prompt)","Name":"IZ_PolicyUnsignedFrameworkComponentsURLaction_7_IZ_Partname2004","Option":"Write","ValueMap":[0,3,1],"Values":[0,3,1]},{"CIMType":"SInt32","Description":"Run .NET Framework-reliant components signed with Authenticode (0: Disabled, 1: Enabled)","Name":"IZ_PolicySignedFrameworkComponentsURLaction_7","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Run .NET Framework-reliant components signed with Authenticode - Depends on IZ_PolicySignedFrameworkComponentsURLaction_7 (0: Enable, 3: Disable, 1: Prompt)","Name":"IZ_PolicySignedFrameworkComponentsURLaction_7_IZ_Partname2001","Option":"Write","ValueMap":[0,3,1],"Values":[0,3,1]},{"CIMType":"SInt32","Description":"Run ActiveX controls and plugins (0: Disabled, 1: Enabled)","Name":"IZ_PolicyRunActiveXControls_7","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Run ActiveX controls and plugins - Depends on IZ_PolicyRunActiveXControls_7 (65536: Administrator approved, 0: Enable, 3: Disable, 1: Prompt)","Name":"IZ_Partname1200","Option":"Write","ValueMap":[65536,0,3,1],"Values":[65536,0,3,1]},{"CIMType":"SInt32","Description":"Script ActiveX controls marked safe for scripting (0: Disabled, 1: Enabled)","Name":"IZ_PolicyScriptActiveXMarkedSafe_7","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Script ActiveX controls marked safe for scripting - Depends on IZ_PolicyScriptActiveXMarkedSafe_7 (0: Enable, 3: Disable, 1: Prompt)","Name":"IZ_Partname1405","Option":"Write","ValueMap":[0,3,1],"Values":[0,3,1]},{"CIMType":"SInt32","Description":"Scripting of Java applets (0: Disabled, 1: Enabled)","Name":"IZ_PolicyScriptingOfJavaApplets_7","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Scripting of Java applets - Depends on IZ_PolicyScriptingOfJavaApplets_7 (0: Enable, 3: Disable, 1: Prompt)","Name":"IZ_Partname1402","Option":"Write","ValueMap":[0,3,1],"Values":[0,3,1]},{"CIMType":"SInt32","Description":"Show security warning for potentially unsafe files (0: Disabled, 1: Enabled)","Name":"IZ_Policy_UnsafeFiles_7","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Launching programs and unsafe files - Depends on IZ_Policy_UnsafeFiles_7 (0: Enable, 3: Disable, 1: Prompt)","Name":"IZ_Policy_UnsafeFiles_7_IZ_Partname1806","Option":"Write","ValueMap":[0,3,1],"Values":[0,3,1]},{"CIMType":"SInt32","Description":"Turn on Cross-Site Scripting Filter (0: Disabled, 1: Enabled)","Name":"IZ_PolicyTurnOnXSSFilter_Both_Restricted","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Turn on Cross-Site Scripting (XSS) Filter - Depends on IZ_PolicyTurnOnXSSFilter_Both_Restricted (0: Enable, 3: Disable)","Name":"IZ_PolicyTurnOnXSSFilter_Both_Restricted_IZ_Partname1409","Option":"Write","ValueMap":[0,3],"Values":[0,3]},{"CIMType":"SInt32","Description":"Turn on Protected Mode (0: Disabled, 1: Enabled)","Name":"IZ_Policy_TurnOnProtectedMode_7","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Protected Mode - Depends on IZ_Policy_TurnOnProtectedMode_7 (0: Enable, 3: Disable)","Name":"IZ_Policy_TurnOnProtectedMode_7_IZ_Partname2500","Option":"Write","ValueMap":[0,3],"Values":[0,3]},{"CIMType":"SInt32","Description":"Turn on SmartScreen Filter scan (0: Disabled, 1: Enabled)","Name":"IZ_Policy_Phishing_7","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Use SmartScreen Filter - Depends on IZ_Policy_Phishing_7 (0: Enable, 3: Disable)","Name":"IZ_Policy_Phishing_7_IZ_Partname2301","Option":"Write","ValueMap":[0,3],"Values":[0,3]},{"CIMType":"SInt32","Description":"Use Pop-up Blocker (0: Disabled, 1: Enabled)","Name":"IZ_PolicyBlockPopupWindows_7","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Use Pop-up Blocker - Depends on IZ_PolicyBlockPopupWindows_7 (0: Enable, 3: Disable)","Name":"IZ_PolicyBlockPopupWindows_7_IZ_Partname1809","Option":"Write","ValueMap":[0,3],"Values":[0,3]},{"CIMType":"SInt32","Description":"Userdata persistence (0: Disabled, 1: Enabled)","Name":"IZ_PolicyUserdataPersistence_7","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Userdata persistence - Depends on IZ_PolicyUserdataPersistence_7 (0: Enable, 3: Disable)","Name":"IZ_PolicyUserdataPersistence_7_IZ_Partname1606","Option":"Write","ValueMap":[0,3],"Values":[0,3]},{"CIMType":"SInt32","Description":"Web sites in less privileged Web content zones can navigate into this zone (0: Disabled, 1: Enabled)","Name":"IZ_PolicyZoneElevationURLaction_7","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Web sites in less privileged Web content zones can navigate into this zone - Depends on IZ_PolicyZoneElevationURLaction_7 (0: Enable, 3: Disable, 1: Prompt)","Name":"IZ_PolicyZoneElevationURLaction_7_IZ_Partname2101","Option":"Write","ValueMap":[0,3,1],"Values":[0,3,1]},{"CIMType":"SInt32","Description":"Don't run antimalware programs against ActiveX controls (0: Disabled, 1: Enabled)","Name":"IZ_PolicyAntiMalwareCheckingOfActiveXControls_5","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Don't run antimalware programs against ActiveX controls - Depends on IZ_PolicyAntiMalwareCheckingOfActiveXControls_5 (3: Enable, 0: Disable)","Name":"IZ_PolicyAntiMalwareCheckingOfActiveXControls_5_IZ_Partname270C","Option":"Write","ValueMap":[3,0],"Values":[3,0]},{"CIMType":"SInt32","Description":"Initialize and script ActiveX controls not marked as safe (0: Disabled, 1: Enabled)","Name":"IZ_PolicyScriptActiveXNotMarkedSafe_5","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Initialize and script ActiveX controls not marked as safe - Depends on IZ_PolicyScriptActiveXNotMarkedSafe_5 (0: Enable, 3: Disable, 1: Prompt)","Name":"IZ_PolicyScriptActiveXNotMarkedSafe_5_IZ_Partname1201","Option":"Write","ValueMap":[0,3,1],"Values":[0,3,1]},{"CIMType":"SInt32","Description":"Java permissions (0: Disabled, 1: Enabled)","Name":"IZ_PolicyJavaPermissions_5","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"String","Description":"Java permissions - Depends on IZ_PolicyJavaPermissions_5 (65536: High safety, 131072: Medium safety, 196608: Low safety, 8388608: Custom, 0: Disable Java)","Name":"IZ_PolicyJavaPermissions_5_IZ_Partname1C00","Option":"Write","ValueMap":["65536","131072","196608","8388608","0"],"Values":["65536","131072","196608","8388608","0"]},{"CIMType":"SInt32","Description":"Turn on certificate address mismatch warning (0: Disabled, 1: Enabled)","Name":"IZ_PolicyWarnCertMismatch","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Prevent bypassing SmartScreen Filter warnings (0: Disabled, 1: Enabled)","Name":"DisableSafetyFilterOverride","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Prevent bypassing SmartScreen Filter warnings about files that are not commonly downloaded from the Internet (0: Disabled, 1: Enabled)","Name":"DisableSafetyFilterOverrideForAppRepUnknown","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Prevent managing SmartScreen Filter (0: Disabled, 1: Enabled)","Name":"Disable_Managing_Safety_Filter_IE9","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Select SmartScreen Filter mode - Depends on Disable_Managing_Safety_Filter_IE9 (0: Off, 1: On)","Name":"IE9SafetyFilterOptions","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Prevent per-user installation of ActiveX controls (0: Disabled, 1: Enabled)","Name":"DisablePerUserActiveXInstall","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Remove 'Run this time' button for outdated ActiveX controls in Internet Explorer (0: Disabled, 1: Enabled)","Name":"VerMgmtDisableRunThisTime","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Turn off blocking of outdated ActiveX controls for Internet Explorer (0: Disabled, 1: Enabled)","Name":"VerMgmtDisable","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow fallback to SSL 3.0 (Internet Explorer) (0: Disabled, 1: Enabled)","Name":"Advanced_EnableSSL3Fallback","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow insecure fallback for: - Depends on Advanced_EnableSSL3Fallback (0: No Sites, 1: Non-Protected Mode Sites, 3: All Sites)","Name":"Advanced_EnableSSL3FallbackOptions","Option":"Write","ValueMap":[0,1,3],"Values":[0,1,3]},{"CIMType":"SInt32","Description":"Internet Explorer Processes (0: Disabled, 1: Enabled)","Name":"IESF_PolicyExplorerProcesses_5","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Internet Explorer Processes (0: Disabled, 1: Enabled)","Name":"IESF_PolicyExplorerProcesses_6","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Internet Explorer Processes (0: Disabled, 1: Enabled)","Name":"IESF_PolicyExplorerProcesses_3","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Internet Explorer Processes (0: Disabled, 1: Enabled)","Name":"IESF_PolicyExplorerProcesses_10","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Internet Explorer Processes (0: Disabled, 1: Enabled)","Name":"IESF_PolicyExplorerProcesses_9","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Internet Explorer Processes (0: Disabled, 1: Enabled)","Name":"IESF_PolicyExplorerProcesses_11","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Internet Explorer Processes (0: Disabled, 1: Enabled)","Name":"IESF_PolicyExplorerProcesses_12","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Internet Explorer Processes (0: Disabled, 1: Enabled)","Name":"IESF_PolicyExplorerProcesses_8","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Security Zones: Do not allow users to add/delete sites (0: Disabled, 1: Enabled)","Name":"Security_zones_map_edit","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Security Zones: Do not allow users to change policies (0: Disabled, 1: Enabled)","Name":"Security_options_edit","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Security Zones: Use only machine settings (0: Disabled, 1: Enabled)","Name":"Security_HKLM_only","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Specify use of ActiveX Installer Service for installation of ActiveX controls (0: Disabled, 1: Enabled)","Name":"OnlyUseAXISForActiveXInstall","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Turn off Crash Detection (0: Disabled, 1: Enabled)","Name":"AddonManagement_RestrictCrashDetection","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Turn off the Security Settings Check feature (0: Disabled, 1: Enabled)","Name":"Disable_Security_Settings_Check","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Configure the 'Block at First Sight' feature (0: Disabled, 1: Enabled)","Name":"DisableBlockAtFirstSeen","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Turn on process scanning whenever real-time protection is enabled (0: Disabled, 1: Enabled)","Name":"RealtimeProtection_DisableScanOnRealtimeEnable","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Scan packed executables (0: Disabled, 1: Enabled)","Name":"Scan_DisablePackedExeScanning","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Turn off routine remediation (0: Disabled, 1: Enabled)","Name":"DisableRoutinelyTakingAction","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Do not allow passwords to be saved (0: Disabled, 1: Enabled)","Name":"TS_CLIENT_DISABLE_PASSWORD_SAVING_2","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Do not allow drive redirection (0: Disabled, 1: Enabled)","Name":"TS_CLIENT_DRIVE_M","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Always prompt for password upon connection (0: Disabled, 1: Enabled)","Name":"TS_PASSWORD","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Require secure RPC communication (0: Disabled, 1: Enabled)","Name":"TS_RPC_ENCRYPTION","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Set client connection encryption level (0: Disabled, 1: Enabled)","Name":"TS_ENCRYPTION_POLICY","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Encryption Level - Depends on TS_ENCRYPTION_POLICY (1: Low Level, 2: Client Compatible, 3: High Level)","Name":"TS_ENCRYPTION_LEVEL","Option":"Write","ValueMap":[1,2,3],"Values":[1,2,3]},{"CIMType":"SInt32","Description":"Prevent downloading of enclosures (0: Disabled, 1: Enabled)","Name":"Disable_Downloading_of_Enclosures","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Enable MPR notifications for the system (0: Disabled, 1: Enabled)","Name":"EnableMPRNotifications","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Sign-in and lock last interactive user automatically after a restart (0: Disabled, 1: Enabled)","Name":"AutomaticRestartSignOn","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Turn on PowerShell Script Block Logging (0: Disabled, 1: Enabled)","Name":"EnableScriptBlockLogging","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Log script block invocation start / stop events: - Depends on EnableScriptBlockLogging (0: False, 1: True)","Name":"EnableScriptBlockInvocationLogging","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow Basic authentication (0: Disabled, 1: Enabled)","Name":"AllowBasic_2","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow unencrypted traffic (0: Disabled, 1: Enabled)","Name":"AllowUnencrypted_2","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Disallow Digest authentication (0: Disabled, 1: Enabled)","Name":"DisallowDigest","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow Basic authentication (0: Disabled, 1: Enabled)","Name":"AllowBasic_1","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow unencrypted traffic (0: Disabled, 1: Enabled)","Name":"AllowUnencrypted_1","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Disallow WinRM from storing RunAs credentials (0: Disabled, 1: Enabled)","Name":"DisableRunAs","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Account Logon Audit Credential Validation (0: Off/None, 1: Success, 2: Failure, 3: Success+Failure)","Name":"AccountLogon_AuditCredentialValidation","Option":"Write","ValueMap":[0,1,2,3],"Values":[0,1,2,3]},{"CIMType":"SInt32","Description":"Account Logon Logoff Audit Account Lockout (0: Off/None, 1: Success, 2: Failure, 3: Success+Failure)","Name":"AccountLogonLogoff_AuditAccountLockout","Option":"Write","ValueMap":[0,1,2,3],"Values":[0,1,2,3]},{"CIMType":"SInt32","Description":"Account Logon Logoff Audit Group Membership (0: Off/None, 1: Success, 2: Failure, 3: Success+Failure)","Name":"AccountLogonLogoff_AuditGroupMembership","Option":"Write","ValueMap":[0,1,2,3],"Values":[0,1,2,3]},{"CIMType":"SInt32","Description":"Account Logon Logoff Audit Logon (0: Off/None, 1: Success, 2: Failure, 3: Success+Failure)","Name":"AccountLogonLogoff_AuditLogon","Option":"Write","ValueMap":[0,1,2,3],"Values":[0,1,2,3]},{"CIMType":"SInt32","Description":"Audit Authentication Policy Change (0: Off/None, 1: Success, 2: Failure, 3: Success+Failure)","Name":"PolicyChange_AuditAuthenticationPolicyChange","Option":"Write","ValueMap":[0,1,2,3],"Values":[0,1,2,3]},{"CIMType":"SInt32","Description":"Audit Changes to Audit Policy (0: Off/None, 1: Success, 2: Failure, 3: Success+Failure)","Name":"PolicyChange_AuditPolicyChange","Option":"Write","ValueMap":[0,1,2,3],"Values":[0,1,2,3]},{"CIMType":"SInt32","Description":"Audit File Share Access (0: Off/None, 1: Success, 2: Failure, 3: Success+Failure)","Name":"ObjectAccess_AuditFileShare","Option":"Write","ValueMap":[0,1,2,3],"Values":[0,1,2,3]},{"CIMType":"SInt32","Description":"Audit Other Logon Logoff Events (0: Off/None, 1: Success, 2: Failure, 3: Success+Failure)","Name":"AccountLogonLogoff_AuditOtherLogonLogoffEvents","Option":"Write","ValueMap":[0,1,2,3],"Values":[0,1,2,3]},{"CIMType":"SInt32","Description":"Audit Security Group Management (0: Off/None, 1: Success, 2: Failure, 3: Success+Failure)","Name":"AccountManagement_AuditSecurityGroupManagement","Option":"Write","ValueMap":[0,1,2,3],"Values":[0,1,2,3]},{"CIMType":"SInt32","Description":"Audit Security System Extension (0: Off/None, 1: Success, 2: Failure, 3: Success+Failure)","Name":"System_AuditSecuritySystemExtension","Option":"Write","ValueMap":[0,1,2,3],"Values":[0,1,2,3]},{"CIMType":"SInt32","Description":"Audit Special Logon (0: Off/None, 1: Success, 2: Failure, 3: Success+Failure)","Name":"AccountLogonLogoff_AuditSpecialLogon","Option":"Write","ValueMap":[0,1,2,3],"Values":[0,1,2,3]},{"CIMType":"SInt32","Description":"Audit User Account Management (0: Off/None, 1: Success, 2: Failure, 3: Success+Failure)","Name":"AccountManagement_AuditUserAccountManagement","Option":"Write","ValueMap":[0,1,2,3],"Values":[0,1,2,3]},{"CIMType":"SInt32","Description":"Detailed Tracking Audit PNP Activity (0: Off/None, 1: Success, 2: Failure, 3: Success+Failure)","Name":"DetailedTracking_AuditPNPActivity","Option":"Write","ValueMap":[0,1,2,3],"Values":[0,1,2,3]},{"CIMType":"SInt32","Description":"Detailed Tracking Audit Process Creation (0: Off/None, 1: Success, 2: Failure, 3: Success+Failure)","Name":"DetailedTracking_AuditProcessCreation","Option":"Write","ValueMap":[0,1,2,3],"Values":[0,1,2,3]},{"CIMType":"SInt32","Description":"Object Access Audit Detailed File Share (0: Off/None, 1: Success, 2: Failure, 3: Success+Failure)","Name":"ObjectAccess_AuditDetailedFileShare","Option":"Write","ValueMap":[0,1,2,3],"Values":[0,1,2,3]},{"CIMType":"SInt32","Description":"Object Access Audit Other Object Access Events (0: Off/None, 1: Success, 2: Failure, 3: Success+Failure)","Name":"ObjectAccess_AuditOtherObjectAccessEvents","Option":"Write","ValueMap":[0,1,2,3],"Values":[0,1,2,3]},{"CIMType":"SInt32","Description":"Object Access Audit Removable Storage (0: Off/None, 1: Success, 2: Failure, 3: Success+Failure)","Name":"ObjectAccess_AuditRemovableStorage","Option":"Write","ValueMap":[0,1,2,3],"Values":[0,1,2,3]},{"CIMType":"SInt32","Description":"Policy Change Audit MPSSVC Rule Level Policy Change (0: Off/None, 1: Success, 2: Failure, 3: Success+Failure)","Name":"PolicyChange_AuditMPSSVCRuleLevelPolicyChange","Option":"Write","ValueMap":[0,1,2,3],"Values":[0,1,2,3]},{"CIMType":"SInt32","Description":"Policy Change Audit Other Policy Change Events (0: Off/None, 1: Success, 2: Failure, 3: Success+Failure)","Name":"PolicyChange_AuditOtherPolicyChangeEvents","Option":"Write","ValueMap":[0,1,2,3],"Values":[0,1,2,3]},{"CIMType":"SInt32","Description":"Privilege Use Audit Sensitive Privilege Use (0: Off/None, 1: Success, 2: Failure, 3: Success+Failure)","Name":"PrivilegeUse_AuditSensitivePrivilegeUse","Option":"Write","ValueMap":[0,1,2,3],"Values":[0,1,2,3]},{"CIMType":"SInt32","Description":"System Audit Other System Events (0: Off/None, 1: Success, 2: Failure, 3: Success+Failure)","Name":"System_AuditOtherSystemEvents","Option":"Write","ValueMap":[0,1,2,3],"Values":[0,1,2,3]},{"CIMType":"SInt32","Description":"System Audit Security State Change (0: Off/None, 1: Success, 2: Failure, 3: Success+Failure)","Name":"System_AuditSecurityStateChange","Option":"Write","ValueMap":[0,1,2,3],"Values":[0,1,2,3]},{"CIMType":"SInt32","Description":"System Audit System Integrity (0: Off/None, 1: Success, 2: Failure, 3: Success+Failure)","Name":"System_AuditSystemIntegrity","Option":"Write","ValueMap":[0,1,2,3],"Values":[0,1,2,3]},{"CIMType":"SInt32","Description":"Allow Password Manager (0: Not allowed., 1: Allowed.)","Name":"AllowPasswordManager","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow Smart Screen (0: Turned off. Do not protect users from potential threats and prevent users from turning it on., 1: Turned on. Protect users from potential threats and prevent users from turning it off.)","Name":"AllowSmartScreen","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Prevent Cert Error Overrides (0: Allowed/turned on. Override the security warning to sites that have SSL errors., 1: Prevented/turned on.)","Name":"PreventCertErrorOverrides","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Prevent Smart Screen Prompt Override (0: Allowed/turned off. Users can ignore the warning and continue to the site., 1: Prevented/turned on.)","Name":"Browser_PreventSmartScreenPromptOverride","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Prevent Smart Screen Prompt Override For Files (0: Allowed/turned off. Users can ignore the warning and continue to download the unverified file(s)., 1: Prevented/turned on.)","Name":"PreventSmartScreenPromptOverrideForFiles","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow Direct Memory Access (0: Not allowed., 1: Allowed.)","Name":"AllowDirectMemoryAccess","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow Archive Scanning (0: Not allowed. Turns off scanning on archived files., 1: Allowed. Scans the archive files.)","Name":"AllowArchiveScanning","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow Behavior Monitoring (0: Not allowed. Turns off behavior monitoring., 1: Allowed. Turns on real-time behavior monitoring.)","Name":"AllowBehaviorMonitoring","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow Cloud Protection (0: Not allowed. Turns off the Microsoft Active Protection Service., 1: Allowed. Turns on the Microsoft Active Protection Service.)","Name":"AllowCloudProtection","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow Full Scan Removable Drive Scanning (0: Not allowed. Turns off scanning on removable drives., 1: Allowed. Scans removable drives.)","Name":"AllowFullScanRemovableDriveScanning","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow On Access Protection (0: Not allowed., 1: Allowed.)","Name":"AllowOnAccessProtection","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow Realtime Monitoring (0: Not allowed. Turns off the real-time monitoring service., 1: Allowed. Turns on and runs the real-time monitoring service.)","Name":"AllowRealtimeMonitoring","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow scanning of all downloaded files and attachments (0: Not allowed., 1: Allowed.)","Name":"AllowIOAVProtection","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow Script Scanning (0: Not allowed., 1: Allowed.)","Name":"AllowScriptScanning","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"String","Description":"Block execution of potentially obfuscated scripts - Depends on AttackSurfaceReductionRules (off: Off, block: Block, audit: Audit, warn: Warn)","Name":"BlockExecutionOfPotentiallyObfuscatedScripts","Option":"Write","ValueMap":["off","block","audit","warn"],"Values":["off","block","audit","warn"]},{"CIMType":"String[]","Description":"ASR Only Per Rule Exclusions","Name":"BlockExecutionOfPotentiallyObfuscatedScripts_ASROnlyPerRuleExclusions","Option":"Write"},{"CIMType":"String","Description":"Block Win32 API calls from Office macros - Depends on AttackSurfaceReductionRules (off: Off, block: Block, audit: Audit, warn: Warn)","Name":"BlockWin32APICallsFromOfficeMacros","Option":"Write","ValueMap":["off","block","audit","warn"],"Values":["off","block","audit","warn"]},{"CIMType":"String[]","Description":"ASR Only Per Rule Exclusions","Name":"BlockWin32APICallsFromOfficeMacros_ASROnlyPerRuleExclusions","Option":"Write"},{"CIMType":"String","Description":"Block executable files from running unless they meet a prevalence, age, or trusted list criterion - Depends on AttackSurfaceReductionRules (off: Off, block: Block, audit: Audit, warn: Warn)","Name":"BlockExecutableFilesRunningUnlessTheyMeetPrevalenceAgeTrustedListCriterion","Option":"Write","ValueMap":["off","block","audit","warn"],"Values":["off","block","audit","warn"]},{"CIMType":"String[]","Description":"ASR Only Per Rule Exclusions","Name":"BlockExecutableFilesRunningUnlessTheyMeetPrevalenceAgeTrustedListCriterion_ASROnlyPerRuleExclusions","Option":"Write"},{"CIMType":"String","Description":"Block Office communication application from creating child processes - Depends on AttackSurfaceReductionRules (off: Off, block: Block, audit: Audit, warn: Warn)","Name":"BlockOfficeCommunicationAppFromCreatingChildProcesses","Option":"Write","ValueMap":["off","block","audit","warn"],"Values":["off","block","audit","warn"]},{"CIMType":"String[]","Description":"ASR Only Per Rule Exclusions","Name":"BlockOfficeCommunicationAppFromCreatingChildProcesses_ASROnlyPerRuleExclusions","Option":"Write"},{"CIMType":"String","Description":"Block all Office applications from creating child processes - Depends on AttackSurfaceReductionRules (off: Off, block: Block, audit: Audit, warn: Warn)","Name":"BlockAllOfficeApplicationsFromCreatingChildProcesses","Option":"Write","ValueMap":["off","block","audit","warn"],"Values":["off","block","audit","warn"]},{"CIMType":"String[]","Description":"ASR Only Per Rule Exclusions","Name":"BlockAllOfficeApplicationsFromCreatingChildProcesses_ASROnlyPerRuleExclusions","Option":"Write"},{"CIMType":"String","Description":"Block Adobe Reader from creating child processes - Depends on AttackSurfaceReductionRules (off: Off, block: Block, audit: Audit, warn: Warn)","Name":"BlockAdobeReaderFromCreatingChildProcesses","Option":"Write","ValueMap":["off","block","audit","warn"],"Values":["off","block","audit","warn"]},{"CIMType":"String[]","Description":"ASR Only Per Rule Exclusions","Name":"BlockAdobeReaderFromCreatingChildProcesses_ASROnlyPerRuleExclusions","Option":"Write"},{"CIMType":"String","Description":"Block credential stealing from the Windows local security authority subsystem - Depends on AttackSurfaceReductionRules (off: Off, block: Block, audit: Audit, warn: Warn)","Name":"BlockCredentialStealingFromWindowsLocalSecurityAuthoritySubsystem","Option":"Write","ValueMap":["off","block","audit","warn"],"Values":["off","block","audit","warn"]},{"CIMType":"String[]","Description":"ASR Only Per Rule Exclusions","Name":"BlockCredentialStealingFromWindowsLocalSecurityAuthoritySubsystem_ASROnlyPerRuleExclusions","Option":"Write"},{"CIMType":"String","Description":"Block JavaScript or VBScript from launching downloaded executable content - Depends on AttackSurfaceReductionRules (off: Off, block: Block, audit: Audit, warn: Warn)","Name":"BlockJavaScriptOrVBScriptFromLaunchingDownloadedExecutableContent","Option":"Write","ValueMap":["off","block","audit","warn"],"Values":["off","block","audit","warn"]},{"CIMType":"String[]","Description":"ASR Only Per Rule Exclusions","Name":"BlockJavaScriptOrVBScriptFromLaunchingDownloadedExecutableContent_ASROnlyPerRuleExclusions","Option":"Write"},{"CIMType":"String","Description":"Block Webshell creation for Servers - Depends on AttackSurfaceReductionRules (off: Off, block: Block, audit: Audit, warn: Warn)","Name":"BlockWebshellCreationForServers","Option":"Write","ValueMap":["off","block","audit","warn"],"Values":["off","block","audit","warn"]},{"CIMType":"String[]","Description":"ASR Only Per Rule Exclusions","Name":"BlockWebshellCreationForServers_ASROnlyPerRuleExclusions","Option":"Write"},{"CIMType":"String","Description":"Block untrusted and unsigned processes that run from USB - Depends on AttackSurfaceReductionRules (off: Off, block: Block, audit: Audit, warn: Warn)","Name":"BlockUntrustedUnsignedProcessesThatRunFromUSB","Option":"Write","ValueMap":["off","block","audit","warn"],"Values":["off","block","audit","warn"]},{"CIMType":"String[]","Description":"ASR Only Per Rule Exclusions","Name":"BlockUntrustedUnsignedProcessesThatRunFromUSB_ASROnlyPerRuleExclusions","Option":"Write"},{"CIMType":"String","Description":"Block persistence through WMI event subscription - Depends on AttackSurfaceReductionRules (off: Off, block: Block, audit: Audit, warn: Warn)","Name":"BlockPersistenceThroughWMIEventSubscription","Option":"Write","ValueMap":["off","block","audit","warn"],"Values":["off","block","audit","warn"]},{"CIMType":"String","Description":"Block use of copied or impersonated system tools - Depends on AttackSurfaceReductionRules (off: Off, block: Block, audit: Audit, warn: Warn)","Name":"BlockUseOfCopiedOrImpersonatedSystemTools","Option":"Write","ValueMap":["off","block","audit","warn"],"Values":["off","block","audit","warn"]},{"CIMType":"String[]","Description":"ASR Only Per Rule Exclusions","Name":"BlockUseOfCopiedOrImpersonatedSystemTools_ASROnlyPerRuleExclusions","Option":"Write"},{"CIMType":"String","Description":"Block abuse of exploited vulnerable signed drivers (Device) - Depends on AttackSurfaceReductionRules (off: Off, block: Block, audit: Audit, warn: Warn)","Name":"BlockAbuseOfExploitedVulnerableSignedDrivers","Option":"Write","ValueMap":["off","block","audit","warn"],"Values":["off","block","audit","warn"]},{"CIMType":"String[]","Description":"ASR Only Per Rule Exclusions","Name":"BlockAbuseOfExploitedVulnerableSignedDrivers_ASROnlyPerRuleExclusions","Option":"Write"},{"CIMType":"String","Description":"Block process creations originating from PSExec and WMI commands - Depends on AttackSurfaceReductionRules (off: Off, block: Block, audit: Audit, warn: Warn)","Name":"BlockProcessCreationsFromPSExecAndWMICommands","Option":"Write","ValueMap":["off","block","audit","warn"],"Values":["off","block","audit","warn"]},{"CIMType":"String[]","Description":"ASR Only Per Rule Exclusions","Name":"BlockProcessCreationsFromPSExecAndWMICommands_ASROnlyPerRuleExclusions","Option":"Write"},{"CIMType":"String","Description":"Block Office applications from creating executable content - Depends on AttackSurfaceReductionRules (off: Off, block: Block, audit: Audit, warn: Warn)","Name":"BlockOfficeApplicationsFromCreatingExecutableContent","Option":"Write","ValueMap":["off","block","audit","warn"],"Values":["off","block","audit","warn"]},{"CIMType":"String[]","Description":"ASR Only Per Rule Exclusions","Name":"BlockOfficeApplicationsFromCreatingExecutableContent_ASROnlyPerRuleExclusions","Option":"Write"},{"CIMType":"String","Description":"Block Office applications from injecting code into other processes - Depends on AttackSurfaceReductionRules (off: Off, block: Block, audit: Audit, warn: Warn)","Name":"BlockOfficeApplicationsFromInjectingCodeIntoOtherProcesses","Option":"Write","ValueMap":["off","block","audit","warn"],"Values":["off","block","audit","warn"]},{"CIMType":"String[]","Description":"ASR Only Per Rule Exclusions","Name":"BlockOfficeApplicationsFromInjectingCodeIntoOtherProcesses_ASROnlyPerRuleExclusions","Option":"Write"},{"CIMType":"String","Description":"Block rebooting machine in Safe Mode - Depends on AttackSurfaceReductionRules (off: Off, block: Block, audit: Audit, warn: Warn)","Name":"BlockRebootingMachineInSafeMode","Option":"Write","ValueMap":["off","block","audit","warn"],"Values":["off","block","audit","warn"]},{"CIMType":"String[]","Description":"ASR Only Per Rule Exclusions","Name":"BlockRebootingMachineInSafeMode_ASROnlyPerRuleExclusions","Option":"Write"},{"CIMType":"String","Description":"Use advanced protection against ransomware - Depends on AttackSurfaceReductionRules (off: Off, block: Block, audit: Audit, warn: Warn)","Name":"UseAdvancedProtectionAgainstRansomware","Option":"Write","ValueMap":["off","block","audit","warn"],"Values":["off","block","audit","warn"]},{"CIMType":"String[]","Description":"ASR Only Per Rule Exclusions","Name":"UseAdvancedProtectionAgainstRansomware_ASROnlyPerRuleExclusions","Option":"Write"},{"CIMType":"String","Description":"Block executable content from email client and webmail - Depends on AttackSurfaceReductionRules (off: Off, block: Block, audit: Audit, warn: Warn)","Name":"BlockExecutableContentFromEmailClientAndWebmail","Option":"Write","ValueMap":["off","block","audit","warn"],"Values":["off","block","audit","warn"]},{"CIMType":"String[]","Description":"ASR Only Per Rule Exclusions","Name":"BlockExecutableContentFromEmailClientAndWebmail_ASROnlyPerRuleExclusions","Option":"Write"},{"CIMType":"SInt32","Description":"Cloud Block Level (0: NotConfigured, 2: High, 4: HighPlus, 6: ZeroTolerance)","Name":"CloudBlockLevel","Option":"Write","ValueMap":[0,2,4,6],"Values":[0,2,4,6]},{"CIMType":"SInt32","Description":"Cloud Extended Timeout","Name":"CloudExtendedTimeout","Option":"Write"},{"CIMType":"SInt32","Description":"Disable Local Admin Merge (0: Enable Local Admin Merge, 1: Disable Local Admin Merge)","Name":"DisableLocalAdminMerge","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Enable File Hash Computation (0: Disable, 1: Enable)","Name":"EnableFileHashComputation","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Enable Network Protection (0: Disabled, 1: Enabled (block mode), 2: Enabled (audit mode))","Name":"EnableNetworkProtection","Option":"Write","ValueMap":[0,1,2],"Values":[0,1,2]},{"CIMType":"SInt32","Description":"Hide Exclusions From Local Admins (1: If you enable this setting, local admins will no longer be able to see the exclusion list in Windows Security App or via PowerShell., 0: If you disable or do not configure this setting, local admins will be able to see exclusions in the Windows Security App and via PowerShell.)","Name":"HideExclusionsFromLocalAdmins","Option":"Write","ValueMap":[1,0],"Values":[1,0]},{"CIMType":"SInt32","Description":"PUA Protection (0: PUA Protection off. Windows Defender will not protect against potentially unwanted applications., 1: PUA Protection on. Detected items are blocked. They will show in history along with other threats., 2: Audit mode. Windows Defender will detect potentially unwanted applications, but take no action. You can review information about the applications Windows Defender would have taken action against by searching for events created by Windows Defender in the Event Viewer.)","Name":"PUAProtection","Option":"Write","ValueMap":[0,1,2],"Values":[0,1,2]},{"CIMType":"SInt32","Description":"Real Time Scan Direction (0: Monitor all files (bi-directional)., 1: Monitor incoming files., 2: Monitor outgoing files.)","Name":"RealTimeScanDirection","Option":"Write","ValueMap":[0,1,2],"Values":[0,1,2]},{"CIMType":"SInt32","Description":"Submit Samples Consent (0: Always prompt., 1: Send safe samples automatically., 2: Never send., 3: Send all samples automatically.)","Name":"SubmitSamplesConsent","Option":"Write","ValueMap":[0,1,2,3],"Values":[0,1,2,3]},{"CIMType":"SInt32","Description":"Configure System Guard Launch (0: Unmanaged Configurable by Administrative user, 1: Unmanaged Enables Secure Launch if supported by hardware, 2: Unmanaged Disables Secure Launch)","Name":"ConfigureSystemGuardLaunch","Option":"Write","ValueMap":[0,1,2],"Values":[0,1,2]},{"CIMType":"SInt32","Description":"Credential Guard (0: (Disabled) Turns off Credential Guard remotely if configured previously without UEFI Lock., 1: (Enabled with UEFI lock) Turns on Credential Guard with UEFI lock., 2: (Enabled without lock) Turns on Credential Guard without UEFI lock.)","Name":"LsaCfgFlags","Option":"Write","ValueMap":[0,1,2],"Values":[0,1,2]},{"CIMType":"SInt32","Description":"Enable Virtualization Based Security (0: disable virtualization based security., 1: enable virtualization based security.)","Name":"EnableVirtualizationBasedSecurity","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Require Platform Security Features (1: Turns on VBS with Secure Boot., 3: Turns on VBS with Secure Boot and direct memory access (DMA). DMA requires hardware support.)","Name":"RequirePlatformSecurityFeatures","Option":"Write","ValueMap":[1,3],"Values":[1,3]},{"CIMType":"SInt32","Description":"Device Password Enabled (0: Enabled, 1: Disabled)","Name":"DevicePasswordEnabled","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Device Password Expiration - Depends on DevicePasswordEnabled","Name":"DevicePasswordExpiration","Option":"Write"},{"CIMType":"SInt32","Description":"Min Device Password Length - Depends on DevicePasswordEnabled","Name":"MinDevicePasswordLength","Option":"Write"},{"CIMType":"SInt32","Description":"Alphanumeric Device Password Required - Depends on DevicePasswordEnabled (0: Password or Alphanumeric PIN required., 1: Password or Numeric PIN required., 2: Password, Numeric PIN, or Alphanumeric PIN required.)","Name":"AlphanumericDevicePasswordRequired","Option":"Write","ValueMap":[0,1,2],"Values":[0,1,2]},{"CIMType":"SInt32","Description":"Max Device Password Failed Attempts - Depends on DevicePasswordEnabled","Name":"MaxDevicePasswordFailedAttempts","Option":"Write"},{"CIMType":"SInt32","Description":"Min Device Password Complex Characters - Depends on DevicePasswordEnabled (1: Digits only, 2: Digits and lowercase letters are required, 3: Digits lowercase letters and uppercase letters are required. Not supported in desktop Microsoft accounts and domain accounts, 4: Digits lowercase letters uppercase letters and special characters are required. Not supported in desktop)","Name":"MinDevicePasswordComplexCharacters","Option":"Write","ValueMap":[1,2,3,4],"Values":[1,2,3,4]},{"CIMType":"SInt32","Description":"Max Inactivity Time Device Lock - Depends on DevicePasswordEnabled","Name":"MaxInactivityTimeDeviceLock","Option":"Write"},{"CIMType":"SInt32","Description":"Device Password History - Depends on DevicePasswordEnabled","Name":"DevicePasswordHistory","Option":"Write"},{"CIMType":"SInt32","Description":"Allow Simple Device Password - Depends on DevicePasswordEnabled (0: Not allowed., 1: Allowed.)","Name":"AllowSimpleDevicePassword","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Device Enumeration Policy (0: Block all (Most restrictive), 1: Only after log in/screen unlock, 2: Allow all (Least restrictive))","Name":"DeviceEnumerationPolicy","Option":"Write","ValueMap":[0,1,2],"Values":[0,1,2]},{"CIMType":"SInt32","Description":"Enable Insecure Guest Logons (0: Disabled, 1: Enabled)","Name":"EnableInsecureGuestLogons","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Accounts Limit Local Account Use Of Blank Passwords To Console Logon Only (0: Disabled, 1: Enabled)","Name":"Accounts_LimitLocalAccountUseOfBlankPasswordsToConsoleLogonOnly","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Interactive Logon Machine Inactivity Limit","Name":"InteractiveLogon_MachineInactivityLimit","Option":"Write"},{"CIMType":"SInt32","Description":"Interactive Logon Smart Card Removal Behavior (0: No Action, 1: Lock Workstation, 2: Force Logoff, 3: Disconnect if a Remote Desktop Services session)","Name":"InteractiveLogon_SmartCardRemovalBehavior","Option":"Write","ValueMap":[0,1,2,3],"Values":[0,1,2,3]},{"CIMType":"SInt32","Description":"Microsoft Network Client Digitally Sign Communications Always (1: Enable, 0: Disable)","Name":"MicrosoftNetworkClient_DigitallySignCommunicationsAlways","Option":"Write","ValueMap":[1,0],"Values":[1,0]},{"CIMType":"SInt32","Description":"Microsoft Network Client Send Unencrypted Password To Third Party SMB Servers (1: Enable, 0: Disable)","Name":"MicrosoftNetworkClient_SendUnencryptedPasswordToThirdPartySMBServers","Option":"Write","ValueMap":[1,0],"Values":[1,0]},{"CIMType":"SInt32","Description":"Microsoft Network Server Digitally Sign Communications Always (1: Enable, 0: Disable)","Name":"MicrosoftNetworkServer_DigitallySignCommunicationsAlways","Option":"Write","ValueMap":[1,0],"Values":[1,0]},{"CIMType":"SInt32","Description":"Network Access Do Not Allow Anonymous Enumeration Of SAM Accounts (1: Enabled, 0: Disabled)","Name":"NetworkAccess_DoNotAllowAnonymousEnumerationOfSAMAccounts","Option":"Write","ValueMap":[1,0],"Values":[1,0]},{"CIMType":"SInt32","Description":"Network Access Do Not Allow Anonymous Enumeration Of Sam Accounts And Shares (1: Enabled, 0: Disabled)","Name":"NetworkAccess_DoNotAllowAnonymousEnumerationOfSamAccountsAndShares","Option":"Write","ValueMap":[1,0],"Values":[1,0]},{"CIMType":"SInt32","Description":"Network Access Restrict Anonymous Access To Named Pipes And Shares (1: Enable, 0: Disable)","Name":"NetworkAccess_RestrictAnonymousAccessToNamedPipesAndShares","Option":"Write","ValueMap":[1,0],"Values":[1,0]},{"CIMType":"String","Description":"Network Access Restrict Clients Allowed To Make Remote Calls To SAM","Name":"NetworkAccess_RestrictClientsAllowedToMakeRemoteCallsToSAM","Option":"Write"},{"CIMType":"SInt32","Description":"Network Security Do Not Store LAN Manager Hash Value On Next Password Change (1: Enable, 0: Disable)","Name":"NetworkSecurity_DoNotStoreLANManagerHashValueOnNextPasswordChange","Option":"Write","ValueMap":[1,0],"Values":[1,0]},{"CIMType":"SInt32","Description":"Network Security LAN Manager Authentication Level (0: Send LM and NTLM responses, 1: Send LM and NTLM-use NTLMv2 session security if negotiated, 2: Send LM and NTLM responses only, 3: Send LM and NTLMv2 responses only, 4: Send LM and NTLMv2 responses only. Refuse LM, 5: Send LM and NTLMv2 responses only. Refuse LM and NTLM)","Name":"NetworkSecurity_LANManagerAuthenticationLevel","Option":"Write","ValueMap":[0,1,2,3,4,5],"Values":[0,1,2,3,4,5]},{"CIMType":"String","Description":"Network Security Minimum Session Security For NTLMSSP Based Clients (0: None, 524288: Require NTLMv2 session security, 536870912: Require 128-bit encryption, 537395200: Require NTLM and 128-bit encryption)","Name":"NetworkSecurity_MinimumSessionSecurityForNTLMSSPBasedClients","Option":"Write","ValueMap":["0","524288","536870912","537395200"],"Values":["0","524288","536870912","537395200"]},{"CIMType":"String","Description":"Network Security Minimum Session Security For NTLMSSP Based Servers (0: None, 524288: Require NTLMv2 session security, 536870912: Require 128-bit encryption, 537395200: Require NTLM and 128-bit encryption)","Name":"NetworkSecurity_MinimumSessionSecurityForNTLMSSPBasedServers","Option":"Write","ValueMap":["0","524288","536870912","537395200"],"Values":["0","524288","536870912","537395200"]},{"CIMType":"SInt32","Description":"User Account Control Behavior Of The Elevation Prompt For Administrators (0: Elevate without prompting, 1: Prompt for credentials on the secure desktop, 2: Prompt for consent on the secure desktop, 3: Prompt for credentials, 4: Prompt for consent, 5: Prompt for consent for non-Windows binaries)","Name":"UserAccountControl_BehaviorOfTheElevationPromptForAdministrators","Option":"Write","ValueMap":[0,1,2,3,4,5],"Values":[0,1,2,3,4,5]},{"CIMType":"SInt32","Description":"User Account Control Behavior Of The Elevation Prompt For Standard Users (0: Automatically deny elevation requests, 1: Prompt for credentials on the secure desktop, 3: Prompt for credentials)","Name":"UserAccountControl_BehaviorOfTheElevationPromptForStandardUsers","Option":"Write","ValueMap":[0,1,3],"Values":[0,1,3]},{"CIMType":"SInt32","Description":"User Account Control Detect Application Installations And Prompt For Elevation (1: Enable, 0: Disable)","Name":"UserAccountControl_DetectApplicationInstallationsAndPromptForElevation","Option":"Write","ValueMap":[1,0],"Values":[1,0]},{"CIMType":"SInt32","Description":"User Account Control Only Elevate UI Access Applications That Are Installed In Secure Locations (0: Disabled: Application runs with UIAccess integrity even if it does not reside in a secure location., 1: Enabled: Application runs with UIAccess integrity only if it resides in secure location.)","Name":"UserAccountControl_OnlyElevateUIAccessApplicationsThatAreInstalledInSecureLocations","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"User Account Control Run All Administrators In Admin Approval Mode (0: Disabled, 1: Enabled)","Name":"UserAccountControl_RunAllAdministratorsInAdminApprovalMode","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"User Account Control Use Admin Approval Mode (1: Enable, 0: Disable)","Name":"UserAccountControl_UseAdminApprovalMode","Option":"Write","ValueMap":[1,0],"Values":[1,0]},{"CIMType":"SInt32","Description":"User Account Control Virtualize File And Registry Write Failures To Per User Locations (0: Disabled, 1: Enabled)","Name":"UserAccountControl_VirtualizeFileAndRegistryWriteFailuresToPerUserLocations","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Configure Lsa Protected Process (0: Disabled. Default value. LSA will not run as protected process., 1: Enabled with UEFI lock. LSA will run as protected process and this configuration is UEFI locked., 2: Enabled without UEFI lock. LSA will run as protected process and this configuration is not UEFI locked.)","Name":"ConfigureLsaProtectedProcess","Option":"Write","ValueMap":[0,1,2],"Values":[0,1,2]},{"CIMType":"SInt32","Description":"Allow Game DVR (0: Not allowed., 1: Allowed.)","Name":"AllowGameDVR","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"MSI Allow User Control Over Install (0: Disabled, 1: Enabled)","Name":"MSIAllowUserControlOverInstall","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"MSI Always Install With Elevated Privileges (0: Disabled, 1: Enabled)","Name":"MSIAlwaysInstallWithElevatedPrivileges","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Configure Microsoft Defender SmartScreen (0: Disabled, 1: Enabled)","Name":"SmartScreenEnabled","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Prevent bypassing Microsoft Defender SmartScreen prompts for sites (0: Disabled, 1: Enabled)","Name":"MicrosoftEdge_SmartScreen_PreventSmartScreenPromptOverride","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Let Apps Activate With Voice Above Lock (0: User in control. Users can decide if Windows apps can be activated by voice while the screen is locked using Settings > Privacy options on the device., 1: Force allow. Windows apps can be activated by voice while the screen is locked, and users cannot change it., 2: Force deny. Windows apps cannot be activated by voice while the screen is locked, and users cannot change it.)","Name":"LetAppsActivateWithVoiceAboveLock","Option":"Write","ValueMap":[0,1,2],"Values":[0,1,2]},{"CIMType":"SInt32","Description":"Allow Indexing Encrypted Stores Or Items (0: Not allowed., 1: Allowed.)","Name":"AllowIndexingEncryptedStoresOrItems","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Enable Smart Screen In Shell (0: Disabled., 1: Enabled.)","Name":"EnableSmartScreenInShell","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Notify Malicious (0: Disabled, 1: Enabled)","Name":"NotifyMalicious","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Notify Password Reuse (0: Disabled, 1: Enabled)","Name":"NotifyPasswordReuse","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Notify Unsafe App (0: Disabled, 1: Enabled)","Name":"NotifyUnsafeApp","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Service Enabled (0: Disabled, 1: Enabled)","Name":"ServiceEnabled","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Prevent Override For Files In Shell (0: Do not prevent override., 1: Prevent override.)","Name":"PreventOverrideForFilesInShell","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Configure Xbox Accessory Management Service Startup Mode (2: Automatic, 3: Manual, 4: Disabled)","Name":"ConfigureXboxAccessoryManagementServiceStartupMode","Option":"Write","ValueMap":[2,3,4],"Values":[2,3,4]},{"CIMType":"SInt32","Description":"Configure Xbox Live Auth Manager Service Startup Mode (2: Automatic, 3: Manual, 4: Disabled)","Name":"ConfigureXboxLiveAuthManagerServiceStartupMode","Option":"Write","ValueMap":[2,3,4],"Values":[2,3,4]},{"CIMType":"SInt32","Description":"Configure Xbox Live Game Save Service Startup Mode (2: Automatic, 3: Manual, 4: Disabled)","Name":"ConfigureXboxLiveGameSaveServiceStartupMode","Option":"Write","ValueMap":[2,3,4],"Values":[2,3,4]},{"CIMType":"SInt32","Description":"Configure Xbox Live Networking Service Startup Mode (2: Automatic, 3: Manual, 4: Disabled)","Name":"ConfigureXboxLiveNetworkingServiceStartupMode","Option":"Write","ValueMap":[2,3,4],"Values":[2,3,4]},{"CIMType":"SInt32","Description":"Enable Xbox Game Save Task (0: Disabled, 1: Enabled)","Name":"EnableXboxGameSaveTask","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"String[]","Description":"Access From Network","Name":"AccessFromNetwork","Option":"Write"},{"CIMType":"String[]","Description":"Allow Local Log On","Name":"AllowLocalLogOn","Option":"Write"},{"CIMType":"String[]","Description":"Backup Files And Directories","Name":"BackupFilesAndDirectories","Option":"Write"},{"CIMType":"String[]","Description":"Create Global Objects","Name":"CreateGlobalObjects","Option":"Write"},{"CIMType":"String[]","Description":"Create Page File","Name":"CreatePageFile","Option":"Write"},{"CIMType":"String[]","Description":"Debug Programs","Name":"DebugPrograms","Option":"Write"},{"CIMType":"String[]","Description":"Deny Access From Network","Name":"DenyAccessFromNetwork","Option":"Write"},{"CIMType":"String[]","Description":"Deny Remote Desktop Services Log On","Name":"DenyRemoteDesktopServicesLogOn","Option":"Write"},{"CIMType":"String[]","Description":"Impersonate Client","Name":"ImpersonateClient","Option":"Write"},{"CIMType":"String[]","Description":"Load Unload Device Drivers","Name":"LoadUnloadDeviceDrivers","Option":"Write"},{"CIMType":"String[]","Description":"Manage Auditing And Security Log","Name":"ManageAuditingAndSecurityLog","Option":"Write"},{"CIMType":"String[]","Description":"Manage Volume","Name":"ManageVolume","Option":"Write"},{"CIMType":"String[]","Description":"Modify Firmware Environment","Name":"ModifyFirmwareEnvironment","Option":"Write"},{"CIMType":"String[]","Description":"Profile Single Process","Name":"ProfileSingleProcess","Option":"Write"},{"CIMType":"String[]","Description":"Remote Shutdown","Name":"RemoteShutdown","Option":"Write"},{"CIMType":"String[]","Description":"Restore Files And Directories","Name":"RestoreFilesAndDirectories","Option":"Write"},{"CIMType":"String[]","Description":"Take Ownership","Name":"TakeOwnership","Option":"Write"},{"CIMType":"SInt32","Description":"Hypervisor Enforced Code Integrity (0: (Disabled) Turns off Hypervisor-Protected Code Integrity remotely if configured previously without UEFI Lock., 1: (Enabled with UEFI lock) Turns on Hypervisor-Protected Code Integrity with UEFI lock., 2: (Enabled without lock) Turns on Hypervisor-Protected Code Integrity without UEFI lock.)","Name":"HypervisorEnforcedCodeIntegrity","Option":"Write","ValueMap":[0,1,2],"Values":[0,1,2]},{"CIMType":"SInt32","Description":"Allow Auto Connect To Wi Fi Sense Hotspots (0: Not allowed., 1: Allowed.)","Name":"AllowAutoConnectToWiFiSenseHotspots","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow Internet Sharing (0: Not allowed., 1: Allowed.)","Name":"AllowInternetSharing","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"String","Description":"Facial Features Use Enhanced Anti Spoofing (false: Disabled, true: Enabled)","Name":"FacialFeaturesUseEnhancedAntiSpoofing","Option":"Write","ValueMap":["false","true"],"Values":["false","true"]},{"CIMType":"SInt32","Description":"Allow Windows Ink Workspace (0: access to ink workspace is disabled. The feature is turned off., 1: ink workspace is enabled (feature is turned on), but the user cannot access it above the lock screen., 2: ink workspace is enabled (feature is turned on), and the user is allowed to use it above the lock screen.)","Name":"AllowWindowsInkWorkspace","Option":"Write","ValueMap":[0,1,2],"Values":[0,1,2]},{"CIMType":"SInt32","Description":"Backup Directory (0: Disabled (password will not be backed up), 1: Backup the password to Azure AD only, 2: Backup the password to Active Directory only)","Name":"BackupDirectory","Option":"Write","ValueMap":[0,1,2],"Values":[0,1,2]},{"CIMType":"SInt32","Description":"AD Encrypted Password History Size - Depends on BackupDirectory","Name":"ADEncryptedPasswordHistorySize","Option":"Write"},{"CIMType":"SInt32","Description":"Password Age Days - Depends on BackupDirectory","Name":"passwordagedays","Option":"Write"},{"CIMType":"String","Description":"AD Password Encryption Enabled - Depends on BackupDirectory (false: Store the password in clear-text form in Active Directory, true: Store the password in encrypted form in Active Directory)","Name":"ADPasswordEncryptionEnabled","Option":"Write","ValueMap":["false","true"],"Values":["false","true"]},{"CIMType":"SInt32","Description":"Password Age Days - Depends on BackupDirectory","Name":"passwordagedays_aad","Option":"Write"},{"CIMType":"String","Description":"AD Password Encryption Principal - Depends on BackupDirectory","Name":"ADPasswordEncryptionPrincipal","Option":"Write"},{"CIMType":"String","Description":"Password Expiration Protection Enabled - Depends on BackupDirectory (false: Allow configured password expiriration timestamp to exceed maximum password age, true: Do not allow configured password expiriration timestamp to exceed maximum password age)","Name":"PasswordExpirationProtectionEnabled","Option":"Write","ValueMap":["false","true"],"Values":["false","true"]},{"CIMType":"SInt32","Description":"Enable Convert Warn To Block (1: Warn verdicts are converted to block, 0: Warn verdicts are not converted to block)","Name":"EnableConvertWarnToBlock","Option":"Write","ValueMap":[1,0],"Values":[1,0]},{"CIMType":"SInt32","Description":"Hide Exclusions From Local Users (1: If you enable this setting, local users will no longer be able to see the exclusion list in Windows Security App or via PowerShell., 0: If you disable or do not configure this setting, local users will be able to see exclusions in the Windows Security App and via PowerShell.)","Name":"HideExclusionsFromLocalUsers","Option":"Write","ValueMap":[1,0],"Values":[1,0]},{"CIMType":"SInt32","Description":"Oobe Enable Rtp And Sig Update (1: If you enable this setting, real-time protection and Security Intelligence Updates are enabled during OOBE., 0: If you either disable or do not configure this setting, real-time protection and Security Intelligence Updates during OOBE is not enabled.)","Name":"OobeEnableRtpAndSigUpdate","Option":"Write","ValueMap":[1,0],"Values":[1,0]},{"CIMType":"SInt32[]","Description":"Passive Remediation (0: Passive Remediation is turned off (default), 1: PASSIVE_REMEDIATION_FLAG_SENSE_AUTO_REMEDIATION: Passive Remediation Sense AutoRemediation, 2: PASSIVE_REMEDIATION_FLAG_RTP_AUDIT: Passive Remediation Realtime Protection Audit, 4: PASSIVE_REMEDIATION_FLAG_RTP_REMEDIATION: Passive Remediation Realtime Protection Remediation)","Name":"PassiveRemediation","Option":"Write","ValueMap":[0,1,2,4],"Values":[0,1,2,4]},{"CIMType":"SInt32","Description":"Quick Scan Include Exclusions (0: If you set this setting to 0 or do not configure it, exclusions are not scanned during quick scans., 1: If you set this setting to 1, all files and directories that are excluded from real-time protection using contextual exclusions are scanned during a quick scan.)","Name":"QuickScanIncludeExclusions","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"PK Init Hash Algorithm Configuration (0: Disabled / Not Configured, 1: Enabled)","Name":"PKInitHashAlgorithmConfiguration","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"PK Init Hash Algorithm SHA256 - Depends on PKInitHashAlgorithmConfiguration (0: Not Supported, 1: Default, 2: Audited, 3: Supported)","Name":"PKInitHashAlgorithmSHA256","Option":"Write","ValueMap":[0,1,2,3],"Values":[0,1,2,3]},{"CIMType":"SInt32","Description":"PK Init Hash Algorithm SHA512 - Depends on PKInitHashAlgorithmConfiguration (0: Not Supported, 1: Default, 2: Audited, 3: Supported)","Name":"PKInitHashAlgorithmSHA512","Option":"Write","ValueMap":[0,1,2,3],"Values":[0,1,2,3]},{"CIMType":"SInt32","Description":"PK Init Hash Algorithm SHA384 - Depends on PKInitHashAlgorithmConfiguration (0: Not Supported, 1: Default, 2: Audited, 3: Supported)","Name":"PKInitHashAlgorithmSHA384","Option":"Write","ValueMap":[0,1,2,3],"Values":[0,1,2,3]},{"CIMType":"SInt32","Description":"PK Init Hash Algorithm SHA1 - Depends on PKInitHashAlgorithmConfiguration (0: Not Supported, 1: Default, 2: Audited, 3: Supported)","Name":"PKInitHashAlgorithmSHA1","Option":"Write","ValueMap":[0,1,2,3],"Values":[0,1,2,3]},{"CIMType":"SInt32","Description":"Enable Sudo (0: Sudo is disabled., 1: Sudo is allowed in 'force new window' mode., 2: Sudo is allowed in 'disable input' mode., 3: Sudo is allowed in 'inline' mode.)","Name":"EnableSudo","Option":"Write","ValueMap":[0,1,2,3],"Values":[0,1,2,3]},{"CIMType":"SInt32","Description":"Machine Identity Isolation (0: (Disabled) Machine password is only LSASS-bound and stored in $MACHINE.ACC registry key., 1: (Enabled in audit mode) Machine password both LSASS-bound and IUM-bound. It is stored in $MACHINE.ACC and $MACHINE.ACC.IUM registry keys., 2: (Enabled in enforcement mode) Machine password is only IUM-bound and stored in $MACHINE.ACC.IUM registry key.)","Name":"MachineIdentityIsolation","Option":"Write","ValueMap":[0,1,2],"Values":[0,1,2]},{"CIMType":"SInt32","Description":"Audit Client Does Not Support Encryption (0: Disabled, 1: Enabled)","Name":"AuditClientDoesNotSupportEncryption","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Audit Client Does Not Support Signing (0: Disabled, 1: Enabled)","Name":"AuditClientDoesNotSupportSigning","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Audit Insecure Guest Logon (0: Disabled, 1: Enabled)","Name":"LanmanServer_AuditInsecureGuestLogon","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Auth Rate Limiter Delay In Ms","Name":"AuthRateLimiterDelayInMs","Option":"Write"},{"CIMType":"SInt32","Description":"Enable Auth Rate Limiter (0: Disabled, 1: Enabled)","Name":"EnableAuthRateLimiter","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Enable Mailslots (0: Disabled, 1: Enabled)","Name":"LanmanServer_EnableMailslots","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Max Smb2 Dialect (514: SMB 2.0.2, 528: SMB 2.1.0, 768: SMB 3.0.0, 770: SMB 3.0.2, 785: SMB 3.1.1)","Name":"LanmanServer_MaxSmb2Dialect","Option":"Write","ValueMap":[514,528,768,770,785],"Values":[514,528,768,770,785]},{"CIMType":"SInt32","Description":"Min Smb2 Dialect (514: SMB 2.0.2, 528: SMB 2.1.0, 768: SMB 3.0.0, 770: SMB 3.0.2, 785: SMB 3.1.1)","Name":"LanmanServer_MinSmb2Dialect","Option":"Write","ValueMap":[514,528,768,770,785],"Values":[514,528,768,770,785]},{"CIMType":"SInt32","Description":"Audit Insecure Guest Logon (0: Disabled, 1: Enabled)","Name":"LanmanWorkstation_AuditInsecureGuestLogon","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Audit Server Does Not Support Encryption (0: Disabled, 1: Enabled)","Name":"AuditServerDoesNotSupportEncryption","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Audit Server Does Not Support Signing (0: Disabled, 1: Enabled)","Name":"AuditServerDoesNotSupportSigning","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Enable Mailslots (0: Disabled, 1: Enabled)","Name":"LanmanWorkstation_EnableMailslots","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Max Smb2 Dialect (514: SMB 2.0.2, 528: SMB 2.1.0, 768: SMB 3.0.0, 770: SMB 3.0.2, 785: SMB 3.1.1)","Name":"LanmanWorkstation_MaxSmb2Dialect","Option":"Write","ValueMap":[514,528,768,770,785],"Values":[514,528,768,770,785]},{"CIMType":"SInt32","Description":"Min Smb2 Dialect (514: SMB 2.0.2, 528: SMB 2.1.0, 768: SMB 3.0.0, 770: SMB 3.0.2, 785: SMB 3.1.1)","Name":"LanmanWorkstation_MinSmb2Dialect","Option":"Write","ValueMap":[514,528,768,770,785],"Values":[514,528,768,770,785]},{"CIMType":"SInt32","Description":"Require Encryption (0: Disabled, 1: Enabled)","Name":"RequireEncryption","Option":"Write","ValueMap":[0,1],"Values":[0,1]}],"Description":"Intune Security Baseline for Windows10"},{"ClassName":"MSFT_MicrosoftGraphIntuneSettingsCatalogUserSettings_IntuneSecurityBaselineWindows10","Parameters":[{"CIMType":"SInt32","Description":"Turn off toast notifications on the lock screen (User) (0: Disabled, 1: Enabled)","Name":"NoLockScreenToastNotification","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Turn on the auto-complete feature for user names and passwords on forms (User) (0: Disabled, 1: Enabled)","Name":"RestrictFormSuggestPW","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Prompt me to save passwords (User) - Depends on RestrictFormSuggestPW (0: False, 1: True)","Name":"ChkBox_PasswordAsk","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow Windows Spotlight (User) (0: Not allowed., 1: Allowed.)","Name":"AllowWindowsSpotlight","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow Windows Tips - Depends on AllowWindowsSpotlight (0: Disabled., 1: Enabled.)","Name":"AllowWindowsTips","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow Tailored Experiences With Diagnostic Data (User) - Depends on AllowWindowsSpotlight (0: Not allowed., 1: Allowed.)","Name":"AllowTailoredExperiencesWithDiagnosticData","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow Windows Spotlight On Action Center (User) - Depends on AllowWindowsSpotlight (0: Not allowed., 1: Allowed.)","Name":"AllowWindowsSpotlightOnActionCenter","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow Windows Consumer Features - Depends on AllowWindowsSpotlight (0: Not allowed., 1: Allowed.)","Name":"AllowWindowsConsumerFeatures","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Configure Windows Spotlight On Lock Screen (User) - Depends on AllowWindowsSpotlight (0: Windows spotlight disabled., 1: Windows spotlight enabled., 2: Windows spotlight is always enabled, the user cannot disable it, 3: Windows spotlight is always enabled, the user cannot disable it. For special configurations only)","Name":"ConfigureWindowsSpotlightOnLockScreen","Option":"Write","ValueMap":[0,1,2,3],"Values":[0,1,2,3]},{"CIMType":"SInt32","Description":"Allow Windows Spotlight Windows Welcome Experience (User) - Depends on AllowWindowsSpotlight (0: Not allowed., 1: Allowed.)","Name":"AllowWindowsSpotlightWindowsWelcomeExperience","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow Third Party Suggestions In Windows Spotlight (User) - Depends on AllowWindowsSpotlight (0: Third-party suggestions not allowed., 1: Third-party suggestions allowed.)","Name":"AllowThirdPartySuggestionsInWindowsSpotlight","Option":"Write","ValueMap":[0,1],"Values":[0,1]}],"Description":"Intune Security Baseline for Windows10"},{"ClassName":"MSFT_IntuneSecurityBaselineWindows10","Parameters":[{"CIMType":"String","Description":"Policy description","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Policy name","Name":"DisplayName","Option":"Key"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphIntuneSettingsCatalogDeviceSettings_IntuneSecurityBaselineWindows10","Description":"The policy settings for the device scope.","Name":"DeviceSettings","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphIntuneSettingsCatalogUserSettings_IntuneSecurityBaselineWindows10","Description":"The policy settings for the user scope.","Name":"UserSettings","Option":"Write"},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Security Baseline for Windows10"},{"ClassName":"MSFT_MicrosoftGraphIntuneSettingsCatalogDeviceSettings_IntuneSecurityBaselineWindows365","Parameters":[{"CIMType":"SInt32","Description":"Prevent enabling lock screen camera (0: Disabled, 1: Enabled)","Name":"CPL_Personalization_NoLockScreenCamera","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Prevent enabling lock screen slide show (0: Disabled, 1: Enabled)","Name":"CPL_Personalization_NoLockScreenSlideshow","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Apply UAC restrictions to local accounts on network logons (0: Disabled, 1: Enabled)","Name":"Pol_SecGuide_0201_LATFP","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Configure SMB v1 client driver (0: Disabled, 1: Enabled)","Name":"Pol_SecGuide_0002_SMBv1_ClientDriver","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Configure MrxSmb10 driver - Depends on Pol_SecGuide_0002_SMBv1_ClientDriver (4: Disable driver (recommended), 3: Manual start (default for Win7/2008/2008R2/2012), 2: Automatic start (default for Win8.1/2012R2/newer))","Name":"Pol_SecGuide_SMB1ClientDriver","Option":"Write","ValueMap":[4,3,2],"Values":[4,3,2]},{"CIMType":"SInt32","Description":"Configure SMB v1 server (0: Disabled, 1: Enabled)","Name":"Pol_SecGuide_0001_SMBv1_Server","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Enable Structured Exception Handling Overwrite Protection (SEHOP) (0: Disabled, 1: Enabled)","Name":"Pol_SecGuide_0102_SEHOP","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"WDigest Authentication (disabling may require KB2871997) (0: Disabled, 1: Enabled)","Name":"Pol_SecGuide_0202_WDigestAuthn","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"MSS: (DisableIPSourceRouting IPv6) IP source routing protection level (protects against packet spoofing) (0: Disabled, 1: Enabled)","Name":"Pol_MSS_DisableIPSourceRoutingIPv6","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"DisableIPSourceRoutingIPv6 (Device) - Depends on Pol_MSS_DisableIPSourceRoutingIPv6 (0: No additional protection, source routed packets are allowed, 1: Medium, source routed packets ignored when IP forwarding is enabled, 2: Highest protection, source routing is completely disabled)","Name":"DisableIPSourceRoutingIPv6","Option":"Write","ValueMap":[0,1,2],"Values":[0,1,2]},{"CIMType":"SInt32","Description":"MSS: (DisableIPSourceRouting) IP source routing protection level (protects against packet spoofing) (0: Disabled, 1: Enabled)","Name":"Pol_MSS_DisableIPSourceRouting","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"DisableIPSourceRouting (Device) - Depends on Pol_MSS_DisableIPSourceRouting (0: No additional protection, source routed packets are allowed, 1: Medium, source routed packets ignored when IP forwarding is enabled, 2: Highest protection, source routing is completely disabled)","Name":"DisableIPSourceRouting","Option":"Write","ValueMap":[0,1,2],"Values":[0,1,2]},{"CIMType":"SInt32","Description":"MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes (0: Disabled, 1: Enabled)","Name":"Pol_MSS_EnableICMPRedirect","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"MSS: (NoNameReleaseOnDemand) Allow the computer to ignore NetBIOS name release requests except from WINS servers (0: Disabled, 1: Enabled)","Name":"Pol_MSS_NoNameReleaseOnDemand","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Turn off multicast name resolution (0: Disabled, 1: Enabled)","Name":"Turn_Off_Multicast","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Prohibit use of Internet Connection Sharing on your DNS domain network (0: Disabled, 1: Enabled)","Name":"NC_ShowSharedAccessUI","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Hardened UNC Paths (0: Disabled, 1: Enabled)","Name":"hardeneduncpaths_Pol_HardenedPaths","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"MSFT_MicrosoftGraphIntuneSettingsCatalogpol_hardenedpaths[]","Description":"Hardened UNC Paths: (Device) - Depends on hardeneduncpaths_Pol_HardenedPaths","Name":"pol_hardenedpaths","Option":"Write"},{"CIMType":"SInt32","Description":"Prohibit connection to non-domain networks when connected to domain authenticated network (0: Disabled, 1: Enabled)","Name":"WCM_BlockNonDomain","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Encryption Oracle Remediation (0: Disabled, 1: Enabled)","Name":"AllowEncryptionOracle","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Protection Level: (Device) - Depends on AllowEncryptionOracle (0: Force Updated Clients, 1: Mitigated, 2: Vulnerable)","Name":"AllowEncryptionOracleDrop","Option":"Write","ValueMap":[0,1,2],"Values":[0,1,2]},{"CIMType":"SInt32","Description":"Remote host allows delegation of non-exportable credentials (0: Disabled, 1: Enabled)","Name":"AllowProtectedCreds","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Prevent installation of devices using drivers that match these device setup classes (0: Disabled, 1: Enabled)","Name":"DeviceInstall_Classes_Deny","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"String[]","Description":"Prevented Classes - Depends on DeviceInstall_Classes_Deny","Name":"DeviceInstall_Classes_Deny_List","Option":"Write"},{"CIMType":"SInt32","Description":"Also apply to matching devices that are already installed. - Depends on DeviceInstall_Classes_Deny (0: False, 1: True)","Name":"DeviceInstall_Classes_Deny_Retroactive","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Boot-Start Driver Initialization Policy (0: Disabled, 1: Enabled)","Name":"POL_DriverLoadPolicy_Name","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Choose the boot-start drivers that can be initialized: - Depends on POL_DriverLoadPolicy_Name (8: Good only, 1: Good and unknown, 3: Good, unknown and bad but critical, 7: All)","Name":"SelectDriverLoadPolicy","Option":"Write","ValueMap":[8,1,3,7],"Values":[8,1,3,7]},{"CIMType":"SInt32","Description":"Configure registry policy processing (0: Disabled, 1: Enabled)","Name":"CSE_Registry","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Do not apply during periodic background processing (Device) - Depends on CSE_Registry (0: False, 1: True)","Name":"CSE_NOBACKGROUND10","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Process even if the Group Policy objects have not changed (Device) - Depends on CSE_Registry (0: False, 1: True)","Name":"CSE_NOCHANGES10","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Turn off downloading of print drivers over HTTP (0: Disabled, 1: Enabled)","Name":"DisableWebPnPDownload_2","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Turn off Internet download for Web publishing and online ordering wizards (0: Disabled, 1: Enabled)","Name":"ShellPreventWPWDownload_2","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Configure Solicited Remote Assistance (0: Disabled, 1: Enabled)","Name":"RA_Solicit","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Maximum ticket time (units): - Depends on RA_Solicit (0: Minutes, 1: Hours, 2: Days)","Name":"RA_Solicit_ExpireUnits_List","Option":"Write","ValueMap":[0,1,2],"Values":[0,1,2]},{"CIMType":"SInt32","Description":"Maximum ticket time (value): - Depends on RA_Solicit","Name":"RA_Solicit_ExpireValue_Edt","Option":"Write"},{"CIMType":"SInt32","Description":"Permit remote control of this computer: - Depends on RA_Solicit (1: Allow helpers to remotely control the computer, 0: Allow helpers to only view the computer)","Name":"RA_Solicit_Control_List","Option":"Write","ValueMap":[1,0],"Values":[1,0]},{"CIMType":"SInt32","Description":"Method for sending email invitations: - Depends on RA_Solicit (0: Simple MAPI, 1: Mailto)","Name":"RA_Solicit_Mailto_List","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Restrict Unauthenticated RPC clients (0: Disabled, 1: Enabled)","Name":"RpcRestrictRemoteClients","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"RPC Runtime Unauthenticated Client Restriction to Apply: - Depends on RpcRestrictRemoteClients (0: None, 1: Authenticated, 2: Authenticated without exceptions)","Name":"RpcRestrictRemoteClientsList","Option":"Write","ValueMap":[0,1,2],"Values":[0,1,2]},{"CIMType":"SInt32","Description":"Allow Microsoft accounts to be optional (0: Disabled, 1: Enabled)","Name":"AppxRuntimeMicrosoftAccountsOptional","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Disallow Autoplay for non-volume devices (0: Disabled, 1: Enabled)","Name":"NoAutoplayfornonVolume","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Set the default behavior for AutoRun (0: Disabled, 1: Enabled)","Name":"NoAutorun","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Default AutoRun Behavior - Depends on NoAutorun (1: Do not execute any autorun commands, 2: Automatically execute autorun commands)","Name":"NoAutorun_Dropdown","Option":"Write","ValueMap":[1,2],"Values":[1,2]},{"CIMType":"SInt32","Description":"Turn off Autoplay (0: Disabled, 1: Enabled)","Name":"Autorun","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Turn off Autoplay on: - Depends on Autorun (181: CD-ROM and removable media drives, 255: All drives)","Name":"Autorun_Box","Option":"Write","ValueMap":[181,255],"Values":[181,255]},{"CIMType":"SInt32","Description":"Enumerate administrator accounts on elevation (0: Disabled, 1: Enabled)","Name":"EnumerateAdministrators","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Specify the maximum log file size (KB) (0: Disabled, 1: Enabled)","Name":"Channel_LogMaxSize_1","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Maximum Log Size (KB) - Depends on Channel_LogMaxSize_1","Name":"Channel_LogMaxSize_1_Channel_LogMaxSize","Option":"Write"},{"CIMType":"SInt32","Description":"Specify the maximum log file size (KB) (0: Disabled, 1: Enabled)","Name":"Channel_LogMaxSize_2","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Maximum Log Size (KB) - Depends on Channel_LogMaxSize_2","Name":"Channel_LogMaxSize_2_Channel_LogMaxSize","Option":"Write"},{"CIMType":"SInt32","Description":"Specify the maximum log file size (KB) (0: Disabled, 1: Enabled)","Name":"Channel_LogMaxSize_4","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Maximum Log Size (KB) - Depends on Channel_LogMaxSize_4","Name":"Channel_LogMaxSize_4_Channel_LogMaxSize","Option":"Write"},{"CIMType":"SInt32","Description":"Configure Windows Defender SmartScreen (0: Disabled, 1: Enabled)","Name":"EnableSmartScreen","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"String","Description":"Pick one of the following settings: (Device) - Depends on EnableSmartScreen (block: Warn and prevent bypass, warn: Warn)","Name":"EnableSmartScreenDropdown","Option":"Write","ValueMap":["block","warn"],"Values":["block","warn"]},{"CIMType":"SInt32","Description":"Turn off Data Execution Prevention for Explorer (0: Disabled, 1: Enabled)","Name":"NoDataExecutionPrevention","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Turn off heap termination on corruption (0: Disabled, 1: Enabled)","Name":"NoHeapTerminationOnCorruption","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow software to run or install even if the signature is invalid (0: Disabled, 1: Enabled)","Name":"Advanced_InvalidSignatureBlock","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Check for server certificate revocation (0: Disabled, 1: Enabled)","Name":"Advanced_CertificateRevocation","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Check for signatures on downloaded programs (0: Disabled, 1: Enabled)","Name":"Advanced_DownloadSignatures","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Do not allow ActiveX controls to run in Protected Mode when Enhanced Protected Mode is enabled (0: Disabled, 1: Enabled)","Name":"Advanced_DisableEPMCompat","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Turn off encryption support (0: Disabled, 1: Enabled)","Name":"Advanced_SetWinInetProtocols","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"String","Description":"Secure Protocol combinations - Depends on Advanced_SetWinInetProtocols (0: Use no secure protocols, 8: Only use SSL 2.0, 32: Only use SSL 3.0, 40: Use SSL 2.0 and SSL 3.0, 128: Only use TLS 1.0, 136: Use SSL 2.0 and TLS 1.0, 160: Use SSL 3.0 and TLS 1.0, 168: Use SSL 2.0, SSL 3.0, and TLS 1.0, 512: Only use TLS 1.1, 520: Use SSL 2.0 and TLS 1.1, 544: Use SSL 3.0 and TLS 1.1, 552: Use SSL 2.0, SSL 3.0, and TLS 1.1, 640: Use TLS 1.0 and TLS 1.1, 648: Use SSL 2.0, TLS 1.0, and TLS 1.1, 672: Use SSL 3.0, TLS 1.0, and TLS 1.1, 680: Use SSL 2.0, SSL 3.0, TLS 1.0, and TLS 1.1, 2048: Only use TLS 1.2, 2056: Use SSL 2.0 and TLS 1.2, 2080: Use SSL 3.0 and TLS 1.2, 2088: Use SSL 2.0, SSL 3.0, and TLS 1.2, 2176: Use TLS 1.0 and TLS 1.2, 2184: Use SSL 2.0, TLS 1.0, and TLS 1.2, 2208: Use SSL 3.0, TLS 1.0, and TLS 1.2, 2216: Use SSL 2.0, SSL 3.0, TLS 1.0, and TLS 1.2, 2560: Use TLS 1.1 and TLS 1.2, 2568: Use SSL 2.0, TLS 1.1, and TLS 1.2, 2592: Use SSL 3.0, TLS 1.1, and TLS 1.2, 2600: Use SSL 2.0, SSL 3.0, TLS 1.1, and TLS 1.2, 2688: Use TLS 1.0, TLS 1.1, and TLS 1.2, 2696: Use SSL 2.0, TLS 1.0, TLS 1.1, and TLS 1.2, 2720: Use SSL 3.0, TLS 1.0, TLS 1.1, and TLS 1.2, 2728: Use SSL 2.0, SSL 3.0, TLS 1.0, TLS 1.1, and TLS 1.2, 8192: Only use TLS 1.3, 10240: Use TLS 1.2 and TLS 1.3, 10752: Use TLS 1.1, TLS 1.2, and TLS 1.3, 10880: Use TLS 1.0, TLS 1.1, TLS 1.2, and TLS 1.3, 10912: Use SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2, and TLS 1.3)","Name":"Advanced_WinInetProtocolOptions","Option":"Write","ValueMap":["0","8","32","40","128","136","160","168","512","520","544","552","640","648","672","680","2048","2056","2080","2088","2176","2184","2208","2216","2560","2568","2592","2600","2688","2696","2720","2728","8192","10240","10752","10880","10912"],"Values":["0","8","32","40","128","136","160","168","512","520","544","552","640","648","672","680","2048","2056","2080","2088","2176","2184","2208","2216","2560","2568","2592","2600","2688","2696","2720","2728","8192","10240","10752","10880","10912"]},{"CIMType":"SInt32","Description":"Turn on 64-bit tab processes when running in Enhanced Protected Mode on 64-bit versions of Windows (0: Disabled, 1: Enabled)","Name":"Advanced_EnableEnhancedProtectedMode64Bit","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Turn on Enhanced Protected Mode (0: Disabled, 1: Enabled)","Name":"Advanced_EnableEnhancedProtectedMode","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Prevent ignoring certificate errors (0: Disabled, 1: Enabled)","Name":"NoCertError","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Access data sources across domains (0: Disabled, 1: Enabled)","Name":"IZ_PolicyAccessDataSourcesAcrossDomains_1","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Access data sources across domains - Depends on IZ_PolicyAccessDataSourcesAcrossDomains_1 (0: Enable, 3: Disable, 1: Prompt)","Name":"IZ_PolicyAccessDataSourcesAcrossDomains_1_IZ_Partname1406","Option":"Write","ValueMap":[0,3,1],"Values":[0,3,1]},{"CIMType":"SInt32","Description":"Allow cut, copy or paste operations from the clipboard via script (0: Disabled, 1: Enabled)","Name":"IZ_PolicyAllowPasteViaScript_1","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow paste operations via script - Depends on IZ_PolicyAllowPasteViaScript_1 (0: Enable, 3: Disable, 1: Prompt)","Name":"IZ_PolicyAllowPasteViaScript_1_IZ_Partname1407","Option":"Write","ValueMap":[0,3,1],"Values":[0,3,1]},{"CIMType":"SInt32","Description":"Allow drag and drop or copy and paste files (0: Disabled, 1: Enabled)","Name":"IZ_PolicyDropOrPasteFiles_1","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow drag and drop or copy and paste files - Depends on IZ_PolicyDropOrPasteFiles_1 (0: Enable, 3: Disable, 1: Prompt)","Name":"IZ_PolicyDropOrPasteFiles_1_IZ_Partname1802","Option":"Write","ValueMap":[0,3,1],"Values":[0,3,1]},{"CIMType":"SInt32","Description":"Allow loading of XAML files (0: Disabled, 1: Enabled)","Name":"IZ_Policy_XAML_1","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"XAML Files - Depends on IZ_Policy_XAML_1 (0: Enable, 3: Disable, 1: Prompt)","Name":"IZ_Policy_XAML_1_IZ_Partname2402","Option":"Write","ValueMap":[0,3,1],"Values":[0,3,1]},{"CIMType":"SInt32","Description":"Allow only approved domains to use ActiveX controls without prompt (0: Disabled, 1: Enabled)","Name":"IZ_PolicyOnlyAllowApprovedDomainsToUseActiveXWithoutPrompt_Both_Internet","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Only allow approved domains to use ActiveX controls without prompt - Depends on IZ_PolicyOnlyAllowApprovedDomainsToUseActiveXWithoutPrompt_Both_Internet (3: Enable, 0: Disable)","Name":"IZ_PolicyOnlyAllowApprovedDomainsToUseActiveXWithoutPrompt_Both_Internet_IZ_Partname120b","Option":"Write","ValueMap":[3,0],"Values":[3,0]},{"CIMType":"SInt32","Description":"Allow only approved domains to use the TDC ActiveX control (0: Disabled, 1: Enabled)","Name":"IZ_PolicyAllowTDCControl_Both_Internet","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Only allow approved domains to use the TDC ActiveX control - Depends on IZ_PolicyAllowTDCControl_Both_Internet (3: Enable, 0: Disable)","Name":"IZ_PolicyAllowTDCControl_Both_Internet_IZ_Partname120c","Option":"Write","ValueMap":[3,0],"Values":[3,0]},{"CIMType":"SInt32","Description":"Allow script-initiated windows without size or position constraints (0: Disabled, 1: Enabled)","Name":"IZ_PolicyWindowsRestrictionsURLaction_1","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow script-initiated windows without size or position constraints - Depends on IZ_PolicyWindowsRestrictionsURLaction_1 (0: Enable, 3: Disable)","Name":"IZ_PolicyWindowsRestrictionsURLaction_1_IZ_Partname2102","Option":"Write","ValueMap":[0,3],"Values":[0,3]},{"CIMType":"SInt32","Description":"Allow scripting of Internet Explorer WebBrowser controls (0: Disabled, 1: Enabled)","Name":"IZ_Policy_WebBrowserControl_1","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Internet Explorer web browser control - Depends on IZ_Policy_WebBrowserControl_1 (0: Enable, 3: Disable)","Name":"IZ_Policy_WebBrowserControl_1_IZ_Partname1206","Option":"Write","ValueMap":[0,3],"Values":[0,3]},{"CIMType":"SInt32","Description":"Allow scriptlets (0: Disabled, 1: Enabled)","Name":"IZ_Policy_AllowScriptlets_1","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Scriptlets - Depends on IZ_Policy_AllowScriptlets_1 (0: Enable, 3: Disable)","Name":"IZ_Policy_AllowScriptlets_1_IZ_Partname1209","Option":"Write","ValueMap":[0,3],"Values":[0,3]},{"CIMType":"SInt32","Description":"Allow updates to status bar via script (0: Disabled, 1: Enabled)","Name":"IZ_Policy_ScriptStatusBar_1","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Status bar updates via script - Depends on IZ_Policy_ScriptStatusBar_1 (0: Enable, 3: Disable)","Name":"IZ_Policy_ScriptStatusBar_1_IZ_Partname2103","Option":"Write","ValueMap":[0,3],"Values":[0,3]},{"CIMType":"SInt32","Description":"Allow VBScript to run in Internet Explorer (0: Disabled, 1: Enabled)","Name":"IZ_PolicyAllowVBScript_1","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow VBScript to run in Internet Explorer - Depends on IZ_PolicyAllowVBScript_1 (0: Enable, 3: Disable, 1: Prompt)","Name":"IZ_PolicyAllowVBScript_1_IZ_Partname140C","Option":"Write","ValueMap":[0,3,1],"Values":[0,3,1]},{"CIMType":"SInt32","Description":"Automatic prompting for file downloads (0: Disabled, 1: Enabled)","Name":"IZ_PolicyNotificationBarDownloadURLaction_1","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Automatic prompting for file downloads - Depends on IZ_PolicyNotificationBarDownloadURLaction_1 (0: Enable, 3: Disable)","Name":"IZ_PolicyNotificationBarDownloadURLaction_1_IZ_Partname2200","Option":"Write","ValueMap":[0,3],"Values":[0,3]},{"CIMType":"SInt32","Description":"Don't run antimalware programs against ActiveX controls (0: Disabled, 1: Enabled)","Name":"IZ_PolicyAntiMalwareCheckingOfActiveXControls_1","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Don't run antimalware programs against ActiveX controls - Depends on IZ_PolicyAntiMalwareCheckingOfActiveXControls_1 (3: Enable, 0: Disable)","Name":"IZ_PolicyAntiMalwareCheckingOfActiveXControls_1_IZ_Partname270C","Option":"Write","ValueMap":[3,0],"Values":[3,0]},{"CIMType":"SInt32","Description":"Download signed ActiveX controls (0: Disabled, 1: Enabled)","Name":"IZ_PolicyDownloadSignedActiveX_1","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Download signed ActiveX controls - Depends on IZ_PolicyDownloadSignedActiveX_1 (0: Enable, 3: Disable, 1: Prompt)","Name":"IZ_PolicyDownloadSignedActiveX_1_IZ_Partname1001","Option":"Write","ValueMap":[0,3,1],"Values":[0,3,1]},{"CIMType":"SInt32","Description":"Download unsigned ActiveX controls (0: Disabled, 1: Enabled)","Name":"IZ_PolicyDownloadUnsignedActiveX_1","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Download unsigned ActiveX controls - Depends on IZ_PolicyDownloadUnsignedActiveX_1 (0: Enable, 3: Disable, 1: Prompt)","Name":"IZ_PolicyDownloadUnsignedActiveX_1_IZ_Partname1004","Option":"Write","ValueMap":[0,3,1],"Values":[0,3,1]},{"CIMType":"SInt32","Description":"Enable dragging of content from different domains across windows (0: Disabled, 1: Enabled)","Name":"IZ_PolicyDragDropAcrossDomainsAcrossWindows_Both_Internet","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Enable dragging of content from different domains across windows - Depends on IZ_PolicyDragDropAcrossDomainsAcrossWindows_Both_Internet (0: Enable, 3: Disable)","Name":"IZ_PolicyDragDropAcrossDomainsAcrossWindows_Both_Internet_IZ_Partname2709","Option":"Write","ValueMap":[0,3],"Values":[0,3]},{"CIMType":"SInt32","Description":"Enable dragging of content from different domains within a window (0: Disabled, 1: Enabled)","Name":"IZ_PolicyDragDropAcrossDomainsWithinWindow_Both_Internet","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Enable dragging of content from different domains within a window - Depends on IZ_PolicyDragDropAcrossDomainsWithinWindow_Both_Internet (0: Enable, 3: Disable)","Name":"IZ_PolicyDragDropAcrossDomainsWithinWindow_Both_Internet_IZ_Partname2708","Option":"Write","ValueMap":[0,3],"Values":[0,3]},{"CIMType":"SInt32","Description":"Include local path when user is uploading files to a server (0: Disabled, 1: Enabled)","Name":"IZ_Policy_LocalPathForUpload_1","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Include local directory path when uploading files to a server - Depends on IZ_Policy_LocalPathForUpload_1 (0: Enable, 3: Disable)","Name":"IZ_Policy_LocalPathForUpload_1_IZ_Partname160A","Option":"Write","ValueMap":[0,3],"Values":[0,3]},{"CIMType":"SInt32","Description":"Initialize and script ActiveX controls not marked as safe (0: Disabled, 1: Enabled)","Name":"IZ_PolicyScriptActiveXNotMarkedSafe_1","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Initialize and script ActiveX controls not marked as safe - Depends on IZ_PolicyScriptActiveXNotMarkedSafe_1 (0: Enable, 3: Disable, 1: Prompt)","Name":"IZ_PolicyScriptActiveXNotMarkedSafe_1_IZ_Partname1201","Option":"Write","ValueMap":[0,3,1],"Values":[0,3,1]},{"CIMType":"SInt32","Description":"Java permissions (0: Disabled, 1: Enabled)","Name":"IZ_PolicyJavaPermissions_1","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"String","Description":"Java permissions - Depends on IZ_PolicyJavaPermissions_1 (65536: High safety, 131072: Medium safety, 196608: Low safety, 8388608: Custom, 0: Disable Java)","Name":"IZ_PolicyJavaPermissions_1_IZ_Partname1C00","Option":"Write","ValueMap":["65536","131072","196608","8388608","0"],"Values":["65536","131072","196608","8388608","0"]},{"CIMType":"SInt32","Description":"Launching applications and files in an IFRAME (0: Disabled, 1: Enabled)","Name":"IZ_PolicyLaunchAppsAndFilesInIFRAME_1","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Launching applications and files in an IFRAME - Depends on IZ_PolicyLaunchAppsAndFilesInIFRAME_1 (0: Enable, 3: Disable, 1: Prompt)","Name":"IZ_PolicyLaunchAppsAndFilesInIFRAME_1_IZ_Partname1804","Option":"Write","ValueMap":[0,3,1],"Values":[0,3,1]},{"CIMType":"SInt32","Description":"Logon options (0: Disabled, 1: Enabled)","Name":"IZ_PolicyLogon_1","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Logon options - Depends on IZ_PolicyLogon_1 (196608: Anonymous logon, 131072: Automatic logon only in Intranet zone, 0: Automatic logon with current username and password, 65536: Prompt for user name and password)","Name":"IZ_PolicyLogon_1_IZ_Partname1A00","Option":"Write","ValueMap":[196608,131072,0,65536],"Values":[196608,131072,0,65536]},{"CIMType":"SInt32","Description":"Navigate windows and frames across different domains (0: Disabled, 1: Enabled)","Name":"IZ_PolicyNavigateSubframesAcrossDomains_1","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Navigate windows and frames across different domains - Depends on IZ_PolicyNavigateSubframesAcrossDomains_1 (0: Enable, 3: Disable, 1: Prompt)","Name":"IZ_PolicyNavigateSubframesAcrossDomains_1_IZ_Partname1607","Option":"Write","ValueMap":[0,3,1],"Values":[0,3,1]},{"CIMType":"SInt32","Description":"Run .NET Framework-reliant components not signed with Authenticode (0: Disabled, 1: Enabled)","Name":"IZ_PolicyUnsignedFrameworkComponentsURLaction_1","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Run .NET Framework-reliant components not signed with Authenticode - Depends on IZ_PolicyUnsignedFrameworkComponentsURLaction_1 (0: Enable, 3: Disable, 1: Prompt)","Name":"IZ_PolicyUnsignedFrameworkComponentsURLaction_1_IZ_Partname2004","Option":"Write","ValueMap":[0,3,1],"Values":[0,3,1]},{"CIMType":"SInt32","Description":"Run .NET Framework-reliant components signed with Authenticode (0: Disabled, 1: Enabled)","Name":"IZ_PolicySignedFrameworkComponentsURLaction_1","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Run .NET Framework-reliant components signed with Authenticode - Depends on IZ_PolicySignedFrameworkComponentsURLaction_1 (0: Enable, 3: Disable, 1: Prompt)","Name":"IZ_PolicySignedFrameworkComponentsURLaction_1_IZ_Partname2001","Option":"Write","ValueMap":[0,3,1],"Values":[0,3,1]},{"CIMType":"SInt32","Description":"Show security warning for potentially unsafe files (0: Disabled, 1: Enabled)","Name":"IZ_Policy_UnsafeFiles_1","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Launching programs and unsafe files - Depends on IZ_Policy_UnsafeFiles_1 (0: Enable, 3: Disable, 1: Prompt)","Name":"IZ_Policy_UnsafeFiles_1_IZ_Partname1806","Option":"Write","ValueMap":[0,3,1],"Values":[0,3,1]},{"CIMType":"SInt32","Description":"Turn on Cross-Site Scripting Filter (0: Disabled, 1: Enabled)","Name":"IZ_PolicyTurnOnXSSFilter_Both_Internet","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Turn on Cross-Site Scripting (XSS) Filter - Depends on IZ_PolicyTurnOnXSSFilter_Both_Internet (0: Enable, 3: Disable)","Name":"IZ_PolicyTurnOnXSSFilter_Both_Internet_IZ_Partname1409","Option":"Write","ValueMap":[0,3],"Values":[0,3]},{"CIMType":"SInt32","Description":"Turn on Protected Mode (0: Disabled, 1: Enabled)","Name":"IZ_Policy_TurnOnProtectedMode_1","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Protected Mode - Depends on IZ_Policy_TurnOnProtectedMode_1 (0: Enable, 3: Disable)","Name":"IZ_Policy_TurnOnProtectedMode_1_IZ_Partname2500","Option":"Write","ValueMap":[0,3],"Values":[0,3]},{"CIMType":"SInt32","Description":"Turn on SmartScreen Filter scan (0: Disabled, 1: Enabled)","Name":"IZ_Policy_Phishing_1","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Use SmartScreen Filter - Depends on IZ_Policy_Phishing_1 (0: Enable, 3: Disable)","Name":"IZ_Policy_Phishing_1_IZ_Partname2301","Option":"Write","ValueMap":[0,3],"Values":[0,3]},{"CIMType":"SInt32","Description":"Use Pop-up Blocker (0: Disabled, 1: Enabled)","Name":"IZ_PolicyBlockPopupWindows_1","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Use Pop-up Blocker - Depends on IZ_PolicyBlockPopupWindows_1 (0: Enable, 3: Disable)","Name":"IZ_PolicyBlockPopupWindows_1_IZ_Partname1809","Option":"Write","ValueMap":[0,3],"Values":[0,3]},{"CIMType":"SInt32","Description":"Userdata persistence (0: Disabled, 1: Enabled)","Name":"IZ_PolicyUserdataPersistence_1","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Userdata persistence - Depends on IZ_PolicyUserdataPersistence_1 (0: Enable, 3: Disable)","Name":"IZ_PolicyUserdataPersistence_1_IZ_Partname1606","Option":"Write","ValueMap":[0,3],"Values":[0,3]},{"CIMType":"SInt32","Description":"Web sites in less privileged Web content zones can navigate into this zone (0: Disabled, 1: Enabled)","Name":"IZ_PolicyZoneElevationURLaction_1","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Web sites in less privileged Web content zones can navigate into this zone - Depends on IZ_PolicyZoneElevationURLaction_1 (0: Enable, 3: Disable, 1: Prompt)","Name":"IZ_PolicyZoneElevationURLaction_1_IZ_Partname2101","Option":"Write","ValueMap":[0,3,1],"Values":[0,3,1]},{"CIMType":"SInt32","Description":"Intranet Sites: Include all network paths (UNCs) (0: Disabled, 1: Enabled)","Name":"IZ_UNCAsIntranet","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Don't run antimalware programs against ActiveX controls (0: Disabled, 1: Enabled)","Name":"IZ_PolicyAntiMalwareCheckingOfActiveXControls_3","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Don't run antimalware programs against ActiveX controls - Depends on IZ_PolicyAntiMalwareCheckingOfActiveXControls_3 (3: Enable, 0: Disable)","Name":"IZ_PolicyAntiMalwareCheckingOfActiveXControls_3_IZ_Partname270C","Option":"Write","ValueMap":[3,0],"Values":[3,0]},{"CIMType":"SInt32","Description":"Initialize and script ActiveX controls not marked as safe (0: Disabled, 1: Enabled)","Name":"IZ_PolicyScriptActiveXNotMarkedSafe_3","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Initialize and script ActiveX controls not marked as safe - Depends on IZ_PolicyScriptActiveXNotMarkedSafe_3 (0: Enable, 3: Disable, 1: Prompt)","Name":"IZ_PolicyScriptActiveXNotMarkedSafe_3_IZ_Partname1201","Option":"Write","ValueMap":[0,3,1],"Values":[0,3,1]},{"CIMType":"SInt32","Description":"Java permissions (0: Disabled, 1: Enabled)","Name":"IZ_PolicyJavaPermissions_3","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"String","Description":"Java permissions - Depends on IZ_PolicyJavaPermissions_3 (65536: High safety, 131072: Medium safety, 196608: Low safety, 8388608: Custom, 0: Disable Java)","Name":"IZ_PolicyJavaPermissions_3_IZ_Partname1C00","Option":"Write","ValueMap":["65536","131072","196608","8388608","0"],"Values":["65536","131072","196608","8388608","0"]},{"CIMType":"SInt32","Description":"Don't run antimalware programs against ActiveX controls (0: Disabled, 1: Enabled)","Name":"IZ_PolicyAntiMalwareCheckingOfActiveXControls_9","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Don't run antimalware programs against ActiveX controls - Depends on IZ_PolicyAntiMalwareCheckingOfActiveXControls_9 (3: Enable, 0: Disable)","Name":"IZ_PolicyAntiMalwareCheckingOfActiveXControls_9_IZ_Partname270C","Option":"Write","ValueMap":[3,0],"Values":[3,0]},{"CIMType":"SInt32","Description":"Java permissions (0: Disabled, 1: Enabled)","Name":"IZ_PolicyJavaPermissions_9","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"String","Description":"Java permissions - Depends on IZ_PolicyJavaPermissions_9 (65536: High safety, 131072: Medium safety, 196608: Low safety, 8388608: Custom, 0: Disable Java)","Name":"IZ_PolicyJavaPermissions_9_IZ_Partname1C00","Option":"Write","ValueMap":["65536","131072","196608","8388608","0"],"Values":["65536","131072","196608","8388608","0"]},{"CIMType":"SInt32","Description":"Turn on SmartScreen Filter scan (0: Disabled, 1: Enabled)","Name":"IZ_Policy_Phishing_2","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Use SmartScreen Filter - Depends on IZ_Policy_Phishing_2 (0: Enable, 3: Disable)","Name":"IZ_Policy_Phishing_2_IZ_Partname2301","Option":"Write","ValueMap":[0,3],"Values":[0,3]},{"CIMType":"SInt32","Description":"Java permissions (0: Disabled, 1: Enabled)","Name":"IZ_PolicyJavaPermissions_4","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"String","Description":"Java permissions - Depends on IZ_PolicyJavaPermissions_4 (65536: High safety, 131072: Medium safety, 196608: Low safety, 8388608: Custom, 0: Disable Java)","Name":"IZ_PolicyJavaPermissions_4_IZ_Partname1C00","Option":"Write","ValueMap":["65536","131072","196608","8388608","0"],"Values":["65536","131072","196608","8388608","0"]},{"CIMType":"SInt32","Description":"Java permissions (0: Disabled, 1: Enabled)","Name":"IZ_PolicyJavaPermissions_10","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"String","Description":"Java permissions - Depends on IZ_PolicyJavaPermissions_10 (65536: High safety, 131072: Medium safety, 196608: Low safety, 8388608: Custom, 0: Disable Java)","Name":"IZ_PolicyJavaPermissions_10_IZ_Partname1C00","Option":"Write","ValueMap":["65536","131072","196608","8388608","0"],"Values":["65536","131072","196608","8388608","0"]},{"CIMType":"SInt32","Description":"Java permissions (0: Disabled, 1: Enabled)","Name":"IZ_PolicyJavaPermissions_8","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"String","Description":"Java permissions - Depends on IZ_PolicyJavaPermissions_8 (65536: High safety, 131072: Medium safety, 196608: Low safety, 8388608: Custom, 0: Disable Java)","Name":"IZ_PolicyJavaPermissions_8_IZ_Partname1C00","Option":"Write","ValueMap":["65536","131072","196608","8388608","0"],"Values":["65536","131072","196608","8388608","0"]},{"CIMType":"SInt32","Description":"Turn on SmartScreen Filter scan (0: Disabled, 1: Enabled)","Name":"IZ_Policy_Phishing_8","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Use SmartScreen Filter - Depends on IZ_Policy_Phishing_8 (0: Enable, 3: Disable)","Name":"IZ_Policy_Phishing_8_IZ_Partname2301","Option":"Write","ValueMap":[0,3],"Values":[0,3]},{"CIMType":"SInt32","Description":"Java permissions (0: Disabled, 1: Enabled)","Name":"IZ_PolicyJavaPermissions_6","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"String","Description":"Java permissions - Depends on IZ_PolicyJavaPermissions_6 (65536: High safety, 131072: Medium safety, 196608: Low safety, 8388608: Custom, 0: Disable Java)","Name":"IZ_PolicyJavaPermissions_6_IZ_Partname1C00","Option":"Write","ValueMap":["65536","131072","196608","8388608","0"],"Values":["65536","131072","196608","8388608","0"]},{"CIMType":"SInt32","Description":"Access data sources across domains (0: Disabled, 1: Enabled)","Name":"IZ_PolicyAccessDataSourcesAcrossDomains_7","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Access data sources across domains - Depends on IZ_PolicyAccessDataSourcesAcrossDomains_7 (0: Enable, 3: Disable, 1: Prompt)","Name":"IZ_PolicyAccessDataSourcesAcrossDomains_7_IZ_Partname1406","Option":"Write","ValueMap":[0,3,1],"Values":[0,3,1]},{"CIMType":"SInt32","Description":"Allow active scripting (0: Disabled, 1: Enabled)","Name":"IZ_PolicyActiveScripting_7","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow active scripting - Depends on IZ_PolicyActiveScripting_7 (0: Enable, 3: Disable, 1: Prompt)","Name":"IZ_Partname1400","Option":"Write","ValueMap":[0,3,1],"Values":[0,3,1]},{"CIMType":"SInt32","Description":"Allow binary and script behaviors (0: Disabled, 1: Enabled)","Name":"IZ_PolicyBinaryBehaviors_7","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow Binary and Script Behaviors - Depends on IZ_PolicyBinaryBehaviors_7 (0: Enable, 65536: Administrator approved, 3: Disable)","Name":"IZ_Partname2000","Option":"Write","ValueMap":[0,65536,3],"Values":[0,65536,3]},{"CIMType":"SInt32","Description":"Allow cut, copy or paste operations from the clipboard via script (0: Disabled, 1: Enabled)","Name":"IZ_PolicyAllowPasteViaScript_7","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow paste operations via script - Depends on IZ_PolicyAllowPasteViaScript_7 (0: Enable, 3: Disable, 1: Prompt)","Name":"IZ_PolicyAllowPasteViaScript_7_IZ_Partname1407","Option":"Write","ValueMap":[0,3,1],"Values":[0,3,1]},{"CIMType":"SInt32","Description":"Allow drag and drop or copy and paste files (0: Disabled, 1: Enabled)","Name":"IZ_PolicyDropOrPasteFiles_7","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow drag and drop or copy and paste files - Depends on IZ_PolicyDropOrPasteFiles_7 (0: Enable, 3: Disable, 1: Prompt)","Name":"IZ_PolicyDropOrPasteFiles_7_IZ_Partname1802","Option":"Write","ValueMap":[0,3,1],"Values":[0,3,1]},{"CIMType":"SInt32","Description":"Allow file downloads (0: Disabled, 1: Enabled)","Name":"IZ_PolicyFileDownload_7","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow file downloads - Depends on IZ_PolicyFileDownload_7 (0: Enable, 3: Disable)","Name":"IZ_Partname1803","Option":"Write","ValueMap":[0,3],"Values":[0,3]},{"CIMType":"SInt32","Description":"Allow loading of XAML files (0: Disabled, 1: Enabled)","Name":"IZ_Policy_XAML_7","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"XAML Files - Depends on IZ_Policy_XAML_7 (0: Enable, 3: Disable, 1: Prompt)","Name":"IZ_Policy_XAML_7_IZ_Partname2402","Option":"Write","ValueMap":[0,3,1],"Values":[0,3,1]},{"CIMType":"SInt32","Description":"Allow META REFRESH (0: Disabled, 1: Enabled)","Name":"IZ_PolicyAllowMETAREFRESH_7","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow META REFRESH - Depends on IZ_PolicyAllowMETAREFRESH_7 (0: Enable, 3: Disable)","Name":"IZ_Partname1608","Option":"Write","ValueMap":[0,3],"Values":[0,3]},{"CIMType":"SInt32","Description":"Allow only approved domains to use ActiveX controls without prompt (0: Disabled, 1: Enabled)","Name":"IZ_PolicyOnlyAllowApprovedDomainsToUseActiveXWithoutPrompt_Both_Restricted","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Only allow approved domains to use ActiveX controls without prompt - Depends on IZ_PolicyOnlyAllowApprovedDomainsToUseActiveXWithoutPrompt_Both_Restricted (3: Enable, 0: Disable)","Name":"IZ_PolicyOnlyAllowApprovedDomainsToUseActiveXWithoutPrompt_Both_Restricted_IZ_Partname120b","Option":"Write","ValueMap":[3,0],"Values":[3,0]},{"CIMType":"SInt32","Description":"Allow only approved domains to use the TDC ActiveX control (0: Disabled, 1: Enabled)","Name":"IZ_PolicyAllowTDCControl_Both_Restricted","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Only allow approved domains to use the TDC ActiveX control - Depends on IZ_PolicyAllowTDCControl_Both_Restricted (3: Enable, 0: Disable)","Name":"IZ_PolicyAllowTDCControl_Both_Restricted_IZ_Partname120c","Option":"Write","ValueMap":[3,0],"Values":[3,0]},{"CIMType":"SInt32","Description":"Allow script-initiated windows without size or position constraints (0: Disabled, 1: Enabled)","Name":"IZ_PolicyWindowsRestrictionsURLaction_7","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow script-initiated windows without size or position constraints - Depends on IZ_PolicyWindowsRestrictionsURLaction_7 (0: Enable, 3: Disable)","Name":"IZ_PolicyWindowsRestrictionsURLaction_7_IZ_Partname2102","Option":"Write","ValueMap":[0,3],"Values":[0,3]},{"CIMType":"SInt32","Description":"Allow scripting of Internet Explorer WebBrowser controls (0: Disabled, 1: Enabled)","Name":"IZ_Policy_WebBrowserControl_7","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Internet Explorer web browser control - Depends on IZ_Policy_WebBrowserControl_7 (0: Enable, 3: Disable)","Name":"IZ_Policy_WebBrowserControl_7_IZ_Partname1206","Option":"Write","ValueMap":[0,3],"Values":[0,3]},{"CIMType":"SInt32","Description":"Allow scriptlets (0: Disabled, 1: Enabled)","Name":"IZ_Policy_AllowScriptlets_7","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Scriptlets - Depends on IZ_Policy_AllowScriptlets_7 (0: Enable, 3: Disable)","Name":"IZ_Policy_AllowScriptlets_7_IZ_Partname1209","Option":"Write","ValueMap":[0,3],"Values":[0,3]},{"CIMType":"SInt32","Description":"Allow updates to status bar via script (0: Disabled, 1: Enabled)","Name":"IZ_Policy_ScriptStatusBar_7","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Status bar updates via script - Depends on IZ_Policy_ScriptStatusBar_7 (0: Enable, 3: Disable)","Name":"IZ_Policy_ScriptStatusBar_7_IZ_Partname2103","Option":"Write","ValueMap":[0,3],"Values":[0,3]},{"CIMType":"SInt32","Description":"Allow VBScript to run in Internet Explorer (0: Disabled, 1: Enabled)","Name":"IZ_PolicyAllowVBScript_7","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow VBScript to run in Internet Explorer - Depends on IZ_PolicyAllowVBScript_7 (0: Enable, 3: Disable, 1: Prompt)","Name":"IZ_PolicyAllowVBScript_7_IZ_Partname140C","Option":"Write","ValueMap":[0,3,1],"Values":[0,3,1]},{"CIMType":"SInt32","Description":"Automatic prompting for file downloads (0: Disabled, 1: Enabled)","Name":"IZ_PolicyNotificationBarDownloadURLaction_7","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Automatic prompting for file downloads - Depends on IZ_PolicyNotificationBarDownloadURLaction_7 (0: Enable, 3: Disable)","Name":"IZ_PolicyNotificationBarDownloadURLaction_7_IZ_Partname2200","Option":"Write","ValueMap":[0,3],"Values":[0,3]},{"CIMType":"SInt32","Description":"Don't run antimalware programs against ActiveX controls (0: Disabled, 1: Enabled)","Name":"IZ_PolicyAntiMalwareCheckingOfActiveXControls_7","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Don't run antimalware programs against ActiveX controls - Depends on IZ_PolicyAntiMalwareCheckingOfActiveXControls_7 (3: Enable, 0: Disable)","Name":"IZ_PolicyAntiMalwareCheckingOfActiveXControls_7_IZ_Partname270C","Option":"Write","ValueMap":[3,0],"Values":[3,0]},{"CIMType":"SInt32","Description":"Download signed ActiveX controls (0: Disabled, 1: Enabled)","Name":"IZ_PolicyDownloadSignedActiveX_7","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Download signed ActiveX controls - Depends on IZ_PolicyDownloadSignedActiveX_7 (0: Enable, 3: Disable, 1: Prompt)","Name":"IZ_PolicyDownloadSignedActiveX_7_IZ_Partname1001","Option":"Write","ValueMap":[0,3,1],"Values":[0,3,1]},{"CIMType":"SInt32","Description":"Download unsigned ActiveX controls (0: Disabled, 1: Enabled)","Name":"IZ_PolicyDownloadUnsignedActiveX_7","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Download unsigned ActiveX controls - Depends on IZ_PolicyDownloadUnsignedActiveX_7 (0: Enable, 3: Disable, 1: Prompt)","Name":"IZ_PolicyDownloadUnsignedActiveX_7_IZ_Partname1004","Option":"Write","ValueMap":[0,3,1],"Values":[0,3,1]},{"CIMType":"SInt32","Description":"Enable dragging of content from different domains across windows (0: Disabled, 1: Enabled)","Name":"IZ_PolicyDragDropAcrossDomainsAcrossWindows_Both_Restricted","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Enable dragging of content from different domains across windows - Depends on IZ_PolicyDragDropAcrossDomainsAcrossWindows_Both_Restricted (0: Enable, 3: Disable)","Name":"IZ_PolicyDragDropAcrossDomainsAcrossWindows_Both_Restricted_IZ_Partname2709","Option":"Write","ValueMap":[0,3],"Values":[0,3]},{"CIMType":"SInt32","Description":"Enable dragging of content from different domains within a window (0: Disabled, 1: Enabled)","Name":"IZ_PolicyDragDropAcrossDomainsWithinWindow_Both_Restricted","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Enable dragging of content from different domains within a window - Depends on IZ_PolicyDragDropAcrossDomainsWithinWindow_Both_Restricted (0: Enable, 3: Disable)","Name":"IZ_PolicyDragDropAcrossDomainsWithinWindow_Both_Restricted_IZ_Partname2708","Option":"Write","ValueMap":[0,3],"Values":[0,3]},{"CIMType":"SInt32","Description":"Include local path when user is uploading files to a server (0: Disabled, 1: Enabled)","Name":"IZ_Policy_LocalPathForUpload_7","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Include local directory path when uploading files to a server - Depends on IZ_Policy_LocalPathForUpload_7 (0: Enable, 3: Disable)","Name":"IZ_Policy_LocalPathForUpload_7_IZ_Partname160A","Option":"Write","ValueMap":[0,3],"Values":[0,3]},{"CIMType":"SInt32","Description":"Initialize and script ActiveX controls not marked as safe (0: Disabled, 1: Enabled)","Name":"IZ_PolicyScriptActiveXNotMarkedSafe_7","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Initialize and script ActiveX controls not marked as safe - Depends on IZ_PolicyScriptActiveXNotMarkedSafe_7 (0: Enable, 3: Disable, 1: Prompt)","Name":"IZ_PolicyScriptActiveXNotMarkedSafe_7_IZ_Partname1201","Option":"Write","ValueMap":[0,3,1],"Values":[0,3,1]},{"CIMType":"SInt32","Description":"Java permissions (0: Disabled, 1: Enabled)","Name":"IZ_PolicyJavaPermissions_7","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"String","Description":"Java permissions - Depends on IZ_PolicyJavaPermissions_7 (65536: High safety, 131072: Medium safety, 196608: Low safety, 8388608: Custom, 0: Disable Java)","Name":"IZ_PolicyJavaPermissions_7_IZ_Partname1C00","Option":"Write","ValueMap":["65536","131072","196608","8388608","0"],"Values":["65536","131072","196608","8388608","0"]},{"CIMType":"SInt32","Description":"Launching applications and files in an IFRAME (0: Disabled, 1: Enabled)","Name":"IZ_PolicyLaunchAppsAndFilesInIFRAME_7","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Launching applications and files in an IFRAME - Depends on IZ_PolicyLaunchAppsAndFilesInIFRAME_7 (0: Enable, 3: Disable, 1: Prompt)","Name":"IZ_PolicyLaunchAppsAndFilesInIFRAME_7_IZ_Partname1804","Option":"Write","ValueMap":[0,3,1],"Values":[0,3,1]},{"CIMType":"SInt32","Description":"Logon options (0: Disabled, 1: Enabled)","Name":"IZ_PolicyLogon_7","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Logon options - Depends on IZ_PolicyLogon_7 (196608: Anonymous logon, 131072: Automatic logon only in Intranet zone, 0: Automatic logon with current username and password, 65536: Prompt for user name and password)","Name":"IZ_PolicyLogon_7_IZ_Partname1A00","Option":"Write","ValueMap":[196608,131072,0,65536],"Values":[196608,131072,0,65536]},{"CIMType":"SInt32","Description":"Navigate windows and frames across different domains (0: Disabled, 1: Enabled)","Name":"IZ_PolicyNavigateSubframesAcrossDomains_7","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Navigate windows and frames across different domains - Depends on IZ_PolicyNavigateSubframesAcrossDomains_7 (0: Enable, 3: Disable, 1: Prompt)","Name":"IZ_PolicyNavigateSubframesAcrossDomains_7_IZ_Partname1607","Option":"Write","ValueMap":[0,3,1],"Values":[0,3,1]},{"CIMType":"SInt32","Description":"Run .NET Framework-reliant components not signed with Authenticode (0: Disabled, 1: Enabled)","Name":"IZ_PolicyUnsignedFrameworkComponentsURLaction_7","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Run .NET Framework-reliant components not signed with Authenticode - Depends on IZ_PolicyUnsignedFrameworkComponentsURLaction_7 (0: Enable, 3: Disable, 1: Prompt)","Name":"IZ_PolicyUnsignedFrameworkComponentsURLaction_7_IZ_Partname2004","Option":"Write","ValueMap":[0,3,1],"Values":[0,3,1]},{"CIMType":"SInt32","Description":"Run .NET Framework-reliant components signed with Authenticode (0: Disabled, 1: Enabled)","Name":"IZ_PolicySignedFrameworkComponentsURLaction_7","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Run .NET Framework-reliant components signed with Authenticode - Depends on IZ_PolicySignedFrameworkComponentsURLaction_7 (0: Enable, 3: Disable, 1: Prompt)","Name":"IZ_PolicySignedFrameworkComponentsURLaction_7_IZ_Partname2001","Option":"Write","ValueMap":[0,3,1],"Values":[0,3,1]},{"CIMType":"SInt32","Description":"Run ActiveX controls and plugins (0: Disabled, 1: Enabled)","Name":"IZ_PolicyRunActiveXControls_7","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Run ActiveX controls and plugins - Depends on IZ_PolicyRunActiveXControls_7 (65536: Administrator approved, 0: Enable, 3: Disable, 1: Prompt)","Name":"IZ_Partname1200","Option":"Write","ValueMap":[65536,0,3,1],"Values":[65536,0,3,1]},{"CIMType":"SInt32","Description":"Script ActiveX controls marked safe for scripting (0: Disabled, 1: Enabled)","Name":"IZ_PolicyScriptActiveXMarkedSafe_7","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Script ActiveX controls marked safe for scripting - Depends on IZ_PolicyScriptActiveXMarkedSafe_7 (0: Enable, 3: Disable, 1: Prompt)","Name":"IZ_Partname1405","Option":"Write","ValueMap":[0,3,1],"Values":[0,3,1]},{"CIMType":"SInt32","Description":"Scripting of Java applets (0: Disabled, 1: Enabled)","Name":"IZ_PolicyScriptingOfJavaApplets_7","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Scripting of Java applets - Depends on IZ_PolicyScriptingOfJavaApplets_7 (0: Enable, 3: Disable, 1: Prompt)","Name":"IZ_Partname1402","Option":"Write","ValueMap":[0,3,1],"Values":[0,3,1]},{"CIMType":"SInt32","Description":"Show security warning for potentially unsafe files (0: Disabled, 1: Enabled)","Name":"IZ_Policy_UnsafeFiles_7","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Launching programs and unsafe files - Depends on IZ_Policy_UnsafeFiles_7 (0: Enable, 3: Disable, 1: Prompt)","Name":"IZ_Policy_UnsafeFiles_7_IZ_Partname1806","Option":"Write","ValueMap":[0,3,1],"Values":[0,3,1]},{"CIMType":"SInt32","Description":"Turn on Cross-Site Scripting Filter (0: Disabled, 1: Enabled)","Name":"IZ_PolicyTurnOnXSSFilter_Both_Restricted","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Turn on Cross-Site Scripting (XSS) Filter - Depends on IZ_PolicyTurnOnXSSFilter_Both_Restricted (0: Enable, 3: Disable)","Name":"IZ_PolicyTurnOnXSSFilter_Both_Restricted_IZ_Partname1409","Option":"Write","ValueMap":[0,3],"Values":[0,3]},{"CIMType":"SInt32","Description":"Turn on Protected Mode (0: Disabled, 1: Enabled)","Name":"IZ_Policy_TurnOnProtectedMode_7","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Protected Mode - Depends on IZ_Policy_TurnOnProtectedMode_7 (0: Enable, 3: Disable)","Name":"IZ_Policy_TurnOnProtectedMode_7_IZ_Partname2500","Option":"Write","ValueMap":[0,3],"Values":[0,3]},{"CIMType":"SInt32","Description":"Turn on SmartScreen Filter scan (0: Disabled, 1: Enabled)","Name":"IZ_Policy_Phishing_7","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Use SmartScreen Filter - Depends on IZ_Policy_Phishing_7 (0: Enable, 3: Disable)","Name":"IZ_Policy_Phishing_7_IZ_Partname2301","Option":"Write","ValueMap":[0,3],"Values":[0,3]},{"CIMType":"SInt32","Description":"Use Pop-up Blocker (0: Disabled, 1: Enabled)","Name":"IZ_PolicyBlockPopupWindows_7","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Use Pop-up Blocker - Depends on IZ_PolicyBlockPopupWindows_7 (0: Enable, 3: Disable)","Name":"IZ_PolicyBlockPopupWindows_7_IZ_Partname1809","Option":"Write","ValueMap":[0,3],"Values":[0,3]},{"CIMType":"SInt32","Description":"Userdata persistence (0: Disabled, 1: Enabled)","Name":"IZ_PolicyUserdataPersistence_7","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Userdata persistence - Depends on IZ_PolicyUserdataPersistence_7 (0: Enable, 3: Disable)","Name":"IZ_PolicyUserdataPersistence_7_IZ_Partname1606","Option":"Write","ValueMap":[0,3],"Values":[0,3]},{"CIMType":"SInt32","Description":"Web sites in less privileged Web content zones can navigate into this zone (0: Disabled, 1: Enabled)","Name":"IZ_PolicyZoneElevationURLaction_7","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"String","Description":"Web sites in less privileged Web content zones can navigate into this zone - Depends on IZ_PolicyZoneElevationURLaction_7 (0: Enable, 3: Disable, 1: Prompt)","Name":"IZ_PolicyZoneElevationURLaction_7_IZ_Partname2101","Option":"Write","ValueMap":["0","3","1"],"Values":["0","3","1"]},{"CIMType":"SInt32","Description":"Don't run antimalware programs against ActiveX controls (0: Disabled, 1: Enabled)","Name":"IZ_PolicyAntiMalwareCheckingOfActiveXControls_5","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Don't run antimalware programs against ActiveX controls - Depends on IZ_PolicyAntiMalwareCheckingOfActiveXControls_5 (3: Enable, 0: Disable)","Name":"IZ_PolicyAntiMalwareCheckingOfActiveXControls_5_IZ_Partname270C","Option":"Write","ValueMap":[3,0],"Values":[3,0]},{"CIMType":"SInt32","Description":"Initialize and script ActiveX controls not marked as safe (0: Disabled, 1: Enabled)","Name":"IZ_PolicyScriptActiveXNotMarkedSafe_5","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Initialize and script ActiveX controls not marked as safe - Depends on IZ_PolicyScriptActiveXNotMarkedSafe_5 (0: Enable, 3: Disable, 1: Prompt)","Name":"IZ_PolicyScriptActiveXNotMarkedSafe_5_IZ_Partname1201","Option":"Write","ValueMap":[0,3,1],"Values":[0,3,1]},{"CIMType":"SInt32","Description":"Java permissions (0: Disabled, 1: Enabled)","Name":"IZ_PolicyJavaPermissions_5","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"String","Description":"Java permissions - Depends on IZ_PolicyJavaPermissions_5 (65536: High safety, 131072: Medium safety, 196608: Low safety, 8388608: Custom, 0: Disable Java)","Name":"IZ_PolicyJavaPermissions_5_IZ_Partname1C00","Option":"Write","ValueMap":["65536","131072","196608","8388608","0"],"Values":["65536","131072","196608","8388608","0"]},{"CIMType":"SInt32","Description":"Turn on certificate address mismatch warning (0: Disabled, 1: Enabled)","Name":"IZ_PolicyWarnCertMismatch","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Prevent bypassing SmartScreen Filter warnings (0: Disabled, 1: Enabled)","Name":"DisableSafetyFilterOverride","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Prevent bypassing SmartScreen Filter warnings about files that are not commonly downloaded from the Internet (0: Disabled, 1: Enabled)","Name":"DisableSafetyFilterOverrideForAppRepUnknown","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Prevent managing SmartScreen Filter (0: Disabled, 1: Enabled)","Name":"Disable_Managing_Safety_Filter_IE9","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Select SmartScreen Filter mode - Depends on Disable_Managing_Safety_Filter_IE9 (0: Off, 1: On)","Name":"IE9SafetyFilterOptions","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Prevent per-user installation of ActiveX controls (0: Disabled, 1: Enabled)","Name":"DisablePerUserActiveXInstall","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Remove 'Run this time' button for outdated ActiveX controls in Internet Explorer (0: Disabled, 1: Enabled)","Name":"VerMgmtDisableRunThisTime","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Turn off blocking of outdated ActiveX controls for Internet Explorer (0: Disabled, 1: Enabled)","Name":"VerMgmtDisable","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow fallback to SSL 3.0 (Internet Explorer) (0: Disabled, 1: Enabled)","Name":"Advanced_EnableSSL3Fallback","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow insecure fallback for: - Depends on Advanced_EnableSSL3Fallback (0: No Sites, 1: Non-Protected Mode Sites, 3: All Sites)","Name":"Advanced_EnableSSL3FallbackOptions","Option":"Write","ValueMap":[0,1,3],"Values":[0,1,3]},{"CIMType":"SInt32","Description":"Internet Explorer Processes (0: Disabled, 1: Enabled)","Name":"IESF_PolicyExplorerProcesses_5","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Internet Explorer Processes (0: Disabled, 1: Enabled)","Name":"IESF_PolicyExplorerProcesses_6","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Internet Explorer Processes (0: Disabled, 1: Enabled)","Name":"IESF_PolicyExplorerProcesses_3","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Internet Explorer Processes (0: Disabled, 1: Enabled)","Name":"IESF_PolicyExplorerProcesses_10","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Internet Explorer Processes (0: Disabled, 1: Enabled)","Name":"IESF_PolicyExplorerProcesses_9","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Internet Explorer Processes (0: Disabled, 1: Enabled)","Name":"IESF_PolicyExplorerProcesses_11","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Internet Explorer Processes (0: Disabled, 1: Enabled)","Name":"IESF_PolicyExplorerProcesses_12","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Internet Explorer Processes (0: Disabled, 1: Enabled)","Name":"IESF_PolicyExplorerProcesses_8","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Security Zones: Do not allow users to add/delete sites (0: Disabled, 1: Enabled)","Name":"Security_zones_map_edit","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Security Zones: Do not allow users to change policies (0: Disabled, 1: Enabled)","Name":"Security_options_edit","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Security Zones: Use only machine settings (0: Disabled, 1: Enabled)","Name":"Security_HKLM_only","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Specify use of ActiveX Installer Service for installation of ActiveX controls (0: Disabled, 1: Enabled)","Name":"OnlyUseAXISForActiveXInstall","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Turn off Crash Detection (0: Disabled, 1: Enabled)","Name":"AddonManagement_RestrictCrashDetection","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Turn off the Security Settings Check feature (0: Disabled, 1: Enabled)","Name":"Disable_Security_Settings_Check","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Configure the 'Block at First Sight' feature (0: Disabled, 1: Enabled)","Name":"DisableBlockAtFirstSeen","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Turn on process scanning whenever real-time protection is enabled (0: Disabled, 1: Enabled)","Name":"RealtimeProtection_DisableScanOnRealtimeEnable","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Scan packed executables (0: Disabled, 1: Enabled)","Name":"Scan_DisablePackedExeScanning","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Turn off routine remediation (0: Disabled, 1: Enabled)","Name":"DisableRoutinelyTakingAction","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Do not allow passwords to be saved (0: Disabled, 1: Enabled)","Name":"TS_CLIENT_DISABLE_PASSWORD_SAVING_2","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Do not allow drive redirection (0: Disabled, 1: Enabled)","Name":"TS_CLIENT_DRIVE_M","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Always prompt for password upon connection (0: Disabled, 1: Enabled)","Name":"TS_PASSWORD","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Require secure RPC communication (0: Disabled, 1: Enabled)","Name":"TS_RPC_ENCRYPTION","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Set client connection encryption level (0: Disabled, 1: Enabled)","Name":"TS_ENCRYPTION_POLICY","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Encryption Level - Depends on TS_ENCRYPTION_POLICY (1: Low Level, 2: Client Compatible, 3: High Level)","Name":"TS_ENCRYPTION_LEVEL","Option":"Write","ValueMap":[1,2,3],"Values":[1,2,3]},{"CIMType":"SInt32","Description":"Prevent downloading of enclosures (0: Disabled, 1: Enabled)","Name":"Disable_Downloading_of_Enclosures","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Sign-in and lock last interactive user automatically after a restart (0: Disabled, 1: Enabled)","Name":"AutomaticRestartSignOn","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Turn on PowerShell Script Block Logging (0: Disabled, 1: Enabled)","Name":"EnableScriptBlockLogging","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Log script block invocation start / stop events: - Depends on EnableScriptBlockLogging (0: False, 1: True)","Name":"EnableScriptBlockInvocationLogging","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow Basic authentication (0: Disabled, 1: Enabled)","Name":"AllowBasic_2","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow unencrypted traffic (0: Disabled, 1: Enabled)","Name":"AllowUnencrypted_2","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Disallow Digest authentication (0: Disabled, 1: Enabled)","Name":"DisallowDigest","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow Basic authentication (0: Disabled, 1: Enabled)","Name":"AllowBasic_1","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow unencrypted traffic (0: Disabled, 1: Enabled)","Name":"AllowUnencrypted_1","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Disallow WinRM from storing RunAs credentials (0: Disabled, 1: Enabled)","Name":"DisableRunAs","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Account Logon Audit Credential Validation (0: Off/None, 1: Success, 2: Failure, 3: Success+Failure)","Name":"AccountLogon_AuditCredentialValidation","Option":"Write","ValueMap":[0,1,2,3],"Values":[0,1,2,3]},{"CIMType":"SInt32","Description":"Account Logon Logoff Audit Account Lockout (0: Off/None, 1: Success, 2: Failure, 3: Success+Failure)","Name":"AccountLogonLogoff_AuditAccountLockout","Option":"Write","ValueMap":[0,1,2,3],"Values":[0,1,2,3]},{"CIMType":"SInt32","Description":"Account Logon Logoff Audit Group Membership (0: Off/None, 1: Success, 2: Failure, 3: Success+Failure)","Name":"AccountLogonLogoff_AuditGroupMembership","Option":"Write","ValueMap":[0,1,2,3],"Values":[0,1,2,3]},{"CIMType":"SInt32","Description":"Account Logon Logoff Audit Logon (0: Off/None, 1: Success, 2: Failure, 3: Success+Failure)","Name":"AccountLogonLogoff_AuditLogon","Option":"Write","ValueMap":[0,1,2,3],"Values":[0,1,2,3]},{"CIMType":"SInt32","Description":"Audit Authentication Policy Change (0: Off/None, 1: Success, 2: Failure, 3: Success+Failure)","Name":"PolicyChange_AuditAuthenticationPolicyChange","Option":"Write","ValueMap":[0,1,2,3],"Values":[0,1,2,3]},{"CIMType":"SInt32","Description":"Audit Changes to Audit Policy (0: Off/None, 1: Success, 2: Failure, 3: Success+Failure)","Name":"PolicyChange_AuditPolicyChange","Option":"Write","ValueMap":[0,1,2,3],"Values":[0,1,2,3]},{"CIMType":"SInt32","Description":"Audit File Share Access (0: Off/None, 1: Success, 2: Failure, 3: Success+Failure)","Name":"ObjectAccess_AuditFileShare","Option":"Write","ValueMap":[0,1,2,3],"Values":[0,1,2,3]},{"CIMType":"SInt32","Description":"Audit Other Logon Logoff Events (0: Off/None, 1: Success, 2: Failure, 3: Success+Failure)","Name":"AccountLogonLogoff_AuditOtherLogonLogoffEvents","Option":"Write","ValueMap":[0,1,2,3],"Values":[0,1,2,3]},{"CIMType":"SInt32","Description":"Audit Security Group Management (0: Off/None, 1: Success, 2: Failure, 3: Success+Failure)","Name":"AccountManagement_AuditSecurityGroupManagement","Option":"Write","ValueMap":[0,1,2,3],"Values":[0,1,2,3]},{"CIMType":"SInt32","Description":"Audit Security System Extension (0: Off/None, 1: Success, 2: Failure, 3: Success+Failure)","Name":"System_AuditSecuritySystemExtension","Option":"Write","ValueMap":[0,1,2,3],"Values":[0,1,2,3]},{"CIMType":"SInt32","Description":"Audit Special Logon (0: Off/None, 1: Success, 2: Failure, 3: Success+Failure)","Name":"AccountLogonLogoff_AuditSpecialLogon","Option":"Write","ValueMap":[0,1,2,3],"Values":[0,1,2,3]},{"CIMType":"SInt32","Description":"Audit User Account Management (0: Off/None, 1: Success, 2: Failure, 3: Success+Failure)","Name":"AccountManagement_AuditUserAccountManagement","Option":"Write","ValueMap":[0,1,2,3],"Values":[0,1,2,3]},{"CIMType":"SInt32","Description":"Detailed Tracking Audit PNP Activity (0: Off/None, 1: Success, 2: Failure, 3: Success+Failure)","Name":"DetailedTracking_AuditPNPActivity","Option":"Write","ValueMap":[0,1,2,3],"Values":[0,1,2,3]},{"CIMType":"SInt32","Description":"Detailed Tracking Audit Process Creation (0: Off/None, 1: Success, 2: Failure, 3: Success+Failure)","Name":"DetailedTracking_AuditProcessCreation","Option":"Write","ValueMap":[0,1,2,3],"Values":[0,1,2,3]},{"CIMType":"SInt32","Description":"Object Access Audit Detailed File Share (0: Off/None, 1: Success, 2: Failure, 3: Success+Failure)","Name":"ObjectAccess_AuditDetailedFileShare","Option":"Write","ValueMap":[0,1,2,3],"Values":[0,1,2,3]},{"CIMType":"SInt32","Description":"Object Access Audit Other Object Access Events (0: Off/None, 1: Success, 2: Failure, 3: Success+Failure)","Name":"ObjectAccess_AuditOtherObjectAccessEvents","Option":"Write","ValueMap":[0,1,2,3],"Values":[0,1,2,3]},{"CIMType":"SInt32","Description":"Object Access Audit Removable Storage (0: Off/None, 1: Success, 2: Failure, 3: Success+Failure)","Name":"ObjectAccess_AuditRemovableStorage","Option":"Write","ValueMap":[0,1,2,3],"Values":[0,1,2,3]},{"CIMType":"SInt32","Description":"Policy Change Audit MPSSVC Rule Level Policy Change (0: Off/None, 1: Success, 2: Failure, 3: Success+Failure)","Name":"PolicyChange_AuditMPSSVCRuleLevelPolicyChange","Option":"Write","ValueMap":[0,1,2,3],"Values":[0,1,2,3]},{"CIMType":"SInt32","Description":"Policy Change Audit Other Policy Change Events (0: Off/None, 1: Success, 2: Failure, 3: Success+Failure)","Name":"PolicyChange_AuditOtherPolicyChangeEvents","Option":"Write","ValueMap":[0,1,2,3],"Values":[0,1,2,3]},{"CIMType":"SInt32","Description":"Privilege Use Audit Sensitive Privilege Use (0: Off/None, 1: Success, 2: Failure, 3: Success+Failure)","Name":"PrivilegeUse_AuditSensitivePrivilegeUse","Option":"Write","ValueMap":[0,1,2,3],"Values":[0,1,2,3]},{"CIMType":"SInt32","Description":"System Audit Other System Events (0: Off/None, 1: Success, 2: Failure, 3: Success+Failure)","Name":"System_AuditOtherSystemEvents","Option":"Write","ValueMap":[0,1,2,3],"Values":[0,1,2,3]},{"CIMType":"SInt32","Description":"System Audit Security State Change (0: Off/None, 1: Success, 2: Failure, 3: Success+Failure)","Name":"System_AuditSecurityStateChange","Option":"Write","ValueMap":[0,1,2,3],"Values":[0,1,2,3]},{"CIMType":"SInt32","Description":"System Audit System Integrity (0: Off/None, 1: Success, 2: Failure, 3: Success+Failure)","Name":"System_AuditSystemIntegrity","Option":"Write","ValueMap":[0,1,2,3],"Values":[0,1,2,3]},{"CIMType":"SInt32","Description":"Allow Direct Memory Access (0: Not allowed., 1: Allowed.)","Name":"AllowDirectMemoryAccess","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow Archive Scanning (0: Not allowed. Turns off scanning on archived files., 1: Allowed. Scans the archive files.)","Name":"AllowArchiveScanning","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow Behavior Monitoring (0: Not allowed. Turns off behavior monitoring., 1: Allowed. Turns on real-time behavior monitoring.)","Name":"AllowBehaviorMonitoring","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow Cloud Protection (0: Not allowed. Turns off the Microsoft Active Protection Service., 1: Allowed. Turns on the Microsoft Active Protection Service.)","Name":"AllowCloudProtection","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow Full Scan Removable Drive Scanning (0: Not allowed. Turns off scanning on removable drives., 1: Allowed. Scans removable drives.)","Name":"AllowFullScanRemovableDriveScanning","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow On Access Protection (0: Not allowed., 1: Allowed.)","Name":"AllowOnAccessProtection","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow Realtime Monitoring (0: Not allowed. Turns off the real-time monitoring service., 1: Allowed. Turns on and runs the real-time monitoring service.)","Name":"AllowRealtimeMonitoring","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow scanning of all downloaded files and attachments (0: Not allowed., 1: Allowed.)","Name":"AllowIOAVProtection","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow Script Scanning (0: Not allowed., 1: Allowed.)","Name":"AllowScriptScanning","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"String","Description":"Block execution of potentially obfuscated scripts - Depends on AttackSurfaceReductionRules (off: Off, block: Block, audit: Audit, warn: Warn)","Name":"BlockExecutionOfPotentiallyObfuscatedScripts","Option":"Write","ValueMap":["off","block","audit","warn"],"Values":["off","block","audit","warn"]},{"CIMType":"String[]","Description":"ASR Only Per Rule Exclusions","Name":"BlockExecutionOfPotentiallyObfuscatedScripts_ASROnlyPerRuleExclusions","Option":"Write"},{"CIMType":"String","Description":"Block Win32 API calls from Office macros - Depends on AttackSurfaceReductionRules (off: Off, block: Block, audit: Audit, warn: Warn)","Name":"BlockWin32APICallsFromOfficeMacros","Option":"Write","ValueMap":["off","block","audit","warn"],"Values":["off","block","audit","warn"]},{"CIMType":"String[]","Description":"ASR Only Per Rule Exclusions","Name":"BlockWin32APICallsFromOfficeMacros_ASROnlyPerRuleExclusions","Option":"Write"},{"CIMType":"String","Description":"Block executable files from running unless they meet a prevalence, age, or trusted list criterion - Depends on AttackSurfaceReductionRules (off: Off, block: Block, audit: Audit, warn: Warn)","Name":"BlockExecutableFilesRunningUnlessTheyMeetPrevalenceAgeTrustedListCriterion","Option":"Write","ValueMap":["off","block","audit","warn"],"Values":["off","block","audit","warn"]},{"CIMType":"String[]","Description":"ASR Only Per Rule Exclusions","Name":"BlockExecutableFilesRunningUnlessTheyMeetPrevalenceAgeTrustedListCriterion_ASROnlyPerRuleExclusions","Option":"Write"},{"CIMType":"String","Description":"Block Office communication application from creating child processes - Depends on AttackSurfaceReductionRules (off: Off, block: Block, audit: Audit, warn: Warn)","Name":"BlockOfficeCommunicationAppFromCreatingChildProcesses","Option":"Write","ValueMap":["off","block","audit","warn"],"Values":["off","block","audit","warn"]},{"CIMType":"String[]","Description":"ASR Only Per Rule Exclusions","Name":"BlockOfficeCommunicationAppFromCreatingChildProcesses_ASROnlyPerRuleExclusions","Option":"Write"},{"CIMType":"String","Description":"Block all Office applications from creating child processes - Depends on AttackSurfaceReductionRules (off: Off, block: Block, audit: Audit, warn: Warn)","Name":"BlockAllOfficeApplicationsFromCreatingChildProcesses","Option":"Write","ValueMap":["off","block","audit","warn"],"Values":["off","block","audit","warn"]},{"CIMType":"String[]","Description":"ASR Only Per Rule Exclusions","Name":"BlockAllOfficeApplicationsFromCreatingChildProcesses_ASROnlyPerRuleExclusions","Option":"Write"},{"CIMType":"String","Description":"Block Adobe Reader from creating child processes - Depends on AttackSurfaceReductionRules (off: Off, block: Block, audit: Audit, warn: Warn)","Name":"BlockAdobeReaderFromCreatingChildProcesses","Option":"Write","ValueMap":["off","block","audit","warn"],"Values":["off","block","audit","warn"]},{"CIMType":"String[]","Description":"ASR Only Per Rule Exclusions","Name":"BlockAdobeReaderFromCreatingChildProcesses_ASROnlyPerRuleExclusions","Option":"Write"},{"CIMType":"String","Description":"Block credential stealing from the Windows local security authority subsystem - Depends on AttackSurfaceReductionRules (off: Off, block: Block, audit: Audit, warn: Warn)","Name":"BlockCredentialStealingFromWindowsLocalSecurityAuthoritySubsystem","Option":"Write","ValueMap":["off","block","audit","warn"],"Values":["off","block","audit","warn"]},{"CIMType":"String[]","Description":"ASR Only Per Rule Exclusions","Name":"BlockCredentialStealingFromWindowsLocalSecurityAuthoritySubsystem_ASROnlyPerRuleExclusions","Option":"Write"},{"CIMType":"String","Description":"Block JavaScript or VBScript from launching downloaded executable content - Depends on AttackSurfaceReductionRules (off: Off, block: Block, audit: Audit, warn: Warn)","Name":"BlockJavaScriptOrVBScriptFromLaunchingDownloadedExecutableContent","Option":"Write","ValueMap":["off","block","audit","warn"],"Values":["off","block","audit","warn"]},{"CIMType":"String[]","Description":"ASR Only Per Rule Exclusions","Name":"BlockJavaScriptOrVBScriptFromLaunchingDownloadedExecutableContent_ASROnlyPerRuleExclusions","Option":"Write"},{"CIMType":"String","Description":"Block Webshell creation for Servers - Depends on AttackSurfaceReductionRules (off: Off, block: Block, audit: Audit, warn: Warn)","Name":"BlockWebshellCreationForServers","Option":"Write","ValueMap":["off","block","audit","warn"],"Values":["off","block","audit","warn"]},{"CIMType":"String[]","Description":"ASR Only Per Rule Exclusions","Name":"BlockWebshellCreationForServers_ASROnlyPerRuleExclusions","Option":"Write"},{"CIMType":"String","Description":"Block untrusted and unsigned processes that run from USB - Depends on AttackSurfaceReductionRules (off: Off, block: Block, audit: Audit, warn: Warn)","Name":"BlockUntrustedUnsignedProcessesThatRunFromUSB","Option":"Write","ValueMap":["off","block","audit","warn"],"Values":["off","block","audit","warn"]},{"CIMType":"String[]","Description":"ASR Only Per Rule Exclusions","Name":"BlockUntrustedUnsignedProcessesThatRunFromUSB_ASROnlyPerRuleExclusions","Option":"Write"},{"CIMType":"String","Description":"Block persistence through WMI event subscription - Depends on AttackSurfaceReductionRules (off: Off, block: Block, audit: Audit, warn: Warn)","Name":"BlockPersistenceThroughWMIEventSubscription","Option":"Write","ValueMap":["off","block","audit","warn"],"Values":["off","block","audit","warn"]},{"CIMType":"String","Description":"[PREVIEW] Block use of copied or impersonated system tools - Depends on AttackSurfaceReductionRules (off: Off, block: Block, audit: Audit, warn: Warn)","Name":"BlockUseOfCopiedOrImpersonatedSystemTools","Option":"Write","ValueMap":["off","block","audit","warn"],"Values":["off","block","audit","warn"]},{"CIMType":"String[]","Description":"ASR Only Per Rule Exclusions","Name":"BlockUseOfCopiedOrImpersonatedSystemTools_ASROnlyPerRuleExclusions","Option":"Write"},{"CIMType":"String","Description":"Block abuse of exploited vulnerable signed drivers (Device) - Depends on AttackSurfaceReductionRules (off: Off, block: Block, audit: Audit, warn: Warn)","Name":"BlockAbuseOfExploitedVulnerableSignedDrivers","Option":"Write","ValueMap":["off","block","audit","warn"],"Values":["off","block","audit","warn"]},{"CIMType":"String[]","Description":"ASR Only Per Rule Exclusions","Name":"BlockAbuseOfExploitedVulnerableSignedDrivers_ASROnlyPerRuleExclusions","Option":"Write"},{"CIMType":"String","Description":"Block process creations originating from PSExec and WMI commands - Depends on AttackSurfaceReductionRules (off: Off, block: Block, audit: Audit, warn: Warn)","Name":"BlockProcessCreationsFromPSExecAndWMICommands","Option":"Write","ValueMap":["off","block","audit","warn"],"Values":["off","block","audit","warn"]},{"CIMType":"String[]","Description":"ASR Only Per Rule Exclusions","Name":"BlockProcessCreationsFromPSExecAndWMICommands_ASROnlyPerRuleExclusions","Option":"Write"},{"CIMType":"String","Description":"Block Office applications from creating executable content - Depends on AttackSurfaceReductionRules (off: Off, block: Block, audit: Audit, warn: Warn)","Name":"BlockOfficeApplicationsFromCreatingExecutableContent","Option":"Write","ValueMap":["off","block","audit","warn"],"Values":["off","block","audit","warn"]},{"CIMType":"String[]","Description":"ASR Only Per Rule Exclusions","Name":"BlockOfficeApplicationsFromCreatingExecutableContent_ASROnlyPerRuleExclusions","Option":"Write"},{"CIMType":"String","Description":"Block Office applications from injecting code into other processes - Depends on AttackSurfaceReductionRules (off: Off, block: Block, audit: Audit, warn: Warn)","Name":"BlockOfficeApplicationsFromInjectingCodeIntoOtherProcesses","Option":"Write","ValueMap":["off","block","audit","warn"],"Values":["off","block","audit","warn"]},{"CIMType":"String[]","Description":"ASR Only Per Rule Exclusions","Name":"BlockOfficeApplicationsFromInjectingCodeIntoOtherProcesses_ASROnlyPerRuleExclusions","Option":"Write"},{"CIMType":"String","Description":"[PREVIEW] Block rebooting machine in Safe Mode - Depends on AttackSurfaceReductionRules (off: Off, block: Block, audit: Audit, warn: Warn)","Name":"BlockRebootingMachineInSafeMode","Option":"Write","ValueMap":["off","block","audit","warn"],"Values":["off","block","audit","warn"]},{"CIMType":"String[]","Description":"ASR Only Per Rule Exclusions","Name":"BlockRebootingMachineInSafeMode_ASROnlyPerRuleExclusions","Option":"Write"},{"CIMType":"String","Description":"Use advanced protection against ransomware - Depends on AttackSurfaceReductionRules (off: Off, block: Block, audit: Audit, warn: Warn)","Name":"UseAdvancedProtectionAgainstRansomware","Option":"Write","ValueMap":["off","block","audit","warn"],"Values":["off","block","audit","warn"]},{"CIMType":"String[]","Description":"ASR Only Per Rule Exclusions","Name":"UseAdvancedProtectionAgainstRansomware_ASROnlyPerRuleExclusions","Option":"Write"},{"CIMType":"String","Description":"Block executable content from email client and webmail - Depends on AttackSurfaceReductionRules (off: Off, block: Block, audit: Audit, warn: Warn)","Name":"BlockExecutableContentFromEmailClientAndWebmail","Option":"Write","ValueMap":["off","block","audit","warn"],"Values":["off","block","audit","warn"]},{"CIMType":"String[]","Description":"ASR Only Per Rule Exclusions","Name":"BlockExecutableContentFromEmailClientAndWebmail_ASROnlyPerRuleExclusions","Option":"Write"},{"CIMType":"SInt32","Description":"Cloud Block Level (0: NotConfigured, 2: High, 4: HighPlus, 6: ZeroTolerance)","Name":"CloudBlockLevel","Option":"Write","ValueMap":[0,2,4,6],"Values":[0,2,4,6]},{"CIMType":"SInt32","Description":"Cloud Extended Timeout","Name":"CloudExtendedTimeout","Option":"Write"},{"CIMType":"SInt32","Description":"Disable Local Admin Merge (0: Enable Local Admin Merge, 1: Disable Local Admin Merge)","Name":"DisableLocalAdminMerge","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Enable File Hash Computation (0: Disable, 1: Enable)","Name":"EnableFileHashComputation","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Enable Network Protection (0: Disabled, 1: Enabled (block mode), 2: Enabled (audit mode))","Name":"EnableNetworkProtection","Option":"Write","ValueMap":[0,1,2],"Values":[0,1,2]},{"CIMType":"SInt32","Description":"Hide Exclusions From Local Admins (1: If you enable this setting, local admins will no longer be able to see the exclusion list in Windows Security App or via PowerShell., 0: If you disable or do not configure this setting, local admins will be able to see exclusions in the Windows Security App and via PowerShell.)","Name":"HideExclusionsFromLocalAdmins","Option":"Write","ValueMap":[1,0],"Values":[1,0]},{"CIMType":"SInt32","Description":"PUA Protection (0: PUA Protection off. Windows Defender will not protect against potentially unwanted applications., 1: PUA Protection on. Detected items are blocked. They will show in history along with other threats., 2: Audit mode. Windows Defender will detect potentially unwanted applications, but take no action. You can review information about the applications Windows Defender would have taken action against by searching for events created by Windows Defender in the Event Viewer.)","Name":"PUAProtection","Option":"Write","ValueMap":[0,1,2],"Values":[0,1,2]},{"CIMType":"SInt32","Description":"Real Time Scan Direction (0: Monitor all files (bi-directional)., 1: Monitor incoming files., 2: Monitor outgoing files.)","Name":"RealTimeScanDirection","Option":"Write","ValueMap":[0,1,2],"Values":[0,1,2]},{"CIMType":"SInt32","Description":"Submit Samples Consent (0: Always prompt., 1: Send safe samples automatically., 2: Never send., 3: Send all samples automatically.)","Name":"SubmitSamplesConsent","Option":"Write","ValueMap":[0,1,2,3],"Values":[0,1,2,3]},{"CIMType":"SInt32","Description":"Configure System Guard Launch (0: Unmanaged Configurable by Administrative user, 1: Unmanaged Enables Secure Launch if supported by hardware, 2: Unmanaged Disables Secure Launch)","Name":"ConfigureSystemGuardLaunch","Option":"Write","ValueMap":[0,1,2],"Values":[0,1,2]},{"CIMType":"SInt32","Description":"Credential Guard (0: (Disabled) Turns off Credential Guard remotely if configured previously without UEFI Lock., 1: (Enabled with UEFI lock) Turns on Credential Guard with UEFI lock., 2: (Enabled without lock) Turns on Credential Guard without UEFI lock.)","Name":"LsaCfgFlags","Option":"Write","ValueMap":[0,1,2],"Values":[0,1,2]},{"CIMType":"SInt32","Description":"Enable Virtualization Based Security (0: disable virtualization based security., 1: enable virtualization based security.)","Name":"EnableVirtualizationBasedSecurity","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Require Platform Security Features (1: Turns on VBS with Secure Boot., 3: Turns on VBS with Secure Boot and direct memory access (DMA). DMA requires hardware support.)","Name":"RequirePlatformSecurityFeatures","Option":"Write","ValueMap":[1,3],"Values":[1,3]},{"CIMType":"SInt32","Description":"Device Password Enabled (0: Enabled, 1: Disabled)","Name":"DevicePasswordEnabled","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Device Password Expiration - Depends on DevicePasswordEnabled","Name":"DevicePasswordExpiration","Option":"Write"},{"CIMType":"SInt32","Description":"Min Device Password Length - Depends on DevicePasswordEnabled","Name":"MinDevicePasswordLength","Option":"Write"},{"CIMType":"SInt32","Description":"Alphanumeric Device Password Required - Depends on DevicePasswordEnabled (0: Password or Alphanumeric PIN required., 1: Password or Numeric PIN required., 2: Password, Numeric PIN, or Alphanumeric PIN required.)","Name":"AlphanumericDevicePasswordRequired","Option":"Write","ValueMap":[0,1,2],"Values":[0,1,2]},{"CIMType":"SInt32","Description":"Max Device Password Failed Attempts - Depends on DevicePasswordEnabled","Name":"MaxDevicePasswordFailedAttempts","Option":"Write"},{"CIMType":"SInt32","Description":"Min Device Password Complex Characters - Depends on DevicePasswordEnabled. (1: Digits only, 2: Digits and lowercase letters are required, 3: Digits lowercase letters and uppercase letters are required. Not supported in desktop Microsoft accounts and domain accounts, 4: Digits lowercase letters uppercase letters and special characters are required. Not supported in desktop)","Name":"MinDevicePasswordComplexCharacters","Option":"Write","ValueMap":[1,2,3,4],"Values":[1,2,3,4]},{"CIMType":"SInt32","Description":"Max Inactivity Time Device Lock - Depends on DevicePasswordEnabled","Name":"MaxInactivityTimeDeviceLock","Option":"Write"},{"CIMType":"SInt32","Description":"Device Password History - Depends on DevicePasswordEnabled","Name":"DevicePasswordHistory","Option":"Write"},{"CIMType":"SInt32","Description":"Allow Simple Device Password - Depends on DevicePasswordEnabled (0: Not allowed., 1: Allowed.)","Name":"AllowSimpleDevicePassword","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Device Enumeration Policy (0: Block all (Most restrictive), 1: Only after log in/screen unlock, 2: Allow all (Least restrictive))","Name":"DeviceEnumerationPolicy","Option":"Write","ValueMap":[0,1,2],"Values":[0,1,2]},{"CIMType":"SInt32","Description":"Enable Insecure Guest Logons (0: Disabled, 1: Enabled)","Name":"EnableInsecureGuestLogons","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Configure Lsa Protected Process (0: Disabled. Default value. LSA will not run as protected process., 1: Enabled with UEFI lock. LSA will run as protected process and this configuration is UEFI locked., 2: Enabled without UEFI lock. LSA will run as protected process and this configuration is not UEFI locked.)","Name":"ConfigureLsaProtectedProcess","Option":"Write","ValueMap":[0,1,2],"Values":[0,1,2]},{"CIMType":"SInt32","Description":"Allow Game DVR (0: Not allowed., 1: Allowed.)","Name":"AllowGameDVR","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"MSI Allow User Control Over Install (0: Disabled, 1: Enabled)","Name":"MSIAllowUserControlOverInstall","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"MSI Always Install With Elevated Privileges (0: Disabled, 1: Enabled)","Name":"MSIAlwaysInstallWithElevatedPrivileges","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Default Adobe Flash setting (0: Disabled, 1: Enabled)","Name":"MicrosoftEdge_ContentSettings_DefaultPluginsSetting","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Default Adobe Flash setting (Device) - Depends on MicrosoftEdge_ContentSettings_DefaultPluginsSetting (2: Block the Adobe Flash plugin, 3: Click to play)","Name":"DefaultPluginsSetting_DefaultPluginsSetting","Option":"Write","ValueMap":[2,3],"Values":[2,3]},{"CIMType":"SInt32","Description":"Minimum TLS version enabled (0: Disabled, 1: Enabled)","Name":"edge_SSLVersionMin","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"String","Description":"Minimum SSL version enabled (Device) - Depends on edge_SSLVersionMin (tls1: TLS 1.0, tls1.1: TLS 1.1, tls1.2: TLS 1.2)","Name":"SSLVersionMin_SSLVersionMin","Option":"Write","ValueMap":["tls1","tls1.1","tls1.2"],"Values":["tls1","tls1.1","tls1.2"]},{"CIMType":"SInt32","Description":"Configure Microsoft Defender SmartScreen (0: Disabled, 1: Enabled)","Name":"SmartScreenEnabled","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Prevent bypassing Microsoft Defender SmartScreen prompts for sites (0: Disabled, 1: Enabled)","Name":"PreventSmartScreenPromptOverride","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Let Apps Activate With Voice Above Lock (0: User in control. Users can decide if Windows apps can be activated by voice while the screen is locked using Settings > Privacy options on the device., 1: Force allow. Windows apps can be activated by voice while the screen is locked, and users cannot change it., 2: Force deny. Windows apps cannot be activated by voice while the screen is locked, and users cannot change it.)","Name":"LetAppsActivateWithVoiceAboveLock","Option":"Write","ValueMap":[0,1,2],"Values":[0,1,2]},{"CIMType":"SInt32","Description":"Allow Indexing Encrypted Stores Or Items (0: Not allowed., 1: Allowed.)","Name":"AllowIndexingEncryptedStoresOrItems","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Enable Smart Screen In Shell (0: Disabled., 1: Enabled.)","Name":"EnableSmartScreenInShell","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Notify Malicious (0: Disabled, 1: Enabled)","Name":"NotifyMalicious","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Notify Password Reuse (0: Disabled, 1: Enabled)","Name":"NotifyPasswordReuse","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Notify Unsafe App (0: Disabled, 1: Enabled)","Name":"NotifyUnsafeApp","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Service Enabled (0: Disabled, 1: Enabled)","Name":"ServiceEnabled","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Prevent Override For Files In Shell (0: Do not prevent override., 1: Prevent override.)","Name":"PreventOverrideForFilesInShell","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"String[]","Description":"Access From Network","Name":"AccessFromNetwork","Option":"Write"},{"CIMType":"String[]","Description":"Allow Local Log On","Name":"AllowLocalLogOn","Option":"Write"},{"CIMType":"String[]","Description":"Backup Files And Directories","Name":"BackupFilesAndDirectories","Option":"Write"},{"CIMType":"String[]","Description":"Create Global Objects","Name":"CreateGlobalObjects","Option":"Write"},{"CIMType":"String[]","Description":"Create Page File","Name":"CreatePageFile","Option":"Write"},{"CIMType":"String[]","Description":"Debug Programs","Name":"DebugPrograms","Option":"Write"},{"CIMType":"String[]","Description":"Deny Access From Network","Name":"DenyAccessFromNetwork","Option":"Write"},{"CIMType":"String[]","Description":"Deny Remote Desktop Services Log On","Name":"DenyRemoteDesktopServicesLogOn","Option":"Write"},{"CIMType":"String[]","Description":"Impersonate Client","Name":"ImpersonateClient","Option":"Write"},{"CIMType":"String[]","Description":"Load Unload Device Drivers","Name":"LoadUnloadDeviceDrivers","Option":"Write"},{"CIMType":"String[]","Description":"Manage Auditing And Security Log","Name":"ManageAuditingAndSecurityLog","Option":"Write"},{"CIMType":"String[]","Description":"Manage Volume","Name":"ManageVolume","Option":"Write"},{"CIMType":"String[]","Description":"Modify Firmware Environment","Name":"ModifyFirmwareEnvironment","Option":"Write"},{"CIMType":"String[]","Description":"Profile Single Process","Name":"ProfileSingleProcess","Option":"Write"},{"CIMType":"String[]","Description":"Remote Shutdown","Name":"RemoteShutdown","Option":"Write"},{"CIMType":"String[]","Description":"Restore Files And Directories","Name":"RestoreFilesAndDirectories","Option":"Write"},{"CIMType":"String[]","Description":"Take Ownership","Name":"TakeOwnership","Option":"Write"},{"CIMType":"SInt32","Description":"Hypervisor Enforced Code Integrity (0: (Disabled) Turns off Hypervisor-Protected Code Integrity remotely if configured previously without UEFI Lock., 1: (Enabled with UEFI lock) Turns on Hypervisor-Protected Code Integrity with UEFI lock., 2: (Enabled without lock) Turns on Hypervisor-Protected Code Integrity without UEFI lock.)","Name":"HypervisorEnforcedCodeIntegrity","Option":"Write","ValueMap":[0,1,2],"Values":[0,1,2]},{"CIMType":"SInt32","Description":"Allow Windows Ink Workspace (0: access to ink workspace is disabled. The feature is turned off., 1: ink workspace is enabled (feature is turned on), but the user cannot access it above the lock screen., 2: ink workspace is enabled (feature is turned on), and the user is allowed to use it above the lock screen.)","Name":"AllowWindowsInkWorkspace","Option":"Write","ValueMap":[0,1,2],"Values":[0,1,2]},{"CIMType":"SInt32","Description":"Accounts Limit Local Account Use Of Blank Passwords To Console Logon Only (0: Disabled, 1: Enabled)","Name":"Accounts_LimitLocalAccountUseOfBlankPasswordsToConsoleLogonOnly","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Interactive Logon Machine Inactivity Limit","Name":"InteractiveLogon_MachineInactivityLimit","Option":"Write"},{"CIMType":"SInt32","Description":"Interactive Logon Smart Card Removal Behavior (0: No Action, 1: Lock Workstation, 2: Force Logoff, 3: Disconnect if a Remote Desktop Services session)","Name":"InteractiveLogon_SmartCardRemovalBehavior","Option":"Write","ValueMap":[0,1,2,3],"Values":[0,1,2,3]},{"CIMType":"SInt32","Description":"Microsoft Network Client Digitally Sign Communications Always (1: Enable, 0: Disable)","Name":"MicrosoftNetworkClient_DigitallySignCommunicationsAlways","Option":"Write","ValueMap":[1,0],"Values":[1,0]},{"CIMType":"SInt32","Description":"Microsoft Network Client Send Unencrypted Password To Third Party SMB Servers (1: Enable, 0: Disable)","Name":"MicrosoftNetworkClient_SendUnencryptedPasswordToThirdPartySMBServers","Option":"Write","ValueMap":[1,0],"Values":[1,0]},{"CIMType":"SInt32","Description":"Microsoft Network Server Digitally Sign Communications Always (1: Enable, 0: Disable)","Name":"MicrosoftNetworkServer_DigitallySignCommunicationsAlways","Option":"Write","ValueMap":[1,0],"Values":[1,0]},{"CIMType":"SInt32","Description":"Network Access Do Not Allow Anonymous Enumeration Of SAM Accounts (1: Enabled, 0: Disabled)","Name":"NetworkAccess_DoNotAllowAnonymousEnumerationOfSAMAccounts","Option":"Write","ValueMap":[1,0],"Values":[1,0]},{"CIMType":"SInt32","Description":"Network Access Do Not Allow Anonymous Enumeration Of Sam Accounts And Shares (1: Enabled, 0: Disabled)","Name":"NetworkAccess_DoNotAllowAnonymousEnumerationOfSamAccountsAndShares","Option":"Write","ValueMap":[1,0],"Values":[1,0]},{"CIMType":"SInt32","Description":"Network Access Restrict Anonymous Access To Named Pipes And Shares (1: Enable, 0: Disable)","Name":"NetworkAccess_RestrictAnonymousAccessToNamedPipesAndShares","Option":"Write","ValueMap":[1,0],"Values":[1,0]},{"CIMType":"String","Description":"Network Access Restrict Clients Allowed To Make Remote Calls To SAM","Name":"NetworkAccess_RestrictClientsAllowedToMakeRemoteCallsToSAM","Option":"Write"},{"CIMType":"SInt32","Description":"Network Security Do Not Store LAN Manager Hash Value On Next Password Change (1: Enable, 0: Disable)","Name":"NetworkSecurity_DoNotStoreLANManagerHashValueOnNextPasswordChange","Option":"Write","ValueMap":[1,0],"Values":[1,0]},{"CIMType":"SInt32","Description":"Network Security LAN Manager Authentication Level (0: Send LM and NTLM responses, 1: Send LM and NTLM-use NTLMv2 session security if negotiated, 2: Send LM and NTLM responses only, 3: Send LM and NTLMv2 responses only, 4: Send LM and NTLMv2 responses only. Refuse LM, 5: Send LM and NTLMv2 responses only. Refuse LM and NTLM)","Name":"NetworkSecurity_LANManagerAuthenticationLevel","Option":"Write","ValueMap":[0,1,2,3,4,5],"Values":[0,1,2,3,4,5]},{"CIMType":"String","Description":"Network Security Minimum Session Security For NTLMSSP Based Clients (0: None, 524288: Require NTLMv2 session security, 536870912: Require 128-bit encryption, 537395200: Require NTLM and 128-bit encryption)","Name":"NetworkSecurity_MinimumSessionSecurityForNTLMSSPBasedClients","Option":"Write","ValueMap":["0","524288","536870912","537395200"],"Values":["0","524288","536870912","537395200"]},{"CIMType":"String","Description":"Network Security Minimum Session Security For NTLMSSP Based Servers (0: None, 524288: Require NTLMv2 session security, 536870912: Require 128-bit encryption, 537395200: Require NTLM and 128-bit encryption)","Name":"NetworkSecurity_MinimumSessionSecurityForNTLMSSPBasedServers","Option":"Write","ValueMap":["0","524288","536870912","537395200"],"Values":["0","524288","536870912","537395200"]},{"CIMType":"SInt32","Description":"User Account Control Behavior Of The Elevation Prompt For Administrators (0: Elevate without prompting, 1: Prompt for credentials on the secure desktop, 2: Prompt for consent on the secure desktop, 3: Prompt for credentials, 4: Prompt for consent, 5: Prompt for consent for non-Windows binaries)","Name":"UserAccountControl_BehaviorOfTheElevationPromptForAdministrators","Option":"Write","ValueMap":[0,1,2,3,4,5],"Values":[0,1,2,3,4,5]},{"CIMType":"SInt32","Description":"User Account Control Behavior Of The Elevation Prompt For Standard Users (0: Automatically deny elevation requests, 1: Prompt for credentials on the secure desktop, 3: Prompt for credentials)","Name":"UserAccountControl_BehaviorOfTheElevationPromptForStandardUsers","Option":"Write","ValueMap":[0,1,3],"Values":[0,1,3]},{"CIMType":"SInt32","Description":"User Account Control Detect Application Installations And Prompt For Elevation (1: Enable, 0: Disable)","Name":"UserAccountControl_DetectApplicationInstallationsAndPromptForElevation","Option":"Write","ValueMap":[1,0],"Values":[1,0]},{"CIMType":"SInt32","Description":"User Account Control Only Elevate UI Access Applications That Are Installed In Secure Locations (0: Disabled: Application runs with UIAccess integrity even if it does not reside in a secure location., 1: Enabled: Application runs with UIAccess integrity only if it resides in secure location.)","Name":"UserAccountControl_OnlyElevateUIAccessApplicationsThatAreInstalledInSecureLocations","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"User Account Control Run All Administrators In Admin Approval Mode (0: Disabled, 1: Enabled)","Name":"UserAccountControl_RunAllAdministratorsInAdminApprovalMode","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"User Account Control Use Admin Approval Mode (1: Enable, 0: Disable)","Name":"UserAccountControl_UseAdminApprovalMode","Option":"Write","ValueMap":[1,0],"Values":[1,0]},{"CIMType":"SInt32","Description":"User Account Control Virtualize File And Registry Write Failures To Per User Locations (0: Disabled, 1: Enabled)","Name":"UserAccountControl_VirtualizeFileAndRegistryWriteFailuresToPerUserLocations","Option":"Write","ValueMap":[0,1],"Values":[0,1]}],"Description":"Intune Security Baseline Windows365"},{"ClassName":"MSFT_MicrosoftGraphIntuneSettingsCatalogUserSettings_IntuneSecurityBaselineWindows365","Parameters":[{"CIMType":"SInt32","Description":"Turn off toast notifications on the lock screen (User) (0: Disabled, 1: Enabled)","Name":"NoLockScreenToastNotification","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Turn on the auto-complete feature for user names and passwords on forms (User) (0: Disabled, 1: Enabled)","Name":"RestrictFormSuggestPW","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Prompt me to save passwords (User) - Depends on RestrictFormSuggestPW (0: False, 1: True)","Name":"ChkBox_PasswordAsk","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow Windows Spotlight (User) (0: Not allowed., 1: Allowed.)","Name":"AllowWindowsSpotlight","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow Windows Tips - Depends on AllowWindowsSpotlight (0: Disabled., 1: Enabled.)","Name":"AllowWindowsTips","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow Tailored Experiences With Diagnostic Data (User) - Depends on AllowWindowsSpotlight (0: Not allowed., 1: Allowed.)","Name":"AllowTailoredExperiencesWithDiagnosticData","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow Windows Spotlight On Action Center (User) - Depends on AllowWindowsSpotlight (0: Not allowed., 1: Allowed.)","Name":"AllowWindowsSpotlightOnActionCenter","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow Windows Consumer Features - Depends on AllowWindowsSpotlight (0: Not allowed., 1: Allowed.)","Name":"AllowWindowsConsumerFeatures","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Configure Windows Spotlight On Lock Screen (User) - Depends on AllowWindowsSpotlight (0: Windows spotlight disabled., 1: Windows spotlight enabled., 2: Windows spotlight is always enabled, the user cannot disable it, 3: Windows spotlight is always enabled, the user cannot disable it. For special configurations only)","Name":"ConfigureWindowsSpotlightOnLockScreen","Option":"Write","ValueMap":[0,1,2,3],"Values":[0,1,2,3]},{"CIMType":"SInt32","Description":"Allow Windows Spotlight Windows Welcome Experience (User) - Depends on AllowWindowsSpotlight (0: Not allowed., 1: Allowed.)","Name":"AllowWindowsSpotlightWindowsWelcomeExperience","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Allow Third Party Suggestions In Windows Spotlight (User) - Depends on AllowWindowsSpotlight (0: Third-party suggestions not allowed., 1: Third-party suggestions allowed.)","Name":"AllowThirdPartySuggestionsInWindowsSpotlight","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Default Adobe Flash setting (User) (0: Disabled, 1: Enabled)","Name":"MicrosoftEdge_ContentSettings_DefaultPluginsSetting","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"SInt32","Description":"Default Adobe Flash setting (User) - Depends on MicrosoftEdge_ContentSettings_DefaultPluginsSetting (2: Block the Adobe Flash plugin, 3: Click to play)","Name":"DefaultPluginsSetting_DefaultPluginsSetting","Option":"Write","ValueMap":[2,3],"Values":[2,3]},{"CIMType":"SInt32","Description":"Minimum TLS version enabled (User) (0: Disabled, 1: Enabled)","Name":"edge_SSLVersionMin","Option":"Write","ValueMap":[0,1],"Values":[0,1]},{"CIMType":"String","Description":"Minimum SSL version enabled (User) - Depends on edge_SSLVersionMin (tls1: TLS 1.0, tls1.1: TLS 1.1, tls1.2: TLS 1.2)","Name":"SSLVersionMin_SSLVersionMin","Option":"Write","ValueMap":["tls1","tls1.1","tls1.2"],"Values":["tls1","tls1.1","tls1.2"]}],"Description":"Intune Security Baseline Windows365"},{"ClassName":"MSFT_IntuneSecurityBaselineWindows365","Parameters":[{"CIMType":"String","Description":"Policy description","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Policy name","Name":"DisplayName","Option":"Key"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphIntuneSettingsCatalogDeviceSettings_IntuneSecurityBaselineWindows365","Description":"The device scope settings for the policy.","Name":"DeviceSettings","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphIntuneSettingsCatalogUserSettings_IntuneSecurityBaselineWindows365","Description":"The user scope settings for the policy.","Name":"UserSettings","Option":"Write"},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Security Baseline Windows365"},{"ClassName":"MSFT_IntuneSettingCatalogASRRulesPolicyWindows10","Parameters":[{"CIMType":"String","Description":"Identity of the endpoint protection attack surface protection rules policy for Windows 10.","Name":"Identity","Option":"Write"},{"CIMType":"String","Description":"Display name of the endpoint protection attack surface protection rules policy for Windows 10.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"Description of the endpoint protection attack surface protection rules policy for Windows 10.","Name":"Description","Option":"Write"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Assignments of the endpoint protection.","Name":"Assignments","Option":"Write"},{"CIMType":"String[]","Description":"Exclude files and paths from attack surface reduction rules","Name":"AttackSurfaceReductionOnlyExclusions","Option":"Write"},{"CIMType":"String","Description":"This rule prevents an application from writing a vulnerable signed driver to disk.","Name":"BlockAbuseOfExploitedVulnerableSignedDrivers","Option":"Write","ValueMap":["off","block","audit","warn"],"Values":["off","block","audit","warn"]},{"CIMType":"String[]","Description":"ASR Only Per Rule Exclusions","Name":"BlockAbuseOfExploitedVulnerableSignedDrivers_ASROnlyPerRuleExclusions","Option":"Write"},{"CIMType":"String","Description":"This rule prevents attacks by blocking Adobe Reader from creating processes.","Name":"BlockAdobeReaderFromCreatingChildProcesses","Option":"Write","ValueMap":["off","block","audit","warn"],"Values":["off","block","audit","warn"]},{"CIMType":"String[]","Description":"ASR Only Per Rule Exclusions","Name":"BlockAdobeReaderFromCreatingChildProcesses_ASROnlyPerRuleExclusions","Option":"Write"},{"CIMType":"String","Description":"This rule blocks Office apps from creating child processes. Office apps include Word, Excel, PowerPoint, OneNote, and Access.","Name":"BlockAllOfficeApplicationsFromCreatingChildProcesses","Option":"Write","ValueMap":["off","block","audit","warn"],"Values":["off","block","audit","warn"]},{"CIMType":"String[]","Description":"ASR Only Per Rule Exclusions (off: Off, block: Block, audit: Audit, warn: Warn)","Name":"BlockAllOfficeApplicationsFromCreatingChildProcesses_ASROnlyPerRuleExclusions","Option":"Write"},{"CIMType":"String","Description":"This rule helps prevent credential stealing by locking down Local Security Authority Subsystem Service (LSASS).","Name":"BlockCredentialStealingFromWindowsLocalSecurityAuthoritySubsystem","Option":"Write","ValueMap":["off","block","audit","warn"],"Values":["off","block","audit","warn"]},{"CIMType":"String[]","Description":"ASR Only Per Rule Exclusions","Name":"BlockCredentialStealingFromWindowsLocalSecurityAuthoritySubsystem_ASROnlyPerRuleExclusions","Option":"Write"},{"CIMType":"String","Description":"This rule blocks the following file types from launching from email opened within the Microsoft Outlook application, or Outlook.com and other popular webmail providers.","Name":"BlockExecutableContentFromEmailClientAndWebmail","Option":"Write","ValueMap":["off","block","audit","warn"],"Values":["off","block","audit","warn"]},{"CIMType":"String[]","Description":"ASR Only Per Rule Exclusions","Name":"BlockExecutableContentFromEmailClientAndWebmail_ASROnlyPerRuleExclusions","Option":"Write"},{"CIMType":"String","Description":"This rule blocks executable files that don't meet a prevalence, age, or trusted list criteria, such as .exe, .dll, or .scr, from launching.","Name":"BlockExecutableFilesRunningUnlessTheyMeetPrevalenceAgeTrustedListCriterion","Option":"Write","ValueMap":["off","block","audit","warn"],"Values":["off","block","audit","warn"]},{"CIMType":"String[]","Description":"ASR Only Per Rule Exclusions","Name":"BlockExecutableFilesRunningUnlessTheyMeetPrevalenceAgeTrustedListCriterion_ASROnlyPerRuleExclusions","Option":"Write"},{"CIMType":"String","Description":"This rule detects suspicious properties within an obfuscated script.","Name":"BlockExecutionOfPotentiallyObfuscatedScripts","Option":"Write","ValueMap":["off","block","audit","warn"],"Values":["off","block","audit","warn"]},{"CIMType":"String[]","Description":"ASR Only Per Rule Exclusions","Name":"BlockExecutionOfPotentiallyObfuscatedScripts_ASROnlyPerRuleExclusions","Option":"Write"},{"CIMType":"String","Description":"This rule prevents scripts from launching potentially malicious downloaded content.","Name":"BlockJavaScriptOrVBScriptFromLaunchingDownloadedExecutableContent","Option":"Write","ValueMap":["off","block","audit","warn"],"Values":["off","block","audit","warn"]},{"CIMType":"String[]","Description":"ASR Only Per Rule Exclusions","Name":"BlockJavaScriptOrVBScriptFromLaunchingDownloadedExecutableContent_ASROnlyPerRuleExclusions","Option":"Write"},{"CIMType":"String","Description":"This rule prevents Office apps, including Word, Excel, and PowerPoint, from creating potentially malicious executable content, by blocking malicious code from being written to disk.","Name":"BlockOfficeApplicationsFromCreatingExecutableContent","Option":"Write","ValueMap":["off","block","audit","warn"],"Values":["off","block","audit","warn"]},{"CIMType":"String[]","Description":"ASR Only Per Rule Exclusions","Name":"BlockOfficeApplicationsFromCreatingExecutableContent_ASROnlyPerRuleExclusions","Option":"Write"},{"CIMType":"String","Description":"This rule blocks code injection attempts from Office apps into other processes.","Name":"BlockOfficeApplicationsFromInjectingCodeIntoOtherProcesses","Option":"Write","ValueMap":["off","block","audit","warn"],"Values":["off","block","audit","warn"]},{"CIMType":"String[]","Description":"ASR Only Per Rule Exclusions","Name":"BlockOfficeApplicationsFromInjectingCodeIntoOtherProcesses_ASROnlyPerRuleExclusions","Option":"Write"},{"CIMType":"String","Description":"This rule prevents Outlook from creating child processes, while still allowing legitimate Outlook functions.","Name":"BlockOfficeCommunicationAppFromCreatingChildProcesses","Option":"Write","ValueMap":["off","block","audit","warn"],"Values":["off","block","audit","warn"]},{"CIMType":"String[]","Description":"ASR Only Per Rule Exclusions","Name":"BlockOfficeCommunicationAppFromCreatingChildProcesses_ASROnlyPerRuleExclusions","Option":"Write"},{"CIMType":"String","Description":"This rule prevents malware from abusing WMI to attain persistence on a device.","Name":"BlockPersistenceThroughWMIEventSubscription","Option":"Write","ValueMap":["off","block","audit","warn"],"Values":["off","block","audit","warn"]},{"CIMType":"String","Description":"This rule blocks processes created through PsExec and WMI from running.","Name":"BlockProcessCreationsFromPSExecAndWMICommands","Option":"Write","ValueMap":["off","block","audit","warn"],"Values":["off","block","audit","warn"]},{"CIMType":"String[]","Description":"ASR Only Per Rule Exclusions","Name":"BlockProcessCreationsFromPSExecAndWMICommands_ASROnlyPerRuleExclusions","Option":"Write"},{"CIMType":"String","Description":"This rule prevents the execution of commands to restart machines in Safe Mode.","Name":"BlockRebootingMachineInSafeMode","Option":"Write","ValueMap":["off","block","audit","warn"],"Values":["off","block","audit","warn"]},{"CIMType":"String[]","Description":"ASR Only Per Rule Exclusions","Name":"BlockRebootingMachineInSafeMode_ASROnlyPerRuleExclusions","Option":"Write"},{"CIMType":"String","Description":"With this rule, admins can prevent unsigned or untrusted executable files from running from USB removable drives, including SD cards.","Name":"BlockUntrustedUnsignedProcessesThatRunFromUSB","Option":"Write","ValueMap":["off","block","audit","warn"],"Values":["off","block","audit","warn"]},{"CIMType":"String[]","Description":"ASR Only Per Rule Exclusions","Name":"BlockUntrustedUnsignedProcessesThatRunFromUSB_ASROnlyPerRuleExclusions","Option":"Write"},{"CIMType":"String","Description":"This rule blocks the use of executable files that are identified as copies of Windows system tools. These files are either duplicates or impostors of the original system tools.","Name":"BlockUseOfCopiedOrImpersonatedSystemTools","Option":"Write","ValueMap":["off","block","audit","warn"],"Values":["off","block","audit","warn"]},{"CIMType":"String[]","Description":"ASR Only Per Rule Exclusions","Name":"BlockUseOfCopiedOrImpersonatedSystemTools_ASROnlyPerRuleExclusions","Option":"Write"},{"CIMType":"String","Description":"This rule blocks webshell creation for servers.","Name":"BlockWebShellCreationForServers","Option":"Write","ValueMap":["off","block","audit","warn"],"Values":["off","block","audit","warn"]},{"CIMType":"String[]","Description":"ASR Only Per Rule Exclusions","Name":"BlockWebshellCreationForServers_ASROnlyPerRuleExclusions","Option":"Write"},{"CIMType":"String","Description":"This rule prevents VBA macros from calling Win32 APIs.","Name":"BlockWin32APICallsFromOfficeMacros","Option":"Write","ValueMap":["off","block","audit","warn"],"Values":["off","block","audit","warn"]},{"CIMType":"String[]","Description":"ASR Only Per Rule Exclusions","Name":"BlockWin32APICallsFromOfficeMacros_ASROnlyPerRuleExclusions","Option":"Write"},{"CIMType":"String","Description":"This rule provides an extra layer of protection against ransomware.","Name":"UseAdvancedProtectionAgainstRansomware","Option":"Write","ValueMap":["off","block","audit","warn"],"Values":["off","block","audit","warn"]},{"CIMType":"String[]","Description":"ASR Only Per Rule Exclusions","Name":"UseAdvancedProtectionAgainstRansomware_ASROnlyPerRuleExclusions","Option":"Write"},{"CIMType":"String[]","Description":"List of additional folders that need to be protected","Name":"ControlledFolderAccessProtectedFolders","Option":"Write"},{"CIMType":"String[]","Description":"List of apps that have access to protected folders.","Name":"ControlledFolderAccessAllowedApplications","Option":"Write"},{"CIMType":"String","Description":"This rule enables Controlled folder access which protects your data by checking apps against a list of known, trusted apps. Possible values: 0=disable, 1=enable, 2=audit, 3=block disk modification only, 4=audit disk modification only","Name":"EnableControlledFolderAccess","Option":"Write","ValueMap":["0","1","2","3","4"],"Values":["0","1","2","3","4"]},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Intune Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Name of the Azure Active Directory tenant used for authentication. Format contoso.onmicrosoft.com","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures a Intune Endpoint Protection Attack Surface Reduction rules policy for a Windows 10 Device.\nThis resource returns ASR rules created using settings catalog settings."},{"ClassName":"MSFT_MicrosoftGraphDeviceManagementConfigurationPolicyTemplateReference","Parameters":[{"CIMType":"String","Description":"Template Display Name of the referenced template. This property is read-only.","Name":"TemplateDisplayName","Option":"Write"},{"CIMType":"String","Description":"Template Display Version of the referenced Template. This property is read-only.","Name":"TemplateDisplayVersion","Option":"Write"},{"CIMType":"String","Description":"Template Family of the referenced Template. This property is read-only. Possible values are: none, endpointSecurityAntivirus, endpointSecurityDiskEncryption, endpointSecurityFirewall, endpointSecurityEndpointDetectionAndResponse, endpointSecurityAttackSurfaceReduction, endpointSecurityAccountProtection, endpointSecurityApplicationControl, endpointSecurityEndpointPrivilegeManagement, enrollmentConfiguration, appQuietTime, baseline, unknownFutureValue, deviceConfigurationScripts.","Name":"TemplateFamily","Option":"Write","ValueMap":["none","endpointSecurityAntivirus","endpointSecurityDiskEncryption","endpointSecurityFirewall","endpointSecurityEndpointDetectionAndResponse","endpointSecurityAttackSurfaceReduction","endpointSecurityAccountProtection","endpointSecurityApplicationControl","endpointSecurityEndpointPrivilegeManagement","enrollmentConfiguration","appQuietTime","baseline","unknownFutureValue","deviceConfigurationScripts"],"Values":["none","endpointSecurityAntivirus","endpointSecurityDiskEncryption","endpointSecurityFirewall","endpointSecurityEndpointDetectionAndResponse","endpointSecurityAttackSurfaceReduction","endpointSecurityAccountProtection","endpointSecurityApplicationControl","endpointSecurityEndpointPrivilegeManagement","enrollmentConfiguration","appQuietTime","baseline","unknownFutureValue","deviceConfigurationScripts"]},{"CIMType":"String","Description":"Template id","Name":"TemplateId","Option":"Write"}],"Description":"Intune Setting Catalog Custom Policy for Windows10"},{"ClassName":"MSFT_MicrosoftGraphDeviceManagementConfigurationSetting","Parameters":[{"CIMType":"MSFT_MicrosoftGraphDeviceManagementConfigurationSettingInstance","Description":"Setting Instance","Name":"SettingInstance","Option":"Write"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"}],"Description":"Intune Setting Catalog Custom Policy for Windows10"},{"ClassName":"MSFT_MicrosoftGraphDeviceManagementConfigurationSettingInstance","Parameters":[{"CIMType":"String","Description":"Setting Definition Id","Name":"SettingDefinitionId","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphDeviceManagementConfigurationSettingInstanceTemplateReference","Description":"Setting Instance Template Reference","Name":"SettingInstanceTemplateReference","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphDeviceManagementConfigurationChoiceSettingValue[]","Description":"Choice setting collection value","Name":"ChoiceSettingCollectionValue","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphDeviceManagementConfigurationChoiceSettingValue","Description":"Choice setting value","Name":"ChoiceSettingValue","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphDeviceManagementConfigurationGroupSettingValue[]","Description":"A collection of GroupSetting values","Name":"GroupSettingCollectionValue","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphDeviceManagementConfigurationGroupSettingValue","Description":"GroupSetting value","Name":"GroupSettingValue","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphDeviceManagementConfigurationSimpleSettingValue[]","Description":"Simple setting collection instance value","Name":"SimpleSettingCollectionValue","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphDeviceManagementConfigurationSimpleSettingValue","Description":"Simple setting instance value","Name":"SimpleSettingValue","Option":"Write"},{"CIMType":"String","Description":"The type of the entity.","Name":"odataType","Option":"Write","ValueMap":["#microsoft.graph.deviceManagementConfigurationChoiceSettingCollectionInstance","#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance","#microsoft.graph.deviceManagementConfigurationGroupSettingCollectionInstance","#microsoft.graph.deviceManagementConfigurationGroupSettingInstance","#microsoft.graph.deviceManagementConfigurationSettingGroupCollectionInstance","#microsoft.graph.deviceManagementConfigurationSettingGroupInstance","#microsoft.graph.deviceManagementConfigurationSimpleSettingCollectionInstance","#microsoft.graph.deviceManagementConfigurationSimpleSettingInstance"],"Values":["#microsoft.graph.deviceManagementConfigurationChoiceSettingCollectionInstance","#microsoft.graph.deviceManagementConfigurationChoiceSettingInstance","#microsoft.graph.deviceManagementConfigurationGroupSettingCollectionInstance","#microsoft.graph.deviceManagementConfigurationGroupSettingInstance","#microsoft.graph.deviceManagementConfigurationSettingGroupCollectionInstance","#microsoft.graph.deviceManagementConfigurationSettingGroupInstance","#microsoft.graph.deviceManagementConfigurationSimpleSettingCollectionInstance","#microsoft.graph.deviceManagementConfigurationSimpleSettingInstance"]}],"Description":"Intune Setting Catalog Custom Policy for Windows10"},{"ClassName":"MSFT_MicrosoftGraphDeviceManagementConfigurationSettingInstanceTemplateReference","Parameters":[{"CIMType":"String","Description":"Setting instance template id","Name":"SettingInstanceTemplateId","Option":"Write"}],"Description":"Intune Setting Catalog Custom Policy for Windows10"},{"ClassName":"MSFT_MicrosoftGraphDeviceManagementConfigurationChoiceSettingValue","Parameters":[{"CIMType":"MSFT_MicrosoftGraphDeviceManagementConfigurationSettingInstance[]","Description":"Child settings.","Name":"Children","Option":"Write"},{"CIMType":"String","Description":"Choice setting value: an OptionDefinition ItemId.","Name":"Value","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphDeviceManagementConfigurationSettingValueTemplateReference","Description":"Setting value template reference","Name":"SettingValueTemplateReference","Option":"Write"},{"CIMType":"String","Description":"The type of the entity.","Name":"odataType","Option":"Write","ValueMap":["#microsoft.graph.deviceManagementConfigurationChoiceSettingValue","#microsoft.graph.deviceManagementConfigurationGroupSettingValue","#microsoft.graph.deviceManagementConfigurationSimpleSettingValue"],"Values":["#microsoft.graph.deviceManagementConfigurationChoiceSettingValue","#microsoft.graph.deviceManagementConfigurationGroupSettingValue","#microsoft.graph.deviceManagementConfigurationSimpleSettingValue"]}],"Description":"Intune Setting Catalog Custom Policy for Windows10"},{"ClassName":"MSFT_MicrosoftGraphDeviceManagementConfigurationSettingValueTemplateReference","Parameters":[{"CIMType":"String","Description":"Setting value template id","Name":"settingValueTemplateId","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether to update policy setting value to match template setting default value","Name":"useTemplateDefault","Option":"Write"}],"Description":"Intune Setting Catalog Custom Policy for Windows10"},{"ClassName":"MSFT_MicrosoftGraphDeviceManagementConfigurationGroupSettingValue","Parameters":[{"CIMType":"MSFT_MicrosoftGraphDeviceManagementConfigurationSettingInstance[]","Description":"Collection of child setting instances contained within this GroupSetting","Name":"Children","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphDeviceManagementConfigurationSettingValueTemplateReference","Description":"Setting value template reference","Name":"SettingValueTemplateReference","Option":"Write"},{"CIMType":"String","Description":"Choice setting value: an OptionDefinition ItemId.","Name":"Value","Option":"Write"},{"CIMType":"String","Description":"The type of the entity.","Name":"odataType","Option":"Write","ValueMap":["#microsoft.graph.deviceManagementConfigurationChoiceSettingValue","#microsoft.graph.deviceManagementConfigurationGroupSettingValue","#microsoft.graph.deviceManagementConfigurationSimpleSettingValue"],"Values":["#microsoft.graph.deviceManagementConfigurationChoiceSettingValue","#microsoft.graph.deviceManagementConfigurationGroupSettingValue","#microsoft.graph.deviceManagementConfigurationSimpleSettingValue"]}],"Description":"Intune Setting Catalog Custom Policy for Windows10"},{"ClassName":"MSFT_MicrosoftGraphDeviceManagementConfigurationSimpleSettingValue","Parameters":[{"CIMType":"UInt32","Description":"Value of the integer setting.","Name":"IntValue","Option":"Write"},{"CIMType":"String","Description":"Value of the string setting.","Name":"StringValue","Option":"Write"},{"CIMType":"String","Description":"Gets or sets a value indicating the encryption state of the Value property. Possible values are: invalid, notEncrypted, encryptedValueToken.","Name":"ValueState","Option":"Write","ValueMap":["invalid","notEncrypted","encryptedValueToken"],"Values":["invalid","notEncrypted","encryptedValueToken"]},{"CIMType":"String","Description":"The type of the entity.","Name":"odataType","Option":"Write","ValueMap":["#microsoft.graph.deviceManagementConfigurationIntegerSettingValue","#microsoft.graph.deviceManagementConfigurationStringSettingValue","#microsoft.graph.deviceManagementConfigurationSecretSettingValue"],"Values":["#microsoft.graph.deviceManagementConfigurationIntegerSettingValue","#microsoft.graph.deviceManagementConfigurationStringSettingValue","#microsoft.graph.deviceManagementConfigurationSecretSettingValue"]},{"CIMType":"MSFT_MicrosoftGraphDeviceManagementConfigurationSettingValueTemplateReference","Description":"Setting value template reference","Name":"SettingValueTemplateReference","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphDeviceManagementConfigurationSettingInstance[]","Description":"Child settings.","Name":"Children","Option":"Write"}],"Description":"Intune Setting Catalog Custom Policy for Windows10"},{"ClassName":"MSFT_IntuneSettingCatalogCustomPolicyWindows10","Parameters":[{"CIMType":"String","Description":"Policy description","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Policy name","Name":"Name","Option":"Key"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"String","Description":"Platforms for this policy. Possible values are: none, android, iOS, macOS, windows10X, windows10, linux, unknownFutureValue.","Name":"Platforms","Option":"Write","ValueMap":["none","android","iOS","macOS","windows10X","windows10","linux","unknownFutureValue"],"Values":["none","android","iOS","macOS","windows10X","windows10","linux","unknownFutureValue"]},{"CIMType":"String","Description":"Technologies for this policy. Possible values are: none, mdm, windows10XManagement, configManager, appleRemoteManagement, microsoftSense, exchangeOnline, edgeMAM, linuxMdm, enrollment, endpointPrivilegeManagement, unknownFutureValue.","Name":"Technologies","Option":"Write","ValueMap":["none","mdm","windows10XManagement","configManager","appleRemoteManagement","microsoftSense","exchangeOnline","linuxMdm","enrollment","endpointPrivilegeManagement","unknownFutureValue"],"Values":["none","mdm","windows10XManagement","configManager","appleRemoteManagement","microsoftSense","exchangeOnline","linuxMdm","enrollment","endpointPrivilegeManagement","unknownFutureValue"]},{"CIMType":"MSFT_MicrosoftGraphdeviceManagementConfigurationPolicyTemplateReference","Description":"Template reference information","Name":"TemplateReference","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphdeviceManagementConfigurationSetting[]","Description":"Policy settings","Name":"Settings","Option":"Write"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Setting Catalog Custom Policy for Windows10"},{"ClassName":"MSFT_IntuneTermsAndConditions","Parameters":[{"CIMType":"String","Description":"Administrator-supplied explanation of the terms and conditions, typically describing what it means to accept the terms and conditions set out in the T&C policy. This is shown to the user on prompts to accept the T&C policy.","Name":"AcceptanceStatement","Option":"Write"},{"CIMType":"String","Description":"Administrator-supplied body text of the terms and conditions, typically the terms themselves. This is shown to the user on prompts to accept the T&C policy.","Name":"BodyText","Option":"Write"},{"CIMType":"String","Description":"Administrator-supplied description of the T&C policy.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Administrator-supplied name for the T&C policy.","Name":"DisplayName","Option":"Key"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"String","Description":"Administrator-supplied title of the terms and conditions. This is shown to the user on prompts to accept the T&C policy.","Name":"Title","Option":"Write"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Terms And Conditions"},{"ClassName":"MSFT_IntuneTrustedRootCertificateAndroidDeviceOwner","Parameters":[{"CIMType":"String","Description":"Id of the Intune policy.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"Display name of the Intune policy.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"Admin provided description of the Device Configuration. Inherited from managedDeviceMobileAppConfiguration","Name":"Description","Option":"Write"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"String","Description":"File name to display in UI.","Name":"certFileName","Option":"Write"},{"CIMType":"String","Description":"Trusted Root Certificate.","Name":"trustedRootCertificate","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Credentials of the Intune Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures an Intune Android Device Owner Trusted Root Certificate Policy."},{"ClassName":"MSFT_IntuneTrustedRootCertificateAndroidWork","Parameters":[{"CIMType":"String","Description":"Id of the Intune policy.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"Display name of the Intune policy.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"Admin provided description of the Device Configuration. Inherited from managedDeviceMobileAppConfiguration","Name":"Description","Option":"Write"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"String","Description":"File name to display in UI.","Name":"certFileName","Option":"Write"},{"CIMType":"String","Description":"Trusted Root Certificate.","Name":"trustedRootCertificate","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Credentials of the Intune Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures an Intune Android Work Trusted Root Certificate Policy."},{"ClassName":"MSFT_IntuneTrustedRootCertificateIOS","Parameters":[{"CIMType":"String","Description":"Id of the Intune policy.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"Display name of the Intune policy.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"Admin provided description of the Device Configuration. Inherited from managedDeviceMobileAppConfiguration","Name":"Description","Option":"Write"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"String","Description":"File name to display in UI.","Name":"certFileName","Option":"Write"},{"CIMType":"String","Description":"Trusted Root Certificate.","Name":"trustedRootCertificate","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Credentials of the Intune Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures an Intune iOS Trusted Root Certificate Policy."},{"ClassName":"MSFT_MicrosoftGraphCloudPcCrossRegionDisasterRecoverySetting","Parameters":[{"CIMType":"MSFT_MicrosoftGraphCloudPcDisasterRecoveryNetworkSetting","Description":"Indicates the network settings of the Cloud PC during a cross-region disaster recovery operation.","Name":"DisasterRecoveryNetworkSetting","Option":"Write"},{"CIMType":"String","Description":"Indicates the type of disaster recovery to perform when a disaster occurs on the user's Cloud PC. The possible values are: notConfigured, crossRegion, premium, unknownFutureValue. The default value is notConfigured.","Name":"DisasterRecoveryType","Option":"Write","ValueMap":["notConfigured","crossRegion","premium","unknownFutureValue"],"Values":["notConfigured","crossRegion","premium","unknownFutureValue"]},{"CIMType":"Boolean","Description":"Indicates whether Windows 365 maintain the cross-region disaster recovery function generated restore points. If true, the Windows 365 stored restore points false indicates that Windows 365 doesn't generate or keep the restore point from the original Cloud PC. If a disaster occurs, the new Cloud PC can only be provisioned using the initial image. This limitation can result in the loss of some user data on the original Cloud PC. The default value is false.","Name":"MaintainCrossRegionRestorePointEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether the client allows the end user to initiate a disaster recovery activation. True indicates that the client includes the option for the end user to activate Backup Cloud PC. When false, the end user doesn't have the option to activate disaster recovery. The default value is false. Currently, only premium disaster recovery is supported.","Name":"UserInitiatedDisasterRecoveryAllowed","Option":"Write"}],"Description":"Intune User Settings Policy for Windows365"},{"ClassName":"MSFT_MicrosoftGraphCloudPcDisasterRecoveryNetworkSetting","Parameters":[{"CIMType":"String","Description":"Indicates the display name of the virtual network that the new Cloud PC joins.  Only applicable for the '#microsoft.graph.cloudPcDisasterRecoveryAzureConnectionSetting' odata type.","Name":"OnPremisesConnectionId","Option":"Write"},{"CIMType":"String","Description":"Indicates the logic geographic group this region belongs to. Multiple regions can belong to one region group. When a region group is configured for disaster recovery, the new Cloud PC is assigned to one of the regions within the group based on resource availability. For example, the europeUnion region group contains the North Europe and West Europe regions.  Only applicable for the '#microsoft.graph.cloudPcDisasterRecoveryMicrosoftHostedNetworkSetting' odata type. Possible values are: default, australia, canada, usCentral, usEast, usWest, france, germany, europeUnion, unitedKingdom, japan, asia, india, southAmerica, euap, usGovernment, usGovernmentDOD, unknownFutureValue, norway, switzerland, southKorea, middleEast, mexico, australasia, europe. Use the Prefer: include-unknown-enum-members request header to get the following values in this evolvable enum: norway, switzerland, southKorea, middleEast, mexico, australasia, europe.","Name":"RegionGroup","Option":"Write","ValueMap":["default","australia","canada","usCentral","usEast","usWest","france","germany","europeUnion","unitedKingdom","japan","asia","india","southAmerica","euap","usGovernment","usGovernmentDOD","unknownFutureValue","norway","switzerland","southKorea","middleEast","mexico","australasia","europe"],"Values":["default","australia","canada","usCentral","usEast","usWest","france","germany","europeUnion","unitedKingdom","japan","asia","india","southAmerica","euap","usGovernment","usGovernmentDOD","unknownFutureValue","norway","switzerland","southKorea","middleEast","mexico","australasia","europe"]},{"CIMType":"String","Description":"Indicates the Azure region that the new Cloud PC is assigned to. The Windows 365 service creates and manages the underlying virtual network. Only applicable for the '#microsoft.graph.cloudPcDisasterRecoveryMicrosoftHostedNetworkSetting' odata type.","Name":"RegionName","Option":"Write"},{"CIMType":"String","Description":"The type of the entity.","Name":"odataType","Option":"Write","ValueMap":["#microsoft.graph.cloudPcDisasterRecoveryAzureConnectionSetting","#microsoft.graph.cloudPcDisasterRecoveryMicrosoftHostedNetworkSetting"],"Values":["#microsoft.graph.cloudPcDisasterRecoveryAzureConnectionSetting","#microsoft.graph.cloudPcDisasterRecoveryMicrosoftHostedNetworkSetting"]}],"Description":"Intune User Settings Policy for Windows365"},{"ClassName":"MSFT_MicrosoftGraphCloudPcNotificationSetting","Parameters":[{"CIMType":"Boolean","Description":"If true, doesn't prompt the user to restart the Cloud PC. If false, prompts the user to restart Cloud PC. The default value is false.","Name":"RestartPromptsDisabled","Option":"Write"}],"Description":"Intune User Settings Policy for Windows365"},{"ClassName":"MSFT_MicrosoftGraphCloudPcRestorePointSetting","Parameters":[{"CIMType":"String","Description":"The time interval in hours to take snapshots (restore points) of a Cloud PC automatically. Possible values are: default, fourHours, sixHours, twelveHours, sixteenHours, twentyFourHours. The default value is default that indicates that the time interval for automatic capturing of restore point snapshots is set to 12 hours.","Name":"FrequencyType","Option":"Write","ValueMap":["default","fourHours","sixHours","twelveHours","sixteenHours","twentyFourHours"],"Values":["default","fourHours","sixHours","twelveHours","sixteenHours","twentyFourHours"]},{"CIMType":"Boolean","Description":"If true, the user has the ability to use snapshots to restore Cloud PCs. If false, non-admin users can't use snapshots to restore the Cloud PC.","Name":"UserRestoreEnabled","Option":"Write"}],"Description":"Intune User Settings Policy for Windows365"},{"ClassName":"MSFT_IntuneUserSettingsPolicyWindows365","Parameters":[{"CIMType":"MSFT_MicrosoftGraphcloudPcCrossRegionDisasterRecoverySetting","Description":"Defines whether the user's Cloud PC enables cross-region disaster recovery and specifies the network for the disaster recovery.","Name":"CrossRegionDisasterRecoverySetting","Option":"Write"},{"CIMType":"String","Description":"The setting name displayed in the user interface.","Name":"DisplayName","Option":"Key"},{"CIMType":"Boolean","Description":"Indicates whether the local admin option is enabled. Default value is false. To enable the local admin option, change the setting to true. If the local admin option is enabled, the end user can be an admin of the Cloud PC device.","Name":"LocalAdminEnabled","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphcloudPcNotificationSetting","Description":"Defines the setting of the Cloud PC notification prompts for the Cloud PC user.","Name":"NotificationSetting","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether an end user is allowed to reset their Cloud PC. When true, the user is allowed to reset their Cloud PC. When false, end-user initiated reset isn't allowed. The default value is false.","Name":"ResetEnabled","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphcloudPcRestorePointSetting","Description":"Defines how frequently a restore point is created (that is, a snapshot is taken) for users' provisioned Cloud PCs (default is 12 hours), and whether the user is allowed to restore their own Cloud PCs to a backup made at a specific point in time.","Name":"RestorePointSetting","Option":"Write"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune User Settings Policy for Windows365"},{"ClassName":"MSFT_MicrosoftvpnProxyServer","Parameters":[{"CIMType":"String","Description":"Proxy's automatic configuration script url.","Name":"automaticConfigurationScriptUrl","Option":"Write"},{"CIMType":"String","Description":"Address.","Name":"address","Option":"Key"},{"CIMType":"uint32","Description":"Port. Valid values 0 to 65535.","Name":"port","Option":"Key"}],"Description":"This resource configures an Intune VPN Configuration Policy for Android Device Owner Devices."},{"ClassName":"MSFT_targetedMobileApps","Parameters":[{"CIMType":"String","Description":"The application name.","Name":"name","Option":"Write"},{"CIMType":"String","Description":"The publisher of the application.","Name":"publisher","Option":"Write"},{"CIMType":"String","Description":"The Store URL of the application.","Name":"appStoreUrl","Option":"Write"},{"CIMType":"String","Description":"The application or bundle identifier of the application.","Name":"appId","Option":"Key"}],"Description":"This resource configures an Intune VPN Configuration Policy for Android Device Owner Devices."},{"ClassName":"MSFT_CustomData","Parameters":[{"CIMType":"String","Description":"Key for the custom data entry.","Name":"key","Option":"Key"},{"CIMType":"String","Description":"Value for the custom data entry.","Name":"value","Option":"Write"}],"Description":"This resource configures an Intune VPN Configuration Policy for Android Device Owner Devices."},{"ClassName":"MSFT_customKeyValueData","Parameters":[{"CIMType":"String","Description":"Name for the custom data entry.","Name":"name","Option":"Key"},{"CIMType":"String","Description":"Value for the custom data entry.","Name":"value","Option":"Write"}],"Description":"This resource configures an Intune VPN Configuration Policy for Android Device Owner Devices."},{"ClassName":"MSFT_IntuneVPNConfigurationPolicyAndroidDeviceOwner","Parameters":[{"CIMType":"String","Description":"Id of the Intune policy.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"Display name of the Intune policy.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"Description of the Intune policy.","Name":"Description","Option":"Write"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"String","Description":"Authentication method. Inherited from vpnConfiguration. Possible values are: certificate, usernameAndPassword, sharedSecret, derivedCredential, azureAD.","Name":"authenticationMethod","Option":"Write","ValueMap":["certificate","usernameAndPassword","sharedSecret","derivedCredential","azureAD"],"Values":["certificate","usernameAndPassword","sharedSecret","derivedCredential","azureAD"]},{"CIMType":"String","Description":"Connection name displayed to the user.","Name":"connectionName","Option":"Write"},{"CIMType":"String","Description":"Role when connection type is set to Pulse Secure. Inherited from vpnConfiguration.","Name":"role","Option":"Write"},{"CIMType":"String","Description":"Realm when connection type is set to Pulse Secure. Inherited from vpnConfiguration.","Name":"realm","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphvpnServer[]","Description":"VPN Server on the network. Make sure end users can access this network location.","Name":"servers","Option":"Write"},{"CIMType":"String","Description":"Connection type. Possible values are: ciscoAnyConnect, pulseSecure, f5EdgeClient, dellSonicWallMobileConnect, checkPointCapsuleVpn, citrix, microsoftTunnel, netMotionMobility, microsoftProtect.","Name":"connectionType","Option":"Write","ValueMap":["ciscoAnyConnect","pulseSecure","f5EdgeClient","dellSonicWallMobileConnect","checkPointCapsuleVpn","citrix","microsoftTunnel","netMotionMobility","microsoftProtect"],"Values":["ciscoAnyConnect","pulseSecure","f5EdgeClient","dellSonicWallMobileConnect","checkPointCapsuleVpn","citrix","microsoftTunnel","netMotionMobility","microsoftProtect"]},{"CIMType":"MSFT_MicrosoftvpnProxyServer[]","Description":"Proxy Server.","Name":"proxyServer","Option":"Write"},{"CIMType":"String[]","Description":"Targeted App package IDs.","Name":"targetedPackageIds","Option":"Write"},{"CIMType":"MSFT_targetedMobileApps[]","Description":"Targeted mobile apps. This collection can contain a maximum of 500 elements.","Name":"targetedMobileApps","Option":"Write"},{"CIMType":"Boolean","Description":"Whether or not to enable always-on VPN connection.","Name":"alwaysOn","Option":"Write"},{"CIMType":"Boolean","Description":"If always-on VPN connection is enabled, whether or not to lock network traffic when that VPN is disconnected.","Name":"alwaysOnLockdown","Option":"Write"},{"CIMType":"String","Description":"Microsoft Tunnel site ID.","Name":"microsoftTunnelSiteId","Option":"Write"},{"CIMType":"String[]","Description":"List of hosts to exclude using the proxy on connections for. These hosts can use wildcards such as *.example.com.","Name":"proxyExclusionList","Option":"Write"},{"CIMType":"MSFT_customData[]","Description":"Custom data to define key/value pairs specific to a VPN provider. This collection can contain a maximum of 25 elements.","Name":"customData","Option":"Write"},{"CIMType":"MSFT_customKeyValueData[]","Description":"Custom data to define key/value pairs specific to a VPN provider. This collection can contain a maximum of 25 elements.","Name":"customKeyValueData","Option":"Write"},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Intune Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures an Intune VPN Configuration Policy for Android Device Owner Devices."},{"ClassName":"MSFT_IntuneVPNConfigurationPolicyAndroidWork","Parameters":[{"CIMType":"String","Description":"Id of the Intune policy.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"Display name of the Intune policy.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"Description of the Intune policy.","Name":"Description","Option":"Write"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"String","Description":"Authentication method. Inherited from vpnConfiguration. Possible values are: certificate, usernameAndPassword, sharedSecret, derivedCredential, azureAD.","Name":"authenticationMethod","Option":"Write","ValueMap":["certificate","usernameAndPassword","sharedSecret","derivedCredential","azureAD"],"Values":["certificate","usernameAndPassword","sharedSecret","derivedCredential","azureAD"]},{"CIMType":"String","Description":"Connection name displayed to the user.","Name":"connectionName","Option":"Write"},{"CIMType":"String","Description":"Role when connection type is set to Pulse Secure. Inherited from vpnConfiguration.","Name":"role","Option":"Write"},{"CIMType":"String","Description":"Realm when connection type is set to Pulse Secure. Inherited from vpnConfiguration.","Name":"realm","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphvpnServer[]","Description":"VPN Server on the network. Make sure end users can access this network location.","Name":"servers","Option":"Write"},{"CIMType":"String","Description":"Connection type. Possible values are: ciscoAnyConnect, pulseSecure, f5EdgeClient, dellSonicWallMobileConnect, checkPointCapsuleVpn, citrix, microsoftTunnel, netMotionMobility, microsoftProtect.","Name":"connectionType","Option":"Write","ValueMap":["ciscoAnyConnect","pulseSecure","f5EdgeClient","dellSonicWallMobileConnect","checkPointCapsuleVpn","citrix","microsoftTunnel","netMotionMobility","microsoftProtect"],"Values":["ciscoAnyConnect","pulseSecure","f5EdgeClient","dellSonicWallMobileConnect","checkPointCapsuleVpn","citrix","microsoftTunnel","netMotionMobility","microsoftProtect"]},{"CIMType":"MSFT_MicrosoftvpnProxyServer[]","Description":"Proxy Server.","Name":"proxyServer","Option":"Write"},{"CIMType":"String[]","Description":"Targeted App package IDs.","Name":"targetedPackageIds","Option":"Write"},{"CIMType":"MSFT_targetedMobileApps[]","Description":"Targeted mobile apps. This collection can contain a maximum of 500 elements.","Name":"targetedMobileApps","Option":"Write"},{"CIMType":"Boolean","Description":"Whether or not to enable always-on VPN connection.","Name":"alwaysOn","Option":"Write"},{"CIMType":"Boolean","Description":"If always-on VPN connection is enabled, whether or not to lock network traffic when that VPN is disconnected.","Name":"alwaysOnLockdown","Option":"Write"},{"CIMType":"String","Description":"Microsoft Tunnel site ID.","Name":"microsoftTunnelSiteId","Option":"Write"},{"CIMType":"String[]","Description":"List of hosts to exclude using the proxy on connections for. These hosts can use wildcards such as *.example.com.","Name":"proxyExclusionList","Option":"Write"},{"CIMType":"MSFT_customData[]","Description":"Custom data to define key/value pairs specific to a VPN provider. This collection can contain a maximum of 25 elements.","Name":"customData","Option":"Write"},{"CIMType":"MSFT_customKeyValueData[]","Description":"Custom data to define key/value pairs specific to a VPN provider. This collection can contain a maximum of 25 elements.","Name":"customKeyValueData","Option":"Write"},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Intune Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures an Intune VPN Configuration Policy for Android Work Devices."},{"ClassName":"MSFT_DeviceManagementConfigurationPolicyVpnOnDemandRule","Parameters":[{"CIMType":"String[]","Description":"Network Service Set Identifiers (SSIDs).","Name":"ssids","Option":"Write"},{"CIMType":"String[]","Description":"DNS Search Domains.","Name":"dnsSearchDomains","Option":"Write"},{"CIMType":"String","Description":"A URL to probe. If this URL is successfully fetched, returning a 200 HTTP status code, without redirection, this rule matches.","Name":"probeUrl","Option":"Write"},{"CIMType":"String","Description":"Action. Possible values are: connect, evaluateConnection, ignore, disconnect.","Name":"action","Option":"Write","ValueMap":["connect","evaluateConnection","ignore","disconnect"],"Values":["connect","evaluateConnection","ignore","disconnect"]},{"CIMType":"String","Description":"Domain Action, Only applicable when Action is evaluate connection. Possible values are: connectIfNeeded, neverConnect.","Name":"domainAction","Option":"Write","ValueMap":["connectIfNeeded","neverConnect"],"Values":["connectIfNeeded","neverConnect"]},{"CIMType":"String[]","Description":"Domains, Only applicable when Action is evaluate connection.","Name":"domains","Option":"Write"},{"CIMType":"String","Description":"Probe Required URL. Only applicable when Action is evaluate connection and DomainAction is connectIfNeeded.","Name":"probeRequiredUrl","Option":"Write"},{"CIMType":"String","Description":"Network interface to trigger VPN. Possible values are: notConfigured, ethernet, wiFi, cellular.","Name":"interfaceTypeMatch","Option":"Write","ValueMap":["notConfigured","ethernet","wiFi","cellular"],"Values":["notConfigured","ethernet","wiFi","cellular"]},{"CIMType":"String[]","Description":"DNS Search Server Address.","Name":"dnsServerAddressMatch","Option":"Write"}],"Description":"This resource configures an Intune VPN Configuration Policy for iOS Device."},{"ClassName":"MSFT_IntuneVPNConfigurationPolicyIOS","Parameters":[{"CIMType":"String","Description":"Id of the Intune policy.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"Display name of the Intune policy.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"Description of the Intune policy.","Name":"Description","Option":"Write"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"String","Description":"Connection name displayed to the user.","Name":"connectionName","Option":"Write"},{"CIMType":"String","Description":"Connection type. Possible values are: ciscoAnyConnect, pulseSecure, f5EdgeClient, dellSonicWallMobileConnect, checkPointCapsuleVpn, customVpn, ciscoIPSec, citrix, ciscoAnyConnectV2, paloAltoGlobalProtect, zscalerPrivateAccess, f5Access2018, citrixSso, paloAltoGlobalProtectV2, ikEv2, alwaysOn, microsoftTunnel, netMotionMobility, microsoftProtect.","Name":"connectionType","Option":"Write","ValueMap":["ciscoAnyConnect","pulseSecure","f5EdgeClient","dellSonicWallMobileConnect","checkPointCapsuleVpn","customVpn","ciscoIPSec","citrix","ciscoAnyConnectV2","paloAltoGlobalProtect","zscalerPrivateAccess","f5Access2018","citrixSso","paloAltoGlobalProtectV2","ikEv2","alwaysOn","microsoftTunnel","netMotionMobility","microsoftProtect"],"Values":["ciscoAnyConnect","pulseSecure","f5EdgeClient","dellSonicWallMobileConnect","checkPointCapsuleVpn","customVpn","ciscoIPSec","citrix","ciscoAnyConnectV2","paloAltoGlobalProtect","zscalerPrivateAccess","f5Access2018","citrixSso","paloAltoGlobalProtectV2","ikEv2","alwaysOn","microsoftTunnel","netMotionMobility","microsoftProtect"]},{"CIMType":"Boolean","Description":"Send all network traffic through VPN.","Name":"enableSplitTunneling","Option":"Write"},{"CIMType":"String","Description":"Authentication method for this VPN connection.","Name":"authenticationMethod","Option":"Write","ValueMap":["certificate","usernameAndPassword","sharedSecret","derivedCredential","azureAD"],"Values":["certificate","usernameAndPassword","sharedSecret","derivedCredential","azureAD"]},{"CIMType":"String[]","Description":"Safari domains when this VPN per App setting is enabled. In addition to the apps associated with this VPN, Safari domains specified here will also be able to trigger this VPN connection.","Name":"safariDomains","Option":"Write"},{"CIMType":"String[]","Description":"Associated Domains. These domains will be linked with the VPN configuration.","Name":"associatedDomains","Option":"Write"},{"CIMType":"String[]","Description":"Domains that are accessed through the public internet instead of through VPN, even when per-app VPN is activated.","Name":"excludedDomains","Option":"Write"},{"CIMType":"MSFT_MicrosoftvpnProxyServer[]","Description":"Represents the assignment to the Intune policy.","Name":"proxyServer","Option":"Write"},{"CIMType":"Boolean","Description":"Opt-In to sharing the device's Id to third-party vpn clients for use during network access control validation.","Name":"optInToDeviceIdSharing","Option":"Write"},{"CIMType":"String[]","Description":"Not documented on https://learn.microsoft.com/en-us/graph/api/resources/intune-deviceconfig-applevpnconfiguration?view=graph-rest-beta.","Name":"excludeList","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphvpnServer[]","Description":"VPN Server on the network. Make sure end users can access this network location.","Name":"server","Option":"Write"},{"CIMType":"MSFT_customData[]","Description":"Use this field to enable functionality not supported by Intune, but available in your VPN solution. Contact your VPN vendor to learn how to add these key/value pairs. This collection can contain a maximum of 25 elements","Name":"customData","Option":"Write"},{"CIMType":"MSFT_customKeyValueData[]","Description":"Use this field to enable functionality not supported by Intune, but available in your VPN solution. Contact your VPN vendor to learn how to add these key/value pairs. This collection can contain a maximum of 25 elements","Name":"customKeyValueData","Option":"Write"},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyVpnOnDemandRule[]","Description":"On-Demand Rules. This collection can contain a maximum of 500 elements.","Name":"onDemandRules","Option":"Write"},{"CIMType":"String[]","Description":"Not documented on https://learn.microsoft.com/en-us/graph/api/resources/intune-deviceconfig-applevpnconfiguration?view=graph-rest-beta.","Name":"targetedMobileApps","Option":"Write"},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Intune Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"},{"CIMType":"uint32","Description":"Version of the device configuration. Inherited from deviceConfiguration.","Name":"version","Option":"Write"},{"CIMType":"String","Description":"Login group or domain when connection type is set to Dell SonicWALL Mobile Connection. Inherited from appleVpnConfiguration.","Name":"loginGroupOrDomain","Option":"Write"},{"CIMType":"String","Description":"Role when connection type is set to Pulse Secure. Inherited from appleVpnConfiguration.","Name":"role","Option":"Write"},{"CIMType":"String","Description":"Realm when connection type is set to Pulse Secure. Inherited from appleVpnConfiguration.","Name":"realm","Option":"Write"},{"CIMType":"String","Description":"Identifier provided by VPN vendor when connection type is set to Custom VPN. For example: Cisco AnyConnect uses an identifier of the form com.cisco.anyconnect.applevpn.plugin Inherited from appleVpnConfiguration.","Name":"identifier","Option":"Write"},{"CIMType":"Boolean","Description":"Setting this to true creates Per-App VPN payload which can later be associated with Apps that can trigger this VPN conneciton on the end user's iOS device. Inherited from appleVpnConfiguration.","Name":"enablePerApp","Option":"Write"},{"CIMType":"String","Description":"Provider type for per-app VPN. Inherited from appleVpnConfiguration. Possible values are: notConfigured, appProxy, packetTunnel.","Name":"providerType","Option":"Write","ValueMap":["notConfigured","appProxy","packetTunnel"],"Values":["notConfigured","appProxy","packetTunnel"]},{"CIMType":"Boolean","Description":"Toggle to prevent user from disabling automatic VPN in the Settings app Inherited from appleVpnConfiguration.","Name":"disableOnDemandUserOverride","Option":"Write"},{"CIMType":"Boolean","Description":"Whether to disconnect after on-demand connection idles Inherited from appleVpnConfiguration","Name":"disconnectOnIdle","Option":"Write"},{"CIMType":"uint32","Description":"The length of time in seconds to wait before disconnecting an on-demand connection. Valid values 0 to 65535 Inherited from appleVpnConfiguration.","Name":"disconnectOnIdleTimerInSeconds","Option":"Write"},{"CIMType":"String","Description":"Microsoft Tunnel site ID.","Name":"microsoftTunnelSiteId","Option":"Write"},{"CIMType":"String","Description":"Zscaler only. Zscaler cloud which the user is assigned to.","Name":"cloudName","Option":"Write"},{"CIMType":"Boolean","Description":"Zscaler only. Blocks network traffic until the user signs into Zscaler app. True means traffic is blocked.","Name":"strictEnforcement","Option":"Write"},{"CIMType":"String","Description":"Zscaler only. Enter a static domain to pre-populate the login field with in the Zscaler app. If this is left empty, the user's Azure Active Directory domain will be used instead.","Name":"userDomain","Option":"Write"}],"Description":"This resource configures an Intune VPN Configuration Policy for iOS Device."},{"ClassName":"MSFT_IntuneWifiConfigurationPolicyAndroidEnterpriseDeviceOwner","Parameters":[{"CIMType":"String","Description":"Id of the Intune policy","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"Disaply name of the Intune policy","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"Description of the Intune policy","Name":"Description","Option":"Write"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"Boolean","Description":"If the network is in range, automatically connect.","Name":"ConnectAutomatically","Option":"Write"},{"CIMType":"Boolean","Description":"Don't show this Wi-Fi network on an end-user's device in the list of available networks. The SSID will not be broadcasted.","Name":"ConnectWhenNetworkNameIsHidden","Option":"Write"},{"CIMType":"String","Description":"Network name.","Name":"NetworkName","Option":"Write"},{"CIMType":"String","Description":"Pre shared key.","Name":"PreSharedKey","Option":"Write"},{"CIMType":"Boolean","Description":"Pre shared key is set.","Name":"PreSharedKeyIsSet","Option":"Write"},{"CIMType":"String","Description":"URL of the automatic proxy.","Name":"ProxyAutomaticConfigurationUrl","Option":"Write"},{"CIMType":"String","Description":"Exclusion list of the proxy.","Name":"ProxyExclusionList","Option":"Write"},{"CIMType":"String","Description":"Address of the proxy.","Name":"ProxyManualAddress","Option":"Write"},{"CIMType":"UInt32","Description":"Port of the proxy.","Name":"ProxyManualPort","Option":"Write"},{"CIMType":"String","Description":"Proxy setting type.","Name":"ProxySettings","Option":"Write","ValueMap":["none","manual","automatic"],"Values":["none","manual","automatic"]},{"CIMType":"String","Description":"Service Set Identifier. The name of the Wi-Fi connection.","Name":"Ssid","Option":"Write"},{"CIMType":"String","Description":"Type of Wi-Fi profile.","Name":"WiFiSecurityType","Option":"Write","ValueMap":["open","wep","wpaPersonal","wpaEnterprise"],"Values":["open","wep","wpaPersonal","wpaEnterprise"]},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Intune Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures an Intune Wifi Configuration Policy for Android Enterprise, Full Managed Work Profile of Enterprise Wi-Fi type."},{"ClassName":"MSFT_IntuneWifiConfigurationPolicyAndroidEnterpriseWorkProfile","Parameters":[{"CIMType":"String","Description":"Id of the Intune policy.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"Display name of the Intune policy.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"Description of the Intune policy.","Name":"Description","Option":"Write"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"Boolean","Description":"Connect automatically.","Name":"ConnectAutomatically","Option":"Write"},{"CIMType":"Boolean","Description":"Connect when network name is hidden.","Name":"ConnectWhenNetworkNameIsHidden","Option":"Write"},{"CIMType":"String","Description":"Network name.","Name":"NetworkName","Option":"Write"},{"CIMType":"String","Description":"SSID.","Name":"Ssid","Option":"Write"},{"CIMType":"String","Description":"Wi-Fi security.","Name":"WiFiSecurityType","Option":"Write","ValueMap":["open","wpaEnterprise","wpa2Enterprise"],"Values":["open","wpaEnterprise","wpa2Enterprise"]},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Intune Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures an Intune Wifi Configuration Policy for Android Enterprise, Personally Owned Work Profile of Basic Wi-Fi type."},{"ClassName":"MSFT_IntuneWifiConfigurationPolicyAndroidForWork","Parameters":[{"CIMType":"String","Description":"Id of the Intune policy.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"Display name of the Intune policy.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"Description of the Intune policy.","Name":"Description","Option":"Write"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"Boolean","Description":"Connect automatically","Name":"ConnectAutomatically","Option":"Write"},{"CIMType":"Boolean","Description":"Connect when network name is hidden","Name":"ConnectWhenNetworkNameIsHidden","Option":"Write"},{"CIMType":"String","Description":"Network name","Name":"NetworkName","Option":"Write"},{"CIMType":"String","Description":"SSID","Name":"Ssid","Option":"Write"},{"CIMType":"String","Description":"Wi-Fi security","Name":"WiFiSecurityType","Option":"Write","ValueMap":["open","wpaEnterprise","wpa2Enterprise"],"Values":["open","wpaEnterprise","wpa2Enterprise"]},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Intune Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures an Intune Wifi Configuration Policy Android For Work Device."},{"ClassName":"MSFT_IntuneWifiConfigurationPolicyAndroidOpenSourceProject","Parameters":[{"CIMType":"String","Description":"Id of the Intune policy.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"Display name of the Intune policy.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"Description of the Intune policy.","Name":"Description","Option":"Write"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"Boolean","Description":"Connect automatically to the network.","Name":"ConnectAutomatically","Option":"Write"},{"CIMType":"Boolean","Description":"Define if the network should be connected if hidden.","Name":"ConnectWhenNetworkNameIsHidden","Option":"Write"},{"CIMType":"String","Description":"Define the network name.","Name":"NetworkName","Option":"Write"},{"CIMType":"String","Description":"Define the pre-shared key.","Name":"PreSharedKey","Option":"Write"},{"CIMType":"Boolean","Description":"Define if the pre-shared key is set.","Name":"PreSharedKeyIsSet","Option":"Write"},{"CIMType":"String","Description":"Define the SSID.","Name":"Ssid","Option":"Write"},{"CIMType":"String","Description":"Define the Wifi security type.","Name":"WiFiSecurityType","Option":"Write","ValueMap":["open","wep","wpaPersonal","wpaEnterprise"],"Values":["open","wep","wpaPersonal","wpaEnterprise"]},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Intune Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures an Intune Wifi Configuration Policy for Android Open Source Project, Basic Wi-Fi type."},{"ClassName":"MSFT_IntuneWifiConfigurationPolicyIOS","Parameters":[{"CIMType":"String","Description":"Id of the Intune policy.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"Display name of the Intune policy.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"Description of the Intune policy.","Name":"Description","Option":"Write"},{"CIMType":"Boolean","Description":"Connect automatically","Name":"ConnectAutomatically","Option":"Write"},{"CIMType":"Boolean","Description":"Connect when network name is hidden","Name":"ConnectWhenNetworkNameIsHidden","Option":"Write"},{"CIMType":"Boolean","Description":"Disable the MAC address randomization.","Name":"DisableMacAddressRandomization","Option":"Write"},{"CIMType":"Boolean","Description":"If the pre shared key should be updated, even if the policy is already equal.","Name":"ForcePreSharedKeyUpdate","Option":"Write"},{"CIMType":"String","Description":"Network name","Name":"NetworkName","Option":"Write"},{"CIMType":"String","Description":"Pre shared key","Name":"PreSharedKey","Option":"Write"},{"CIMType":"String","Description":"Proxy automatic configuration url","Name":"ProxyAutomaticConfigurationUrl","Option":"Write"},{"CIMType":"String","Description":"Proxy manual address","Name":"ProxyManualAddress","Option":"Write"},{"CIMType":"UInt32","Description":"Proxy manual port","Name":"ProxyManualPort","Option":"Write"},{"CIMType":"String","Description":"Proxy settings","Name":"ProxySettings","Option":"Write","ValueMap":["none","manual","automatic"],"Values":["none","manual","automatic"]},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"String","Description":"SSID","Name":"Ssid","Option":"Write"},{"CIMType":"String","Description":"Wi-Fi security","Name":"WiFiSecurityType","Option":"Write","ValueMap":["open","wpaPersonal","wpaEnterprise","wep","wpa2Personal","wpa2Enterprise"],"Values":["open","wpaPersonal","wpaEnterprise","wep","wpa2Personal","wpa2Enterprise"]},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Intune Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures an Intune Wifi Configuration Policy for iOS with Basic Wi-Fi type."},{"ClassName":"MSFT_IntuneWifiConfigurationPolicyMacOS","Parameters":[{"CIMType":"String","Description":"Id of the Intune policy.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"Display name of the Intune policy.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"Description of the Intune policy.","Name":"Description","Option":"Write"},{"CIMType":"Boolean","Description":"Connect automatically","Name":"ConnectAutomatically","Option":"Write"},{"CIMType":"Boolean","Description":"Connect when network name is hidden","Name":"ConnectWhenNetworkNameIsHidden","Option":"Write"},{"CIMType":"String","Description":"Indicates the deployment channel type used to deploy the configuration profile.","Name":"DeploymentChannel","Option":"Write","ValueMap":["deviceChannel","userChannel"],"Values":["deviceChannel","userChannel"]},{"CIMType":"Boolean","Description":"If the pre shared key should be updated, even if the policy is already equal.","Name":"ForcePreSharedKeyUpdate","Option":"Write"},{"CIMType":"String","Description":"Network name","Name":"NetworkName","Option":"Write"},{"CIMType":"String","Description":"Pre shared key","Name":"PreSharedKey","Option":"Write"},{"CIMType":"String","Description":"Proxy automatic configuration url","Name":"ProxyAutomaticConfigurationUrl","Option":"Write"},{"CIMType":"String","Description":"Proxy manual address","Name":"ProxyManualAddress","Option":"Write"},{"CIMType":"UInt32","Description":"Proxy manual port","Name":"ProxyManualPort","Option":"Write"},{"CIMType":"String","Description":"Proxy settings","Name":"ProxySettings","Option":"Write","ValueMap":["none","manual","automatic"],"Values":["none","manual","automatic"]},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"String","Description":"SSID","Name":"Ssid","Option":"Write"},{"CIMType":"String","Description":"Wi-Fi security","Name":"WiFiSecurityType","Option":"Write","ValueMap":["open","wpaPersonal","wpaEnterprise","wep","wpa2Personal","wpa2Enterprise"],"Values":["open","wpaPersonal","wpaEnterprise","wep","wpa2Personal","wpa2Enterprise"]},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Intune Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures an Intune Wifi Configuration Policy for MacOS with Basic Wi-Fi type."},{"ClassName":"MSFT_DeviceManagementApplicabilityRuleOsEdition","Parameters":[{"CIMType":"String","Description":"Name for object","Name":"Name","Option":"Write"},{"CIMType":"String[]","Description":"Applicability rule OS edition type","Name":"OsEditionTypes","Option":"Write"},{"CIMType":"String","Description":"Applicability Rule type","Name":"RuleType","Option":"Write","ValueMap":["include","exclude"],"Values":["include","exclude"]}],"Description":"This resource configures an Intune Wifi Configuration Policy for Windows10 with Basic Wi-Fi type."},{"ClassName":"MSFT_DeviceManagementApplicabilityRuleOsVersion","Parameters":[{"CIMType":"String","Description":"Name for object","Name":"Name","Option":"Write"},{"CIMType":"String","Description":"Min OS version for Applicability Rule","Name":"MinOSVersion","Option":"Write"},{"CIMType":"String","Description":"Max OS version for Applicability Rule","Name":"MaxOSVersion","Option":"Write"},{"CIMType":"String","Description":"Applicability Rule type","Name":"RuleType","Option":"Write","ValueMap":["include","exclude"],"Values":["include","exclude"]}],"Description":"This resource configures an Intune Wifi Configuration Policy for Windows10 with Basic Wi-Fi type."},{"ClassName":"MSFT_IntuneWifiConfigurationPolicyWindows10","Parameters":[{"CIMType":"String","Description":"Id of the Intune policy.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"Display name of the Intune policy.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"Description of the Intune policy.","Name":"Description","Option":"Write"},{"CIMType":"Boolean","Description":"Connect automatically","Name":"ConnectAutomatically","Option":"Write"},{"CIMType":"Boolean","Description":"Connect to preferred network","Name":"ConnectToPreferredNetwork","Option":"Write"},{"CIMType":"Boolean","Description":"Connect when network name is hidden","Name":"ConnectWhenNetworkNameIsHidden","Option":"Write"},{"CIMType":"MSFT_DeviceManagementApplicabilityRuleOsEdition","Description":"The OS edition applicability for this Policy. ","Name":"DeviceManagementApplicabilityRuleOsEdition","Option":"Write"},{"CIMType":"MSFT_DeviceManagementApplicabilityRuleOsVersion","Description":"The OS version applicability rule for this Policy.","Name":"DeviceManagementApplicabilityRuleOsVersion","Option":"Write"},{"CIMType":"Boolean","Description":"Force FIPS compliance","Name":"ForceFIPSCompliance","Option":"Write"},{"CIMType":"Boolean","Description":"If the pre shared key should be updated, even if the policy is already equal.","Name":"ForcePreSharedKeyUpdate","Option":"Write"},{"CIMType":"String","Description":"Metered connection limit","Name":"MeteredConnectionLimit","Option":"Write","ValueMap":["unrestricted","fixed","variable"],"Values":["unrestricted","fixed","variable"]},{"CIMType":"String","Description":"Network name","Name":"NetworkName","Option":"Write"},{"CIMType":"String","Description":"Pre shared key","Name":"PreSharedKey","Option":"Write"},{"CIMType":"String","Description":"Proxy automatic configuration url","Name":"ProxyAutomaticConfigurationUrl","Option":"Write"},{"CIMType":"String","Description":"Proxy manual address","Name":"ProxyManualAddress","Option":"Write"},{"CIMType":"UInt32","Description":"Proxy manual port","Name":"ProxyManualPort","Option":"Write"},{"CIMType":"String","Description":"Proxy setting","Name":"ProxySetting","Option":"Write","ValueMap":["none","manual","automatic"],"Values":["none","manual","automatic"]},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"String","Description":"SSID","Name":"Ssid","Option":"Write"},{"CIMType":"String","Description":"Wi-Fi security","Name":"WifiSecurityType","Option":"Write","ValueMap":["open","wpaPersonal","wpaEnterprise","wep","wpa2Personal","wpa2Enterprise"],"Values":["open","wpaPersonal","wpaEnterprise","wep","wpa2Personal","wpa2Enterprise"]},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Intune Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures an Intune Wifi Configuration Policy for Windows10 with Basic Wi-Fi type."},{"ClassName":"MSFT_MicrosoftGraphWindowsEnrollmentStatusScreenSettings","Parameters":[{"CIMType":"Boolean","Description":"Allow or block user to use device before profile and app installation complete","Name":"AllowDeviceUseBeforeProfileAndAppInstallComplete","Option":"Write"},{"CIMType":"Boolean","Description":"Allow the user to continue using the device on installation failure","Name":"AllowDeviceUseOnInstallFailure","Option":"Write"},{"CIMType":"Boolean","Description":"Allow or block log collection on installation failure","Name":"AllowLogCollectionOnInstallFailure","Option":"Write"},{"CIMType":"Boolean","Description":"Allow the user to retry the setup on installation failure","Name":"BlockDeviceSetupRetryByUser","Option":"Write"},{"CIMType":"String","Description":"Set custom error message to show upon installation failure","Name":"CustomErrorMessage","Option":"Write"},{"CIMType":"Boolean","Description":"Show or hide installation progress to user","Name":"HideInstallationProgress","Option":"Write"},{"CIMType":"UInt32","Description":"Set installation progress timeout in minutes","Name":"InstallProgressTimeoutInMinutes","Option":"Write"}],"Description":"Intune Windows Autopilot Deployment Profile Azure AD Hybrid Joined"},{"ClassName":"MSFT_MicrosoftGraphOutOfBoxExperienceSettings","Parameters":[{"CIMType":"String","Description":"AAD join authentication type. Possible values are: singleUser, shared.","Name":"DeviceUsageType","Option":"Write","ValueMap":["singleUser","shared"],"Values":["singleUser","shared"]},{"CIMType":"Boolean","Description":"If set to true, then the user can't start over with different account, on company sign-in","Name":"HideEscapeLink","Option":"Write"},{"CIMType":"Boolean","Description":"Show or hide EULA to user","Name":"HideEULA","Option":"Write"},{"CIMType":"Boolean","Description":"Show or hide privacy settings to user","Name":"HidePrivacySettings","Option":"Write"},{"CIMType":"Boolean","Description":"If set, then skip the keyboard selection page if Language and Region are set","Name":"SkipKeyboardSelectionPage","Option":"Write"},{"CIMType":"String","Description":"Type of user. Possible values are: administrator, standard.","Name":"UserType","Option":"Write","ValueMap":["administrator","standard"],"Values":["administrator","standard"]}],"Description":"Intune Windows Autopilot Deployment Profile Azure AD Hybrid Joined"},{"ClassName":"MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADHybridJoined","Parameters":[{"CIMType":"Boolean","Description":"The Autopilot Hybrid Azure AD join flow will continue even if it does not establish domain controller connectivity during OOBE.","Name":"HybridAzureADJoinSkipConnectivityCheck","Option":"Write"},{"CIMType":"String","Description":"Description of the profile","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"The template used to name the AutoPilot Device. This can be a custom text and can also contain either the serial number of the device, or a randomly generated number. The total length of the text generated by the template can be no more than 15 characters.","Name":"DeviceNameTemplate","Option":"Write"},{"CIMType":"String","Description":"The AutoPilot device type that this profile is applicable to. Possible values are: windowsPc, surfaceHub2.","Name":"DeviceType","Option":"Write","ValueMap":["windowsPc","surfaceHub2","holoLens","surfaceHub2S","virtualMachine","unknownFutureValue"],"Values":["windowsPc","surfaceHub2","holoLens","surfaceHub2S","virtualMachine","unknownFutureValue"]},{"CIMType":"String","Description":"Name of the profile","Name":"DisplayName","Option":"Key"},{"CIMType":"Boolean","Description":"Enable Autopilot White Glove for the profile.","Name":"EnableWhiteGlove","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphwindowsEnrollmentStatusScreenSettings","Description":"Enrollment status screen setting","Name":"EnrollmentStatusScreenSettings","Option":"Write"},{"CIMType":"Boolean","Description":"HardwareHash Extraction for the profile","Name":"ExtractHardwareHash","Option":"Write"},{"CIMType":"String","Description":"Language configured on the device","Name":"Language","Option":"Write"},{"CIMType":"String","Description":"AzureAD management app ID used during client device-based enrollment discovery","Name":"ManagementServiceAppId","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphoutOfBoxExperienceSettings","Description":"Out of box experience setting","Name":"OutOfBoxExperienceSettings","Option":"Write"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Windows Autopilot Deployment Profile Azure AD Hybrid Joined"},{"ClassName":"MSFT_MicrosoftGraphWindowsEnrollmentStatusScreenSettings1","Parameters":[{"CIMType":"Boolean","Description":"Allow or block user to use device before profile and app installation complete","Name":"AllowDeviceUseBeforeProfileAndAppInstallComplete","Option":"Write"},{"CIMType":"Boolean","Description":"Allow the user to continue using the device on installation failure","Name":"AllowDeviceUseOnInstallFailure","Option":"Write"},{"CIMType":"Boolean","Description":"Allow or block log collection on installation failure","Name":"AllowLogCollectionOnInstallFailure","Option":"Write"},{"CIMType":"Boolean","Description":"Allow the user to retry the setup on installation failure","Name":"BlockDeviceSetupRetryByUser","Option":"Write"},{"CIMType":"String","Description":"Set custom error message to show upon installation failure","Name":"CustomErrorMessage","Option":"Write"},{"CIMType":"Boolean","Description":"Show or hide installation progress to user","Name":"HideInstallationProgress","Option":"Write"},{"CIMType":"UInt32","Description":"Set installation progress timeout in minutes","Name":"InstallProgressTimeoutInMinutes","Option":"Write"}],"Description":"Intune Windows Autopilot Deployment Profile Azure AD Joined"},{"ClassName":"MSFT_MicrosoftGraphOutOfBoxExperienceSettings1","Parameters":[{"CIMType":"String","Description":"AAD join authentication type. Possible values are: singleUser, shared.","Name":"DeviceUsageType","Option":"Write","ValueMap":["singleUser","shared"],"Values":["singleUser","shared"]},{"CIMType":"Boolean","Description":"If set to true, then the user can't start over with different account, on company sign-in","Name":"HideEscapeLink","Option":"Write"},{"CIMType":"Boolean","Description":"Show or hide EULA to user","Name":"HideEULA","Option":"Write"},{"CIMType":"Boolean","Description":"Show or hide privacy settings to user","Name":"HidePrivacySettings","Option":"Write"},{"CIMType":"Boolean","Description":"If set, then skip the keyboard selection page if Language and Region are set","Name":"SkipKeyboardSelectionPage","Option":"Write"},{"CIMType":"String","Description":"Type of user. Possible values are: administrator, standard.","Name":"UserType","Option":"Write","ValueMap":["administrator","standard"],"Values":["administrator","standard"]}],"Description":"Intune Windows Autopilot Deployment Profile Azure AD Joined"},{"ClassName":"MSFT_IntuneWindowsAutopilotDeploymentProfileAzureADJoined","Parameters":[{"CIMType":"String","Description":"Description of the profile","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"The template used to name the AutoPilot Device. This can be a custom text and can also contain either the serial number of the device, or a randomly generated number. The total length of the text generated by the template can be no more than 15 characters.","Name":"DeviceNameTemplate","Option":"Write"},{"CIMType":"String","Description":"The AutoPilot device type that this profile is applicable to. Possible values are: windowsPc, surfaceHub2.","Name":"DeviceType","Option":"Write","ValueMap":["windowsPc","surfaceHub2","holoLens","surfaceHub2S","virtualMachine","unknownFutureValue"],"Values":["windowsPc","surfaceHub2","holoLens","surfaceHub2S","virtualMachine","unknownFutureValue"]},{"CIMType":"String","Description":"Name of the profile","Name":"DisplayName","Option":"Key"},{"CIMType":"Boolean","Description":"Enable Autopilot White Glove for the profile.","Name":"EnableWhiteGlove","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphwindowsEnrollmentStatusScreenSettings1","Description":"Enrollment status screen setting","Name":"EnrollmentStatusScreenSettings","Option":"Write"},{"CIMType":"Boolean","Description":"HardwareHash Extraction for the profile","Name":"ExtractHardwareHash","Option":"Write"},{"CIMType":"String","Description":"Language configured on the device","Name":"Language","Option":"Write"},{"CIMType":"String","Description":"AzureAD management app ID used during client device-based enrollment discovery","Name":"ManagementServiceAppId","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphoutOfBoxExperienceSettings1","Description":"Out of box experience setting","Name":"OutOfBoxExperienceSettings","Option":"Write"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Windows Autopilot Deployment Profile Azure AD Joined"},{"ClassName":"MSFT_IntuneWindowsBackupForOrganizationConfiguration","Parameters":[{"CIMType":"String","Description":"Only valid value is 'Yes'.","Name":"IsSingleInstance","Option":"Key","ValueMap":["Yes"],"Values":["Yes"]},{"CIMType":"String","Description":"Indicates the configuration state of the Windows Restore setting. Possible values are 'notConfigured', 'enabled', and 'disabled'. Default is: notConfigured. This is a tenant level default setting that is not targetable. This property's value is applied during Enrollment. Possible values are: notConfigured, enabled, disabled.","Name":"State","Option":"Write","ValueMap":["notConfigured","enabled","disabled"],"Values":["notConfigured","enabled","disabled"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Windows Backup For Organization Configuration\n\n**Attention**: Can only be updated using the delegated `Credentials` authentication method."},{"ClassName":"MSFT_IntuneWindowsHelloForBusinessGlobalPolicy","Parameters":[{"CIMType":"String","Description":"Only valid value is 'Yes'.","Name":"IsSingleInstance","Option":"Key","ValueMap":["Yes"],"Values":["Yes"]},{"CIMType":"String","Description":"Controls the ability to use the anti-spoofing features for facial recognition on devices which support it. If set to disabled, anti-spoofing features are not allowed. If set to Not Configured, the user can choose whether they want to use anti-spoofing. Possible values are: notConfigured, enabled, disabled.","Name":"EnhancedBiometricsState","Option":"Write","ValueMap":["notConfigured","enabled","disabled"],"Values":["notConfigured","enabled","disabled"]},{"CIMType":"UInt32","Description":"Setting to configure Enhanced sign-in security. Default is Not Configured","Name":"EnhancedSignInSecurity","Option":"Write"},{"CIMType":"UInt32","Description":"Controls the period of time (in days) that a PIN can be used before the system requires the user to change it. This must be set between 0 and 730, inclusive. If set to 0, the user's PIN will never expire","Name":"PinExpirationInDays","Option":"Write"},{"CIMType":"String","Description":"Controls the ability to use lowercase letters in the Windows Hello for Business PIN.  Allowed permits the use of lowercase letter(s), whereas Required ensures they are present. If set to Not Allowed, lowercase letters will not be permitted. Possible values are: allowed, required, disallowed.","Name":"PinLowercaseCharactersUsage","Option":"Write","ValueMap":["allowed","required","disallowed"],"Values":["allowed","required","disallowed"]},{"CIMType":"UInt32","Description":"Controls the maximum number of characters allowed for the Windows Hello for Business PIN. This value must be between 4 and 127, inclusive. This value must be greater than or equal to the value set for the minimum PIN.","Name":"PinMaximumLength","Option":"Write"},{"CIMType":"UInt32","Description":"Controls the minimum number of characters required for the Windows Hello for Business PIN.  This value must be between 4 and 127, inclusive, and less than or equal to the value set for the maximum PIN.","Name":"PinMinimumLength","Option":"Write"},{"CIMType":"UInt32","Description":"Controls the ability to prevent users from using past PINs. This must be set between 0 and 50, inclusive, and the current PIN of the user is included in that count. If set to 0, previous PINs are not stored. PIN history is not preserved through a PIN reset.","Name":"PinPreviousBlockCount","Option":"Write"},{"CIMType":"String","Description":"Controls the ability to use special characters in the Windows Hello for Business PIN.  Allowed permits the use of special character(s), whereas Required ensures they are present. If set to Not Allowed, special character(s) will not be permitted. Possible values are: allowed, required, disallowed.","Name":"PinSpecialCharactersUsage","Option":"Write","ValueMap":["allowed","required","disallowed"],"Values":["allowed","required","disallowed"]},{"CIMType":"String","Description":"Controls the ability to use uppercase letters in the Windows Hello for Business PIN.  Allowed permits the use of uppercase letter(s), whereas Required ensures they are present. If set to Not Allowed, uppercase letters will not be permitted. Possible values are: allowed, required, disallowed.","Name":"PinUppercaseCharactersUsage","Option":"Write","ValueMap":["allowed","required","disallowed"],"Values":["allowed","required","disallowed"]},{"CIMType":"Boolean","Description":"Controls the use of Remote Windows Hello for Business. Remote Windows Hello for Business provides the ability for a portable, registered device to be usable as a companion for desktop authentication. The desktop must be Azure AD joined and the companion device must have a Windows Hello for Business PIN.","Name":"RemotePassportEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"Controls whether to require a Trusted Platform Module (TPM) for provisioning Windows Hello for Business. A TPM provides an additional security benefit in that data stored on it cannot be used on other devices. If set to False, all devices can provision Windows Hello for Business even if there is not a usable TPM.","Name":"SecurityDeviceRequired","Option":"Write"},{"CIMType":"String","Description":"Security key for Sign In provides the capacity for remotely turning ON/OFF Windows Hello Sercurity Keyl Not configured will honor configurations done on the clinet. Possible values are: notConfigured, enabled, disabled.","Name":"SecurityKeyForSignIn","Option":"Write","ValueMap":["notConfigured","enabled","disabled"],"Values":["notConfigured","enabled","disabled"]},{"CIMType":"String","Description":"Controls whether to allow the device to be configured for Windows Hello for Business. If set to disabled, the user cannot provision Windows Hello for Business except on Azure Active Directory joined mobile phones if otherwise required. If set to Not Configured, Intune will not override client defaults. Possible values are: notConfigured, enabled, disabled.","Name":"State","Option":"Write","ValueMap":["notConfigured","enabled","disabled"],"Values":["notConfigured","enabled","disabled"]},{"CIMType":"Boolean","Description":"Controls the use of biometric gestures, such as face and fingerprint, as an alternative to the Windows Hello for Business PIN.  If set to False, biometric gestures are not allowed. Users must still configure a PIN as a backup in case of failures.","Name":"UnlockWithBiometricsEnabled","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Windows Hello For Business Global Policy.\n\n**Attention:** Only the export works with app-only authentication. To update the settings, credential authentication is required."},{"ClassName":"MSFT_IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolledPolicyAssignments","Parameters":[{"CIMType":"String","Description":"The type of the target assignment.","Name":"dataType","Option":"Write","ValueMap":["#microsoft.graph.groupAssignmentTarget","#microsoft.graph.allLicensedUsersAssignmentTarget","#microsoft.graph.allDevicesAssignmentTarget","#microsoft.graph.exclusionGroupAssignmentTarget","#microsoft.graph.configurationManagerCollectionAssignmentTarget"],"Values":["#microsoft.graph.groupAssignmentTarget","#microsoft.graph.allLicensedUsersAssignmentTarget","#microsoft.graph.allDevicesAssignmentTarget","#microsoft.graph.exclusionGroupAssignmentTarget","#microsoft.graph.configurationManagerCollectionAssignmentTarget"]},{"CIMType":"String","Description":"The type of filter of the target assignment i.e. Exclude or Include. Possible values are:none, include, exclude.","Name":"deviceAndAppManagementAssignmentFilterType","Option":"Write","ValueMap":["none","include","exclude"],"Values":["none","include","exclude"]},{"CIMType":"String","Description":"The Id of the filter for the target assignment.","Name":"deviceAndAppManagementAssignmentFilterId","Option":"Write"},{"CIMType":"String","Description":"The display name of the filter for the target assignment.","Name":"deviceAndAppManagementAssignmentFilterDisplayName","Option":"Write"},{"CIMType":"String","Description":"The group Id that is the target of the assignment.","Name":"groupId","Option":"Write"},{"CIMType":"String","Description":"The group Display Name that is the target of the assignment.","Name":"groupDisplayName","Option":"Write"},{"CIMType":"String","Description":"The collection Id that is the target of the assignment.(ConfigMgr)","Name":"collectionId","Option":"Write"}],"Description":"Intune Windows Information Protection Policy for Windows10 Mdm Enrolled"},{"ClassName":"MSFT_MicrosoftGraphWindowsInformationProtectionDataRecoveryCertificate","Parameters":[{"CIMType":"String","Description":"Data recovery Certificate","Name":"Certificate","Option":"Write"},{"CIMType":"String","Description":"Data recovery Certificate description","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Data recovery Certificate expiration datetime","Name":"ExpirationDateTime","Option":"Write"},{"CIMType":"String","Description":"Data recovery Certificate subject name","Name":"SubjectName","Option":"Write"}],"Description":"Intune Windows Information Protection Policy for Windows10 Mdm Enrolled"},{"ClassName":"MSFT_MicrosoftGraphWindowsInformationProtectionResourceCollection","Parameters":[{"CIMType":"String","Description":"Display name","Name":"DisplayName","Option":"Key"},{"CIMType":"String[]","Description":"Collection of resources","Name":"Resources","Option":"Write"}],"Description":"Intune Windows Information Protection Policy for Windows10 Mdm Enrolled"},{"ClassName":"MSFT_MicrosoftGraphWindowsInformationProtectionIPRangeCollection","Parameters":[{"CIMType":"String","Description":"Display name","Name":"DisplayName","Option":"Key"},{"CIMType":"MSFT_MicrosoftGraphIpRange[]","Description":"Collection of ip ranges","Name":"Ranges","Option":"Write"}],"Description":"Intune Windows Information Protection Policy for Windows10 Mdm Enrolled"},{"ClassName":"MSFT_MicrosoftGraphIpRange","Parameters":[{"CIMType":"String","Description":"Lower address.","Name":"LowerAddress","Option":"Key"},{"CIMType":"String","Description":"Upper address.","Name":"UpperAddress","Option":"Key"},{"CIMType":"String","Description":"The type of the entity.","Name":"odataType","Option":"Key","ValueMap":["#microsoft.graph.iPv4Range","#microsoft.graph.iPv6Range"],"Values":["#microsoft.graph.iPv4Range","#microsoft.graph.iPv6Range"]}],"Description":"Intune Windows Information Protection Policy for Windows10 Mdm Enrolled"},{"ClassName":"MSFT_MicrosoftGraphWindowsInformationProtectionProxiedDomainCollection","Parameters":[{"CIMType":"String","Description":"Display name","Name":"DisplayName","Option":"Key"},{"CIMType":"MSFT_MicrosoftGraphProxiedDomain[]","Description":"Collection of proxied domains","Name":"ProxiedDomains","Option":"Write"}],"Description":"Intune Windows Information Protection Policy for Windows10 Mdm Enrolled"},{"ClassName":"MSFT_MicrosoftGraphProxiedDomain","Parameters":[{"CIMType":"String","Description":"The IP address or FQDN","Name":"IpAddressOrFQDN","Option":"Key"},{"CIMType":"String","Description":"Proxy IP or FQDN","Name":"Proxy","Option":"Write"}],"Description":"Intune Windows Information Protection Policy for Windows10 Mdm Enrolled"},{"ClassName":"MSFT_MicrosoftGraphWindowsInformationProtectionApp","Parameters":[{"CIMType":"Boolean","Description":"If true, app is denied protection or exemption.","Name":"Denied","Option":"Write"},{"CIMType":"String","Description":"The app's description.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"App display name.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"The product name.","Name":"ProductName","Option":"Write"},{"CIMType":"String","Description":"The publisher name","Name":"PublisherName","Option":"Write"},{"CIMType":"String","Description":"The binary name.","Name":"BinaryName","Option":"Write"},{"CIMType":"String","Description":"The high binary version.","Name":"BinaryVersionHigh","Option":"Write"},{"CIMType":"String","Description":"The lower binary version.","Name":"BinaryVersionLow","Option":"Write"},{"CIMType":"String","Description":"The type of the entity.","Name":"odataType","Option":"Write","ValueMap":["#microsoft.graph.windowsInformationProtectionDesktopApp","#microsoft.graph.windowsInformationProtectionStoreApp"],"Values":["#microsoft.graph.windowsInformationProtectionDesktopApp","#microsoft.graph.windowsInformationProtectionStoreApp"]}],"Description":"Intune Windows Information Protection Policy for Windows10 Mdm Enrolled"},{"ClassName":"MSFT_IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolled","Parameters":[{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"Policy display name.","Name":"DisplayName","Option":"Key"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies whether to allow Azure RMS encryption for WIP","Name":"AzureRightsManagementServicesAllowed","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphwindowsInformationProtectionDataRecoveryCertificate","Description":"Specifies a recovery certificate that can be used for data recovery of encrypted files. This is the same as the data recovery agent(DRA) certificate for encrypting file system(EFS)","Name":"DataRecoveryCertificate","Option":"Write"},{"CIMType":"String","Description":"WIP enforcement level.See the Enum definition for supported values. Possible values are: noProtection, encryptAndAuditOnly, encryptAuditAndPrompt, encryptAuditAndBlock.","Name":"EnforcementLevel","Option":"Write","ValueMap":["noProtection","encryptAndAuditOnly","encryptAuditAndPrompt","encryptAuditAndBlock"],"Values":["noProtection","encryptAndAuditOnly","encryptAuditAndPrompt","encryptAuditAndBlock"]},{"CIMType":"String","Description":"Primary enterprise domain","Name":"EnterpriseDomain","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphwindowsInformationProtectionResourceCollection[]","Description":"This is the comma-separated list of internal proxy servers. For example, '157.54.14.28, 157.54.11.118, 10.202.14.167, 157.53.14.163, 157.69.210.59'. These proxies have been configured by the admin to connect to specific resources on the Internet. They are considered to be enterprise network locations. The proxies are only leveraged in configuring the EnterpriseProxiedDomains policy to force traffic to the matched domains through these proxies","Name":"EnterpriseInternalProxyServers","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphwindowsInformationProtectionIPRangeCollection[]","Description":"Sets the enterprise IP ranges that define the computers in the enterprise network. Data that comes from those computers will be considered part of the enterprise and protected. These locations will be considered a safe destination for enterprise data to be shared to","Name":"EnterpriseIPRanges","Option":"Write"},{"CIMType":"Boolean","Description":"Boolean value that tells the client to accept the configured list and not to use heuristics to attempt to find other subnets. Default is false","Name":"EnterpriseIPRangesAreAuthoritative","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphwindowsInformationProtectionResourceCollection[]","Description":"This is the list of domains that comprise the boundaries of the enterprise. Data from one of these domains that is sent to a device will be considered enterprise data and protected These locations will be considered a safe destination for enterprise data to be shared to","Name":"EnterpriseNetworkDomainNames","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphwindowsInformationProtectionResourceCollection[]","Description":"List of enterprise domains to be protected","Name":"EnterpriseProtectedDomainNames","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphwindowsInformationProtectionProxiedDomainCollection[]","Description":"Contains a list of Enterprise resource domains hosted in the cloud that need to be protected. Connections to these resources are considered enterprise data. If a proxy is paired with a cloud resource, traffic to the cloud resource will be routed through the enterprise network via the denoted proxy server (on Port 80). A proxy server used for this purpose must also be configured using the EnterpriseInternalProxyServers policy","Name":"EnterpriseProxiedDomains","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphwindowsInformationProtectionResourceCollection[]","Description":"This is a list of proxy servers. Any server not on this list is considered non-enterprise","Name":"EnterpriseProxyServers","Option":"Write"},{"CIMType":"Boolean","Description":"Boolean value that tells the client to accept the configured list of proxies and not try to detect other work proxies. Default is false","Name":"EnterpriseProxyServersAreAuthoritative","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphwindowsInformationProtectionApp[]","Description":"Exempt applications can also access enterprise data, but the data handled by those applications are not protected. This is because some critical enterprise applications may have compatibility problems with encrypted data.","Name":"ExemptApps","Option":"Write"},{"CIMType":"Boolean","Description":"Determines whether overlays are added to icons for WIP protected files in Explorer and enterprise only app tiles in the Start menu. Starting in Windows 10, version 1703 this setting also configures the visibility of the WIP icon in the title bar of a WIP-protected app","Name":"IconsVisible","Option":"Write"},{"CIMType":"Boolean","Description":"This switch is for the Windows Search Indexer, to allow or disallow indexing of items","Name":"IndexingEncryptedStoresOrItemsBlocked","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphwindowsInformationProtectionResourceCollection[]","Description":"List of domain names that can used for work or personal resource","Name":"NeutralDomainResources","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphwindowsInformationProtectionApp[]","Description":"Protected applications can access enterprise data and the data handled by those applications are protected with encryption","Name":"ProtectedApps","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies whether the protection under lock feature (also known as encrypt under pin) should be configured","Name":"ProtectionUnderLockConfigRequired","Option":"Write"},{"CIMType":"Boolean","Description":"This policy controls whether to revoke the WIP keys when a device unenrolls from the management service. If set to 1 (Don't revoke keys), the keys will not be revoked and the user will continue to have access to protected files after unenrollment. If the keys are not revoked, there will be no revoked file cleanup subsequently.","Name":"RevokeOnUnenrollDisabled","Option":"Write"},{"CIMType":"String","Description":"TemplateID GUID to use for RMS encryption. The RMS template allows the IT admin to configure the details about who has access to RMS-protected file and how long they have access","Name":"RightsManagementServicesTemplateId","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphwindowsInformationProtectionResourceCollection[]","Description":"Specifies a list of file extensions, so that files with these extensions are encrypted when copying from an SMB share within the corporate boundary","Name":"SmbAutoEncryptedFileExtensions","Option":"Write"},{"CIMType":"String","Description":"The policy's description.","Name":"Description","Option":"Write"},{"CIMType":"MSFT_IntuneWindowsInformationProtectionPolicyWindows10MdmEnrolledPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Windows Information Protection Policy for Windows10 Mdm Enrolled"},{"ClassName":"MSFT_IntuneWindowsUpdateForBusinessDriverUpdateProfileWindows10","Parameters":[{"CIMType":"String","Description":"Id of the Intune policy.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"Display name of the Intune policy.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"Description of the Intune policy.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Driver update profile approval type. For example, manual or automatic approval. Possible values are: manual, automatic.","Name":"ApprovalType","Option":"Write","ValueMap":["manual","automatic"],"Values":["manual","automatic"]},{"CIMType":"UInt32","Description":"Deployment deferral settings in days, only applicable when ApprovalType is set to automatic approval.","Name":"DeploymentDeferralInDays","Option":"Write"},{"CIMType":"String[]","Description":"List of Scope Tag IDs for the Driver Update entity.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Windows Update For Business Driver Update Profile for Windows 10\n\nPlease note: Once a policy is created, the `ApprovalType` cannot be changed. A new policy must be created."},{"ClassName":"MSFT_MicrosoftGraphWindowsUpdateRolloutSettings","Parameters":[{"CIMType":"String","Description":"The feature update's ending  of release date and time to be set, update, and displayed for a feature Update profile for example: 2020-06-09T10:00:00Z.","Name":"OfferEndDateTimeInUTC","Option":"Write"},{"CIMType":"UInt32","Description":"The number of day(s) between each set of offers to be set, updated, and displayed for a feature update profile, for example: if OfferStartDateTimeInUTC is 2020-06-09T10:00:00Z, and OfferIntervalInDays is 1, then the next two sets of offers will be made consecutively on 2020-06-10T10:00:00Z (next day at the same specified time) and 2020-06-11T10:00:00Z (next next day at the same specified time) with 1 day in between each set of offers.","Name":"OfferIntervalInDays","Option":"Write"},{"CIMType":"String","Description":"The feature update's starting date and time to be set, update, and displayed for a feature Update profile for example: 2020-06-09T10:00:00Z.","Name":"OfferStartDateTimeInUTC","Option":"Write"}],"Description":"Intune Windows Update For Business Feature Update Profile for Windows10\n\n## RolloutSettings\n\nThe RolloutSettings for this resource have the following constraints and notes:\n\n* When creating a policy:\n  * If only a start date is specified, then the start date must be at least today.\n    * If the desired state date is before the current date, it will be adjusted to the current date.\n  * If a start and end date is specified, the start date must be the current date + 2 days, and the end date must be at least one day after the start date.\n    * If the start date is before the current date + 2 days, it will be adjusted to this date.\n* When updating a policy:\n  * If only a start date is specified, then the start date must either be the date from the current configuration or the current date (or later).\n    * If the desired state date is before the current date, it will be adjusted to the current date.\n  * If a start and end date is specified, the start date must be the current date + 2 days, and the end date must be at least one day after the start date.\n    * If the start date is before the current date + 2 days, it will be adjusted to this date.\n* When testing a policy:\n  * If the policy is missing and the start and end date are before the current date, it will return true.\n  * If the start date is different but before the current start date or time, it will return true."},{"ClassName":"MSFT_IntuneWindowsUpdateForBusinessFeatureUpdateProfileWindows10","Parameters":[{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"The display name of the profile.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"The description of the profile which is specified by the user.","Name":"Description","Option":"Write"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"String","Description":"The feature update version that will be deployed to the devices targeted by this profile. The version could be any supported version for example 1709, 1803 or 1809 and so on.","Name":"FeatureUpdateVersion","Option":"Write"},{"CIMType":"Boolean","Description":"If true, the Windows 11 update will become optional","Name":"InstallFeatureUpdatesOptional","Option":"Write"},{"CIMType":"Boolean","Description":"If true, the latest Microsoft Windows 10 update will be installed on devices ineligible for Microsoft Windows 11. Cannot be changed after creation of the policy.","Name":"InstallLatestWindows10OnWindows11IneligibleDevice","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphwindowsUpdateRolloutSettings","Description":"The windows update rollout settings, including offer start date time, offer end date time, and days between each set of offers. For 'as soon as possible' installation, set this setting to $null or do not configure it.","Name":"RolloutSettings","Option":"Write"},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Windows Update For Business Feature Update Profile for Windows10\n\n## RolloutSettings\n\nThe RolloutSettings for this resource have the following constraints and notes:\n\n* When creating a policy:\n  * If only a start date is specified, then the start date must be at least today.\n    * If the desired state date is before the current date, it will be adjusted to the current date.\n  * If a start and end date is specified, the start date must be the current date + 2 days, and the end date must be at least one day after the start date.\n    * If the start date is before the current date + 2 days, it will be adjusted to this date.\n* When updating a policy:\n  * If only a start date is specified, then the start date must either be the date from the current configuration or the current date (or later).\n    * If the desired state date is before the current date, it will be adjusted to the current date.\n  * If a start and end date is specified, the start date must be the current date + 2 days, and the end date must be at least one day after the start date.\n    * If the start date is before the current date + 2 days, it will be adjusted to this date.\n* When testing a policy:\n  * If the policy is missing and the start and end date are before the current date, it will return true.\n  * If the start date is different but before the current start date or time, it will return true."},{"ClassName":"MSFT_IntuneWindowsUpdateForBusinessHotpatchProfileWindows10","Parameters":[{"CIMType":"String","Description":"Indicates the display name of the device cleanup rule.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"Indicates the description for the device clean up rule.","Name":"Description","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates if hotpatch is enabled.","Name":"HotpatchEnabled","Option":"Write"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Windows Update For Business Hotpatch Profile for Windows10"},{"ClassName":"MSFT_MicrosoftGraphExpeditedWindowsQualityUpdateSettings","Parameters":[{"CIMType":"UInt32","Description":"The number of days after installation that forced reboot will happen. Must be in range from 0 to 2.","Name":"DaysUntilForcedReboot","Option":"Write"},{"CIMType":"String","Description":"The release date to identify a quality update. Format is yyyy-MM-ddT00:00:00Z.","Name":"QualityUpdateRelease","Option":"Write"}],"Description":"Intune Windows Update For Business Quality Update Profile for Windows10"},{"ClassName":"MSFT_IntuneWindowsUpdateForBusinessQualityUpdateProfileWindows10","Parameters":[{"CIMType":"String","Description":"The display name for the profile.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"The description of the profile.","Name":"Description","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphexpeditedWindowsQualityUpdateSettings","Description":"Expedited update settings.","Name":"ExpeditedUpdateSettings","Option":"Write"},{"CIMType":"String[]","Description":"List of Scope Tags for this Quality Update entity.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Windows Update For Business Quality Update Profile for Windows10"},{"ClassName":"MSFT_MicrosoftGraphWindowsUpdateInstallScheduleType","Parameters":[{"CIMType":"String","Description":"Active Hours End","Name":"ActiveHoursEnd","Option":"Write"},{"CIMType":"String","Description":"Active Hours Start","Name":"ActiveHoursStart","Option":"Write"},{"CIMType":"String","Description":"Scheduled Install Day in week. Possible values are: userDefined, everyday, sunday, monday, tuesday, wednesday, thursday, friday, saturday, noScheduledScan.","Name":"ScheduledInstallDay","Option":"Write","ValueMap":["userDefined","everyday","sunday","monday","tuesday","wednesday","thursday","friday","saturday","noScheduledScan"],"Values":["userDefined","everyday","sunday","monday","tuesday","wednesday","thursday","friday","saturday","noScheduledScan"]},{"CIMType":"String","Description":"Scheduled Install Time during day","Name":"ScheduledInstallTime","Option":"Write"},{"CIMType":"String","Description":"The type of the entity.","Name":"odataType","Option":"Write","ValueMap":["#microsoft.graph.windowsUpdateActiveHoursInstall","#microsoft.graph.windowsUpdateScheduledInstall"],"Values":["#microsoft.graph.windowsUpdateActiveHoursInstall","#microsoft.graph.windowsUpdateScheduledInstall"]}],"Description":"Intune Windows Update For Business Ring Update Profile for Windows 10"},{"ClassName":"MSFT_IntuneWindowsUpdateForBusinessRingUpdateProfileWindows10","Parameters":[{"CIMType":"String","Description":"The unique identifier for an entity. Read-only.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"Admin provided name of the device configuration.","Name":"DisplayName","Option":"Key"},{"CIMType":"String[]","Description":"List of Scope Tags for this Entity instance.","Name":"RoleScopeTagIds","Option":"Write"},{"CIMType":"Boolean","Description":"When TRUE, allows eligible Windows 10 devices to upgrade to Windows 11. When FALSE, implies the device stays on the existing operating system. Returned by default. Query parameters are not supported.","Name":"AllowWindows11Upgrade","Option":"Write"},{"CIMType":"String","Description":"The Automatic Update Mode. Possible values are: UserDefined, NotifyDownload, AutoInstallAtMaintenanceTime, AutoInstallAndRebootAtMaintenanceTime, AutoInstallAndRebootAtScheduledTime, AutoInstallAndRebootWithoutEndUserControl, WindowsDefault. UserDefined is the default value, no intent. Returned by default. Query parameters are not supported. Possible values are: userDefined, notifyDownload, autoInstallAtMaintenanceTime, autoInstallAndRebootAtMaintenanceTime, autoInstallAndRebootAtScheduledTime, autoInstallAndRebootWithoutEndUserControl, windowsDefault.","Name":"AutomaticUpdateMode","Option":"Write","ValueMap":["userDefined","notifyDownload","autoInstallAtMaintenanceTime","autoInstallAndRebootAtMaintenanceTime","autoInstallAndRebootAtScheduledTime","autoInstallAndRebootWithoutEndUserControl","windowsDefault"],"Values":["userDefined","notifyDownload","autoInstallAtMaintenanceTime","autoInstallAndRebootAtMaintenanceTime","autoInstallAndRebootAtScheduledTime","autoInstallAndRebootWithoutEndUserControl","windowsDefault"]},{"CIMType":"String","Description":"Specify the method by which the auto-restart required notification is dismissed. Possible values are: NotConfigured, Automatic, User. Returned by default. Query parameters are not supported. Possible values are: notConfigured, automatic, user, unknownFutureValue.","Name":"AutoRestartNotificationDismissal","Option":"Write","ValueMap":["notConfigured","automatic","user","unknownFutureValue"],"Values":["notConfigured","automatic","user","unknownFutureValue"]},{"CIMType":"String","Description":"Determines which branch devices will receive their updates from. Possible values are: UserDefined, All, BusinessReadyOnly, WindowsInsiderBuildFast, WindowsInsiderBuildSlow, WindowsInsiderBuildRelease. Returned by default. Query parameters are not supported. Possible values are: userDefined, all, businessReadyOnly, windowsInsiderBuildFast, windowsInsiderBuildSlow, windowsInsiderBuildRelease.","Name":"BusinessReadyUpdatesOnly","Option":"Write","ValueMap":["userDefined","all","businessReadyOnly","windowsInsiderBuildFast","windowsInsiderBuildSlow","windowsInsiderBuildRelease"],"Values":["userDefined","all","businessReadyOnly","windowsInsiderBuildFast","windowsInsiderBuildSlow","windowsInsiderBuildRelease"]},{"CIMType":"UInt32","Description":"Number of days before feature updates are installed automatically with valid range from 0 to 30 days. Returned by default. Query parameters are not supported.","Name":"DeadlineForFeatureUpdatesInDays","Option":"Write"},{"CIMType":"UInt32","Description":"Number of days before quality updates are installed automatically with valid range from 0 to 30 days. Returned by default. Query parameters are not supported.","Name":"DeadlineForQualityUpdatesInDays","Option":"Write"},{"CIMType":"UInt32","Description":"Number of days after deadline until restarts occur automatically with valid range from 0 to 7 days. Returned by default. Query parameters are not supported.","Name":"DeadlineGracePeriodInDays","Option":"Write"},{"CIMType":"String","Description":"The Delivery Optimization Mode. Possible values are: UserDefined, HttpOnly, HttpWithPeeringNat, HttpWithPeeringPrivateGroup, HttpWithInternetPeering, SimpleDownload, BypassMode. UserDefined allows the user to set. Returned by default. Query parameters are not supported. Possible values are: userDefined, httpOnly, httpWithPeeringNat, httpWithPeeringPrivateGroup, httpWithInternetPeering, simpleDownload, bypassMode.","Name":"DeliveryOptimizationMode","Option":"Write","ValueMap":["userDefined","httpOnly","httpWithPeeringNat","httpWithPeeringPrivateGroup","httpWithInternetPeering","simpleDownload","bypassMode"],"Values":["userDefined","httpOnly","httpWithPeeringNat","httpWithPeeringPrivateGroup","httpWithInternetPeering","simpleDownload","bypassMode"]},{"CIMType":"Boolean","Description":"When TRUE, excludes Windows update Drivers. When FALSE, does not exclude Windows update Drivers. Returned by default. Query parameters are not supported.","Name":"DriversExcluded","Option":"Write"},{"CIMType":"UInt32","Description":"Deadline in days before automatically scheduling and executing a pending restart outside of active hours, with valid range from 2 to 30 days. Returned by default. Query parameters are not supported.","Name":"EngagedRestartDeadlineInDays","Option":"Write"},{"CIMType":"UInt32","Description":"Number of days a user can snooze Engaged Restart reminder notifications with valid range from 1 to 3 days. Returned by default. Query parameters are not supported.","Name":"EngagedRestartSnoozeScheduleInDays","Option":"Write"},{"CIMType":"UInt32","Description":"Number of days before transitioning from Auto Restarts scheduled outside of active hours to Engaged Restart, which requires the user to schedule, with valid range from 0 to 30 days. Returned by default. Query parameters are not supported.","Name":"EngagedRestartTransitionScheduleInDays","Option":"Write"},{"CIMType":"UInt32","Description":"Defer Feature Updates by these many days with valid range from 0 to 30 days. Returned by default. Query parameters are not supported.","Name":"FeatureUpdatesDeferralPeriodInDays","Option":"Write"},{"CIMType":"Boolean","Description":"When TRUE, assigned devices are paused from receiving feature updates for up to 35 days from the time you pause the ring. When FALSE, does not pause Feature Updates. Returned by default. Query parameters are not supported.s","Name":"FeatureUpdatesPaused","Option":"Write"},{"CIMType":"String","Description":"The Feature Updates Pause Expiry datetime. This value is 35 days from the time admin paused or extended the pause for the ring. Returned by default. Query parameters are not supported.","Name":"FeatureUpdatesPauseExpiryDateTime","Option":"Write"},{"CIMType":"String","Description":"The Feature Updates Pause start date. This value is the time when the admin paused or extended the pause for the ring. Returned by default. Query parameters are not supported. This property is read-only.","Name":"FeatureUpdatesPauseStartDate","Option":"Write"},{"CIMType":"String","Description":"The Feature Updates Rollback Start datetime.This value is the time when the admin rolled back the Feature update for the ring.Returned by default.Query parameters are not supported.","Name":"FeatureUpdatesRollbackStartDateTime","Option":"Write"},{"CIMType":"UInt32","Description":"The number of days after a Feature Update for which a rollback is valid with valid range from 2 to 60 days. Returned by default. Query parameters are not supported.","Name":"FeatureUpdatesRollbackWindowInDays","Option":"Write"},{"CIMType":"MSFT_MicrosoftGraphwindowsUpdateInstallScheduleType","Description":"The Installation Schedule. Possible values are: ActiveHoursStart, ActiveHoursEnd, ScheduledInstallDay, ScheduledInstallTime. Returned by default. Query parameters are not supported.","Name":"InstallationSchedule","Option":"Write"},{"CIMType":"Boolean","Description":"When TRUE, allows Microsoft Update Service. When FALSE, does not allow Microsoft Update Service. Returned by default. Query parameters are not supported.","Name":"MicrosoftUpdateServiceAllowed","Option":"Write"},{"CIMType":"Boolean","Description":"When TRUE the device should wait until deadline for rebooting outside of active hours. When FALSE the device should not wait until deadline for rebooting outside of active hours. Returned by default. Query parameters are not supported.","Name":"PostponeRebootUntilAfterDeadline","Option":"Write"},{"CIMType":"String","Description":"The Pre-Release Features. Possible values are: UserDefined, SettingsOnly, SettingsAndExperimentations, NotAllowed. UserDefined is the default value, no intent. Returned by default. Query parameters are not supported. Possible values are: userDefined, settingsOnly, settingsAndExperimentations, notAllowed.","Name":"PrereleaseFeatures","Option":"Write","ValueMap":["userDefined","settingsOnly","settingsAndExperimentations","notAllowed"],"Values":["userDefined","settingsOnly","settingsAndExperimentations","notAllowed"]},{"CIMType":"UInt32","Description":"Defer Quality Updates by these many days with valid range from 0 to 30 days. Returned by default. Query parameters are not supported.","Name":"QualityUpdatesDeferralPeriodInDays","Option":"Write"},{"CIMType":"Boolean","Description":"When TRUE, assigned devices are paused from receiving quality updates for up to 35 days from the time you pause the ring. When FALSE, does not pause Quality Updates. Returned by default. Query parameters are not supported.","Name":"QualityUpdatesPaused","Option":"Write"},{"CIMType":"String","Description":"The Quality Updates Pause Expiry datetime. This value is 35 days from the time admin paused or extended the pause for the ring. Returned by default. Query parameters are not supported.","Name":"QualityUpdatesPauseExpiryDateTime","Option":"Write"},{"CIMType":"String","Description":"The Quality Updates Pause start date. This value is the time when the admin paused or extended the pause for the ring. Returned by default. Query parameters are not supported. This property is read-only.","Name":"QualityUpdatesPauseStartDate","Option":"Write"},{"CIMType":"String","Description":"The Quality Updates Rollback Start datetime. This value is the time when the admin rolled back the Quality update for the ring. Returned by default. Query parameters are not supported.","Name":"QualityUpdatesRollbackStartDateTime","Option":"Write"},{"CIMType":"UInt32","Description":"Specify the period for auto-restart imminent warning notifications. Supported values: 15, 30 or 60 (minutes). Returned by default. Query parameters are not supported.","Name":"ScheduleImminentRestartWarningInMinutes","Option":"Write"},{"CIMType":"UInt32","Description":"Specify the period for auto-restart warning reminder notifications. Supported values: 2, 4, 8, 12 or 24 (hours). Returned by default. Query parameters are not supported.","Name":"ScheduleRestartWarningInHours","Option":"Write"},{"CIMType":"Boolean","Description":"When TRUE, skips all checks before restart: Battery level = 40%, User presence, Display Needed, Presentation mode, Full screen mode, phone call state, game mode etc. When FALSE, does not skip all checks before restart. Returned by default. Query parameters are not supported.","Name":"SkipChecksBeforeRestart","Option":"Write"},{"CIMType":"String","Description":"Specifies what Windows Update notifications users see. Possible values are: NotConfigured, DefaultNotifications, RestartWarningsOnly, DisableAllNotifications. Returned by default. Query parameters are not supported. Possible values are: notConfigured, defaultNotifications, restartWarningsOnly, disableAllNotifications, unknownFutureValue.","Name":"UpdateNotificationLevel","Option":"Write","ValueMap":["notConfigured","defaultNotifications","restartWarningsOnly","disableAllNotifications","unknownFutureValue"],"Values":["notConfigured","defaultNotifications","restartWarningsOnly","disableAllNotifications","unknownFutureValue"]},{"CIMType":"String","Description":"Schedule the update installation on the weeks of the month. Possible values are: UserDefined, FirstWeek, SecondWeek, ThirdWeek, FourthWeek, EveryWeek. Returned by default. Query parameters are not supported. Possible values are: userDefined, firstWeek, secondWeek, thirdWeek, fourthWeek, everyWeek, unknownFutureValue.","Name":"UpdateWeeks","Option":"Write","ValueMap":["userDefined","firstWeek","secondWeek","thirdWeek","fourthWeek","everyWeek","unknownFutureValue"],"Values":["userDefined","firstWeek","secondWeek","thirdWeek","fourthWeek","everyWeek","unknownFutureValue"]},{"CIMType":"String","Description":"Specifies whether to enable end user's access to pause software updates. Possible values are: NotConfigured, Enabled, Disabled. Returned by default. Query parameters are not supported. Possible values are: notConfigured, enabled, disabled.","Name":"UserPauseAccess","Option":"Write","ValueMap":["notConfigured","enabled","disabled"],"Values":["notConfigured","enabled","disabled"]},{"CIMType":"String","Description":"Specifies whether to disable user's access to scan Windows Update. Possible values are: NotConfigured, Enabled, Disabled. Returned by default. Query parameters are not supported. Possible values are: notConfigured, enabled, disabled.","Name":"UserWindowsUpdateScanAccess","Option":"Write","ValueMap":["notConfigured","enabled","disabled"],"Values":["notConfigured","enabled","disabled"]},{"CIMType":"String","Description":"Admin provided description of the Device Configuration.","Name":"Description","Option":"Write"},{"CIMType":"MSFT_DeviceManagementConfigurationPolicyAssignments[]","Description":"Represents the assignment to the Intune policy.","Name":"Assignments","Option":"Write"},{"CIMType":"string","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Intune Windows Update For Business Ring Update Profile for Windows 10"},{"ClassName":"MSFT_M365DSCGraphAPIRuleEvaluation","Parameters":[{"CIMType":"String","Description":"Url of the REST Endpoint.","Name":"APIUrl","Option":"Key"},{"CIMType":"String","Description":"Specify the rules to evaluate.","Name":"RuleDefinition","Option":"Key"},{"CIMType":"String","Description":"Name of the parent property of the response, which contains the instances. Default is 'value'.","Name":"InstancesProperty","Option":"Write"},{"CIMType":"String","Description":"For logging purposes only. This represents the unique identifier of instances returned by the Graph API call.","Name":"InstanceIdentifier","Option":"Write"},{"CIMType":"String","Description":"Custom display name for the rule. This will show up in the logs on drift detection.","Name":"RuleName","Option":"Write"},{"CIMType":"String","Description":"Query to check how many instances exist, using PowerShell format","Name":"AfterRuleCountQuery","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Credentials of the Azure Active Directory Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory application to authenticate with.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource monitors Graph API endpoints against the defined rules."},{"ClassName":"MSFT_M365DSCRuleEvaluation","Parameters":[{"CIMType":"String","Description":"Name of the resource to monitor","Name":"ResourceTypeName","Option":"Key"},{"CIMType":"String","Description":"Specify the rules to monitor the resource for.","Name":"RuleDefinition","Option":"Key"},{"CIMType":"String","Description":"Custom display name for the rule. This will show up in the logs on drift detection.","Name":"RuleName","Option":"Write"},{"CIMType":"String","Description":"Query to check how many instances exist, using PowerShell format","Name":"AfterRuleCountQuery","Option":"Write"},{"CIMType":"String","Description":"Specifies a filter for the current resource type to be evaluated. This reduces the overall set of instances the rule will be evaluated against.","Name":"Filter","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Credentials of the Azure Active Directory Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory application to authenticate with.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource monitors Microsoft365DSC resources based on provided rules."},{"ClassName":"MSFT_O365AdminAuditLogConfig","Parameters":[{"CIMType":"String","Description":"Specifies the resource is a single instance, the value must be 'Yes'","Name":"IsSingleInstance","Option":"Key","ValueMap":["Yes"],"Values":["Yes"]},{"CIMType":"string","Description":"Determins if Unified Audit Log Ingestion is enabled","Name":"UnifiedAuditLogIngestionEnabled","Option":"Required","ValueMap":["Enabled","Disabled"],"Values":["Enabled","Disabled"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures a Purview Admin Audit Log."},{"ClassName":"MSFT_O365CopilotSettingsPeopleEnhancedPersonalization","Parameters":[{"CIMType":"String","Description":"Only valid value is 'Yes'.","Name":"IsSingleInstance","Option":"Key","ValueMap":["Yes"],"Values":["Yes"]},{"CIMType":"Boolean","Description":"If true, enables the enhanced personalization control and therefore related features as defined in control enhanced personalization privacy Required.","Name":"isEnabledInOrganization","Option":"Write"},{"CIMType":"string","Description":"The ID of a Microsoft Entra group to which the value is used to disable the control for populated users. Optional.","Name":"disabledForGroup","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Represents a setting that controls whether Microsoft 365 Copilot can use features that enhance its personalization capabilities."},{"ClassName":"MSFT_O365ExternalConnection","Parameters":[{"CIMType":"String","Description":"The name of the external connector.","Name":"Name","Option":"Key"},{"CIMType":"String","Description":"The unique identifier of the external connector.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"The description of the external connector.","Name":"Description","Option":"Write"},{"CIMType":"String[]","Description":"A collection of application IDs for registered Microsoft Entra apps that are allowed to manage the externalConnection and to index content in the externalConnection.","Name":"AuthorizedAppIds","Option":"Write"},{"CIMType":"string","Description":"Present ensures the instance exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Absent","Present"],"Values":["Absent","Present"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Configures external connectors in Microsoft 365."},{"ClassName":"MSFT_O365Group","Parameters":[{"CIMType":"string","Description":"The display name for the group.","Name":"DisplayName","Option":"Key"},{"CIMType":"string","Description":"The group's Internal Name.","Name":"MailNickName","Option":"Key"},{"CIMType":"string[]","Description":"The group's owner user principal.","Name":"ManagedBy","Option":"Write"},{"CIMType":"string","Description":"The group's description.","Name":"Description","Option":"Write"},{"CIMType":"string[]","Description":"Members of the group.","Name":"Members","Option":"Write"},{"CIMType":"string","Description":"Present ensures the group exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Name of the Azure Active Directory tenant used for authentication. Format contoso.onmicrosoft.com","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory application used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource allows users to create Office 365 Users and assign them licenses."},{"ClassName":"MSFT_O365OrgCustomizationSetting","Parameters":[{"CIMType":"String","Description":"Specifies the resource is a single instance, the value must be 'Yes'","Name":"IsSingleInstance","Option":"Key","ValueMap":["Yes"],"Values":["Yes"]},{"CIMType":"String","Description":"Since there is only one setting availble, this must be set to 'Present'","Name":"Ensure","Option":"Write","ValueMap":["Present"],"Values":["Present"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures the tenant settings so that the tenant runs in a fully\nconfigurable mode. Usually tenants are created in a mode, that limits options to\ncustomize the tenant. This setting is reflected by the Organization Config proptery\n`IsDehydrated: True`.\nRunning this resource will set the property to false.\n\nCurrently there is no setting available to undo Enable-OrganizationCustomization."},{"ClassName":"MSFT_O365OrgSettings","Parameters":[{"CIMType":"String","Description":"Specifies the resource is a single instance, the value must be 'Yes'","Name":"IsSingleInstance","Option":"Key","ValueMap":["Yes"],"Values":["Yes"]},{"CIMType":"Boolean","Description":"Allow people in your organization to start trial subscriptions for apps and services that support trials. Admins manage licenses for these trials in the same way as other licenses in your organization. Only admins can upgrade these trials to paid subscriptions, so they won't affect your billing.","Name":"AppsAndServicesIsAppAndServicesTrialEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"Allow people in your organization to access the Office Store using their work account. The Office Store provides access to apps that aren't curated or managed by Microsoft.","Name":"AppsAndServicesIsOfficeStoreEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"Allow Cortana in windows 10 (version 1909 and earlier), and the Cortana app on iOS and Android, to access Microsoft-hosted data on behalf of people in your organization.","Name":"CortanaEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"Automatically block any internal surveys that request confidential information. Admins will be notified in the Message Center when a survey is blocked.","Name":"DynamicsCustomerVoiceIsInOrgFormsPhishingScanEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"Capture the first and last names of respondents in your organization that complete a survey. You can still change this for individual surveys.","Name":"DynamicsCustomerVoiceIsRecordIdentityByDefaultEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"Capture the first and last names of respondents in your organization that complete a survey. You can still change this for individual surveys.","Name":"DynamicsCustomerVoiceIsRestrictedSurveyAccessEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"Allow YouTube and Bing.","Name":"FormsIsBingImageSearchEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"External Sharing - Send a link to the form and collect responses.","Name":"FormsIsExternalSendFormEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"External Sharing - Share to collaborate on the form layout and structure.","Name":"FormsIsExternalShareCollaborationEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"External Sharing - Share form result summary.","Name":"FormsIsExternalShareResultEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"External Sharing - Share the form as a template that can be duplicated.","Name":"FormsIsExternalShareTemplateEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"Phishing protection.","Name":"FormsIsInOrgFormsPhishingScanEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"Record names of people in your org.","Name":"FormsIsRecordIdentityByDefaultEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"Let users open files stored in third-party storage services in Microsoft 365 on the Web.","Name":"M365WebEnableUsersToOpenFilesFrom3PStorage","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies whether or not to allow users to have access to use the Viva Insights web experience.","Name":"VivaInsightsWebExperience","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies whether or not to allow users to have access to use the Viva Insights digest email feature.","Name":"VivaInsightsDigestEmail","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies whether or not to allow users to have access to use the Viva Insights Outlook add-in and inline suggestions.","Name":"VivaInsightsOutlookAddInAndInlineSuggestions","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies whether or not to allow users to have access to use the Viva Insights schedule send suggestions feature.","Name":"VivaInsightsScheduleSendSuggestions","Option":"Write"},{"CIMType":"Boolean","Description":"Allow Planner users to publish their plans and assigned tasks to Outlook or other calendars through iCalendar feeds.","Name":"PlannerAllowCalendarSharing","Option":"Write"},{"CIMType":"Boolean","Description":"Enables Copilot for Planner.","Name":"AllowPlannerCopilot","Option":"Write"},{"CIMType":"Boolean","Description":"To Do - Allow external users to join.","Name":"ToDoIsExternalJoinEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"To Do - Allow sharing with external users.","Name":"ToDoIsExternalShareEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"To Do - Allow your users to receive push notifications.","Name":"ToDoIsPushNotificationEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"Controls whether or not the Admin Center reports will conceale user, group and site names.","Name":"AdminCenterReportDisplayConcealedNames","Option":"Write"},{"CIMType":"String","Description":"Defines how often you want your users to get feature updates for Microsoft 365 apps installed on devices running Windows","Name":"InstallationOptionsUpdateChannel","Option":"Write","ValueMap":["current","monthlyEnterprise","semiAnnual"],"Values":["current","monthlyEnterprise","semiAnnual"]},{"CIMType":"String[]","Description":"Defines the apps users can install on Windows and mobile devices.","Name":"InstallationOptionsAppsForWindows","Option":"Write","ValueMap":["isVisioEnabled","isSkypeForBusinessEnabled","isProjectEnabled","isMicrosoft365AppsEnabled"],"Values":["isVisioEnabled","isSkypeForBusinessEnabled","isProjectEnabled","isMicrosoft365AppsEnabled"]},{"CIMType":"String[]","Description":"Defines the apps users can install on Mac devices.","Name":"InstallationOptionsAppsForMac","Option":"Write","ValueMap":["isSkypeForBusinessEnabled","isMicrosoft365AppsEnabled"],"Values":["isSkypeForBusinessEnabled","isMicrosoft365AppsEnabled"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures the Org settings for a Microsoft 365 tenant."},{"ClassName":"MSFT_O365SearchAndIntelligenceConfigurations","Parameters":[{"CIMType":"String","Description":"Specifies the resource is a single instance, the value must be 'Yes'","Name":"IsSingleInstance","Option":"Key","ValueMap":["Yes"],"Values":["Yes"]},{"CIMType":"Boolean","Description":"Specifies whether or not Item Insights should be available for the organization.","Name":"ItemInsightsIsEnabledInOrganization","Option":"Write"},{"CIMType":"String","Description":"Specifies a single Azure AD Group for which Item Insights needs to be disabled.","Name":"ItemInsightsDisabledForGroup","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies whether or not Meeting Insights should be available for the organization.","Name":"MeetingInsightsIsEnabledInOrganization","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies whether or not Person Insights should be available for the organization.","Name":"PersonInsightsIsEnabledInOrganization","Option":"Write"},{"CIMType":"String","Description":"Specifies a single Azure AD Group for which Person Insights needs to be disabled.","Name":"PersonInsightsDisabledForGroup","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Credentials of the Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures the Search And Intelligence configuration settings."},{"ClassName":"MSFT_ODSettings","Parameters":[{"CIMType":"string","Description":"Should be set to yes","Name":"IsSingleInstance","Option":"Key","ValueMap":["Yes"],"Values":["Yes"]},{"CIMType":"uint32","Description":"The resource quota to apply to the OneDrive sites","Name":"OneDriveStorageQuota","Option":"Write"},{"CIMType":"uint32","Description":"Number of days after a user's account is deleted that their OneDrive for Business content will be deleted.","Name":"OrphanedPersonalSitesRetentionPeriod","Option":"Write"},{"CIMType":"Boolean","Description":"Enable guest acess for OneDrive","Name":"OneDriveForGuestsEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"Turn notifications on/off OneDrive","Name":"NotificationsInOneDriveForBusinessEnabled","Option":"Write"},{"CIMType":"String","Description":"Lets administrators set policy on re-sharing behavior in OneDrive for Business","Name":"ODBMembersCanShare","Option":"Write","ValueMap":["On","Off","Unspecified"],"Values":["On","Off","Unspecified"]},{"CIMType":"String","Description":"Lets administrators set policy on access requests and requests to share in OneDrive for Business","Name":"ODBAccessRequests","Option":"Write","ValueMap":["On","Off","Unspecified"],"Values":["On","Off","Unspecified"]},{"CIMType":"Boolean","Description":"Block sync client on Mac","Name":"BlockMacSync","Option":"Write"},{"CIMType":"Boolean","Description":"Disable dialog box","Name":"DisableReportProblemDialog","Option":"Write"},{"CIMType":"Boolean","Description":"Enable/disable Safe domain List - if disabled overrides DomainGuids value","Name":"TenantRestrictionEnabled","Option":"Write"},{"CIMType":"String[]","Description":"Safe domain list","Name":"DomainGuids","Option":"Write"},{"CIMType":"String[]","Description":"Exclude files from being synced to OneDrive","Name":"ExcludedFileExtensions","Option":"Write"},{"CIMType":"String","Description":"Groove block options","Name":"GrooveBlockOption","Option":"Write","ValueMap":["OptOut","HardOptIn","SoftOptIn"],"Values":["OptOut","HardOptIn","SoftOptIn"]},{"CIMType":"Boolean","Description":"Allows configuration on Add shortcut to OneDrive feature in SharePoint document libraries. If set to $true, then this feature will be disabled on all sites in the tenant. If set to $false, it will be enabled on all sites in the tenant.","Name":"DisableAddToOneDrive","Option":"Write"},{"CIMType":"Boolean","Description":"Allows configuring whether display name of people who view the file are visible in the property pane of the site in OneDrive for business sites.","Name":"DisplayNamesOfFileViewers","Option":"Write"},{"CIMType":"String","Description":"Present ensures the user exists, absent ensures it is removed","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the account to authenticate with.","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Name of the Azure Active Directory tenant used for authentication. Format contoso.onmicrosoft.com","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for certificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource allows admins to manage blocked file types,\nblocked domains and MAC Sync."},{"ClassName":"MSFT_PlannerBucket","Parameters":[{"CIMType":"string","Description":"The Name of the Planner Bucket.","Name":"Name","Option":"Key"},{"CIMType":"string","Description":"Id of the Plan to which the bucket is associated with.","Name":"PlanId","Option":"Key"},{"CIMType":"string","Description":"Id of the Bucket, if known.","Name":"BucketId","Option":"Write"},{"CIMType":"String","Description":"Present ensures the Plan exists, absent ensures it is removed","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the account to authenticate with.","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"}],"Description":"This resource is used to configure the Planner Buckets.\n\n* This resource deals with content. Using the Monitoring feature\n  of Microsoft365DSC on content resources is not recommended."},{"ClassName":"MSFT_PlannerPlan","Parameters":[{"CIMType":"string","Description":"The Title of the Planner Plan.","Name":"Title","Option":"Key"},{"CIMType":"string","Description":"Name of Id of the Azure Active Directory Group who owns the plan","Name":"OwnerGroup","Option":"Key"},{"CIMType":"String","Description":"Present ensures the Plan exists, absent ensures it is removed","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the account to authenticate with.","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"}],"Description":"This resource is used to configure the Planner Plans.\n\n* This resource deals with content. Using the Monitoring feature\n  of Microsoft365DSC on content resources is not recommended."},{"ClassName":"MSFT_PlannerTaskAttachment","Parameters":[{"CIMType":"String","Description":"Alias of for the attachment.","Name":"Alias","Option":"Write"},{"CIMType":"String","Description":"Uri of the link to the attachment.","Name":"Uri","Option":"Write"},{"CIMType":"String","Description":"Type of attachment.","Name":"Type","Option":"Write","ValueMap":["PowerPoint","Word","Excel","Other"],"Values":["PowerPoint","Word","Excel","Other"]}],"Description":"This resource is used to configure the Planner Tasks.\n\n* This resource deals with content. Using the Monitoring feature\n  of Microsoft365DSC on content resources is not recommended."},{"ClassName":"MSFT_PlannerTaskChecklistItem","Parameters":[{"CIMType":"String","Description":"Title of the checklist item.","Name":"Title","Option":"Write"},{"CIMType":"String","Description":"True if the item is completed, false otherwise.","Name":"Completed","Option":"Write"}],"Description":"This resource is used to configure the Planner Tasks.\n\n* This resource deals with content. Using the Monitoring feature\n  of Microsoft365DSC on content resources is not recommended."},{"ClassName":"MSFT_PlannerTask","Parameters":[{"CIMType":"string","Description":"Id of the Planner Plan which contains the Task.","Name":"PlanId","Option":"Key"},{"CIMType":"string","Description":"The Title of the Planner Task.","Name":"Title","Option":"Key"},{"CIMType":"string[]","Description":"List of categories assigned to the task.","Name":"Categories","Option":"Write"},{"CIMType":"string[]","Description":"List of users assigned to the tasks (ex: @('john.smith@contoso.com', 'bob.houle@contoso.com')).","Name":"AssignedUsers","Option":"Write"},{"CIMType":"MSFT_PlannerTaskAttachment[]","Description":"List of links to attachments assigned to the task.","Name":"Attachments","Option":"Write"},{"CIMType":"MSFT_PlannerTaskChecklistItem[]","Description":"List checklist items associated with the task.","Name":"Checklist","Option":"Write"},{"CIMType":"string","Description":"Description of the Task.","Name":"Notes","Option":"Write"},{"CIMType":"string","Description":"The Id of the bucket that contains the task.","Name":"Bucket","Option":"Write"},{"CIMType":"string","Description":"Id of the Task, if known.","Name":"TaskId","Option":"Write"},{"CIMType":"string","Description":"Date and Time for the start of the Task.","Name":"StartDateTime","Option":"Write"},{"CIMType":"string","Description":"Date and Time for the task is due for completion.","Name":"DueDateTime","Option":"Write"},{"CIMType":"UInt32","Description":"Percentage completed of the Task. Value can only be between 0 and 100.","Name":"PercentComplete","Option":"Write"},{"CIMType":"UInt32","Description":"Priority of the Task. Value can only be between 1 and 10.","Name":"Priority","Option":"Write"},{"CIMType":"String","Description":"Id of the group conversation thread associated with the comments section for this task.","Name":"ConversationThreadId","Option":"Write"},{"CIMType":"String","Description":"Present ensures the Plan exists, absent ensures it is removed","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the account to authenticate with.","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"}],"Description":"This resource is used to configure the Planner Tasks.\n\n* This resource deals with content. Using the Monitoring feature\n  of Microsoft365DSC on content resources is not recommended."},{"ClassName":"MSFT_PPAdminDLPPolicy","Parameters":[{"CIMType":"String","Description":"Creates the policy with the input display name","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"Unique identifier of the policy.","Name":"PolicyName","Option":"Write"},{"CIMType":"String[]","Description":"Comma separated string list used as input environments to either include or exclude, depending on the FilterType.","Name":"Environments","Option":"Write"},{"CIMType":"String","Description":"Identifies which filter type the policy will have, none, include, or exclude.","Name":"FilterType","Option":"Write"},{"CIMType":"string","Description":"Present ensures the instance exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Absent","Present"],"Values":["Absent","Present"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Manages a policy's environment and default API group settings."},{"ClassName":"MSFT_PPDLPPolicyConnectorConfigurationsActionRules","Parameters":[{"CIMType":"String","Description":"Id of the action.","Name":"actionId","Option":"Write"},{"CIMType":"String","Description":"Associated behavior.","Name":"behavior","Option":"Write"}],"Description":"Configures connectors Data Loss Prevention policies in Power Platforms."},{"ClassName":"MSFT_PPDLPPolicyConnectorConfigurationsAction","Parameters":[{"CIMType":"String","Description":"Unique id of the connector.","Name":"connectorId","Option":"Write"},{"CIMType":"String","Description":"Default action behavior for to connector.","Name":"defaultConnectorActionRuleBehavior","Option":"Write"},{"CIMType":"MSFT_PPDLPPolicyConnectorConfigurationsActionRules[]","Description":"List of associated actions.","Name":"actionRules","Option":"Write"}],"Description":"Configures connectors Data Loss Prevention policies in Power Platforms."},{"ClassName":"MSFT_PPDLPPolicyConnectorConfigurations","Parameters":[{"CIMType":"String","Description":"The policy name identifier.","Name":"PolicyName","Option":"Key"},{"CIMType":"String","Description":"The tenant identifier.","Name":"PPTenantId","Option":"Key"},{"CIMType":"MSFT_PPDLPPolicyConnectorConfigurationsAction[]","Description":"Set of cnnector actions associated with the policy.","Name":"ConnectorActionConfigurations","Option":"Write"},{"CIMType":"string","Description":"Present ensures the instance exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Absent","Present"],"Values":["Absent","Present"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Configures connectors Data Loss Prevention policies in Power Platforms."},{"ClassName":"MSFT_PPPowerAppPolicyUrlPatternsRule","Parameters":[{"CIMType":"UInt32","Description":"Rule priority order.","Name":"order","Option":"Write"},{"CIMType":"String","Description":"Rule classification.","Name":"customConnectorRuleClassification","Option":"Write"},{"CIMType":"String","Description":"Rule pattern.","Name":"pattern","Option":"Write"}],"Description":"Configures custom connector patterns for Data Loss Prevention policies in Power Platforms."},{"ClassName":"MSFT_PPPowerAppPolicyUrlPatterns","Parameters":[{"CIMType":"String","Description":"The policy name identifier.","Name":"PolicyName","Option":"Key"},{"CIMType":"String","Description":"The tenant identifier.","Name":"PPTenantId","Option":"Key"},{"CIMType":"MSFT_PPPowerAppPolicyUrlPatternsRule[]","Description":"Set of custom connector pattern rules associated with the policy.","Name":"RuleSet","Option":"Write"},{"CIMType":"string","Description":"Present ensures the instance exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Absent","Present"],"Values":["Absent","Present"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Configures custom connector patterns for Data Loss Prevention policies in Power Platforms."},{"ClassName":"MSFT_PPPowerAppsEnvironment","Parameters":[{"CIMType":"String","Description":"Display name for the PowerApps environment","Name":"DisplayName","Option":"Key"},{"CIMType":"string","Description":"Location of the PowerApps environment.","Name":"Location","Option":"Required","ValueMap":["canada","unitedstates","europe","asia","australia","india","japan","unitedkingdom","unitedstatesfirstrelease","southamerica","france","usgov","unitedarabemirates","germany","switzerland","norway","korea","southafrica"],"Values":["canada","unitedstates","europe","asia","australia","india","japan","unitedkingdom","unitedstatesfirstrelease","southamerica","france","usgov","unitedarabemirates","germany","switzerland","norway","korea","southafrica"]},{"CIMType":"String","Description":"Type of environment.","Name":"EnvironmentType","Option":"Write"},{"CIMType":"String","Description":"SKU associated with the environment.","Name":"EnvironmentSKU","Option":"Required","ValueMap":["Production","Standard","Trial","Sandbox","SubscriptionBasedTrial","Teams","Developer","Basic","Default"],"Values":["Production","Standard","Trial","Sandbox","SubscriptionBasedTrial","Teams","Developer","Basic","Default"]},{"CIMType":"Boolean","Description":"The switch to provision a Dataverse database when creating the environment. If set, LanguageName and CurrencyName are mandatory to pass as arguments.","Name":"ProvisionDatabase","Option":"Write"},{"CIMType":"String","Description":"The default languages for the database, use Get-AdminPowerAppCdsDatabaseLanguages to get the support values.","Name":"LanguageName","Option":"Write","ValueMap":["1033","1025","1069","1026","1027","3076","2052","1028","1050","1029","1030","1043","1061","1035","1036","1110","1031","1032","1037","1081","1038","1040","1041","1087","1042","1062","1063","1044","1045","1046","2070","1048","1049","2074","1051","1060","3082","1053","1054","1055","1058","1066","3098","1086","1057"],"Values":["1033","1025","1069","1026","1027","3076","2052","1028","1050","1029","1030","1043","1061","1035","1036","1110","1031","1032","1037","1081","1038","1040","1041","1087","1042","1062","1063","1044","1045","1046","2070","1048","1049","2074","1051","1060","3082","1053","1054","1055","1058","1066","3098","1086","1057"]},{"CIMType":"String","Description":"The default currency for the database, use Get-AdminPowerAppCdsDatabaseCurrencies to get the supported values.","Name":"CurrencyName","Option":"Write","ValueMap":["KZT","ZAR","ETB","AED","BHD","DZD","EGP","IQD","JOD","KWD","LBP","LYD","MAD","OMR","QAR","SAR","SYP","TND","YER","CLP","INR","AZN","RUB","BYN","BGN","NGN","BDT","CNY","EUR","BAM","USD","CZK","GBP","DKK","CHF","MVR","BTN","XCD","AUD","BZD","CAD","HKD","IDR","JMD","MYR","NZD","PHP","SGD","TTD","XDR","ARS","BOB","COP","CRC","CUP","DOP","GTQ","HNL","MXN","NIO","PAB","PEN","PYG","UYU","VES","IRR","XOF","CDF","XAF","HTG","ILS","HUF","AMD","ISK","JPY","GEL","KHR","KRW","KGS","LAK","MKD","MNT","BND","MMK","NOK","NPR","PKR","PLN","AFN","BRL","MDL","RON","RWF","SEK","LKR","SOS","ALL","RSD","KES","TJS","THB","ERN","TMT","BWP","TRY","UAH","UZS","VND","MOP","TWD"],"Values":["KZT","ZAR","ETB","AED","BHD","DZD","EGP","IQD","JOD","KWD","LBP","LYD","MAD","OMR","QAR","SAR","SYP","TND","YER","CLP","INR","AZN","RUB","BYN","BGN","NGN","BDT","CNY","EUR","BAM","USD","CZK","GBP","DKK","CHF","MVR","BTN","XCD","AUD","BZD","CAD","HKD","IDR","JMD","MYR","NZD","PHP","SGD","TTD","XDR","ARS","BOB","COP","CRC","CUP","DOP","GTQ","HNL","MXN","NIO","PAB","PEN","PYG","UYU","VES","IRR","XOF","CDF","XAF","HTG","ILS","HUF","AMD","ISK","JPY","GEL","KHR","KRW","KGS","LAK","MKD","MNT","BND","MMK","NOK","NPR","PKR","PLN","AFN","BRL","MDL","RON","RWF","SEK","LKR","SOS","ALL","RSD","KES","TJS","THB","ERN","TMT","BWP","TRY","UAH","UZS","VND","MOP","TWD"]},{"CIMType":"String","Description":"Only accepted value is 'Present'.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Power Platform Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"}],"Description":"This resources configures the PowerApps Environment."},{"ClassName":"MSFT_PPTenantRule","Parameters":[{"CIMType":"String","Description":"Name of the trusted tenant.","Name":"TenantName","Option":"Key"},{"CIMType":"String","Description":"Direction of tenant trust.","Name":"Direction","Option":"Required","ValueMap":["Inbound","Outbound","Both"],"Values":["Inbound","Outbound","Both"]}],"Description":"This resource configures the Tenant Isolation settings for a Power Platform Tenant."},{"ClassName":"MSFT_PPTenantIsolationSettings","Parameters":[{"CIMType":"string","Description":"Should be set to yes","Name":"IsSingleInstance","Option":"Key","ValueMap":["Yes"],"Values":["Yes"]},{"CIMType":"boolean","Description":"When set to true this will enable the tenant isolation settings.","Name":"Enabled","Option":"Write"},{"CIMType":"MSFT_PPTenantRule[]","Description":"The exact list of tenant rules to be configured.","Name":"Rules","Option":"Write"},{"CIMType":"MSFT_PPTenantRule[]","Description":"A list of tenant rules that has to be added.","Name":"RulesToInclude","Option":"Write"},{"CIMType":"MSFT_PPTenantRule[]","Description":"A list of tenant rules that is now allowed to be added.","Name":"RulesToExclude","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Credentials of the Power Platform Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"}],"Description":"This resource configures the Tenant Isolation settings for a Power Platform Tenant."},{"ClassName":"MSFT_PPTenantSettings","Parameters":[{"CIMType":"string","Description":"Should be set to yes","Name":"IsSingleInstance","Option":"Key","ValueMap":["Yes"],"Values":["Yes"]},{"CIMType":"Boolean","Description":"When using Copilot in Power Apps, allow users to submit feedback to Microsoft. Default value is false.","Name":"DisableCopilotFeedback","Option":"Write"},{"CIMType":"Boolean","Description":"TBD","Name":"DisableMakerMatch","Option":"Write"},{"CIMType":"Boolean","Description":"TBD","Name":"DisableUnusedLicenseAssignment","Option":"Write"},{"CIMType":"Boolean","Description":"Allow people to use AI to generate an app based on an image. Default value is false.","Name":"DisableCreateFromImage","Option":"Write"},{"CIMType":"Boolean","Description":"Gets or sets a value indicating whether non-admin users in the tenant can share connections with everyone. Default value is false.","Name":"DisableConnectionSharingWithEveryone","Option":"Write"},{"CIMType":"Boolean","Description":"TBD","Name":"AllowNewOrgChannelDefault","Option":"Write"},{"CIMType":"Boolean","Description":"Disables cloud flows copilot in Power Automate. It doesn't control the ability to add AI-related connectors or actions in the flow designer. For example, the Skills connector or AI Builder creates text with a GPT action. Default value is false.","Name":"DisableCopilot","Option":"Write"},{"CIMType":"Boolean","Description":"Disables the copilot-enhanced help feature within Power Automate to enhance answers on product documentation through Bing Search. Default value is false.","Name":"DisableCopilotWithBing","Option":"Write"},{"CIMType":"Boolean","Description":"Disables the weekly admin digest email for Managed Environments. Default value is false.","Name":"DisableAdminDigest","Option":"Write"},{"CIMType":"Boolean","Description":"Ignore the Teams group-preferred data location when provisioning a Teams environment. Default value is false.","Name":"DisablePreferredDataLocationForTeamsEnvironment","Option":"Write"},{"CIMType":"Boolean","Description":"Restrict all developer environments to be created by tenant admins, Power Platform admins, or Dynamics 365 service admins. Default is false.","Name":"DisableDeveloperEnvironmentCreationByNonAdminUsers","Option":"Write"},{"CIMType":"Boolean","Description":"TBD","Name":"EnvironmentRoutingAllMakers","Option":"Write"},{"CIMType":"Boolean","Description":"Enables the Default Environment routing feature that creates personal, developer environments for new makers. Default value is false.","Name":"EnableDefaultEnvironmentRouting","Option":"Write"},{"CIMType":"String","Description":"When this setting is true, admins can view and manage desktop flow action groups in DLP policies in the Power Platform admin center. Default value is false.","Name":"EnableDesktopFlowDataPolicyManagement","Option":"Write"},{"CIMType":"Boolean","Description":"Allow users to collect telemetry data about their app in Azure Application Insights. Setting this to False blocks the transmission of this data.","Name":"EnableCanvasAppInsights","Option":"Write"},{"CIMType":"Boolean","Description":"Allow people to create a canvas app based on a Figma file. Default value is false.","Name":"DisableCreateFromFigma","Option":"Write"},{"CIMType":"Boolean","Description":"This is a legacy setting that is no longer used by the platform. Default value is false.","Name":"DisableBillingPolicyCreationByNonAdminUsers","Option":"Write"},{"CIMType":"UInt32","Description":"This setting isn't currently used by the platform but might be used in the future.","Name":"StorageCapacityConsumptionWarningThreshold","Option":"Write"},{"CIMType":"Boolean","Description":"Ability to allow tenant, Power Platform, or Dynamics 365 admins to grant permissions to an environment administrator to view the Capacity summary tab. Default value is false.","Name":"EnableTenantCapacityReportForEnvironmentAdmins","Option":"Write"},{"CIMType":"Boolean","Description":"Ability to allow tenant, Power Platform, or Dynamics 365 admins to grant permissions to an environment administrator to view the tenant-scoped license reports. Default value is false.","Name":"EnableTenantLicensingReportForEnvironmentAdmins","Option":"Write"},{"CIMType":"Boolean","Description":"Ability to use unallocated AI Builder credits in environments without allocated credits. Default value is true.","Name":"DisableUseOfUnassignedAIBuilderCredits","Option":"Write"},{"CIMType":"String","Description":"TBD","Name":"EnableGenerativeAIFeaturesForSiteUsers","Option":"Write"},{"CIMType":"String","Description":"TBD","Name":"EnableExternalAuthenticationProvidersInPowerPages","Option":"Write"},{"CIMType":"Boolean","Description":"This setting isn't currently used by the platform but might be used in the future.","Name":"DisableChampionsInvitationReachout","Option":"Write"},{"CIMType":"Boolean","Description":"This setting isn't currently used by the platform but might be used in the future.","Name":"DisableSkillsMatchInvitationReachout","Option":"Write"},{"CIMType":"Boolean","Description":"This setting isn't currently used by the platform but might be used in the future.","Name":"EnableOpenAiBotPublishing","Option":"Write"},{"CIMType":"Boolean","Description":"TBD","Name":"DisableAiPrompts","Option":"Write"},{"CIMType":"Boolean","Description":"When using Copilot in Power Apps, allow users to share their prompts, questions, and requests with Microsoft. Default value is true.","Name":"DisableCopilotFeedbackMetadata","Option":"Write"},{"CIMType":"Boolean","Description":"Ability to allow Microsoft to read Power Automate Copilot AI feature customer data (inputs and outputs) and provide improved models. Default value is false.","Name":"EnableModelDataSharing","Option":"Write"},{"CIMType":"Boolean","Description":"Ability to disable data logging and remove all data logged for Power Automate Copilot AI feature customer data (inputs and outputs). Default value is false.","Name":"DisableDataLogging","Option":"Write"},{"CIMType":"String","Description":"This setting is reserved for future use. No enforcement is driven by this setting at the current time.","Name":"PowerCatalogAudienceSetting","Option":"Write"},{"CIMType":"Boolean","Description":"TBD","Name":"EnableDeleteDisabledUserinAllEnvironments","Option":"Write"},{"CIMType":"Boolean","Description":"TBD","Name":"DisableHelpSupportCopilot","Option":"Write"},{"CIMType":"Boolean","Description":"TBD","Name":"DisableSurveyScreenshots","Option":"Write"},{"CIMType":"boolean","Description":"This is a legacy setting that is no longer used by the platform. Default value is false.","Name":"WalkMeOptOut","Option":"Write"},{"CIMType":"boolean","Description":"TBD","Name":"useSupportBingSearchByAllUsers","Option":"Write"},{"CIMType":"boolean","Description":"Ability to disable re-surveying users who left prior feedback via NPS prompts in Power Platform. Default value is false.","Name":"DisableNPSCommentsReachout","Option":"Write"},{"CIMType":"boolean","Description":"Ability to disable the newsletter sendout feature. Default value is false.","Name":"DisableNewsletterSendout","Option":"Write"},{"CIMType":"boolean","Description":"Restrict all environments to be created by tenant admins, Power Platform admins, or Dynamics 365 service admins. Default value is false.","Name":"DisableEnvironmentCreationByNonAdminUsers","Option":"Write"},{"CIMType":"boolean","Description":"Restrict all portals to be created by tenant admins, Power Platform admins, or Dynamics 365 service admins. Default value is false.","Name":"DisablePortalsCreationByNonAdminUsers","Option":"Write"},{"CIMType":"boolean","Description":"Ability to disable all NPS survey feedback prompts in Power Platform. Default value is false.","Name":"DisableSurveyFeedback","Option":"Write"},{"CIMType":"boolean","Description":"Restrict all trial environments to be created by tenant admins, Power Platform admins, or Dynamics 365 service admins. Default value is false.","Name":"DisableTrialEnvironmentCreationByNonAdminUsers","Option":"Write"},{"CIMType":"boolean","Description":"Ability to disable capacity allocation by environment administrators. Default value is false.","Name":"DisableCapacityAllocationByEnvironmentAdmins","Option":"Write"},{"CIMType":"boolean","Description":"Allows users, who already have access to the Help + Support page in Power Platform admin center, to see support requests created by other users in the tenant. Default value is True, which means this feature is turned off by default.","Name":"DisableSupportTicketsVisibleByAllUsers","Option":"Write"},{"CIMType":"boolean","Description":"When this setting is true, users in the environment can see a message that indicates Microsoft Learn and documentation search categories have been turned off by the administrator. Default value is false.","Name":"DisableDocsSearch","Option":"Write"},{"CIMType":"boolean","Description":"When this setting is true, users in the environment can see a message that indicates community and blog search categories have been turned off by the administrator. Default value is false.","Name":"DisableCommunitySearch","Option":"Write"},{"CIMType":"boolean","Description":"When this setting is true, users in the environment can see a message that indicates video search categories have been turned off by the administrator. Default value is false.","Name":"DisableBingVideoSearch","Option":"Write"},{"CIMType":"boolean","Description":"Ability to turn off the Share with Everyone capability for nonadmin users in all Power Apps. Default value is true.","Name":"DisableShareWithEveryone","Option":"Write"},{"CIMType":"boolean","Description":"When set to true this will enable the ability for guests in your tenant to create Power Platform resources.","Name":"EnableGuestsToMake","Option":"Write"},{"CIMType":"uint32","Description":"Maximum value setting for the number of users in a security group used to share an app built using Power Apps on Microsoft Teams. Default value is 10000 but can be increased or decreased, as required.","Name":"ShareWithColleaguesUserLimit","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Credentials of the Power Platform Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"}],"Description":"This resource configures a Power Platform Tenant."},{"ClassName":"MSFT_SCAuditConfigurationPolicy","Parameters":[{"CIMType":"String","Description":"Workload associated with the policy.","Name":"Workload","Option":"Key","ValueMap":["Exchange","SharePoint","OneDriveForBusiness"],"Values":["Exchange","SharePoint","OneDriveForBusiness"]},{"CIMType":"String","Description":"Specify if this policy should exist or not.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures an Audit ConfigurationPolicy in Purview."},{"ClassName":"MSFT_SCAutoSensitivityLabelPolicy","Parameters":[{"CIMType":"String","Description":"The Name parameter specifies the unique name for the sensitivity label. The maximum length is 64 characters. If the value contains spaces, enclose the value in quotation marks.","Name":"Name","Option":"Key"},{"CIMType":"String","Description":"Specify if this label policy should exist or not.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"String","Description":"The Comment parameter specifies an optional comment.","Name":"Comment","Option":"Write"},{"CIMType":"String","Description":"The ApplySensitivityLabel parameter specifies the label to use for the auto label policy.","Name":"ApplySensitivityLabel","Option":"Write"},{"CIMType":"String[]","Description":"The ExchangeSender parameter specifies which senders to include in the policy.","Name":"ExchangeSender","Option":"Write"},{"CIMType":"String[]","Description":"The ExchangeSenderException parameter specifies which senders to exclude in the policy.","Name":"ExchangeSenderException","Option":"Write"},{"CIMType":"String[]","Description":"The ExchangeSenderMemberOf parameter specifies the distribution groups, mail-enabled security groups, or dynamic distribution groups to include in the auto-labeling policy.","Name":"ExchangeSenderMemberOf","Option":"Write"},{"CIMType":"String[]","Description":"he ExchangeSenderMemberOf parameter specifies the distribution groups, mail-enabled security groups, or dynamic distribution groups to exclude from the auto-labeling policy.","Name":"ExchangeSenderMemberOfException","Option":"Write"},{"CIMType":"String[]","Description":"The ExchangeSender parameter specifies which senders to include in the policy.","Name":"ExchangeLocation","Option":"Write"},{"CIMType":"String[]","Description":"This AddExchangeLocation parameter specifies new Exchange locations to be added to the policy without affecting the existing ones.","Name":"AddExchangeLocation","Option":"Write"},{"CIMType":"String[]","Description":"The RemoveExchangeLocation parameter removes locations on Exchange from the policy.","Name":"RemoveExchangeLocation","Option":"Write"},{"CIMType":"String","Description":"The Mode parameter specifies the action and notification level of the auto-labeling policy.","Name":"Mode","Option":"Write","ValueMap":["Enable","Disable","TestWithNotifications","TestWithoutNotifications"],"Values":["Enable","Disable","TestWithNotifications","TestWithoutNotifications"]},{"CIMType":"String[]","Description":"The OneDriveLocation parameter specifies the OneDrive for Business sites to include. You identify the site by its URL value, or you can use the value.","Name":"OneDriveLocation","Option":"Write"},{"CIMType":"String[]","Description":"The AddOneDriveLocation parameter specifies the OneDrive for Business sites to add to the list of included sites when you aren't using the value All for the OneDriveLocation parameter.","Name":"AddOneDriveLocation","Option":"Write"},{"CIMType":"String[]","Description":"The RemoveOneDriveLocation parameter specifies the OneDrive for Business sites to remove from the list of included sites when you aren't using the value All for the OneDriveLocation parameter.","Name":"RemoveOneDriveLocation","Option":"Write"},{"CIMType":"String[]","Description":"This parameter specifies the OneDrive for Business sites to exclude when you use the value All for the OneDriveLocation parameter.","Name":"AddOneDriveLocationException","Option":"Write"},{"CIMType":"String[]","Description":"This RemoveOneDriveLocationException parameter specifies the OneDrive for Business sites to remove from the list of excluded sites when you use the value All for the OneDriveLocation parameter.","Name":"RemoveOneDriveLocationException","Option":"Write"},{"CIMType":"String[]","Description":"The AddOneDriveLocationException parameter specifies the OneDrive for Business sites to add to the list of excluded sites when you use the value All for the OneDriveLocation parameter.","Name":"OneDriveLocationException","Option":"Write"},{"CIMType":"uint32","Description":"The Priority parameter specifies the priority of the policy. The highest priority policy will take action over lower priority policies if two policies are applicable for a file.","Name":"Priority","Option":"Write"},{"CIMType":"String[]","Description":"The SharePointLocation parameter specifies the SharePoint Online sites to include. You identify the site by its URL value, or you can use the value All to include all sites.","Name":"SharePointLocation","Option":"Write"},{"CIMType":"String[]","Description":"This parameter specifies the SharePoint Online sites to exclude when you use the value All for the SharePointLocation parameter.","Name":"SharePointLocationException","Option":"Write"},{"CIMType":"String[]","Description":"The AddSharePointLocation parameter specifies the SharePoint Online sites to add to the list of included sites when you aren't using the value All for the SharePointLocation parameter.","Name":"AddSharePointLocationException","Option":"Write"},{"CIMType":"String[]","Description":"The RemoveSharePointLocationException parameter specifies the SharePoint Online sites to remove from the list of excluded sites when you use the value All for the SharePointLocation parameter.","Name":"RemoveSharePointLocationException","Option":"Write"},{"CIMType":"String[]","Description":"The AddSharePointLocation parameter specifies the SharePoint Online sites to add to the list of included sites when you aren't using the value All for the SharePointLocation parameter.","Name":"AddSharePointLocation","Option":"Write"},{"CIMType":"String[]","Description":"The RemoveSharePointLocation parameter specifies the SharePoint Online sites to remove from the list of included sites when you aren't using the value All for the SharePointLocation parameter.","Name":"RemoveSharePointLocation","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures an Auto Sensitivity label policy in Purview."},{"ClassName":"MSFT_SCHeaderPattern","Parameters":[{"CIMType":"String","Description":"Name of the header pattern","Name":"Name","Option":"Required"},{"CIMType":"String[]","Description":"Regular expressions for the pattern","Name":"Values","Option":"Required"}],"Description":"This resource configures an Auto Sensitivity Label Rule in Purview."},{"ClassName":"MSFT_SCDLPSensitiveInformation","Parameters":[{"CIMType":"String","Description":"Name of the Sensitive Information Content","Name":"name","Option":"Key"},{"CIMType":"String","Description":"Id of the Sensitive Information Content","Name":"id","Option":"Write"},{"CIMType":"String","Description":"Maximum Confidence level value for the Sensitive Information","Name":"maxconfidence","Option":"Write"},{"CIMType":"String","Description":"Minimum Confidence level value for the Sensitive Information","Name":"minconfidence","Option":"Write"},{"CIMType":"String","Description":"Type of Classifier value for the Sensitive Information","Name":"classifiertype","Option":"Write"},{"CIMType":"String","Description":"Minimum Count value for the Sensitive Information","Name":"mincount","Option":"Write"},{"CIMType":"String","Description":"Maximum Count value for the Sensitive Information","Name":"maxcount","Option":"Write"}],"Description":"This resource configures an Auto Sensitivity Label Rule in Purview."},{"ClassName":"MSFT_SCDLPLabel","Parameters":[{"CIMType":"String","Description":"Name of the Sensitive Label","Name":"name","Option":"Key"},{"CIMType":"String","Description":"Id of the Sensitive Information label","Name":"id","Option":"Write"},{"CIMType":"String","Description":"Type of the Sensitive Information label","Name":"type","Option":"Write"}],"Description":"This resource configures an Auto Sensitivity Label Rule in Purview."},{"ClassName":"MSFT_SCDLPContainsSensitiveInformationGroup","Parameters":[{"CIMType":"MSFT_SCDLPSensitiveInformation[]","Description":"Sensitive Information Content Types","Name":"SensitiveInformation","Option":"Write"},{"CIMType":"MSFT_SCDLPLabel[]","Description":"Sensitive Information Labels","Name":"Labels","Option":"Write"},{"CIMType":"String","Description":"Name of the group","Name":"Name","Option":"Key"},{"CIMType":"String","Description":"Operator","Name":"Operator","Option":"Required","ValueMap":["And","Or"],"Values":["And","Or"]}],"Description":"This resource configures an Auto Sensitivity Label Rule in Purview."},{"ClassName":"MSFT_SCDLPContainsSensitiveInformation","Parameters":[{"CIMType":"MSFT_SCDLPSensitiveInformation[]","Description":"Sensitive Information Content Types","Name":"SensitiveInformation","Option":"Write"},{"CIMType":"MSFT_SCDLPContainsSensitiveInformationGroup[]","Description":"Groups of sensitive information types.","Name":"Groups","Option":"Write"},{"CIMType":"String","Description":"Operator","Name":"Operator","Option":"Write","ValueMap":["And","Or"],"Values":["And","Or"]}],"Description":"This resource configures an Auto Sensitivity Label Rule in Purview."},{"ClassName":"MSFT_SCAutoSensitivityLabelRule","Parameters":[{"CIMType":"String","Description":"Name of the Rule.","Name":"Name","Option":"Key"},{"CIMType":"String","Description":"Name of the associated Policy.","Name":"Policy","Option":"Required"},{"CIMType":"String","Description":"The AccessScope parameter specifies a condition for the auto-labeling policy rule that's based on the access scope of the content. The rule is applied to content that matches the specified access scope. Valid values are: InOrganization, NotInOrganization, None","Name":"AccessScope","Option":"Write","ValueMap":["InOrganization","NotInOrganization","None"],"Values":["InOrganization","NotInOrganization","None"]},{"CIMType":"String","Description":"The AnyOfRecipientAddressContainsWords parameter specifies a condition for the auto-labeling policy rule that looks for words or phrases in recipient email addresses. You can specify multiple words or phrases separated by commas.","Name":"AnyOfRecipientAddressContainsWords","Option":"Write"},{"CIMType":"String","Description":"The AnyOfRecipientAddressMatchesPatterns parameter specifies a condition for the auto-labeling policy rule that looks for text patterns in recipient email addresses by using regular expressions.","Name":"AnyOfRecipientAddressMatchesPatterns","Option":"Write"},{"CIMType":"String","Description":"The Comment parameter specifies an optional comment.","Name":"Comment","Option":"Write"},{"CIMType":"MSFT_SCDLPContainsSensitiveInformation","Description":"The ContentContainsSensitiveInformation parameter specifies a condition for the rule that's based on a sensitive information type match in content. The rule is applied to content that contains the specified sensitive information type.","Name":"ContentContainsSensitiveInformation","Option":"Write"},{"CIMType":"String","Description":"The ContentExtensionMatchesWords parameter specifies a condition for the auto-labeling policy rule that looks for words in file name extensions. You can specify multiple words separated by commas.","Name":"ContentExtensionMatchesWords","Option":"Write"},{"CIMType":"Boolean","Description":"The Disabled parameter specifies whether the auto-labeling policy rule is enabled or disabled.","Name":"Disabled","Option":"Write"},{"CIMType":"Boolean","Description":"The DocumentIsPasswordProtected parameter specifies a condition for the auto-labeling policy rule that looks for password protected files (because the contents of the file can't be inspected). Password detection only works for Office documents and .zip files. ","Name":"DocumentIsPasswordProtected","Option":"Write"},{"CIMType":"Boolean","Description":"The DocumentIsUnsupported parameter specifies a condition for the auto-labeling policy rule that looks for files that can't be scanned.","Name":"DocumentIsUnsupported","Option":"Write"},{"CIMType":"String","Description":"The ExceptIfAccessScopeAccessScope parameter specifies an exception for the auto-labeling policy rule that's based on the access scope of the content. The rule isn't applied to content that matches the specified access scope. Valid values are: InOrganization, NotInOrganization, None","Name":"ExceptIfAccessScope","Option":"Write","ValueMap":["InOrganization","NotInOrganization","None"],"Values":["InOrganization","NotInOrganization","None"]},{"CIMType":"String","Description":"The ExceptIfAnyOfRecipientAddressContainsWords parameter specifies an exception for the auto-labeling policy rule that looks for words or phrases in recipient email addresses. You can specify multiple words separated by commas.","Name":"ExceptIfAnyOfRecipientAddressContainsWords","Option":"Write"},{"CIMType":"String","Description":"The ExceptIfAnyOfRecipientAddressMatchesPatterns parameter specifies an exception for the auto-labeling policy rule that looks for text patterns in recipient email addresses by using regular expressions. ","Name":"ExceptIfAnyOfRecipientAddressMatchesPatterns","Option":"Write"},{"CIMType":"MSFT_SCDLPContainsSensitiveInformation","Description":"The ExceptIfContentContainsSensitiveInformation parameter specifies an exception for the auto-labeling policy rule that's based on a sensitive information type match in content. The rule isn't applied to content that contains the specified sensitive information type.","Name":"ExceptIfContentContainsSensitiveInformation","Option":"Write"},{"CIMType":"String[]","Description":"The ExceptIfContentExtensionMatchesWords parameter specifies an exception for the auto-labeling policy rule that looks for words in file name extensions. You can specify multiple words separated by commas.","Name":"ExceptIfContentExtensionMatchesWords","Option":"Write"},{"CIMType":"Boolean","Description":"The ExceptIfDocumentIsPasswordProtected parameter specifies an exception for the auto-labeling policy rule that looks for password protected files (because the contents of the file can't be inspected). Password detection only works for Office documents and .zip files. ","Name":"ExceptIfDocumentIsPasswordProtected","Option":"Write"},{"CIMType":"Boolean","Description":"The ExceptIfDocumentIsUnsupported parameter specifies an exception for the auto-labeling policy rule that looks for files that can't be scanned.","Name":"ExceptIfDocumentIsUnsupported","Option":"Write"},{"CIMType":"String[]","Description":"The ExceptIfFrom parameter specifies an exception for the auto-labeling policy rule that looks for messages from specific senders. You can use any value that uniquely identifies the sender.","Name":"ExceptIfFrom","Option":"Write"},{"CIMType":"String","Description":"The ExceptIfFromAddressContainsWords parameter specifies an exception for the auto-labeling policy rule that looks for words or phrases in the sender's email address. You can specify multiple words or phrases separated by commas.","Name":"ExceptIfFromAddressContainsWords","Option":"Write"},{"CIMType":"String","Description":"The ExceptIfFromAddressMatchesPatterns parameter specifies an exception for the auto-labeling policy rule that looks for text patterns in the sender's email address by using regular expressions. ","Name":"ExceptIfFromAddressMatchesPatterns","Option":"Write"},{"CIMType":"String[]","Description":"The ExceptIfFromMemberOf parameter specifies an exception for the auto-labeling policy rule that looks for messages sent by group members. You identify the group members by their email addresses. You can enter multiple values separated by commas.","Name":"ExceptIfFromMemberOf","Option":"Write"},{"CIMType":"String[]","Description":"The HeaderMatchesPatterns parameter specifies an exception for the auto-labeling policy rule that looks for text patterns in a header field by using regular expressions.","Name":"ExceptIfHeaderMatchesPatterns","Option":"Write"},{"CIMType":"Boolean","Description":"The ExceptIfProcessingLimitExceeded parameter specifies an exception for the auto-labeling policy rule that looks for files where scanning couldn't complete.","Name":"ExceptIfProcessingLimitExceeded","Option":"Write"},{"CIMType":"String[]","Description":"The ExceptIfRecipientDomainIs parameter specifies an exception for the auto-labeling policy rule that looks for recipients with email address in the specified domains. You can specify multiple domains separated by commas.","Name":"ExceptIfRecipientDomainIs","Option":"Write"},{"CIMType":"String[]","Description":"The ExceptIfSenderDomainIs parameter specifies an exception for the auto-labeling policy rule that looks for messages from senders with email address in the specified domains. You can specify multiple values separated by commas.","Name":"ExceptIfSenderDomainIs","Option":"Write"},{"CIMType":"String[]","Description":"The ExceptIfSenderIpRanges parameter specifies an exception for the auto-labeling policy rule that looks for senders whose IP addresses matches the specified value, or fall within the specified ranges.","Name":"ExceptIfSenderIPRanges","Option":"Write"},{"CIMType":"String[]","Description":"The ExceptIfSentTo parameter specifies an exception for the auto-labeling policy rule that looks for recipients in messages. You can use any value that uniquely identifies the recipient. ","Name":"ExceptIfSentTo","Option":"Write"},{"CIMType":"String[]","Description":"The ExceptIfSentToMemberOf parameter specifies an exception for the auto-labeling policy rule that looks for messages sent to members of distribution groups, dynamic distribution groups, or mail-enabled security groups. You identify the groups by email address. You can specify multiple values separated by commas.","Name":"ExceptIfSentToMemberOf","Option":"Write"},{"CIMType":"String","Description":"The ExceptIfSubjectMatchesPatterns parameter specifies an exception for the auto-labeling policy rule that looks for text patterns in the Subject field of messages by using regular expressions.","Name":"ExceptIfSubjectMatchesPatterns","Option":"Write"},{"CIMType":"String","Description":"The FromAddressContainsWords parameter specifies a condition for the auto-labeling policy rule that looks for words or phrases in the sender's email address. You can specify multiple words or phrases separated by commas.","Name":"FromAddressContainsWords","Option":"Write"},{"CIMType":"String","Description":"The FromAddressMatchesPatterns parameter specifies a condition for the auto-labeling policy rule that looks for text patterns in the sender's email address by using regular expressions.","Name":"FromAddressMatchesPatterns","Option":"Write"},{"CIMType":"MSFT_SCHeaderPattern","Description":"The HeaderMatchesPatterns parameter specifies a condition for the auto-labeling policy rule that looks for text patterns in a header field by using regular expressions.","Name":"HeaderMatchesPatterns","Option":"Write"},{"CIMType":"Boolean","Description":"The ProcessingLimitExceeded parameter specifies a condition for the auto-labeling policy rule that looks for files where scanning couldn't complete. You can use this condition to create rules that work together to identify and process messages where the content couldn't be fully scanned.","Name":"ProcessingLimitExceeded","Option":"Write"},{"CIMType":"String[]","Description":"The RecipientDomainIs parameter specifies a condition for the auto-labeling policy rule that looks for recipients with email address in the specified domains. You can specify multiple domains separated by commas.","Name":"RecipientDomainIs","Option":"Write"},{"CIMType":"String","Description":"The ReportSeverityLevel parameter specifies the severity level of the incident report for content detections based on the rule. Valid values are: None, Low, Medium, High","Name":"ReportSeverityLevel","Option":"Write","ValueMap":["None","Low","Medium","High"],"Values":["None","Low","Medium","High"]},{"CIMType":"String","Description":"The RuleErrorAction parameter specifies what to do if an error is encountered during the evaluation of the rule. Valid values are: Ignore, RetryThenBlock, *blank*","Name":"RuleErrorAction","Option":"Write","ValueMap":["Ignore","RetryThenBlock",""],"Values":["Ignore","RetryThenBlock",""]},{"CIMType":"String[]","Description":"The SenderDomainIs parameter specifies a condition for the auto-labeling policy rule that looks for messages from senders with email address in the specified domains. ","Name":"SenderDomainIs","Option":"Write"},{"CIMType":"String[]","Description":"The SenderIpRanges parameter specifies a condition for the auto-sensitivity policy rule that looks for senders whose IP addresses matches the specified value, or fall within the specified ranges.","Name":"SenderIPRanges","Option":"Write"},{"CIMType":"String[]","Description":"The SentTo parameter specifies a condition for the auto-sensitivity policy rule that looks for recipients in messages. You can use any value that uniquely identifies the recipient.","Name":"SentTo","Option":"Write"},{"CIMType":"String[]","Description":"The SentToMemberOf parameter specifies a condition for the auto-labeling policy rule that looks for messages sent to members of distribution groups, dynamic distribution groups, or mail-enabled security groups. You identify the groups by email address.","Name":"SentToMemberOf","Option":"Write"},{"CIMType":"String","Description":"The SubjectMatchesPatterns parameter specifies a condition for the auto-labeling policy rule that looks for text patterns in the Subject field of messages by using regular expressions.","Name":"SubjectMatchesPatterns","Option":"Write"},{"CIMType":"String","Description":"Workload the rule is associated with. Value can be: Exchange, SharePoint, OneDriveForBusiness, Applications, Azure, AWS and PowerBI","Name":"Workload","Option":"Key","ValueMap":["Exchange","SharePoint","OneDriveForBusiness","Applications","Azure","AWS","PowerBI"],"Values":["Exchange","SharePoint","OneDriveForBusiness","Applications","Azure","AWS","PowerBI"]},{"CIMType":"String","Description":"Specify if this rule should exist or not.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures an Auto Sensitivity Label Rule in Purview."},{"ClassName":"MSFT_SCCaseHoldPolicy","Parameters":[{"CIMType":"String","Description":"The Name parameter specifies the unique name of the case hold policy.","Name":"Name","Option":"Key"},{"CIMType":"String","Description":"The Case parameter specifies the eDiscovery case that you want to associate with the case hold policy.","Name":"Case","Option":"Key"},{"CIMType":"String","Description":"The Comment parameter specifies an optional comment.","Name":"Comment","Option":"Write"},{"CIMType":"Boolean","Description":"The Enabled parameter specifies whether the policy is enabled or disabled.","Name":"Enabled","Option":"Write"},{"CIMType":"String[]","Description":"The ExchangeLocation parameter specifies the mailboxes to include in the policy.","Name":"ExchangeLocation","Option":"Write"},{"CIMType":"String[]","Description":"The PublicFolderLocation parameter specifies that you want to include all public folders in the case hold policy. You use the value All for this parameter.","Name":"PublicFolderLocation","Option":"Write"},{"CIMType":"String[]","Description":"The SharePointLocation parameter specifies the SharePoint Online and OneDrive for Business sites to include. You identify a site by its URL value.","Name":"SharePointLocation","Option":"Write"},{"CIMType":"String","Description":"Specify if this policy should exist or not.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures an eDiscovery Case Policy in Purview."},{"ClassName":"MSFT_SCCaseHoldRule","Parameters":[{"CIMType":"String","Description":"The Name parameter specifies a unique name for the case hold rule.","Name":"Name","Option":"Key"},{"CIMType":"String","Description":"The Policy parameter specifies the case hold policy that contains the rule. You can use any value that uniquely identifies the policy.","Name":"Policy","Option":"Key"},{"CIMType":"String","Description":"The Comment parameter specifies an optional comment.","Name":"Comment","Option":"Write"},{"CIMType":"String","Description":"The ContentMatchQuery parameter specifies a content search filter. Use this parameter to create a query-based hold so only the content that matches the specified search query is placed on hold. This parameter uses a text search string or a query that's formatted by using the Keyword Query Language (KQL).","Name":"ContentMatchQuery","Option":"Write"},{"CIMType":"Boolean","Description":"The Disabled parameter specifies whether the case hold rule is enabled or disabled.","Name":"Disabled","Option":"Write"},{"CIMType":"String","Description":"Present ensures the rule exists, absent ensures it is removed","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Global Admin Account","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures an eDiscovery Case Hold Rule in Purview."},{"ClassName":"MSFT_SCComplianceCase","Parameters":[{"CIMType":"String","Description":"The Name parameter specifies the unique name of the compliance case.","Name":"Name","Option":"Key"},{"CIMType":"String","Description":"The description of the case.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Specify if this case should exist or not.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"String","Description":"Status for the case. Can either be 'Active' or 'Closed'","Name":"Status","Option":"Write","ValueMap":["Active","Closed"],"Values":["Active","Closed"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Global Admin Account","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures an eDiscovery Case in Purview."},{"ClassName":"MSFT_SCComplianceSearch","Parameters":[{"CIMType":"String","Description":"The Name parameter specifies the unique name of the complaiance tag.","Name":"Name","Option":"Key"},{"CIMType":"String","Description":"Compliance Case (eDiscovery) that this Search is associated with","Name":"Case","Option":"Write"},{"CIMType":"Boolean","Description":"The AllowNotFoundExchangeLocationsEnabled parameter specifies whether to include mailboxes other than regular user mailboxes in the compliance search.","Name":"AllowNotFoundExchangeLocationsEnabled","Option":"Write"},{"CIMType":"String","Description":"The ContentMatchQuery parameter specifies a content search filter. This parameter uses a text search string or a query that's formatted by using the Keyword Query Language (KQL).","Name":"ContentMatchQuery","Option":"Write"},{"CIMType":"String","Description":"The Description parameter specifies an optional description for the compliance search. If the value contains spaces, enclose the value in quotation marks.","Name":"Description","Option":"Write"},{"CIMType":"String[]","Description":"The ExchangeLocation parameter specifies the mailboxes to include.","Name":"ExchangeLocation","Option":"Write"},{"CIMType":"String[]","Description":"This parameter specifies the mailboxes to exclude when you use the value All for the ExchangeLocation parameter.","Name":"ExchangeLocationExclusion","Option":"Write"},{"CIMType":"String[]","Description":"The HoldNames parameter specifies that the content locations that have been placed on hold in the specified eDiscovery case will be searched. You use the value All for this parameter. You also need to specify the name of an eDiscovery case by using the Case parameter.","Name":"HoldNames","Option":"Write"},{"CIMType":"Boolean","Description":"The IncludeUserAppContent parameter specifies that you want to search the cloud-based storage location for users who don't have a regular Office 365 user account in your organization. These types of users include users without an Exchange Online license who use Office applications, Office 365 guest users, and on-premises users whose identity is synchronized with your Office 365 organization.","Name":"IncludeUserAppContent","Option":"Write"},{"CIMType":"String","Description":"The Language parameter specifies the language for the compliance search. Valid input for this parameter is a supported culture code value from the Microsoft .NET Framework CultureInfo class. For example, da-DK for Danish or ja-JP for Japanese.","Name":"Language","Option":"Write"},{"CIMType":"String[]","Description":"The PublicFolderLocation parameter specifies that you want to include all public folders in the search. You use the value All for this parameter.","Name":"PublicFolderLocation","Option":"Write"},{"CIMType":"String[]","Description":"The SharePointLocation parameter specifies the SharePoint Online sites to include. You identify the site by its URL value, or you can use the value All to include all sites.","Name":"SharePointLocation","Option":"Write"},{"CIMType":"String[]","Description":"This parameter specifies the SharePoint Online sites to exclude when you use the value All for the SharePointLocation parameter. You identify the site by its URL value.","Name":"SharePointLocationExclusion","Option":"Write"},{"CIMType":"String","Description":"Specify if this search should exist or not.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Global Admin Account","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures an Compliance Search (eDiscovery) in Purview."},{"ClassName":"MSFT_SCComplianceSearchAction","Parameters":[{"CIMType":"String","Description":"The Action parameter specifies what type of action to define. Accepted values are Export, Retention and Purge.","Name":"Action","Option":"Key","ValueMap":["Export","Preview","Purge","Retention"],"Values":["Export","Preview","Purge","Retention"]},{"CIMType":"String","Description":"The SearchName parameter specifies the name of the existing content search to associate with the content search action. You can specify multiple content searches separated by commas.","Name":"SearchName","Option":"Key"},{"CIMType":"String[]","Description":"The FileTypeExclusionsForUnindexedItems specifies the file types to exclude because they can't be indexed. You can specify multiple values separated by commas.","Name":"FileTypeExclusionsForUnindexedItems","Option":"Write"},{"CIMType":"Boolean","Description":"The EnableDedupe parameter eliminates duplication of messages when you export content search results.","Name":"EnableDedupe","Option":"Write"},{"CIMType":"Boolean","Description":"The IncludeCredential switch specifies whether to include the credential in the results.","Name":"IncludeCredential","Option":"Write"},{"CIMType":"Boolean","Description":"The IncludeSharePointDocumentVersions parameter specifies whether to export previous versions of the document when you use the Export switch.","Name":"IncludeSharePointDocumentVersions","Option":"Write"},{"CIMType":"String","Description":"The PurgeType parameter specifies how to remove items when the action is Purge.","Name":"PurgeType","Option":"Write","ValueMap":["SoftDelete","HardDelete"],"Values":["SoftDelete","HardDelete"]},{"CIMType":"Boolean","Description":"The RetryOnError switch specifies whether to retry the action on any items that failed without re-running the entire action all over again.","Name":"RetryOnError","Option":"Write"},{"CIMType":"String","Description":"The ActionScope parameter specifies the items to include when the action is Export.","Name":"ActionScope","Option":"Write","ValueMap":["IndexedItemsOnly","UnindexedItemsOnly","BothIndexedAndUnindexedItems"],"Values":["IndexedItemsOnly","UnindexedItemsOnly","BothIndexedAndUnindexedItems"]},{"CIMType":"String","Description":"Specify if this action should exist or not.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures a Compliance Search Action in Purview."},{"ClassName":"MSFT_SCFilePlanProperty","Parameters":[{"CIMType":"String","Description":"File plan department. Can get list by running Get-FilePlanPropertyDepartment.","Name":"FilePlanPropertyDepartment","Option":"Write"},{"CIMType":"String","Description":"File plan Authority. Can get list by running Get-FilePlanPropertyAuthority.","Name":"FilePlanPropertyAuthority","Option":"Write"},{"CIMType":"String","Description":"File plan category. Can get a list by running Get-FilePlanPropertyCategory.","Name":"FilePlanPropertyCategory","Option":"Write"},{"CIMType":"String","Description":"File plan citation. Can get a list by running Get-FilePlanPropertyCitation.","Name":"FilePlanPropertyCitation","Option":"Write"},{"CIMType":"String","Description":"File plan reference id. Can get a list by running Get-FilePlanPropertyReferenceId.","Name":"FilePlanPropertyReferenceId","Option":"Write"},{"CIMType":"String","Description":"File plan subcategory. Can get a list by running Get-FilePlanPropertySubCategory.","Name":"FilePlanPropertySubCategory","Option":"Write"}],"Description":"This resource configures a Compliance Tag in Purview."},{"ClassName":"MSFT_SCComplianceTag","Parameters":[{"CIMType":"String","Description":"The Name parameter specifies the unique name of the complaiance tag.","Name":"Name","Option":"Key"},{"CIMType":"String","Description":"Specify if this rule should exist or not.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"String","Description":"The Comment parameter specifies an optional comment.","Name":"Comment","Option":"Write"},{"CIMType":"String","Description":"The EventType parameter specifies the retention rule that's associated with the label.","Name":"EventType","Option":"Write"},{"CIMType":"Boolean","Description":"The IsRecordLabel parameter specifies whether the label is a record label.","Name":"IsRecordLabel","Option":"Write"},{"CIMType":"String","Description":"The Notes parameter specifies an optional note. If you specify a value that contains spaces, enclose the value in quotation marks, for example: 'This is a user note'","Name":"Notes","Option":"Write"},{"CIMType":"Boolean","Description":"Regulatory description","Name":"Regulatory","Option":"Write"},{"CIMType":"MSFT_SCFilePlanProperty","Description":"The FilePlanProperty parameter specifies the file plan properties to include in the label.","Name":"FilePlanProperty","Option":"Write"},{"CIMType":"String[]","Description":"The ReviewerEmail parameter specifies the email address of a reviewer for Delete and KeepAndDelete retention actions. You can specify multiple email addresses separated by commas.","Name":"ReviewerEmail","Option":"Write"},{"CIMType":"String","Description":"The RetentionDuration parameter specifies the hold duration for the retention rule. Valid values are: An integer - The hold duration in days, Unlimited - The content is held indefinitely.","Name":"RetentionDuration","Option":"Write"},{"CIMType":"String","Description":"The RetentionAction parameter specifies the action for the label. Valid values are: Delete, Keep or KeepAndDelete.","Name":"RetentionAction","Option":"Write","ValueMap":["Delete","Keep","KeepAndDelete"],"Values":["Delete","Keep","KeepAndDelete"]},{"CIMType":"String","Description":"The RetentionType parameter specifies whether the retention duration is calculated from the content creation date, tagged date, or last modification date. Valid values are: CreationAgeInDays, EventAgeInDays,ModificationAgeInDays, or TaggedAgeInDays.","Name":"RetentionType","Option":"Write","ValueMap":["CreationAgeInDays","EventAgeInDays","ModificationAgeInDays","TaggedAgeInDays"],"Values":["CreationAgeInDays","EventAgeInDays","ModificationAgeInDays","TaggedAgeInDays"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures a Compliance Tag in Purview."},{"ClassName":"MSFT_SCDeviceConditionalAccessPolicy","Parameters":[{"CIMType":"String","Description":"The name of the Device Conditional Access Policy.","Name":"Name","Option":"Key"},{"CIMType":"String","Description":"Specify if this policy should exist or not.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"String","Description":"The Comment parameter specifies an optional comment.","Name":"Comment","Option":"Write"},{"CIMType":"Boolean","Description":"The Enabled parameter specifies whether the policy is enabled.","Name":"Enabled","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Credentials of Security and Compliance Center Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures a Device Conditional Access Policy in Purview."},{"ClassName":"MSFT_SCDeviceConditionalAccessRule","Parameters":[{"CIMType":"String","Description":"Name for the rule.","Name":"Name","Option":"Key"},{"CIMType":"String","Description":"Name of the associated policy.","Name":"Policy","Option":"Write"},{"CIMType":"String[]","Description":"The display names of the graoups targeted by the policy.","Name":"TargetGroups","Option":"Write"},{"CIMType":"String","Description":"The AccountName parameter specifies the account name.","Name":"AccountName","Option":"Write"},{"CIMType":"String","Description":"The AccountUserName parameter specifies the account user name.","Name":"AccountUserName","Option":"Write"},{"CIMType":"Boolean","Description":"The AllowAppStore parameter specifies whether to allow access to the app store on devices.","Name":"AllowAppStore","Option":"Write"},{"CIMType":"Boolean","Description":"The AllowAssistantWhileLocked parameter specifies whether to allow the use of the voice assistant while devices are locked.","Name":"AllowAssistantWhileLocked","Option":"Write"},{"CIMType":"Boolean","Description":"The AllowConvenienceLogon parameter specifies whether to allow convenience logons on devices.","Name":"AllowConvenienceLogon","Option":"Write"},{"CIMType":"Boolean","Description":"The AllowDiagnosticSubmission parameter specifies whether to allow diagnostic submissions from devices.","Name":"AllowDiagnosticSubmission","Option":"Write"},{"CIMType":"Boolean","Description":"The AllowiCloudBackup parameter specifies whether to allow Apple iCloud Backup from devices.","Name":"AllowiCloudBackup","Option":"Write"},{"CIMType":"Boolean","Description":"The AllowiCloudDocSync parameter specifies whether to allow Apple iCloud Documents & Data sync on devices.","Name":"AllowiCloudDocSync","Option":"Write"},{"CIMType":"Boolean","Description":"The AllowiCloudPhotoSync parameter specifies whether to allow Apple iCloud Photos sync on devices.","Name":"AllowiCloudPhotoSync","Option":"Write"},{"CIMType":"Boolean","Description":"The AllowJailbroken parameter specifies whether to allow access to your organization by jailbroken or rooted devices.","Name":"AllowJailbroken","Option":"Write"},{"CIMType":"Boolean","Description":"The AllowPassbookWhileLocked parameter specifies whether to allow the use of Apple Passbook while devices are locked.","Name":"AllowPassbookWhileLocked","Option":"Write"},{"CIMType":"Boolean","Description":"The AllowScreenshot parameter specifies whether to allow screenshots on devices.","Name":"AllowScreenshot","Option":"Write"},{"CIMType":"Boolean","Description":"The AllowSimplePassword parameter specifies whether to allow simple or non-complex passwords on devices.","Name":"AllowSimplePassword","Option":"Write"},{"CIMType":"Boolean","Description":"The AllowVideoConferencing parameter specifies whether to allow video conferencing on devices. ","Name":"AllowVideoConferencing","Option":"Write"},{"CIMType":"Boolean","Description":"The AllowVoiceAssistant parameter specifies whether to allow using the voice assistant on devices.","Name":"AllowVoiceAssistant","Option":"Write"},{"CIMType":"Boolean","Description":"The AllowVoiceDialing parameter specifies whether to allow voice-activated telephone dialing.","Name":"AllowVoiceDialing","Option":"Write"},{"CIMType":"UInt32","Description":"The AntiVirusSignatureStatus parameter specifies the antivirus signature status.","Name":"AntiVirusSignatureStatus","Option":"Write"},{"CIMType":"UInt32","Description":"The AntiVirusStatus parameter specifies the antivirus status.","Name":"AntiVirusStatus","Option":"Write"},{"CIMType":"String","Description":"The AppsRating parameter species the maximum or most restrictive rating of apps that are allowed on devices.","Name":"AppsRating","Option":"Write"},{"CIMType":"String","Description":"The AutoUpdateStatus parameter specifies the update settings for devices.","Name":"AutoUpdateStatus","Option":"Write"},{"CIMType":"Boolean","Description":"The BluetoothEnabled parameter specifies whether to enable or disable Bluetooth on devices.","Name":"BluetoothEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The BluetoothEnabled parameter specifies whether to enable or disable Bluetooth on devices.","Name":"CameraEnabled","Option":"Write"},{"CIMType":"String","Description":"The EmailAddress parameter specifies the email address.","Name":"EmailAddress","Option":"Write"},{"CIMType":"Boolean","Description":"The EnableRemovableStorage parameter specifies whether removable storage can be used by devices.","Name":"EnableRemovableStorage","Option":"Write"},{"CIMType":"String","Description":"The ExchangeActiveSyncHost parameter specifies the Exchange ActiveSync host.","Name":"ExchangeActiveSyncHost","Option":"Write"},{"CIMType":"Boolean","Description":"The FirewallStatus parameter specifies the acceptable firewall status values on devices.","Name":"FirewallStatus","Option":"Write"},{"CIMType":"Boolean","Description":"The ForceAppStorePassword parameter specifies whether to require a password to use the app store on devices.","Name":"ForceAppStorePassword","Option":"Write"},{"CIMType":"Boolean","Description":"The ForceEncryptedBackup parameter specifies whether to force encrypted backups for devices.","Name":"ForceEncryptedBackup","Option":"Write"},{"CIMType":"UInt32","Description":"The MaxPasswordAttemptsBeforeWipe parameter specifies the number of incorrect password attempts that cause devices to be automatically wiped.","Name":"MaxPasswordAttemptsBeforeWipe","Option":"Write"},{"CIMType":"UInt32","Description":"The MaxPasswordGracePeriod parameter specifies the length of time users are allowed to reset expired passwords on devices.","Name":"MaxPasswordGracePeriod","Option":"Write"},{"CIMType":"String","Description":"The MoviesRating parameter species the maximum or most restrictive rating of movies that are allowed on devices. You specify the country/region rating system to use with the RegionRatings parameter.","Name":"MoviesRating","Option":"Write"},{"CIMType":"UInt32","Description":"The PasswordComplexity parameter specifies the password complexity.","Name":"PasswordComplexity","Option":"Write"},{"CIMType":"UInt32","Description":"The PasswordExpirationDays parameter specifies the number of days that the same password can be used on devices before users are required to change their passwords.","Name":"PasswordExpirationDays","Option":"Write"},{"CIMType":"UInt32","Description":"The PasswordHistoryCount parameter specifies the minimum number of unique new passwords that are required on devices before an old password can be reused.","Name":"PasswordHistoryCount","Option":"Write"},{"CIMType":"UInt32","Description":"The PasswordMinComplexChars parameter specifies the minimum number of complex characters that are required for device passwords. A complex character isn't a letter.","Name":"PasswordMinComplexChars","Option":"Write"},{"CIMType":"UInt32","Description":"The PasswordMinimumLength parameter specifies the minimum number of characters that are required for device passwords.","Name":"PasswordMinimumLength","Option":"Write"},{"CIMType":"UInt32","Description":"The PasswordQuality parameter specifies the minimum password quality rating that's required for device passwords. Password quality is a numeric scale that indicates the security and complexity of the password. A higher quality value indicates a more secure password.","Name":"PasswordQuality","Option":"Write"},{"CIMType":"Boolean","Description":"The PasswordRequired parameter specifies whether a password is required to access devices.","Name":"PasswordRequired","Option":"Write"},{"CIMType":"String","Description":"The PasswordTimeout parameter specifies the length of time that devices can be inactive before a password is required to reactivate them.","Name":"PasswordTimeout","Option":"Write"},{"CIMType":"Boolean","Description":"The PhoneMemoryEncrypted parameter specifies whether to encrypt the memory on devices.","Name":"PhoneMemoryEncrypted","Option":"Write"},{"CIMType":"String","Description":"The RegionRatings parameter specifies the rating system (country/region) to use for movie and television ratings with the MoviesRating and TVShowsRating parameters.","Name":"RegionRatings","Option":"Write"},{"CIMType":"Boolean","Description":"The RequireEmailProfile parameter specifies whether an email profile is required on devices.","Name":"RequireEmailProfile","Option":"Write"},{"CIMType":"Boolean","Description":"The SmartScreenEnabled parameter specifies whether to requireWindows SmartScreen on devices.","Name":"SmartScreenEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The SystemSecurityTLS parameter specifies whether TLS encryption is used on devices.","Name":"SystemSecurityTLS","Option":"Write"},{"CIMType":"String","Description":"The TVShowsRating parameter species the maximum or most restrictive rating of television shows that are allowed on devices. You specify the country/region rating system to use with the RegionRatings parameter.","Name":"TVShowsRating","Option":"Write"},{"CIMType":"String","Description":"The UserAccountControlStatus parameter specifies how User Account Control messages are presented on devices.","Name":"UserAccountControlStatus","Option":"Write"},{"CIMType":"Boolean","Description":"The WLANEnabled parameter specifies whether Wi-Fi is enabled devices.","Name":"WLANEnabled","Option":"Write"},{"CIMType":"String","Description":"The WorkFoldersSyncUrl parameter specifies the URL that's used to synchronize company data on devices.","Name":"WorkFoldersSyncUrl","Option":"Write"},{"CIMType":"string","Description":"Present ensures the instance exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Absent","Present"],"Values":["Absent","Present"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Manages Purview Device Conditional Access rules."},{"ClassName":"MSFT_SCDeviceConfigurationPolicy","Parameters":[{"CIMType":"String","Description":"The name of the Device Configuration Policy.","Name":"Name","Option":"Key"},{"CIMType":"String","Description":"Specify if this policy should exist or not.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"String","Description":"The Comment parameter specifies an optional comment.","Name":"Comment","Option":"Write"},{"CIMType":"Boolean","Description":"The Enabled parameter specifies whether the policy is enabled.","Name":"Enabled","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Credentials of Security and Compliance Center Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures a Device Configuration Policy in Purview."},{"ClassName":"MSFT_SCDeviceConfigurationRule","Parameters":[{"CIMType":"String","Description":"Name for the rule.","Name":"Name","Option":"Key"},{"CIMType":"String","Description":"Name of the associated policy.","Name":"Policy","Option":"Write"},{"CIMType":"String[]","Description":"The display names of the graoups targeted by the policy.","Name":"TargetGroups","Option":"Write"},{"CIMType":"String","Description":"The AccountName parameter specifies the account name.","Name":"AccountName","Option":"Write"},{"CIMType":"String","Description":"The AccountUserName parameter specifies the account user name.","Name":"AccountUserName","Option":"Write"},{"CIMType":"Boolean","Description":"The AllowAppStore parameter specifies whether to allow access to the app store on devices.","Name":"AllowAppStore","Option":"Write"},{"CIMType":"Boolean","Description":"The AllowAssistantWhileLocked parameter specifies whether to allow the use of the voice assistant while devices are locked.","Name":"AllowAssistantWhileLocked","Option":"Write"},{"CIMType":"Boolean","Description":"The AllowConvenienceLogon parameter specifies whether to allow convenience logons on devices.","Name":"AllowConvenienceLogon","Option":"Write"},{"CIMType":"Boolean","Description":"The AllowDiagnosticSubmission parameter specifies whether to allow diagnostic submissions from devices.","Name":"AllowDiagnosticSubmission","Option":"Write"},{"CIMType":"Boolean","Description":"The AllowiCloudBackup parameter specifies whether to allow Apple iCloud Backup from devices.","Name":"AllowiCloudBackup","Option":"Write"},{"CIMType":"Boolean","Description":"The AllowiCloudDocSync parameter specifies whether to allow Apple iCloud Documents & Data sync on devices.","Name":"AllowiCloudDocSync","Option":"Write"},{"CIMType":"Boolean","Description":"The AllowiCloudPhotoSync parameter specifies whether to allow Apple iCloud Photos sync on devices.","Name":"AllowiCloudPhotoSync","Option":"Write"},{"CIMType":"Boolean","Description":"The AllowPassbookWhileLocked parameter specifies whether to allow the use of Apple Passbook while devices are locked.","Name":"AllowPassbookWhileLocked","Option":"Write"},{"CIMType":"Boolean","Description":"The AllowScreenshot parameter specifies whether to allow screenshots on devices.","Name":"AllowScreenshot","Option":"Write"},{"CIMType":"Boolean","Description":"The AllowSimplePassword parameter specifies whether to allow simple or non-complex passwords on devices.","Name":"AllowSimplePassword","Option":"Write"},{"CIMType":"Boolean","Description":"The AllowVideoConferencing parameter specifies whether to allow video conferencing on devices. ","Name":"AllowVideoConferencing","Option":"Write"},{"CIMType":"Boolean","Description":"The AllowVoiceAssistant parameter specifies whether to allow using the voice assistant on devices.","Name":"AllowVoiceAssistant","Option":"Write"},{"CIMType":"Boolean","Description":"The AllowVoiceDialing parameter specifies whether to allow voice-activated telephone dialing.","Name":"AllowVoiceDialing","Option":"Write"},{"CIMType":"UInt32","Description":"The AntiVirusSignatureStatus parameter specifies the antivirus signature status.","Name":"AntiVirusSignatureStatus","Option":"Write"},{"CIMType":"UInt32","Description":"The AntiVirusStatus parameter specifies the antivirus status.","Name":"AntiVirusStatus","Option":"Write"},{"CIMType":"String","Description":"The AppsRating parameter species the maximum or most restrictive rating of apps that are allowed on devices.","Name":"AppsRating","Option":"Write"},{"CIMType":"String","Description":"The AutoUpdateStatus parameter specifies the update settings for devices.","Name":"AutoUpdateStatus","Option":"Write"},{"CIMType":"Boolean","Description":"The BluetoothEnabled parameter specifies whether to enable or disable Bluetooth on devices.","Name":"BluetoothEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The BluetoothEnabled parameter specifies whether to enable or disable Bluetooth on devices.","Name":"CameraEnabled","Option":"Write"},{"CIMType":"String","Description":"The EmailAddress parameter specifies the email address.","Name":"EmailAddress","Option":"Write"},{"CIMType":"Boolean","Description":"The EnableRemovableStorage parameter specifies whether removable storage can be used by devices.","Name":"EnableRemovableStorage","Option":"Write"},{"CIMType":"String","Description":"The ExchangeActiveSyncHost parameter specifies the Exchange ActiveSync host.","Name":"ExchangeActiveSyncHost","Option":"Write"},{"CIMType":"Boolean","Description":"The FirewallStatus parameter specifies the acceptable firewall status values on devices.","Name":"FirewallStatus","Option":"Write"},{"CIMType":"Boolean","Description":"The ForceAppStorePassword parameter specifies whether to require a password to use the app store on devices.","Name":"ForceAppStorePassword","Option":"Write"},{"CIMType":"Boolean","Description":"The ForceEncryptedBackup parameter specifies whether to force encrypted backups for devices.","Name":"ForceEncryptedBackup","Option":"Write"},{"CIMType":"UInt32","Description":"The MaxPasswordAttemptsBeforeWipe parameter specifies the number of incorrect password attempts that cause devices to be automatically wiped.","Name":"MaxPasswordAttemptsBeforeWipe","Option":"Write"},{"CIMType":"UInt32","Description":"The MaxPasswordGracePeriod parameter specifies the length of time users are allowed to reset expired passwords on devices.","Name":"MaxPasswordGracePeriod","Option":"Write"},{"CIMType":"String","Description":"The MoviesRating parameter species the maximum or most restrictive rating of movies that are allowed on devices. You specify the country/region rating system to use with the RegionRatings parameter.","Name":"MoviesRating","Option":"Write"},{"CIMType":"UInt32","Description":"The PasswordComplexity parameter specifies the password complexity.","Name":"PasswordComplexity","Option":"Write"},{"CIMType":"UInt32","Description":"The PasswordExpirationDays parameter specifies the number of days that the same password can be used on devices before users are required to change their passwords.","Name":"PasswordExpirationDays","Option":"Write"},{"CIMType":"UInt32","Description":"The PasswordHistoryCount parameter specifies the minimum number of unique new passwords that are required on devices before an old password can be reused.","Name":"PasswordHistoryCount","Option":"Write"},{"CIMType":"UInt32","Description":"The PasswordMinComplexChars parameter specifies the minimum number of complex characters that are required for device passwords. A complex character isn't a letter.","Name":"PasswordMinComplexChars","Option":"Write"},{"CIMType":"UInt32","Description":"The PasswordMinimumLength parameter specifies the minimum number of characters that are required for device passwords.","Name":"PasswordMinimumLength","Option":"Write"},{"CIMType":"UInt32","Description":"The PasswordQuality parameter specifies the minimum password quality rating that's required for device passwords. Password quality is a numeric scale that indicates the security and complexity of the password. A higher quality value indicates a more secure password.","Name":"PasswordQuality","Option":"Write"},{"CIMType":"Boolean","Description":"The PasswordRequired parameter specifies whether a password is required to access devices.","Name":"PasswordRequired","Option":"Write"},{"CIMType":"String","Description":"The PasswordTimeout parameter specifies the length of time that devices can be inactive before a password is required to reactivate them.","Name":"PasswordTimeout","Option":"Write"},{"CIMType":"Boolean","Description":"The PhoneMemoryEncrypted parameter specifies whether to encrypt the memory on devices.","Name":"PhoneMemoryEncrypted","Option":"Write"},{"CIMType":"String","Description":"The RegionRatings parameter specifies the rating system (country/region) to use for movie and television ratings with the MoviesRating and TVShowsRating parameters.","Name":"RegionRatings","Option":"Write"},{"CIMType":"Boolean","Description":"The RequireEmailProfile parameter specifies whether an email profile is required on devices.","Name":"RequireEmailProfile","Option":"Write"},{"CIMType":"Boolean","Description":"The SmartScreenEnabled parameter specifies whether to requireWindows SmartScreen on devices.","Name":"SmartScreenEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The SystemSecurityTLS parameter specifies whether TLS encryption is used on devices.","Name":"SystemSecurityTLS","Option":"Write"},{"CIMType":"String","Description":"The TVShowsRating parameter species the maximum or most restrictive rating of television shows that are allowed on devices. You specify the country/region rating system to use with the RegionRatings parameter.","Name":"TVShowsRating","Option":"Write"},{"CIMType":"String","Description":"The UserAccountControlStatus parameter specifies how User Account Control messages are presented on devices.","Name":"UserAccountControlStatus","Option":"Write"},{"CIMType":"Boolean","Description":"The WLANEnabled parameter specifies whether Wi-Fi is enabled devices.","Name":"WLANEnabled","Option":"Write"},{"CIMType":"String","Description":"The WorkFoldersSyncUrl parameter specifies the URL that's used to synchronize company data on devices.","Name":"WorkFoldersSyncUrl","Option":"Write"},{"CIMType":"string","Description":"Present ensures the instance exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Absent","Present"],"Values":["Absent","Present"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures a Device Configuration Rule in Purview."},{"ClassName":"MSFT_SCDLPCompliancePolicy","Parameters":[{"CIMType":"String","Description":"The Name parameter specifies the unique name of the DLP policy. If the value contains spaces, enclose the value in quotation marks.","Name":"Name","Option":"Key"},{"CIMType":"String","Description":"The Comment parameter specifies an optional comment.","Name":"Comment","Option":"Write"},{"CIMType":"String[]","Description":"The EndpointDLPLocation parameter specifies the user accounts to include in the DLP policy for Endpoint DLP when they are logged on to an onboarded device. You identify the account by name or email address. You can use the value All to include all user accounts.","Name":"EndpointDlpLocation","Option":"Write"},{"CIMType":"String[]","Description":"The EndpointDlpLocationException parameter specifies the user accounts to exclude from Endpoint DLP when you use the value All for the EndpointDlpLocation parameter. You identify the account by name or email address.","Name":"EndpointDlpLocationException","Option":"Write"},{"CIMType":"String[]","Description":"The OnPremisesScannerDlpLocation parameter specifies the on-premises file shares and SharePoint document libraries and folders to include in the DLP policy. You can use the value All to include all on-premises file shares and SharePoint document libraries and folders.","Name":"OnPremisesScannerDlpLocation","Option":"Write"},{"CIMType":"String[]","Description":"The OnPremisesScannerDlpLocationException parameter specifies the on-premises file shares and SharePoint document libraries and folders to exclude from the DLP policy if you use the value All for the OnPremisesScannerDlpLocation parameter.","Name":"OnPremisesScannerDlpLocationException","Option":"Write"},{"CIMType":"String[]","Description":"The PowerBIDlpLocation parameter specifies the Power BI workspace IDs to include in the DLP policy. Only workspaces hosted in Premium Gen2 capacities are permitted. You can use the value All to include all supported workspaces.","Name":"PowerBIDlpLocation","Option":"Write"},{"CIMType":"String[]","Description":"The PowerBIDlpLocationException parameter specifies the Power BI workspace IDs to exclude from the DLP policy when you use the value All for the PowerBIDlpLocation parameter. Only workspaces hosted in Premium Gen2 capacities are permitted.","Name":"PowerBIDlpLocationException","Option":"Write"},{"CIMType":"String[]","Description":"The ThirdPartyAppDlpLocation parameter specifies the non-Microsoft cloud apps to include in the DLP policy. You can use the value All to include all connected apps.","Name":"ThirdPartyAppDlpLocation","Option":"Write"},{"CIMType":"String[]","Description":"The ThirdPartyAppDlpLocationException parameter specifies the non-Microsoft cloud apps to exclude from the DLP policy when you use the value All for the ThirdPartyAppDlpLocation parameter.","Name":"ThirdPartyAppDlpLocationException","Option":"Write"},{"CIMType":"String[]","Description":"The ExchangeLocation parameter specifies Exchange Online mailboxes to include in the DLP policy. You can only use the value All for this parameter to include all mailboxes.","Name":"ExchangeLocation","Option":"Write"},{"CIMType":"String[]","Description":"Exchange members to include.","Name":"ExchangeSenderMemberOf","Option":"Write"},{"CIMType":"String[]","Description":"Exchange members to exclude.","Name":"ExchangeSenderMemberOfException","Option":"Write"},{"CIMType":"String","Description":"The Mode parameter specifies the action and notification level of the DLP policy. Valid values are: Enable, TestWithNotifications, TestWithoutNotifications, Disable and PendingDeletion.","Name":"Mode","Option":"Write","ValueMap":["Enable","TestWithNotifications","TestWithoutNotifications","Disable","PendingDeletion"],"Values":["Enable","TestWithNotifications","TestWithoutNotifications","Disable","PendingDeletion"]},{"CIMType":"String[]","Description":"The OneDriveLocation parameter specifies the OneDrive for Business sites to include. You identify the site by its URL value, or you can use the value All to include all sites.","Name":"OneDriveLocation","Option":"Write"},{"CIMType":"String[]","Description":"This parameter specifies the OneDrive for Business sites to exclude when you use the value All for the OneDriveLocation parameter. You identify the site by its URL value.","Name":"OneDriveLocationException","Option":"Write"},{"CIMType":"UInt32","Description":"Priority for the Policy.","Name":"Priority","Option":"Write"},{"CIMType":"String[]","Description":"The SharePointLocation parameter specifies the SharePoint Online sites to include. You identify the site by its URL value, or you can use the value All to include all sites.","Name":"SharePointLocation","Option":"Write"},{"CIMType":"String[]","Description":"This parameter specifies the SharePoint Online sites to exclude when you use the value All for the SharePointLocation parameter. You identify the site by its URL value.","Name":"SharePointLocationException","Option":"Write"},{"CIMType":"String[]","Description":"Teams locations to include","Name":"TeamsLocation","Option":"Write"},{"CIMType":"String[]","Description":"Teams locations to exclude.","Name":"TeamsLocationException","Option":"Write"},{"CIMType":"String","Description":"Specify if this policy should exist or not.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures a Data Loss Prevention Compliance Policy in Purview."},{"ClassName":"MSFT_SCDLPComplianceRule","Parameters":[{"CIMType":"String","Description":"Name of the Rule.","Name":"Name","Option":"Key"},{"CIMType":"String","Description":"Name of the associated DLP Compliance Policy.","Name":"Policy","Option":"Required"},{"CIMType":"String","Description":"The AccessScope parameter specifies a condition for the DLP rule that's based on the access scope of the content. The rule is applied to content that matches the specified access scope.","Name":"AccessScope","Option":"Write","ValueMap":["InOrganization","NotInOrganization","None"],"Values":["InOrganization","NotInOrganization","None"]},{"CIMType":"Boolean","Description":"The BlockAccess parameter specifies an action for the DLP rule that blocks access to the source item when the conditions of the rule are met. $true: Blocks further access to the source item that matched the rule. The owner, author, and site owner can still access the item. $false: Allows access to the source item that matched the rule. This is the default value.","Name":"BlockAccess","Option":"Write"},{"CIMType":"String","Description":"The BlockAccessScope parameter specifies the scope of the block access action.","Name":"BlockAccessScope","Option":"Write","ValueMap":["All","PerUser","None"],"Values":["All","PerUser","None"]},{"CIMType":"String","Description":"The Comment parameter specifies an optional comment. If you specify a value that contains spaces, enclose the value in quotation marks.","Name":"Comment","Option":"Write"},{"CIMType":"String","Description":"The AdvancedRule parameter uses complex rule syntax that supports multiple AND, OR, and NOT operators and nested groups","Name":"AdvancedRule","Option":"Write"},{"CIMType":"MSFT_SCDLPContainsSensitiveInformation","Description":"The ContentContainsSensitiveInformation parameter specifies a condition for the rule that's based on a sensitive information type match in content. The rule is applied to content that contains the specified sensitive information type.","Name":"ContentContainsSensitiveInformation","Option":"Write"},{"CIMType":"MSFT_SCDLPContainsSensitiveInformation","Description":"The ExceptIfContentContainsSensitiveInformation parameter specifies an exception for the rule that's based on a sensitive information type match in content. The rule isn't applied to content that contains the specified sensitive information type.","Name":"ExceptIfContentContainsSensitiveInformation","Option":"Write"},{"CIMType":"String[]","Description":"The ContentPropertyContainsWords parameter specifies a condition for the DLP rule that's based on a property match in content. The rule is applied to content that contains the specified property.","Name":"ContentPropertyContainsWords","Option":"Write"},{"CIMType":"Boolean","Description":"The Disabled parameter specifies whether the DLP rule is disabled.","Name":"Disabled","Option":"Write"},{"CIMType":"String[]","Description":"The GenerateAlert parameter specifies an action for the DLP rule that notifies the specified users when the conditions of the rule are met.","Name":"GenerateAlert","Option":"Write"},{"CIMType":"String[]","Description":"The GenerateIncidentReport parameter specifies an action for the DLP rule that sends an incident report to the specified users when the conditions of the rule are met.","Name":"GenerateIncidentReport","Option":"Write"},{"CIMType":"String[]","Description":"The IncidentReportContent parameter specifies the content to include in the report when you use the GenerateIncidentReport parameter.","Name":"IncidentReportContent","Option":"Write","ValueMap":["All","Default","DetectionDetails","Detections","DocumentAuthor","DocumentLastModifier","MatchedItem","OriginalContent","RulesMatched","Service","Severity","Title","RetentionLabel","SensitivityLabel"],"Values":["All","Default","DetectionDetails","Detections","DocumentAuthor","DocumentLastModifier","MatchedItem","OriginalContent","RulesMatched","Service","Severity","Title","RetentionLabel","SensitivityLabel"]},{"CIMType":"String[]","Description":"The NotifyAllowOverride parameter specifies the notification override options when the conditions of the rule are met.","Name":"NotifyAllowOverride","Option":"Write","ValueMap":["FalsePositive","WithoutJustification","WithJustification"],"Values":["FalsePositive","WithoutJustification","WithJustification"]},{"CIMType":"String","Description":"The NotifyEmailCustomText parameter specifies the custom text in the email notification message that's sent to recipients when the conditions of the rule are met.","Name":"NotifyEmailCustomText","Option":"Write"},{"CIMType":"String","Description":"The NotifyPolicyTipCustomText parameter specifies the custom text in the Policy Tip notification message that's shown to recipients when the conditions of the rule are met. The maximum length is 256 characters. HTML tags and tokens (variables) aren't supported.","Name":"NotifyPolicyTipCustomText","Option":"Write"},{"CIMType":"String[]","Description":"The NotifyUser parameter specifies an action for the DLP rule that notifies the specified users when the conditions of the rule are met.","Name":"NotifyUser","Option":"Write"},{"CIMType":"String","Description":"The ReportSeverityLevel parameter specifies the severity level of the incident report for content detections based on the rule.","Name":"ReportSeverityLevel","Option":"Write","ValueMap":["Low","Medium","High","None"],"Values":["Low","Medium","High","None"]},{"CIMType":"String","Description":"The RuleErrorAction parameter specifies what to do if an error is encountered during the evaluation of the rule.","Name":"RuleErrorAction","Option":"Write","ValueMap":["Ignore","RetryThenBlock"],"Values":["Ignore","RetryThenBlock"]},{"CIMType":"String","Description":"Specify if this rule should exist or not.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"String[]","Description":"The AnyOfRecipientAddressContainsWords parameter specifies a condition for the DLP rule that looks for words or phrases in recipient email addresses.","Name":"AnyOfRecipientAddressContainsWords","Option":"Write"},{"CIMType":"String[]","Description":"The AnyOfRecipientAddressMatchesPatterns parameter specifies a condition for the DLP rule that looks for text patterns in recipient email addresses by using regular expressions.","Name":"AnyOfRecipientAddressMatchesPatterns","Option":"Write"},{"CIMType":"Boolean","Description":"The RemoveRMSTemplate parameter specifies an action for the DLP rule that removes Office 365 Message Encryption from messages and their attachments.","Name":"RemoveRMSTemplate","Option":"Write"},{"CIMType":"Boolean","Description":"The StopPolicyProcessing parameter specifies an action that stops processing more DLP policy rules.","Name":"StopPolicyProcessing","Option":"Write"},{"CIMType":"Boolean","Description":"The DocumentIsUnsupported parameter specifies a condition for the DLP rule that looks for files that can't be scanned.","Name":"DocumentIsUnsupported","Option":"Write"},{"CIMType":"Boolean","Description":"The ExceptIfDocumentIsUnsupported parameter specifies an exception for the DLP rule that looks for files that can't be scanned.","Name":"ExceptIfDocumentIsUnsupported","Option":"Write"},{"CIMType":"Boolean","Description":"The SenderOverride parameter specifies a condition for the rule that looks for messages where the sender chose to override a DLP policy.","Name":"HasSenderOverride","Option":"Write"},{"CIMType":"Boolean","Description":"The ExceptIfHasSenderOverride parameter specifies an exception for the rule that looks for messages where the sender chose to override a DLP policy.","Name":"ExceptIfHasSenderOverride","Option":"Write"},{"CIMType":"Boolean","Description":"The ProcessingLimitExceeded parameter specifies a condition for the DLP rule that looks for files where scanning couldn't complete.","Name":"ProcessingLimitExceeded","Option":"Write"},{"CIMType":"Boolean","Description":"The ExceptIfProcessingLimitExceeded parameter specifies an exception for the DLP rule that looks for files where scanning couldn't complete.","Name":"ExceptIfProcessingLimitExceeded","Option":"Write"},{"CIMType":"Boolean","Description":"The DocumentIsPasswordProtected parameter specifies a condition for the DLP rule that looks for password protected files (because the contents of the file can't be inspected). Password detection only works for Office documents and .zip files.","Name":"DocumentIsPasswordProtected","Option":"Write"},{"CIMType":"Boolean","Description":"The ExceptIfDocumentIsPasswordProtected parameter specifies an exception for the DLP rule that looks for password protected files (because the contents of the file can't be inspected). Password detection only works for Office documents and .zip files. ","Name":"ExceptIfDocumentIsPasswordProtected","Option":"Write"},{"CIMType":"String[]","Description":"The MessageTypeMatches parameter specifies a condition for the DLP rule that looks for types of SMIME message patterns.","Name":"MessageTypeMatches","Option":"Write"},{"CIMType":"String[]","Description":"The FromScope parameter specifies whether messages from inside or outside the organisation are in scope for the DLP rule.","Name":"FromScope","Option":"Write"},{"CIMType":"String[]","Description":"The ExceptIfFromScope parameter specifies whether messages from inside or outside the organisation are in scope for the DLP rule.","Name":"ExceptIfFromScope","Option":"Write"},{"CIMType":"String[]","Description":"The SubjectContainsWords parameter specifies a condition for the DLP rule that looks for words or phrases in the Subject field of messages. You can specify multiple words or phrases separated by commas.","Name":"SubjectContainsWords","Option":"Write"},{"CIMType":"String[]","Description":"The SubjectMatchesPatterns parameter specifies a condition for the DLP rule that looks for text patterns in the Subject field of messages by using regular expressions.","Name":"SubjectMatchesPatterns","Option":"Write"},{"CIMType":"String[]","Description":"The SubjectOrBodyContainsWords parameter specifies a condition for the rule that looks for words in the Subject field or body of messages.","Name":"SubjectOrBodyContainsWords","Option":"Write"},{"CIMType":"String[]","Description":"The SubjectOrBodyMatchesPatterns parameter specifies a condition for the rule that looks for text patterns in the Subject field or body of messages.","Name":"SubjectOrBodyMatchesPatterns","Option":"Write"},{"CIMType":"String[]","Description":"The ContentCharacterSetContainsWords parameter specifies a condition for the rule that looks for character set names in messages. You can specify multiple values separated by commas.","Name":"ContentCharacterSetContainsWords","Option":"Write"},{"CIMType":"String[]","Description":"The DocumentNameMatchesPatterns parameter specifies a condition for the DLP rule that looks for text patterns in the name of message attachments by using regular expressions.","Name":"DocumentNameMatchesPatterns","Option":"Write"},{"CIMType":"String[]","Description":"The DocumentNameMatchesWords parameter specifies a condition for the DLP rule that looks for words or phrases in the name of message attachments. ","Name":"DocumentNameMatchesWords","Option":"Write"},{"CIMType":"String[]","Description":"he ExceptIfAnyOfRecipientAddressContainsWords parameter specifies an exception for the DLP rule that looks for words or phrases in recipient email addresses.","Name":"ExceptIfAnyOfRecipientAddressContainsWords","Option":"Write"},{"CIMType":"String[]","Description":"The ExceptIfAnyOfRecipientAddressMatchesPatterns parameter specifies an exception for the DLP rule that looks for text patterns in recipient email addresses by using regular expressions.","Name":"ExceptIfAnyOfRecipientAddressMatchesPatterns","Option":"Write"},{"CIMType":"String[]","Description":"The ExceptIfContentCharacterSetContainsWords parameter specifies an exception for the rule that looks for character set names in messages.","Name":"ExceptIfContentCharacterSetContainsWords","Option":"Write"},{"CIMType":"String[]","Description":"The ExceptIfContentPropertyContainsWords parameter specifies an exception for the DLP rule that's based on a property match in content.","Name":"ExceptIfContentPropertyContainsWords","Option":"Write"},{"CIMType":"String[]","Description":"The ExceptIfDocumentNameMatchesPatterns parameter specifies an exception for the DLP rule that looks for text patterns in the name of message attachments by using regular expressions.","Name":"ExceptIfDocumentNameMatchesPatterns","Option":"Write"},{"CIMType":"String[]","Description":"The ExceptIfDocumentNameMatchesWords parameter specifies an exception for the DLP rule that looks for words or phrases in the name of message attachments.","Name":"ExceptIfDocumentNameMatchesWords","Option":"Write"},{"CIMType":"String[]","Description":"The ExceptIfFromAddressContainsWords parameter specifies an exception for the DLP rule that looks for words or phrases in the sender's email address.","Name":"ExceptIfFromAddressContainsWords","Option":"Write"},{"CIMType":"String[]","Description":"The ExceptIfFromAddressMatchesPatterns parameter specifies an exception for the DLP rule that looks for text patterns in the sender's email address by using regular expressions.","Name":"ExceptIfFromAddressMatchesPatterns","Option":"Write"},{"CIMType":"String[]","Description":"The FromAddressContainsWords parameter specifies a condition for the DLP rule that looks for words or phrases in the sender's email address.","Name":"FromAddressContainsWords","Option":"Write"},{"CIMType":"String[]","Description":"The FromAddressMatchesPatterns parameter specifies a condition for the DLP rule that looks for text patterns in the sender's email address by using regular expressions. ","Name":"FromAddressMatchesPatterns","Option":"Write"},{"CIMType":"String[]","Description":"The ExceptIfMessageTypeMatches parameter specifies an exception for the rule that looks for messages of the specified type.","Name":"ExceptIfMessageTypeMatches","Option":"Write"},{"CIMType":"String[]","Description":"The RecipientDomainIs parameter specifies a condition for the DLP rule that looks for recipients with email addresses in the specified domains.","Name":"RecipientDomainIs","Option":"Write"},{"CIMType":"String[]","Description":"The ExceptIfRecipientDomainIs parameter specifies an exception for the DLP rule that looks for recipients with email addresses in the specified domains.","Name":"ExceptIfRecipientDomainIs","Option":"Write"},{"CIMType":"String[]","Description":"The ExceptIfSenderDomainIs parameter specifies an exception for the DLP rule that looks for messages from senders with email address in the specified domains. ","Name":"ExceptIfSenderDomainIs","Option":"Write"},{"CIMType":"String[]","Description":"The ExceptIfSenderIpRanges parameter specifies an exception for the DLP rule that looks for senders whose IP addresses matches the specified value, or fall within the specified ranges.","Name":"ExceptIfSenderIPRanges","Option":"Write"},{"CIMType":"String[]","Description":"The ExceptIfSentTo parameter specifies an exception for the DLP rule that looks for recipients in messages. You identify the recipients by email address.","Name":"ExceptIfSentTo","Option":"Write"},{"CIMType":"String[]","Description":"The ExceptIfSubjectContainsWords parameter specifies an exception for the DLP rule that looks for words or phrases in the Subject field of messages.","Name":"ExceptIfSubjectContainsWords","Option":"Write"},{"CIMType":"String[]","Description":"The ExceptIfSubjectMatchesPatterns parameter specifies an exception for the DLP rule that looks for text patterns in the Subject field of messages by using regular expressions.","Name":"ExceptIfSubjectMatchesPatterns","Option":"Write"},{"CIMType":"String[]","Description":"The ExceptIfSubjectOrBodyContainsWords parameter specifies an exception for the rule that looks for words in the Subject field or body of messages.","Name":"ExceptIfSubjectOrBodyContainsWords","Option":"Write"},{"CIMType":"String[]","Description":"The ExceptIfSubjectOrBodyMatchesPatterns parameter specifies an exception for the rule that looks for text patterns in the Subject field or body of messages.","Name":"ExceptIfSubjectOrBodyMatchesPatterns","Option":"Write"},{"CIMType":"String[]","Description":"The DocumentContainsWords parameter specifies a condition for the DLP rule that looks for words in message attachments. Only supported attachment types are checked.","Name":"DocumentContainsWords","Option":"Write"},{"CIMType":"String[]","Description":"The SentToMemberOf parameter specifies a condition for the DLP rule that looks for messages sent to members of distribution groups, dynamic distribution groups, or mail-enabled security groups.","Name":"SentToMemberOf","Option":"Write"},{"CIMType":"Boolean","Description":"The ContentIsNotLabeled parameter specifies if the content is labeled. A True or False condition.","Name":"ContentIsNotLabeled","Option":"Write"},{"CIMType":"String[]","Description":"The SetHeader The SetHeader parameter specifies an action for the DLP rule that adds or modifies a header field and value in the message header. You can specify multiple header name and value pairs separated by commas","Name":"SetHeader","Option":"Write"},{"CIMType":"String[]","Description":"The ContentExtensionMatchesWords parameter specifies a condition for the DLP rule that looks for words in file name extensions. You can specify multiple words separated by commas.","Name":"ContentExtensionMatchesWords","Option":"Write"},{"CIMType":"String[]","Description":"The ExceptIfContentExtensionMatchesWords parameter specifies an exception for the DLP rule that looks for words in file name extensions. You can specify multiple words separated by commas.","Name":"ExceptIfContentExtensionMatchesWords","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures a Data Loss Prevention Compliance Rule in Purview."},{"ClassName":"MSFT_SCDLPSensitiveInformationType","Parameters":[{"CIMType":"String","Description":"The Name parameter specifies a name for the sensitive information type rule. The value must be less than 256 characters.","Name":"Name","Option":"Key"},{"CIMType":"String","Description":"Unique identifier of the Sensitive Information Type.","Name":"Identity","Option":"Write"},{"CIMType":"String","Description":"The Description parameter specifies a description for the sensitive information type rule.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"TBD","Name":"FileData","Option":"Write"},{"CIMType":"String","Description":"The Locale parameter specifies the language that's associated with the sensitive information type rule.","Name":"Locale","Option":"Write"},{"CIMType":"string","Description":"Present ensures the instance exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Absent","Present"],"Values":["Absent","Present"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Manages sensitive information types in Purview."},{"ClassName":"MSFT_SCFilePlanPropertyAuthority","Parameters":[{"CIMType":"String","Description":"The Name parameter specifies the unique name of the Authority.","Name":"Name","Option":"Key"},{"CIMType":"String","Description":"Specify if this authority should exist or not.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures an authority entry for Security and\nCompliance File Plans."},{"ClassName":"MSFT_SCFilePlanPropertyCategory","Parameters":[{"CIMType":"String","Description":"The Name parameter specifies the unique name of the category.","Name":"Name","Option":"Key"},{"CIMType":"String","Description":"Specify if this category should exist or not.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures a category entry for Security and\nCompliance File Plans."},{"ClassName":"MSFT_SCFilePlanPropertyCitation","Parameters":[{"CIMType":"String","Description":"The Name parameter specifies the unique name of the citation.","Name":"Name","Option":"Key"},{"CIMType":"String","Description":"URL of the citation.","Name":"CitationUrl","Option":"Write"},{"CIMType":"String","Description":"Jurisdiction of the citation.","Name":"CitationJurisdiction","Option":"Write"},{"CIMType":"String","Description":"Specify if this citation should exist or not.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures a citation entry for Security and\nCompliance File Plans."},{"ClassName":"MSFT_SCFilePlanPropertyDepartment","Parameters":[{"CIMType":"String","Description":"The Name parameter specifies the unique name of the department.","Name":"Name","Option":"Key"},{"CIMType":"String","Description":"Specify if this department should exist or not.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures a department entry for Security and\nCompliance File Plans."},{"ClassName":"MSFT_SCFilePlanPropertyReferenceId","Parameters":[{"CIMType":"String","Description":"The Name parameter specifies the unique name of the reference id.","Name":"Name","Option":"Key"},{"CIMType":"String","Description":"Specify if this reference id should exist or not.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures a reference ID entry for Security and\nCompliance File Plans."},{"ClassName":"MSFT_SCFilePlanPropertySubCategory","Parameters":[{"CIMType":"String","Description":"The Name parameter specifies the unique name of the sub-category.","Name":"Name","Option":"Key"},{"CIMType":"String","Description":"The Category parameter specifies the name of the parent category associated with the sub-category.","Name":"Category","Option":"Required"},{"CIMType":"String","Description":"Specify if this category should exist or not.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures a sub-category entry for Security and\nCompliance File Plans."},{"ClassName":"MSFT_SCInsiderRiskEntityListDomain","Parameters":[{"CIMType":"String","Description":"Domain name.","Name":"Dmn","Option":"Key"},{"CIMType":"Boolean","Description":"Defines if the entry should include multi-level subdomains or not.","Name":"isMLSubDmn","Option":"Write"}],"Description":"Configures settings for Insider Risk in Purview."},{"ClassName":"MSFT_SCInsiderRiskEntityListSite","Parameters":[{"CIMType":"String","Description":"Url of the site.","Name":"Url","Option":"Key"},{"CIMType":"String","Description":"Name of the site.","Name":"Name","Option":"Write"},{"CIMType":"String","Description":"Unique identifier of the site.","Name":"Guid","Option":"Write"}],"Description":"Configures settings for Insider Risk in Purview."},{"ClassName":"MSFT_SCInsiderRiskEntityList","Parameters":[{"CIMType":"String","Description":"The name of the group or setting.","Name":"Name","Option":"Key"},{"CIMType":"String","Description":"The setting type.","Name":"ListType","Option":"Required"},{"CIMType":"String","Description":"Description for the group or setting.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"The display name of the group or setting.","Name":"DisplayName","Option":"Write"},{"CIMType":"MSFT_SCInsiderRiskEntityListDomain[]","Description":"List of domains","Name":"Domains","Option":"Write"},{"CIMType":"String[]","Description":"List of file paths.","Name":"FilePaths","Option":"Write"},{"CIMType":"String[]","Description":"List of file types.","Name":"FileTypes","Option":"Write"},{"CIMType":"String[]","Description":"List of keywords.","Name":"Keywords","Option":"Write"},{"CIMType":"String[]","Description":"List of sensitive information types.","Name":"SensitiveInformationTypes","Option":"Write"},{"CIMType":"MSFT_SCInsiderRiskEntityListSite[]","Description":"List of sites.","Name":"Sites","Option":"Write"},{"CIMType":"String[]","Description":"List of trainable classifiers.","Name":"TrainableClassifiers","Option":"Write"},{"CIMType":"String[]","Description":"List of keywords for exception.","Name":"ExceptionKeyworkGroups","Option":"Write"},{"CIMType":"String[]","Description":"List of excluded trainable classifiers.","Name":"ExcludedClassifierGroups","Option":"Write"},{"CIMType":"String[]","Description":"List of excluded domains.","Name":"ExcludedDomainGroups","Option":"Write"},{"CIMType":"String[]","Description":"List of excluded file paths.","Name":"ExcludedFilePathGroups","Option":"Write"},{"CIMType":"String[]","Description":"List of excluded file types.","Name":"ExcludedFileTypeGroups","Option":"Write"},{"CIMType":"String[]","Description":"List of excluded keywords.","Name":"ExcludedKeyworkGroups","Option":"Write"},{"CIMType":"String[]","Description":"List of excluded sensitive information types.","Name":"ExcludedSensitiveInformationTypeGroups","Option":"Write"},{"CIMType":"String[]","Description":"List of excluded sites.","Name":"ExcludedSiteGroups","Option":"Write"},{"CIMType":"String","Description":"Specify if this entity should exist or not.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Configures settings for Insider Risk in Purview."},{"ClassName":"MSFT_SCInsiderRiskPolicy","Parameters":[{"CIMType":"string","Description":"Name of the insider risk policy.","Name":"Name","Option":"Key"},{"CIMType":"string","Description":"Name of the scenario supported by the policy.","Name":"InsiderRiskScenario","Option":"Key"},{"CIMType":"Boolean","Description":"When turned on, we'll scan sources in your org (such as the Microsoft 365 audit log) to detect the same activities used by insider risk policies. Scans run daily and provide real-time insights that can help you set up and refine policies to ensure you're detecting the most relevant activities.","Name":"IRASettingsEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"For users who perform activities matching your insider risk policies, decide whether to show their actual names or use pseudonymized versions to mask their identities.","Name":"Anonymization","Option":"Write"},{"CIMType":"Boolean","Description":"When turned on, admins with the correct permissions will be able to review user risk details from Insider Risk Management within other solutions such as Data Loss Prevention (DLP), Communication Compliance, and user entity pages in Microsoft Defender.","Name":"DLPUserRiskSync","Option":"Write"},{"CIMType":"Boolean","Description":"When turned on, admins with the correct permissions will be able to review user risk details from Insider Risk Management within other solutions such as Data Loss Prevention (DLP), Communication Compliance, and user entity pages in Microsoft Defender.","Name":"OptInIRMDataExport","Option":"Write"},{"CIMType":"Boolean","Description":"Insider risk management alert information is exportable to security information and event management (SIEM) services by using Office 365 Management Activity APIs. Turn this on to use these APIs to export insider risk alert details to other applications your organization might use to manage or aggregate insider risk data.","Name":"RaiseAuditAlert","Option":"Write"},{"CIMType":"Boolean","Description":"Enable inline alert customization for all alert reviewers.","Name":"InlineAlertPolicyCustomization","Option":"Write"},{"CIMType":"String","Description":"Minimum number of daily events to boost score for unusual activity.","Name":"FileVolCutoffLimits","Option":"Write"},{"CIMType":"String","Description":"Alert volume.","Name":"AlertVolume","Option":"Write"},{"CIMType":"Boolean","Description":"Risk score boosters indicator.","Name":"AnomalyDetections","Option":"Write"},{"CIMType":"Boolean","Description":"Official documentation to come.","Name":"CopyToPersonalCloud","Option":"Write"},{"CIMType":"Boolean","Description":"Device indicator.","Name":"CopyToUSB","Option":"Write"},{"CIMType":"Boolean","Description":"Cumulative exfiltration detection indicator.","Name":"CumulativeExfiltrationDetector","Option":"Write"},{"CIMType":"Boolean","Description":"Official documentation to come.","Name":"EmailExternal","Option":"Write"},{"CIMType":"Boolean","Description":"Health record access indicator.","Name":"EmployeeAccessedEmployeePatientData","Option":"Write"},{"CIMType":"Boolean","Description":"Health record access indicator.","Name":"EmployeeAccessedFamilyData","Option":"Write"},{"CIMType":"Boolean","Description":"Health record access indicator.","Name":"EmployeeAccessedHighVolumePatientData","Option":"Write"},{"CIMType":"Boolean","Description":"Health record access indicator.","Name":"EmployeeAccessedNeighbourData","Option":"Write"},{"CIMType":"Boolean","Description":"Health record access indicator.","Name":"EmployeeAccessedRestrictedData","Option":"Write"},{"CIMType":"Boolean","Description":"Risky browsing indicator.","Name":"EpoBrowseToChildAbuseSites","Option":"Write"},{"CIMType":"Boolean","Description":"Risky browsing indicator.","Name":"EpoBrowseToCriminalActivitySites","Option":"Write"},{"CIMType":"Boolean","Description":"Risky browsing indicator.","Name":"EpoBrowseToCultSites","Option":"Write"},{"CIMType":"Boolean","Description":"Risky browsing indicator.","Name":"EpoBrowseToGamblingSites","Option":"Write"},{"CIMType":"Boolean","Description":"Risky browsing indicator.","Name":"EpoBrowseToHackingSites","Option":"Write"},{"CIMType":"Boolean","Description":"Risky browsing indicator.","Name":"EpoBrowseToHateIntoleranceSites","Option":"Write"},{"CIMType":"Boolean","Description":"Risky browsing indicator.","Name":"EpoBrowseToIllegalSoftwareSites","Option":"Write"},{"CIMType":"Boolean","Description":"Risky browsing indicator.","Name":"EpoBrowseToKeyloggerSites","Option":"Write"},{"CIMType":"Boolean","Description":"Risky browsing indicator.","Name":"EpoBrowseToLlmSites","Option":"Write"},{"CIMType":"Boolean","Description":"Risky browsing indicator.","Name":"EpoBrowseToMalwareSites","Option":"Write"},{"CIMType":"Boolean","Description":"Risky browsing indicator.","Name":"EpoBrowseToPhishingSites","Option":"Write"},{"CIMType":"Boolean","Description":"Risky browsing indicator.","Name":"EpoBrowseToPornographySites","Option":"Write"},{"CIMType":"Boolean","Description":"Risky browsing indicator.","Name":"EpoBrowseToUnallowedDomain","Option":"Write"},{"CIMType":"Boolean","Description":"Risky browsing indicator.","Name":"EpoBrowseToViolenceSites","Option":"Write"},{"CIMType":"Boolean","Description":"Device indicator.","Name":"EpoCopyToClipboardFromSensitiveFile","Option":"Write"},{"CIMType":"Boolean","Description":"Device indicator.","Name":"EpoCopyToNetworkShare","Option":"Write"},{"CIMType":"Boolean","Description":"Device indicator.","Name":"EpoFileArchived","Option":"Write"},{"CIMType":"Boolean","Description":"Device indicator.","Name":"EpoFileCopiedToRemoteDesktopSession","Option":"Write"},{"CIMType":"Boolean","Description":"Device indicator.","Name":"EpoFileDeleted","Option":"Write"},{"CIMType":"Boolean","Description":"Device indicator.","Name":"EpoFileDownloadedFromBlacklistedDomain","Option":"Write"},{"CIMType":"Boolean","Description":"Device indicator.","Name":"EpoFileDownloadedFromEnterpriseDomain","Option":"Write"},{"CIMType":"Boolean","Description":"Device indicator.","Name":"EpoFileRenamed","Option":"Write"},{"CIMType":"Boolean","Description":"Device indicator.","Name":"EpoFileStagedToCentralLocation","Option":"Write"},{"CIMType":"Boolean","Description":"Device indicator.","Name":"EpoHiddenFileCreated","Option":"Write"},{"CIMType":"Boolean","Description":"Device indicator.","Name":"EpoRemovableMediaMount","Option":"Write"},{"CIMType":"Boolean","Description":"Device indicator.","Name":"EpoSensitiveFileRead","Option":"Write"},{"CIMType":"Boolean","Description":"Microsoft Defender for Cloud Apps indicator.","Name":"Mcas3rdPartyAppDownload","Option":"Write"},{"CIMType":"Boolean","Description":"Microsoft Defender for Cloud Apps indicator.","Name":"Mcas3rdPartyAppFileDelete","Option":"Write"},{"CIMType":"Boolean","Description":"Microsoft Defender for Cloud Apps indicator.","Name":"Mcas3rdPartyAppFileSharing","Option":"Write"},{"CIMType":"Boolean","Description":"Microsoft Defender for Cloud Apps indicator.","Name":"McasActivityFromInfrequentCountry","Option":"Write"},{"CIMType":"Boolean","Description":"Microsoft Defender for Cloud Apps indicator.","Name":"McasImpossibleTravel","Option":"Write"},{"CIMType":"Boolean","Description":"Microsoft Defender for Cloud Apps indicator.","Name":"McasMultipleFailedLogins","Option":"Write"},{"CIMType":"Boolean","Description":"Microsoft Defender for Cloud Apps indicator.","Name":"McasMultipleStorageDeletion","Option":"Write"},{"CIMType":"Boolean","Description":"Microsoft Defender for Cloud Apps indicator.","Name":"McasMultipleVMCreation","Option":"Write"},{"CIMType":"Boolean","Description":"Microsoft Defender for Cloud Apps indicator.","Name":"McasMultipleVMDeletion","Option":"Write"},{"CIMType":"Boolean","Description":"Microsoft Defender for Cloud Apps indicator.","Name":"McasSuspiciousAdminActivities","Option":"Write"},{"CIMType":"Boolean","Description":"Microsoft Defender for Cloud Apps indicator.","Name":"McasSuspiciousCloudCreation","Option":"Write"},{"CIMType":"Boolean","Description":"Microsoft Defender for Cloud Apps indicator.","Name":"McasSuspiciousCloudTrailLoggingChange","Option":"Write"},{"CIMType":"Boolean","Description":"Microsoft Defender for Cloud Apps indicator.","Name":"McasTerminatedEmployeeActivity","Option":"Write"},{"CIMType":"Boolean","Description":"Office Indicator.","Name":"OdbDownload","Option":"Write"},{"CIMType":"Boolean","Description":"Office Indicator.","Name":"OdbSyncDownload","Option":"Write"},{"CIMType":"Boolean","Description":"Cumulative exfiltration detection indicator.","Name":"PeerCumulativeExfiltrationDetector","Option":"Write"},{"CIMType":"Boolean","Description":"Physical access indicator.","Name":"PhysicalAccess","Option":"Write"},{"CIMType":"Boolean","Description":"Risk score boosters indicator.","Name":"PotentialHighImpactUser","Option":"Write"},{"CIMType":"Boolean","Description":"Official documentation to come.","Name":"Print","Option":"Write"},{"CIMType":"Boolean","Description":"Risk score boosters indicator.","Name":"PriorityUserGroupMember","Option":"Write"},{"CIMType":"Boolean","Description":"Microsoft Defender for Endpoint indicator.","Name":"SecurityAlertDefenseEvasion","Option":"Write"},{"CIMType":"Boolean","Description":"Microsoft Defender for Endpoint indicator.","Name":"SecurityAlertUnwantedSoftware","Option":"Write"},{"CIMType":"Boolean","Description":"Office Indicator.","Name":"SpoAccessRequest","Option":"Write"},{"CIMType":"Boolean","Description":"Office Indicator.","Name":"SpoApprovedAccess","Option":"Write"},{"CIMType":"Boolean","Description":"Office Indicator.","Name":"SpoDownload","Option":"Write"},{"CIMType":"Boolean","Description":"Office Indicator.","Name":"SpoDownloadV2","Option":"Write"},{"CIMType":"Boolean","Description":"Office Indicator.","Name":"SpoFileAccessed","Option":"Write"},{"CIMType":"Boolean","Description":"Office Indicator.","Name":"SpoFileDeleted","Option":"Write"},{"CIMType":"Boolean","Description":"Office Indicator.","Name":"SpoFileDeletedFromFirstStageRecycleBin","Option":"Write"},{"CIMType":"Boolean","Description":"Office Indicator.","Name":"SpoFileDeletedFromSecondStageRecycleBin","Option":"Write"},{"CIMType":"Boolean","Description":"Office Indicator.","Name":"SpoFileLabelDowngraded","Option":"Write"},{"CIMType":"Boolean","Description":"Office Indicator.","Name":"SpoFileLabelRemoved","Option":"Write"},{"CIMType":"Boolean","Description":"Office Indicator.","Name":"SpoFileSharing","Option":"Write"},{"CIMType":"Boolean","Description":"Office Indicator.","Name":"SpoFolderDeleted","Option":"Write"},{"CIMType":"Boolean","Description":"Office Indicator.","Name":"SpoFolderDeletedFromFirstStageRecycleBin","Option":"Write"},{"CIMType":"Boolean","Description":"Office Indicator.","Name":"SpoFolderDeletedFromSecondStageRecycleBin","Option":"Write"},{"CIMType":"Boolean","Description":"Office Indicator.","Name":"SpoFolderSharing","Option":"Write"},{"CIMType":"Boolean","Description":"Office Indicator.","Name":"SpoSiteExternalUserAdded","Option":"Write"},{"CIMType":"Boolean","Description":"Office Indicator.","Name":"SpoSiteInternalUserAdded","Option":"Write"},{"CIMType":"Boolean","Description":"Office Indicator.","Name":"SpoSiteLabelRemoved","Option":"Write"},{"CIMType":"Boolean","Description":"Office Indicator.","Name":"SpoSiteSharing","Option":"Write"},{"CIMType":"Boolean","Description":"Office Indicator.","Name":"SpoSyncDownload","Option":"Write"},{"CIMType":"Boolean","Description":"Office Indicator.","Name":"TeamsChannelFileSharedExternal","Option":"Write"},{"CIMType":"Boolean","Description":"Office Indicator.","Name":"TeamsChannelMemberAddedExternal","Option":"Write"},{"CIMType":"Boolean","Description":"Office Indicator.","Name":"TeamsChatFileSharedExternal","Option":"Write"},{"CIMType":"Boolean","Description":"Office Indicator.","Name":"TeamsFileDownload","Option":"Write"},{"CIMType":"Boolean","Description":"Office Indicator.","Name":"TeamsFolderSharedExternal","Option":"Write"},{"CIMType":"Boolean","Description":"Office Indicator.","Name":"TeamsMemberAddedExternal","Option":"Write"},{"CIMType":"Boolean","Description":"Office Indicator.","Name":"TeamsSensitiveMessage","Option":"Write"},{"CIMType":"Boolean","Description":"Risk score boosters indicator.","Name":"UserHistory","Option":"Write"},{"CIMType":"Boolean","Description":"AWS indicator.","Name":"AWSS3BlockPublicAccessDisabled","Option":"Write"},{"CIMType":"Boolean","Description":"AWS indicator.","Name":"AWSS3BucketDeleted","Option":"Write"},{"CIMType":"Boolean","Description":"AWS indicator.","Name":"AWSS3PublicAccessEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"AWS indicator.","Name":"AWSS3ServerLoggingDisabled","Option":"Write"},{"CIMType":"Boolean","Description":"Azure indicator.","Name":"AzureElevateAccessToAllSubscriptions","Option":"Write"},{"CIMType":"Boolean","Description":"Azure indicator.","Name":"AzureResourceThreatProtectionSettingsUpdated","Option":"Write"},{"CIMType":"Boolean","Description":"Azure indicator.","Name":"AzureSQLServerAuditingSettingsUpdated","Option":"Write"},{"CIMType":"Boolean","Description":"Azure indicator.","Name":"AzureSQLServerFirewallRuleDeleted","Option":"Write"},{"CIMType":"Boolean","Description":"Azure indicator.","Name":"AzureSQLServerFirewallRuleUpdated","Option":"Write"},{"CIMType":"Boolean","Description":"Azure indicator.","Name":"AzureStorageAccountOrContainerDeleted","Option":"Write"},{"CIMType":"Boolean","Description":"Box indicator.","Name":"BoxContentAccess","Option":"Write"},{"CIMType":"Boolean","Description":"Box indicator.","Name":"BoxContentDelete","Option":"Write"},{"CIMType":"Boolean","Description":"Box indicator.","Name":"BoxContentDownload","Option":"Write"},{"CIMType":"Boolean","Description":"Box indicator.","Name":"BoxContentExternallyShared","Option":"Write"},{"CIMType":"Boolean","Description":"Detect messages matching specific trainable classifiers.","Name":"CCFinancialRegulatoryRiskyTextSent","Option":"Write"},{"CIMType":"Boolean","Description":"Detect messages matching specific trainable classifiers.","Name":"CCInappropriateContentSent","Option":"Write"},{"CIMType":"Boolean","Description":"Detect messages matching specific trainable classifiers.","Name":"CCInappropriateImagesSent","Option":"Write"},{"CIMType":"Boolean","Description":"Dropbox indicator.","Name":"DropboxContentAccess","Option":"Write"},{"CIMType":"Boolean","Description":"Dropbox indicator.","Name":"DropboxContentDelete","Option":"Write"},{"CIMType":"Boolean","Description":"Dropbox indicator.","Name":"DropboxContentDownload","Option":"Write"},{"CIMType":"Boolean","Description":"Dropbox indicator.","Name":"DropboxContentExternallyShared","Option":"Write"},{"CIMType":"Boolean","Description":"Google Drive indicator.","Name":"GoogleDriveContentAccess","Option":"Write"},{"CIMType":"Boolean","Description":"Google Drive indicator.","Name":"GoogleDriveContentDelete","Option":"Write"},{"CIMType":"Boolean","Description":"Google Drive indicator.","Name":"GoogleDriveContentExternallyShared","Option":"Write"},{"CIMType":"Boolean","Description":"Power BI indicator.","Name":"PowerBIDashboardsDeleted","Option":"Write"},{"CIMType":"Boolean","Description":"Power BI indicator.","Name":"PowerBIReportsDeleted","Option":"Write"},{"CIMType":"Boolean","Description":"Power BI indicator.","Name":"PowerBIReportsDownloaded","Option":"Write"},{"CIMType":"Boolean","Description":"Power BI indicator.","Name":"PowerBIReportsExported","Option":"Write"},{"CIMType":"Boolean","Description":"Power BI indicator.","Name":"PowerBIReportsViewed","Option":"Write"},{"CIMType":"Boolean","Description":"Power BI indicator.","Name":"PowerBISemanticModelsDeleted","Option":"Write"},{"CIMType":"Boolean","Description":"Power BI indicator.","Name":"PowerBISensitivityLabelDowngradedForArtifacts","Option":"Write"},{"CIMType":"Boolean","Description":"Power BI indicator.","Name":"PowerBISensitivityLabelRemovedFromArtifacts","Option":"Write"},{"CIMType":"String","Description":"Determines how far back a policy should go to detect user activity and is triggered when a user performs the first activity matching a policy.","Name":"HistoricTimeSpan","Option":"Write"},{"CIMType":"String","Description":"Determines how long policies will actively detect activity for users and is triggered when a user performs the first activity matching a policy.","Name":"InScopeTimeSpan","Option":"Write"},{"CIMType":"Boolean","Description":"Integrate Microsoft Teams capabilities with insider risk case management to enhance collaboration with stakeholders. ","Name":"EnableTeam","Option":"Write"},{"CIMType":"Boolean","Description":"Send a monthly email summarizing new analytics scan insights.","Name":"AnalyticsNewInsightEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"Send an email when analytics is turned off for your organization.","Name":"AnalyticsTurnedOffEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"Send a daily email when new high severity alerts are generated.","Name":"HighSeverityAlertsEnabled","Option":"Write"},{"CIMType":"String[]","Description":"Specifies the groups of high severity alerts to include. Possible values are: InsiderRiskManagement, InsiderRiskManagementAnalysts, and InsiderRiskManagementInvestigators.","Name":"HighSeverityAlertsRoleGroups","Option":"Write"},{"CIMType":"Boolean","Description":"Send a weekly email summarizing policies that have unresolved warnings.","Name":"PoliciesHealthEnabled","Option":"Write"},{"CIMType":"String[]","Description":"Specifies the groups to notify with weekly email. Possible values are: InsiderRiskManagement and InsiderRiskManagementAdmins.","Name":"PoliciesHealthRoleGroups","Option":"Write"},{"CIMType":"Boolean","Description":"Send a notification email when the first alert is generated for a new policy.","Name":"NotificationDetailsEnabled","Option":"Write"},{"CIMType":"String[]","Description":"Specifies the groups to notify when the first alert is generated. Possible values are: InsiderRiskManagement, InsiderRiskManagementAnalysts, and InsiderRiskManagementInvestigators.","Name":"NotificationDetailsRoleGroups","Option":"Write"},{"CIMType":"Boolean","Description":"Official documentation to come.","Name":"ClipDeletionEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"Official documentation to come.","Name":"SessionRecordingEnabled","Option":"Write"},{"CIMType":"String","Description":"Official documentation to come.","Name":"RecordingTimeframePreEventInSec","Option":"Write"},{"CIMType":"String","Description":"Official documentation to come.","Name":"RecordingTimeframePostEventInSec","Option":"Write"},{"CIMType":"String","Description":"Official documentation to come.","Name":"BandwidthCapInMb","Option":"Write"},{"CIMType":"String","Description":"Official documentation to come.","Name":"OfflineRecordingStorageLimitInMb","Option":"Write"},{"CIMType":"Boolean","Description":"Determines if Adaptive Protection is enabled for Purview.","Name":"AdaptiveProtectionEnabled","Option":"Write"},{"CIMType":"UInt32","Description":"Official documentation to come.","Name":"AdaptiveProtectionHighProfileSourceType","Option":"Write"},{"CIMType":"UInt32","Description":"Official documentation to come.","Name":"AdaptiveProtectionHighProfileConfirmedIssueSeverity","Option":"Write"},{"CIMType":"UInt32","Description":"Official documentation to come.","Name":"AdaptiveProtectionHighProfileGeneratedIssueSeverity","Option":"Write"},{"CIMType":"UInt32","Description":"Official documentation to come.","Name":"AdaptiveProtectionHighProfileInsightSeverity","Option":"Write"},{"CIMType":"UInt32","Description":"Official documentation to come.","Name":"AdaptiveProtectionHighProfileInsightCount","Option":"Write"},{"CIMType":"String[]","Description":"Official documentation to come.","Name":"AdaptiveProtectionHighProfileInsightTypes","Option":"Write"},{"CIMType":"Boolean","Description":"Official documentation to come.","Name":"AdaptiveProtectionHighProfileConfirmedIssue","Option":"Write"},{"CIMType":"UInt32","Description":"Official documentation to come.","Name":"AdaptiveProtectionMediumProfileSourceType","Option":"Write"},{"CIMType":"UInt32","Description":"Official documentation to come.","Name":"AdaptiveProtectionMediumProfileConfirmedIssueSeverity","Option":"Write"},{"CIMType":"UInt32","Description":"Official documentation to come.","Name":"AdaptiveProtectionMediumProfileGeneratedIssueSeverity","Option":"Write"},{"CIMType":"UInt32","Description":"Official documentation to come.","Name":"AdaptiveProtectionMediumProfileInsightSeverity","Option":"Write"},{"CIMType":"UInt32","Description":"Official documentation to come.","Name":"AdaptiveProtectionMediumProfileInsightCount","Option":"Write"},{"CIMType":"String[]","Description":"Official documentation to come.","Name":"AdaptiveProtectionMediumProfileInsightTypes","Option":"Write"},{"CIMType":"Boolean","Description":"Official documentation to come.","Name":"AdaptiveProtectionMediumProfileConfirmedIssue","Option":"Write"},{"CIMType":"UInt32","Description":"Official documentation to come.","Name":"AdaptiveProtectionLowProfileSourceType","Option":"Write"},{"CIMType":"UInt32","Description":"Official documentation to come.","Name":"AdaptiveProtectionLowProfileConfirmedIssueSeverity","Option":"Write"},{"CIMType":"UInt32","Description":"Official documentation to come.","Name":"AdaptiveProtectionLowProfileGeneratedIssueSeverity","Option":"Write"},{"CIMType":"UInt32","Description":"Official documentation to come.","Name":"AdaptiveProtectionLowProfileInsightSeverity","Option":"Write"},{"CIMType":"UInt32","Description":"Official documentation to come.","Name":"AdaptiveProtectionLowProfileInsightCount","Option":"Write"},{"CIMType":"String[]","Description":"Official documentation to come.","Name":"AdaptiveProtectionLowProfileInsightTypes","Option":"Write"},{"CIMType":"Boolean","Description":"Official documentation to come.","Name":"AdaptiveProtectionLowProfileConfirmedIssue","Option":"Write"},{"CIMType":"Boolean","Description":"Official documentation to come.","Name":"RetainSeverityAfterTriage","Option":"Write"},{"CIMType":"UInt32","Description":"Official documentation to come.","Name":"LookbackTimeSpan","Option":"Write"},{"CIMType":"UInt32","Description":"Official documentation to come.","Name":"ProfileInScopeTimeSpan","Option":"Write"},{"CIMType":"UInt32","Description":"Official documentation to come.","Name":"GPUUtilizationLimit","Option":"Write"},{"CIMType":"UInt32","Description":"Official documentation to come.","Name":"CPUUtilizationLimit","Option":"Write"},{"CIMType":"String[]","Description":"Microsoft Defender for Endpoint alert statuses.","Name":"MDATPTriageStatus","Option":"Write"},{"CIMType":"string","Description":"Present ensures the instance exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Absent","Present"],"Values":["Absent","Present"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Configures Insider Risk Policies in Purview."},{"ClassName":"MSFT_SCLabelSetting","Parameters":[{"CIMType":"String","Description":"Advanced settings key.","Name":"Key","Option":"Key"},{"CIMType":"String[]","Description":"Advanced settings value.","Name":"Value","Option":"Write"}],"Description":"This resource configures a Sensitivity label policy in Purview."},{"ClassName":"MSFT_SCLabelPolicy","Parameters":[{"CIMType":"String","Description":"The Name parameter specifies the unique name for the sensitivity label. The maximum length is 64 characters. If the value contains spaces, enclose the value in quotation marks.","Name":"Name","Option":"Key"},{"CIMType":"String","Description":"Specify if this label policy should exist or not.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"String","Description":"The Comment parameter specifies an optional comment.","Name":"Comment","Option":"Write"},{"CIMType":"MSFT_SCLabelSetting[]","Description":"The AdvancedSettings parameter enables client-specific features and capabilities on the sensitivity label. The settings that you configure with this parameter only affect apps that are designed for the setting.","Name":"AdvancedSettings","Option":"Write"},{"CIMType":"String[]","Description":"The ExchangeLocation parameter specifies the mailboxes to include in the policy.","Name":"ExchangeLocation","Option":"Write"},{"CIMType":"String[]","Description":"The ExchangeLocationException parameter specifies the mailboxes to exclude when you use the value All for the ExchangeLocation parameter.","Name":"ExchangeLocationException","Option":"Write"},{"CIMType":"String[]","Description":"The ModernGroupLocation parameter specifies the Microsoft 365 Groups to include in the policy.","Name":"ModernGroupLocation","Option":"Write"},{"CIMType":"String[]","Description":"The ModernGroupLocationException parameter specifies the Microsoft 365 Groups to exclude when you're using the value All for the ModernGroupLocation parameter.","Name":"ModernGroupLocationException","Option":"Write"},{"CIMType":"String[]","Description":"The Labels parameter specifies the sensitivity labels that are associated with the policy. You can use any value that uniquely identifies the label.","Name":"Labels","Option":"Write"},{"CIMType":"String[]","Description":"The AddExchangeLocation parameter specifies the mailboxes to add in the existing policy.","Name":"AddExchangeLocation","Option":"Write"},{"CIMType":"String[]","Description":"The AddExchangeLocationException parameter specifies the mailboxes to add to exclusions when you use the value All for the ExchangeLocation parameter.","Name":"AddExchangeLocationException","Option":"Write"},{"CIMType":"String[]","Description":"The AddModernGroupLocation parameter specifies the Microsoft 365 Groups to add to include the policy.","Name":"AddModernGroupLocation","Option":"Write"},{"CIMType":"String[]","Description":"The AddModernGroupLocationException parameter specifies the Microsoft 365 Groups to add to exclusions when you're using the value All for the ModernGroupLocation parameter.","Name":"AddModernGroupLocationException","Option":"Write"},{"CIMType":"String[]","Description":"The AddLabels parameter specifies the sensitivity labels to add to the policy. You can use any value that uniquely identifies the label.","Name":"AddLabels","Option":"Write"},{"CIMType":"String[]","Description":"The RemoveExchangeLocation parameter specifies the mailboxes to remove from the policy.","Name":"RemoveExchangeLocation","Option":"Write"},{"CIMType":"String[]","Description":"The RemoveExchangeLocationException parameter specifies the mailboxes to remove when you use the value All for the ExchangeLocation parameter.","Name":"RemoveExchangeLocationException","Option":"Write"},{"CIMType":"String[]","Description":"The RemoveModernGroupLocation parameter specifies the Microsoft 365 Groups to remove from the policy.","Name":"RemoveModernGroupLocation","Option":"Write"},{"CIMType":"String[]","Description":"The RemoveModernGroupLocationException parameter specifies the Microsoft 365 Groups to remove from excluded values when you're using the value All for the ModernGroupLocation parameter.","Name":"RemoveModernGroupLocationException","Option":"Write"},{"CIMType":"String[]","Description":"The RemoveLabels parameter specifies the sensitivity labels that are removed from the policy. You can use any value that uniquely identifies the label.","Name":"RemoveLabels","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures a Sensitivity label policy in Purview."},{"ClassName":"MSFT_PolicyConfigApp","Parameters":[{"CIMType":"String","Description":"Name of the application.","Name":"Value","Option":"Key"},{"CIMType":"String","Description":"Name of the executable file.","Name":"Executable","Option":"Write"}],"Description":"Configures the Data Loss Prevention settings in Purview."},{"ClassName":"MSFT_PolicyConfigStorageAccount","Parameters":[{"CIMType":"String","Description":"TBD","Name":"Name","Option":"Key"},{"CIMType":"String","Description":"TBD","Name":"BlobUri","Option":"Write"}],"Description":"Configures the Data Loss Prevention settings in Purview."},{"ClassName":"MSFT_PolicyConfigSiteGroupAddress","Parameters":[{"CIMType":"String","Description":"The match type to perform. If UrlMatch is selected, then the Url property must be configured. If IPv4 or IPv6RangeMatch are selected, then AddressLower and AddressUpper must be configured.","Name":"MatchType","Option":"Required","ValueMap":["UrlMatch","IPv4RangeMatch","IPv6RangeMatch"],"Values":["UrlMatch","IPv4RangeMatch","IPv6RangeMatch"]},{"CIMType":"String","Description":"TBD","Name":"Url","Option":"Write"},{"CIMType":"String","Description":"TBD","Name":"AddressLower","Option":"Write"},{"CIMType":"String","Description":"TBD","Name":"AddressUpper","Option":"Write"}],"Description":"Configures the Data Loss Prevention settings in Purview."},{"ClassName":"MSFT_PolicyConfigDLPSiteGroups","Parameters":[{"CIMType":"String","Description":"TBD","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"TBD","Name":"Name","Option":"Key"},{"CIMType":"MSFT_PolicyConfigSiteGroupAddress[]","Description":"TBD","Name":"addresses","Option":"Write"}],"Description":"Configures the Data Loss Prevention settings in Purview."},{"ClassName":"MSFT_PolicyConfigRemovableMedia","Parameters":[{"CIMType":"String","Description":"TBD","Name":"deviceId","Option":"Write"},{"CIMType":"String","Description":"TBD","Name":"removableMediaVID","Option":"Write"},{"CIMType":"String","Description":"TBD","Name":"name","Option":"Write"},{"CIMType":"String","Description":"TBD","Name":"alias","Option":"Key"},{"CIMType":"String","Description":"TBD","Name":"removableMediaPID","Option":"Write"},{"CIMType":"String","Description":"TBD","Name":"instancePathId","Option":"Write"},{"CIMType":"String","Description":"TBD","Name":"serialNumberId","Option":"Write"},{"CIMType":"String","Description":"TBD","Name":"hardwareId","Option":"Write"}],"Description":"Configures the Data Loss Prevention settings in Purview."},{"ClassName":"MSFT_PolicyConfigDLPRemovableMediaGroups","Parameters":[{"CIMType":"String","Description":"TBD","Name":"groupName","Option":"Key"},{"CIMType":"MSFT_PolicyConfigRemovableMedia[]","Description":"TBD","Name":"removableMedia","Option":"Write"}],"Description":"Configures the Data Loss Prevention settings in Purview."},{"ClassName":"MSFT_PolicyConfigIPRange","Parameters":[{"CIMType":"String","Description":"TBD","Name":"fromAddress","Option":"Required"},{"CIMType":"String","Description":"TBD","Name":"toAddress","Option":"Required"}],"Description":"Configures the Data Loss Prevention settings in Purview."},{"ClassName":"MSFT_PolicyConfigPrinter","Parameters":[{"CIMType":"Boolean","Description":"TBD","Name":"universalPrinter","Option":"Write"},{"CIMType":"Boolean","Description":"TBD","Name":"usbPrinter","Option":"Write"},{"CIMType":"String","Description":"TBD","Name":"usbPrinterId","Option":"Write"},{"CIMType":"String","Description":"TBD","Name":"name","Option":"Write"},{"CIMType":"String","Description":"TBD","Name":"alias","Option":"Key"},{"CIMType":"String","Description":"TBD","Name":"usbPrinterVID","Option":"Write"},{"CIMType":"MSFT_PolicyConfigIPRange","Description":"TBD","Name":"ipRange","Option":"Write"},{"CIMType":"Boolean","Description":"TBD","Name":"corporatePrinter","Option":"Write"},{"CIMType":"Boolean","Description":"TBD","Name":"printToLocal","Option":"Write"},{"CIMType":"Boolean","Description":"TBD","Name":"printToFile","Option":"Write"}],"Description":"Configures the Data Loss Prevention settings in Purview."},{"ClassName":"MSFT_PolicyConfigDLPNetworkShareGroups","Parameters":[{"CIMType":"String","Description":"TBD","Name":"groupName","Option":"Key"},{"CIMType":"String","Description":"TBD","Name":"groupId","Option":"Write"},{"CIMType":"String[]","Description":"TBD","Name":"networkPaths","Option":"Write"}],"Description":"Configures the Data Loss Prevention settings in Purview."},{"ClassName":"MSFT_PolicyConfigDLPApp","Parameters":[{"CIMType":"String","Description":"TBD","Name":"ExecutableName","Option":"Write"},{"CIMType":"String","Description":"TBD","Name":"Name","Option":"Key"},{"CIMType":"Boolean","Description":"TBD","Name":"Quarantine","Option":"Write"}],"Description":"Configures the Data Loss Prevention settings in Purview."},{"ClassName":"MSFT_PolicyConfigDLPAppGroups","Parameters":[{"CIMType":"String","Description":"TBD","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"TBD","Name":"Name","Option":"Key"},{"CIMType":"String","Description":"TBD","Name":"Description","Option":"Write"},{"CIMType":"MSFT_PolicyConfigDLPApp[]","Description":"TBD","Name":"Apps","Option":"Write"}],"Description":"Configures the Data Loss Prevention settings in Purview."},{"ClassName":"MSFT_PolicyConfigEvidenceStoreSettings","Parameters":[{"CIMType":"Boolean","Description":"TBD","Name":"FileEvidenceIsEnabled","Option":"Write"},{"CIMType":"UInt32","Description":"TBD","Name":"NumberOfDaysToRetain","Option":"Write"},{"CIMType":"MSFT_PolicyConfigStorageAccount[]","Description":"TBD","Name":"StorageAccounts","Option":"Write"},{"CIMType":"String","Description":"TBD","Name":"Store","Option":"Write"}],"Description":"Configures the Data Loss Prevention settings in Purview."},{"ClassName":"MSFT_PolicyConfigBusinessJustificationList","Parameters":[{"CIMType":"String","Description":"TBD","Name":"Id","Option":"Key"},{"CIMType":"String","Description":"TBD","Name":"justificationText","Option":"Write"},{"CIMType":"Boolean","Description":"TBD","Name":"Enable","Option":"Write"}],"Description":"Configures the Data Loss Prevention settings in Purview."},{"ClassName":"MSFT_PolicyConfigDLPPrinterGroups","Parameters":[{"CIMType":"String","Description":"TBD","Name":"groupName","Option":"Key"},{"CIMType":"String","Description":"TBD","Name":"groupId","Option":"Write"},{"CIMType":"MSFT_PolicyConfigPrinter[]","Description":"TBD","Name":"printers","Option":"Write"}],"Description":"Configures the Data Loss Prevention settings in Purview."},{"ClassName":"MSFT_PolicyConfigQuarantineParameters","Parameters":[{"CIMType":"Boolean","Description":"TBD","Name":"EnableQuarantineForCloudSyncApps","Option":"Write"},{"CIMType":"String","Description":"TBD","Name":"QuarantinePath","Option":"Write"},{"CIMType":"String","Description":"TBD","Name":"MacQuarantinePath","Option":"Write"},{"CIMType":"Boolean","Description":"TBD","Name":"ShouldReplaceFile","Option":"Write"},{"CIMType":"String","Description":"TBD","Name":"FileReplacementText","Option":"Write"}],"Description":"Configures the Data Loss Prevention settings in Purview."},{"ClassName":"MSFT_SCPolicyConfig","Parameters":[{"CIMType":"String","Description":"Accepted value is 'Yes'.","Name":"IsSingleInstance","Option":"Key","ValueMap":["Yes"],"Values":["Yes"]},{"CIMType":"Boolean","Description":"Default value is false. If set to false, then you cannot specify BandwidthLimitEnabled nor DailyBandwidthLimitInMb","Name":"AdvancedClassificationEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"Default value is false.","Name":"AuditFileActivity","Option":"Write"},{"CIMType":"Boolean","Description":"Default value is true.","Name":"BandwidthLimitEnabled","Option":"Write"},{"CIMType":"MSFT_PolicyConfigBusinessJustificationList[]","Description":"TBD","Name":"BusinessJustificationList","Option":"Write"},{"CIMType":"String","Description":"Default value is Off.","Name":"CloudAppMode","Option":"Write"},{"CIMType":"String[]","Description":"TBD","Name":"CloudAppRestrictionList","Option":"Write"},{"CIMType":"UInt32","Description":"Default value is 0. If set to 0, you cannot specify the BusinessJustificationList parameter as part of your configuration.","Name":"CustomBusinessJustificationNotification","Option":"Write"},{"CIMType":"UInt32","Description":"Default value is 1000","Name":"DailyBandwidthLimitInMB","Option":"Write"},{"CIMType":"MSFT_PolicyConfigDLPAppGroups[]","Description":"TBD","Name":"DLPAppGroups","Option":"Write"},{"CIMType":"MSFT_PolicyConfigDLPNetworkShareGroups[]","Description":"TBD","Name":"DLPNetworkShareGroups","Option":"Write"},{"CIMType":"MSFT_PolicyConfigDLPPrinterGroups[]","Description":"TBD","Name":"DLPPrinterGroups","Option":"Write"},{"CIMType":"MSFT_PolicyConfigDLPRemovableMediaGroups[]","Description":"TBD","Name":"DLPRemovableMediaGroups","Option":"Write"},{"CIMType":"Boolean","Description":"Default value is true.","Name":"IncludePredefinedUnallowedBluetoothApps","Option":"Write"},{"CIMType":"Boolean","Description":"Default value is true.","Name":"MacDefaultPathExclusionsEnabled","Option":"Write"},{"CIMType":"String[]","Description":"TBD","Name":"MacPathExclusion","Option":"Write"},{"CIMType":"Boolean","Description":"Default value is false.","Name":"NetworkPathEnforcementEnabled","Option":"Write"},{"CIMType":"String","Description":"TBD","Name":"NetworkPathExclusion","Option":"Write"},{"CIMType":"String[]","Description":"TBD","Name":"PathExclusion","Option":"Write"},{"CIMType":"Boolean","Description":"Default value is false","Name":"serverDlpEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"Default value is false","Name":"FileCopiedToCloudFullUrlEnabled","Option":"Write"},{"CIMType":"MSFT_PolicyConfigEvidenceStoreSettings","Description":"TBD","Name":"EvidenceStoreSettings","Option":"Write"},{"CIMType":"MSFT_PolicyConfigDLPSiteGroups[]","Description":"TBD","Name":"SiteGroups","Option":"Write"},{"CIMType":"MSFT_PolicyConfigApp[]","Description":"TBD","Name":"UnallowedApp","Option":"Write"},{"CIMType":"MSFT_PolicyConfigApp[]","Description":"TBD","Name":"UnallowedCloudSyncApp","Option":"Write"},{"CIMType":"MSFT_PolicyConfigApp[]","Description":"TBD","Name":"UnallowedBluetoothApp","Option":"Write"},{"CIMType":"MSFT_PolicyConfigApp[]","Description":"TBD","Name":"UnallowedBrowser","Option":"Write"},{"CIMType":"MSFT_PolicyConfigQuarantineParameters","Description":"TBD","Name":"QuarantineParameters","Option":"Write"},{"CIMType":"String[]","Description":"TBD","Name":"VPNSettings","Option":"Write"},{"CIMType":"Boolean","Description":"The EnableLabelCoauth parameter enables or disables co-authoring support in Office desktop apps for the entire organization. Default value is false.","Name":"EnableLabelCoauth","Option":"Write"},{"CIMType":"Boolean","Description":"The EnableSpoAipMigration parameter enables or disables built-in labeling for supported Office files in SharePoint and OneDrive.","Name":"EnableSpoAipMigration","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Configures the Data Loss Prevention settings in Purview."},{"ClassName":"MSFT_SCProtectionAlert","Parameters":[{"CIMType":"String[]","Description":"Specifies the scope for aggregated alert policies","Name":"AlertBy","Option":"Write"},{"CIMType":"String[]","Description":"This parameter is reserved for internal Microsoft use","Name":"AlertFor","Option":"Write"},{"CIMType":"String","Description":"Specifies how the alert policy triggers alerts for multiple occurrences of monitored activity","Name":"AggregationType","Option":"Write","ValueMap":["None","SimpleAggregation","AnomalousAggregation","CustomAggregation"],"Values":["None","SimpleAggregation","AnomalousAggregation","CustomAggregation"]},{"CIMType":"String","Description":"Specifies a category for the alert policy","Name":"Category","Option":"Write"},{"CIMType":"String","Description":"Specifies an optional comment","Name":"Comment","Option":"Write"},{"CIMType":"Boolean","Description":"Enables or disables the alert policy","Name":"Disabled","Option":"Write"},{"CIMType":"String","Description":"Specify if this alert should exist or not.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"String","Description":"The Filter parameter uses OPATH syntax to filter the results by the specified properties and values","Name":"Filter","Option":"Write"},{"CIMType":"String","Description":"Specifies the unique name for the alert policy","Name":"Name","Option":"Key"},{"CIMType":"String","Description":"Specifies the language or locale that's used for notifications. For example, da-DK for Danish","Name":"NotificationCulture","Option":"Write"},{"CIMType":"Boolean","Description":"NotificationEnabled true or false","Name":"NotificationEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies whether to trigger an alert for a single event when the alert policy is configured for aggregated activity","Name":"NotifyUserOnFilterMatch","Option":"Write"},{"CIMType":"DateTime","Description":"Specifies whether to temporarily suspend notifications for the alert policy. Until the specified date-time, no notifications are sent for detected activities.","Name":"NotifyUserSuppressionExpiryDate","Option":"Write"},{"CIMType":"UInt32","Description":"Specifies the maximum number of notifications for the alert policy within the time period specified by the NotifyUserThrottleWindow parameter. Once the maximum number of notifications has been reached in the time period, no more notifications are sent for the alert.","Name":"NotifyUserThrottleThreshold","Option":"Write"},{"CIMType":"UInt32","Description":"Specifies the time interval in minutes that's used by the NotifyUserThrottleThreshold parameter","Name":"NotifyUserThrottleWindow","Option":"Write"},{"CIMType":"String[]","Description":"Specifies the SMTP address of the user who receives notification messages for the alert policy. You can specify multiple values separated by commas","Name":"NotifyUser","Option":"Write"},{"CIMType":"String[]","Description":"Specifies the activities that are monitored by the alert policy","Name":"Operation","Option":"Write"},{"CIMType":"String[]","Description":"PrivacyManagementScopedSensitiveInformationTypes","Name":"PrivacyManagementScopedSensitiveInformationTypes","Option":"Write"},{"CIMType":"String[]","Description":"PrivacyManagementScopedSensitiveInformationTypesForCounting","Name":"PrivacyManagementScopedSensitiveInformationTypesForCounting","Option":"Write"},{"CIMType":"UInt64","Description":"PrivacyManagementScopedSensitiveInformationTypesThreshold","Name":"PrivacyManagementScopedSensitiveInformationTypesThreshold","Option":"Write"},{"CIMType":"String","Description":"specifies the severity of the detection","Name":"Severity","Option":"Write","ValueMap":["Low","Medium","High","Informational"],"Values":["Low","Medium","High","Informational"]},{"CIMType":"String","Description":"Specifies the type of activities that are monitored by the alert policy","Name":"ThreatType","Option":"Write","ValueMap":["Activity","Malware","Phish","Malicious","MaliciousUrlClick","MailFlow"],"Values":["Activity","Malware","Phish","Malicious","MaliciousUrlClick","MailFlow"]},{"CIMType":"UInt32","Description":"Specifies the number of detections that trigger the alert policy within the time period specified by the TimeWindow parameter. A valid value is an integer that's greater than or equal to 3.","Name":"Threshold","Option":"Write"},{"CIMType":"UInt32","Description":"Specifies the time interval in minutes for number of detections specified by the Threshold parameter. A valid value is an integer that's greater than 60 (one hour).","Name":"TimeWindow","Option":"Write"},{"CIMType":"UInt32","Description":"Volume Threshold","Name":"VolumeThreshold","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Credentials of the Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures a Protection Alert in Purview."},{"ClassName":"MSFT_SCRecordReviewNotificationTemplateConfig","Parameters":[{"CIMType":"String","Description":"Specifies the resource is a single instance, the value must be 'Yes'","Name":"IsSingleInstance","Option":"Key","ValueMap":["Yes"],"Values":["Yes"]},{"CIMType":"String","Description":"The CustomizedNotificationDataString parameter specifies the customized review notification text to use. If the value contains spaces, enclose the value in quotation marks.","Name":"CustomizedNotificationDataString","Option":"Write"},{"CIMType":"String","Description":"The CustomizedReminderDataString parameter specifies the customized review reminder text to use. If the value contains spaces, enclose the value in quotation marks.","Name":"CustomizedReminderDataString","Option":"Write"},{"CIMType":"Boolean","Description":"The IsCustomizedNotificationTemplate switch specifies whether to use a customized review notification instead of the system default notification.","Name":"IsCustomizedNotificationTemplate","Option":"Write"},{"CIMType":"Boolean","Description":"The IsCustomizedReminderTemplate switch specifies whether to use a customized review reminder instead of the system default reminder.","Name":"IsCustomizedReminderTemplate","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Configures Purview Records Management disposition settings."},{"ClassName":"MSFT_SCRetentionCompliancePolicy","Parameters":[{"CIMType":"String","Description":"The Name parameter specifies the unique name of the retention policy.","Name":"Name","Option":"Key"},{"CIMType":"String","Description":"Specify if this policy should exist or not.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"String","Description":"The Comment parameter specifies an optional comment.","Name":"Comment","Option":"Write"},{"CIMType":"String[]","Description":"Location of the dynamic scope for this policy.","Name":"DynamicScopeLocation","Option":"Write"},{"CIMType":"Boolean","Description":"Determines if the policy is enabled or not.","Name":"Enabled","Option":"Write"},{"CIMType":"String[]","Description":"The ExchangeLocation parameter specifies the mailboxes to include.","Name":"ExchangeLocation","Option":"Write"},{"CIMType":"String[]","Description":"This parameter specifies the mailboxes to remove from the list of excluded mailboxes when you use the value All for the ExchangeLocation parameter","Name":"ExchangeLocationException","Option":"Write"},{"CIMType":"String[]","Description":"The ModernGroupLocation parameter specifies the Office 365 groups to include in the policy.","Name":"ModernGroupLocation","Option":"Write"},{"CIMType":"String[]","Description":"The ModernGroupLocationException parameter specifies the Office 365 groups to exclude when you're using the value All for the ModernGroupLocation parameter.","Name":"ModernGroupLocationException","Option":"Write"},{"CIMType":"String[]","Description":"The OneDriveLocation parameter specifies the OneDrive for Business sites to include. You identify the site by its URL value, or you can use the value All to include all sites.","Name":"OneDriveLocation","Option":"Write"},{"CIMType":"String[]","Description":"This parameter specifies the OneDrive for Business sites to exclude when you use the value All for the OneDriveLocation parameter. You identify the site by its URL value.","Name":"OneDriveLocationException","Option":"Write"},{"CIMType":"String[]","Description":"The PublicFolderLocation parameter specifies that you want to include all public folders in the retention policy. You use the value All for this parameter.","Name":"PublicFolderLocation","Option":"Write"},{"CIMType":"Boolean","Description":"The RestrictiveRetention parameter specifies whether Preservation Lock is enabled for the policy.","Name":"RestrictiveRetention","Option":"Write"},{"CIMType":"String[]","Description":"The SharePointLocation parameter specifies the SharePoint Online sites to include. You identify the site by its URL value, or you can use the value All to include all sites.","Name":"SharePointLocation","Option":"Write"},{"CIMType":"String[]","Description":"This parameter specifies the SharePoint Online sites to exclude when you use the value All for the SharePointLocation parameter. You identify the site by its URL value.","Name":"SharePointLocationException","Option":"Write"},{"CIMType":"String[]","Description":"The SkypeLocation parameter specifies the Skype for Business Online users to include in the policy.","Name":"SkypeLocation","Option":"Write"},{"CIMType":"String[]","Description":"This parameter is reserved for internal Microsoft use.","Name":"SkypeLocationException","Option":"Write"},{"CIMType":"String[]","Description":"The TeamsChannelLocation parameter specifies the Teams Channel to include in the policy.","Name":"TeamsChannelLocation","Option":"Write"},{"CIMType":"String[]","Description":"This parameter specifies the SharePoint Online sites to exclude when you use the value All for the TeamsChannelLocation parameter. You identify the site by its URL value.","Name":"TeamsChannelLocationException","Option":"Write"},{"CIMType":"String[]","Description":"The TeamsChatLocation parameter specifies the Teams Chat to include in the policy.","Name":"TeamsChatLocation","Option":"Write"},{"CIMType":"String[]","Description":"This parameter specifies the SharePoint Online sites to exclude when you use the value All for the TeamsChatLocation parameter. You identify the site by its URL value.","Name":"TeamsChatLocationException","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures a Retention Compliance Policy in Purview."},{"ClassName":"MSFT_SCRetentionComplianceRule","Parameters":[{"CIMType":"String","Description":"The Name parameter specifies the unique name of the retention rule.","Name":"Name","Option":"Key"},{"CIMType":"String","Description":"The Policy parameter specifies the policy to contain the rule.","Name":"Policy","Option":"Required"},{"CIMType":"String","Description":"Specify if this rule should exist or not.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"String","Description":"The Comment parameter specifies an optional comment.","Name":"Comment","Option":"Write"},{"CIMType":"String","Description":"The ExpirationDateOption parameter specifies whether the expiration date is calculated from the content creation date or last modification date. Valid values are: CreationAgeInDays and ModificationAgeInDays.","Name":"ExpirationDateOption","Option":"Write","ValueMap":["CreationAgeInDays","ModificationAgeInDays"],"Values":["CreationAgeInDays","ModificationAgeInDays"]},{"CIMType":"String[]","Description":"The ExcludedItemClasses parameter specifies the types of messages to exclude from the rule. You can use this parameter only to exclude items from a hold policy, which excludes the specified item class from being held. Using this parameter won't exclude items from deletion policies. Typically, you use this parameter to exclude voicemail messages, IM conversations, and other Skype for Business Online content from being held by a hold policy.","Name":"ExcludedItemClasses","Option":"Write"},{"CIMType":"String","Description":"The ContentMatchQuery parameter specifies a content search filter.","Name":"ContentMatchQuery","Option":"Write"},{"CIMType":"String","Description":"The RetentionComplianceAction parameter specifies the retention action for the rule. Valid values are: Delete, Keep and KeepAndDelete.","Name":"RetentionComplianceAction","Option":"Write","ValueMap":["Delete","Keep","KeepAndDelete"],"Values":["Delete","Keep","KeepAndDelete"]},{"CIMType":"String","Description":"The RetentionDuration parameter specifies the hold duration for the retention rule. Valid values are: An integer - The hold duration in days, Unlimited - The content is held indefinitely.","Name":"RetentionDuration","Option":"Write"},{"CIMType":"String","Description":"The RetentionDurationDisplayHint parameter specifies the units that are used to display the retention duration in the Security and Compliance Center. Valid values are: Days, Months or Years.","Name":"RetentionDurationDisplayHint","Option":"Write","ValueMap":["Days","Months","Years"],"Values":["Days","Months","Years"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures a Retention Compliance Rule in Purview."},{"ClassName":"MSFT_SCRetentionEventType","Parameters":[{"CIMType":"String","Description":"The Name parameter specifies the unique name of the retention event type.","Name":"Name","Option":"Key"},{"CIMType":"String","Description":"Specify if this rule should exist or not.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"String","Description":"The Comment parameter specifies an optional comment.","Name":"Comment","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures a Retention Event Type in Purview."},{"ClassName":"MSFT_SCRoleGroup","Parameters":[{"CIMType":"String","Description":"The Name parameter specifies the name of the role. The maximum length of the name is 64 characters.","Name":"Name","Option":"Key"},{"CIMType":"String","Description":"The DisplayName parameter specifies the friendly name of the role group. If the name contains spaces, enclose the name in quotation marks. This parameter has a maximum length of 256 characters.","Name":"DisplayName","Option":"Write"},{"CIMType":"String","Description":"The Description parameter specifies the description that's displayed when the role group is viewed using the Get-RoleGroup cmdlet. Enclose the description in quotation marks","Name":"Description","Option":"Write"},{"CIMType":"String[]","Description":"The Roles parameter specifies the management roles to assign to the role group when it's created. If a role name contains spaces, enclose the name in quotation marks. If you want to assign more that one role, separate the role names with commas.","Name":"Roles","Option":"Write"},{"CIMType":"String","Description":"Specify if the Role Group should exist or not.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures Role Groups in Purview."},{"ClassName":"MSFT_SCRoleGroupMember","Parameters":[{"CIMType":"String","Description":"The Name parameter specifies the name of the role. The maximum length of the name is 64 characters.","Name":"Name","Option":"Key"},{"CIMType":"String","Description":"The Description parameter specifies the description that's displayed when the role group is viewed using the Get-RoleGroup cmdlet. Enclose the description in quotation marks","Name":"Description","Option":"Write"},{"CIMType":"String[]","Description":"The Members parameter specifies the mailboxes or mail-enabled USGs to add as a member of the role group. You can identify the user or group by the name, DN, or primary SMTP address value. You can specify multiple members separated by commas (Value1,Value2,...ValueN). If the value contains spaces, enclose the value in quotation marks","Name":"Members","Option":"Write"},{"CIMType":"String","Description":"Specify if the Role Group Members should exist or not.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource manages Role Group members in Security Compliance Center."},{"ClassName":"MSFT_SCSecurityFilter","Parameters":[{"CIMType":"String","Description":"The FilterName parameter specifies the name of the compliance security filter that you want to view. If the value contains spaces, enclose the value in quotation marks (\\\").","Name":"FilterName","Option":"Key"},{"CIMType":"String","Description":"The Action parameter filters the results by the type of search action that a filter is applied to. ","Name":"Action","Option":"Write","ValueMap":["Export","Preview","Purge","Search","All"],"Values":["Export","Preview","Purge","Search","All"]},{"CIMType":"String[]","Description":"The User parameter filters the results by the user who gets a filter applied to their searches. Acceptable values are : The alias or email address of a user, All or The name of a role group","Name":"Users","Option":"Write"},{"CIMType":"String","Description":"The Description parameter specifies a description for the compliance security filter. The maximum length is 256 characters. If the value contains spaces, enclose the value in quotation marks (\\\").","Name":"Description","Option":"Write"},{"CIMType":"String[]","Description":"The Filters parameter specifies the search criteria for the compliance security filter. The filters are applied to the users specified by the Users parameter. You can create three different types of filters: Mailbox filter, Mailbox content filter or Site and site content filter","Name":"Filters","Option":"Write"},{"CIMType":"String","Description":"The Region parameter specifies the satellite location for multi-geo tenants to conduct eDiscovery searches in.","Name":"Region","Option":"Write","ValueMap":["APC","AUS","CAN","EUR","FRA","GBR","IND","JPN","LAM","NAM",""],"Values":["APC","AUS","CAN","EUR","FRA","GBR","IND","JPN","LAM","NAM",""]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Specify if this label policy should exist or not.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures a Security Filter in Purview.\n\n**Please note:** This resource does not support certificate based authentication."},{"ClassName":"MSFT_SCSLSensitiveInformationType","Parameters":[{"CIMType":"String","Description":"Name of the Sensitive Information Type","Name":"name","Option":"Key"},{"CIMType":"String","Description":"Confidence level value for the Sensitive Information","Name":"confidencelevel","Option":"Write","ValueMap":["Low","Medium","High"],"Values":["Low","Medium","High"]},{"CIMType":"String","Description":"Type of Classifier value for the Sensitive Information","Name":"classifiertype","Option":"Write"},{"CIMType":"String","Description":"Minimum Count value for the Sensitive Information","Name":"mincount","Option":"Write"},{"CIMType":"String","Description":"Maximum Count value for the Sensitive Information","Name":"maxcount","Option":"Write"}],"Description":"This resource configures Sensitivity labels in Purview."},{"ClassName":"MSFT_SCSLTrainableClassifiers","Parameters":[{"CIMType":"String","Description":"Name of the Trainable Classifier","Name":"name","Option":"Key"},{"CIMType":"String","Description":"Id of the Trainable Classifier","Name":"id","Option":"Write"}],"Description":"This resource configures Sensitivity labels in Purview."},{"ClassName":"MSFT_SCSLSensitiveInformationGroup","Parameters":[{"CIMType":"MSFT_SCSLSensitiveInformationType[]","Description":"Sensitive Information Content Types","Name":"SensitiveInformationType","Option":"Write"},{"CIMType":"MSFT_SCSLTrainableClassifiers[]","Description":"Trainable Classifiers","Name":"TrainableClassifier","Option":"Write"},{"CIMType":"String","Description":"Name of the group","Name":"Name","Option":"Required"},{"CIMType":"String","Description":"How to process the Sensitive Information Types and Trainable Classifiers","Name":"Operator","Option":"Required","ValueMap":["And","Or"],"Values":["And","Or"]}],"Description":"This resource configures Sensitivity labels in Purview."},{"ClassName":"MSFT_SCSLAutoLabelingSettings","Parameters":[{"CIMType":"MSFT_SCSLSensitiveInformationGroup[]","Description":"Groups of sensitive information types.","Name":"Groups","Option":"Required"},{"CIMType":"String","Description":"How to process the various groups","Name":"Operator","Option":"Required","ValueMap":["And","Or"],"Values":["And","Or"]},{"CIMType":"String","Description":"Display this message to users when the label is applied","Name":"PolicyTip","Option":"Write"},{"CIMType":"String","Description":"Specifies what to do when content matches the conditions","Name":"AutoApplyType","Option":"Required","ValueMap":["Automatic","Recommend"],"Values":["Automatic","Recommend"]}],"Description":"This resource configures Sensitivity labels in Purview."},{"ClassName":"MSFT_SCLabelLocaleSettings","Parameters":[{"CIMType":"String","Description":"Name of the Local key.","Name":"localeKey","Option":"Key"},{"CIMType":"MSFT_SCLabelSetting[]","Description":"The locale settings display names.","Name":"LabelSettings","Option":"Write"}],"Description":"This resource configures Sensitivity labels in Purview."},{"ClassName":"MSFT_SCSensitivityLabel","Parameters":[{"CIMType":"String","Description":"The Name parameter specifies the unique name for the sensitivity label. The maximum length is 64 characters. If the value contains spaces, enclose the value in quotation marks.","Name":"Name","Option":"Key"},{"CIMType":"String","Description":"Specify if this rule should exist or not.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"String","Description":"The Comment parameter specifies an optional comment.","Name":"Comment","Option":"Write"},{"CIMType":"MSFT_SCLabelSetting[]","Description":"The AdvancedSettings parameter enables client-specific features and capabilities on the sensitivity label. The settings that you configure with this parameter only affect apps that are designed for the setting.","Name":"AdvancedSettings","Option":"Write"},{"CIMType":"String","Description":"The DisplayName parameter specifies the display name for the sensitivity label. The display name appears in the Microsoft Office and is used by Outlook users to select the appropriate sensitivity label before they send a message.","Name":"DisplayName","Option":"Write"},{"CIMType":"MSFT_SCLabelLocaleSettings[]","Description":"The LocaleSettings parameter specifies one or more localized label name or label Tooltips in different languages. Regions include all region codes supported in Office Client applications.","Name":"LocaleSettings","Option":"Write"},{"CIMType":"String","Description":"The ParentId parameter specifies the parent label that you want this label to be under (a sublabel). You can use any value that uniquely identifies the parent sensitivity label for example name.","Name":"ParentId","Option":"Write"},{"CIMType":"uint32","Description":"The Priority parameter specifies a priority value for the sensitivity label that determines the order of label processing. A lower integer value indicates a higher priority.","Name":"Priority","Option":"Write"},{"CIMType":"String","Description":"The ToolTip parameter specifies the default tooltip and sensitivity label description that's seen by users. It the value contains spaces, enclose the value in quotation marks.","Name":"Tooltip","Option":"Write"},{"CIMType":"String","Description":"The ApplyContentMarkingFooterAlignment parameter specifies the footer alignment.","Name":"ApplyContentMarkingFooterAlignment","Option":"Write","ValueMap":["Left","Center","Right"],"Values":["Left","Center","Right"]},{"CIMType":"Boolean","Description":"The ApplyContentMarkingFooterEnabled parameter specifies whether to enable or disable the sensitivity label.","Name":"ApplyContentMarkingFooterEnabled","Option":"Write"},{"CIMType":"String","Description":"The ApplyContentMarkingFooterFontColor parameter specifies the color of the footer text. This parameter accepts a hexadecimal color code value in the format #xxxxxx. The default value is #000000.","Name":"ApplyContentMarkingFooterFontColor","Option":"Write"},{"CIMType":"SInt32","Description":"The ApplyContentMarkingFooterFontSize parameter specifies the font size (in points) of the footer text.","Name":"ApplyContentMarkingFooterFontSize","Option":"Write"},{"CIMType":"SInt32","Description":"The ApplyContentMarkingFooterMargin parameter specifies the size (in points) of the footer margin.","Name":"ApplyContentMarkingFooterMargin","Option":"Write"},{"CIMType":"String","Description":"The ApplyContentMarkingFooterText parameter specifies the footer text. If the value contains spaces, enclose the value in quotation marks.","Name":"ApplyContentMarkingFooterText","Option":"Write"},{"CIMType":"String","Description":"The ApplyContentMarkingHeaderAlignment parameter specifies the header alignment.","Name":"ApplyContentMarkingHeaderAlignment","Option":"Write","ValueMap":["Left","Center","Right"],"Values":["Left","Center","Right"]},{"CIMType":"Boolean","Description":"The ApplyContentMarkingHeaderEnabled parameter enables or disables the Apply Content Marking Header action for the label.","Name":"ApplyContentMarkingHeaderEnabled","Option":"Write"},{"CIMType":"String","Description":"The ApplyContentMarkingHeaderFontColor parameter specifies the color of the header text. This parameter accepts a hexadecimal color code value in the format #xxxxxx. The default value is #000000.","Name":"ApplyContentMarkingHeaderFontColor","Option":"Write"},{"CIMType":"SInt32","Description":"The ApplyContentMarkingHeaderFontSize parameter specifies the font size (in points) of the header text.","Name":"ApplyContentMarkingHeaderFontSize","Option":"Write"},{"CIMType":"SInt32","Description":"The ApplyContentMarkingHeaderMargin parameter specifies the size (in points) of the header margin.","Name":"ApplyContentMarkingHeaderMargin","Option":"Write"},{"CIMType":"String","Description":"The ApplyContentMarkingHeaderText parameter specifies the header text. If the value contains spaces, enclose the value in quotation marks.","Name":"ApplyContentMarkingHeaderText","Option":"Write"},{"CIMType":"Boolean","Description":"The ApplyWaterMarkingEnabled parameter enables or disables the Apply Watermarking Header action for the label.","Name":"ApplyWaterMarkingEnabled","Option":"Write"},{"CIMType":"String","Description":"The ApplyWaterMarkingFontColor parameter specifies the color of the watermark text. This parameter accepts a hexadecimal color code value in the format #xxxxxx.","Name":"ApplyWaterMarkingFontColor","Option":"Write"},{"CIMType":"SInt32","Description":"The ApplyWaterMarkingFontSize parameter specifies the font size (in points) of the watermark text.","Name":"ApplyWaterMarkingFontSize","Option":"Write"},{"CIMType":"String","Description":"The ApplyWaterMarkingAlignment parameter specifies the watermark alignment.","Name":"ApplyWaterMarkingLayout","Option":"Write","ValueMap":["Horizontal","Diagonal"],"Values":["Horizontal","Diagonal"]},{"CIMType":"String","Description":"The ApplyWaterMarkingText parameter specifies the watermark text. If the value contains spaces, enclose the value in quotation marks.","Name":"ApplyWaterMarkingText","Option":"Write"},{"CIMType":"String[]","Description":"The ContentType parameter specifies where the sensitivity label can be applied.","Name":"ContentType","Option":"Write","ValueMap":["File","Email","Site","UnifiedGroup","PurviewAssets","Teamwork","SchematizedData"],"Values":["File","Email","Site","UnifiedGroup","PurviewAssets","Teamwork","SchematizedData"]},{"CIMType":"String","Description":"The EncryptionContentExpiredOnDateInDaysOrNever parameter specifies when the encrypted content expires. Valid values are integer or never.","Name":"EncryptionContentExpiredOnDateInDaysOrNever","Option":"Write"},{"CIMType":"Boolean","Description":"The EncryptionDoNotForward parameter specifies whether the Do Not Forward template is applied.","Name":"EncryptionDoNotForward","Option":"Write"},{"CIMType":"Boolean","Description":"The EncryptionEncryptOnly parameter specifies whether the encrypt-only template is applied.","Name":"EncryptionEncryptOnly","Option":"Write"},{"CIMType":"Boolean","Description":"The EncryptionEnabled parameter specifies whether encryption in enabled.","Name":"EncryptionEnabled","Option":"Write"},{"CIMType":"SInt32","Description":"The EncryptionOfflineAccessDays parameter specifies the number of days that offline access is allowed.","Name":"EncryptionOfflineAccessDays","Option":"Write"},{"CIMType":"Boolean","Description":"The EncryptionPromptUser parameter specifies whether to set the label with user defined permission in Word, Excel, and PowerPoint.","Name":"EncryptionPromptUser","Option":"Write"},{"CIMType":"String","Description":"The EncryptionProtectionType parameter specifies the protection type for encryption.","Name":"EncryptionProtectionType","Option":"Write","ValueMap":["Template","RemoveProtection","UserDefined"],"Values":["Template","RemoveProtection","UserDefined"]},{"CIMType":"String","Description":"The EncryptionRightsDefinitions parameter specifies the rights users have when accessing protected. This parameter uses the syntax Identity1:Rights1,Rights2;Identity2:Rights3,Rights4. For example, john@contoso.com:VIEW,EDIT;microsoft.com:VIEW.","Name":"EncryptionRightsDefinitions","Option":"Write"},{"CIMType":"String","Description":"The EncryptionRightsUrl parameter specifies the URL for hold your own key (HYOK) protection.","Name":"EncryptionRightsUrl","Option":"Write"},{"CIMType":"Boolean","Description":"The SiteAndGroupProtectionAllowAccessToGuestUsers parameter enables or disables access to guest users.","Name":"SiteAndGroupProtectionAllowAccessToGuestUsers","Option":"Write"},{"CIMType":"Boolean","Description":"The SiteAndGroupProtectionAllowEmailFromGuestUsers parameter enables or disables email from guest users.","Name":"SiteAndGroupProtectionAllowEmailFromGuestUsers","Option":"Write"},{"CIMType":"Boolean","Description":"The SiteAndGroupProtectionAllowFullAccess parameter enables or disables full access.","Name":"SiteAndGroupProtectionAllowFullAccess","Option":"Write"},{"CIMType":"Boolean","Description":"The SiteAndGroupProtectionAllowLimitedAccess parameter enables or disables limited access.","Name":"SiteAndGroupProtectionAllowLimitedAccess","Option":"Write"},{"CIMType":"Boolean","Description":"The SiteAndGroupProtectionBlockAccess parameter blocks access.","Name":"SiteAndGroupProtectionBlockAccess","Option":"Write"},{"CIMType":"Boolean","Description":"The SiteAndGroupProtectionEnabled parameter enables or disables the Site and Group Protection action for the labels.","Name":"SiteAndGroupProtectionEnabled","Option":"Write"},{"CIMType":"String","Description":"The SiteAndGroupProtectionPrivacy parameter specifies the privacy level for the label.","Name":"SiteAndGroupProtectionPrivacy","Option":"Write","ValueMap":["Public","Private","Unspecified"],"Values":["Public","Private","Unspecified"]},{"CIMType":"String","Description":"The SiteAndGroupExternalSharingControlType parameter specifies the external user sharing setting for the label.","Name":"SiteAndGroupExternalSharingControlType","Option":"Write","ValueMap":["ExternalUserAndGuestSharing","ExternalUserSharingOnly","ExistingExternalUserSharingOnly","Disabled"],"Values":["ExternalUserAndGuestSharing","ExternalUserSharingOnly","ExistingExternalUserSharingOnly","Disabled"]},{"CIMType":"MSFT_SCSLAutoLabelingSettings","Description":"The AutoLabelingSettings parameter specifies the conditions for label to be automatically applied to files and emails.","Name":"AutoLabelingSettings","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures Sensitivity labels in Purview."},{"ClassName":"MSFT_SCSupervisoryReviewPolicy","Parameters":[{"CIMType":"String","Description":"The Name parameter specifies the unique name for the supervisory review policy. The name can't exceed 64 characters. If the value contains spaces, enclose the value in quotation marks.","Name":"Name","Option":"Key"},{"CIMType":"String","Description":"The Comment parameter specifies an optional comment. If you specify a value that contains spaces, enclose the value in quotation marks.","Name":"Comment","Option":"Write"},{"CIMType":"String[]","Description":"The Reviewers parameter specifies the SMTP addresses of the reviewers for the supervisory review policy. You can specify multiple email addresses separated by commas.","Name":"Reviewers","Option":"Required"},{"CIMType":"String","Description":"Specify if this rule should exist or not.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures a Supervision Policy in Purview.\nNOTE: This resource can only be used to monitor policies until further notice."},{"ClassName":"MSFT_SCSupervisoryReviewRule","Parameters":[{"CIMType":"String","Description":"The Name parameter specifies the unique name for the supervisory review policy. The name can't exceed 64 characters. If the value contains spaces, enclose the value in quotation marks.","Name":"Name","Option":"Key"},{"CIMType":"String","Description":"The Policy parameter specifies the supervisory review policy that's assigned to the rule. You can use any value that uniquely identifies the policy.","Name":"Policy","Option":"Key"},{"CIMType":"String","Description":"The Condition parameter specifies the conditions and exceptions for the rule.","Name":"Condition","Option":"Write"},{"CIMType":"UInt32","Description":"The SamplingRate parameter specifies the percentage of communications for review. If you want reviewers to review all detected items, use the value 100.","Name":"SamplingRate","Option":"Write"},{"CIMType":"String","Description":"Specify if this rule should exist or not.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Exchange Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for CertificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures a Supervision Review Rule in Purview."},{"ClassName":"MSFT_SCUnifiedAuditLogRetentionPolicy","Parameters":[{"CIMType":"String","Description":"The description for the audit log retention policy","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Unique name for the audit log retention policy","Name":"Name","Option":"Key"},{"CIMType":"String[]","Description":"Specifies the audit log operations that are retained by the policy","Name":"Operations","Option":"Write"},{"CIMType":"UInt32","Description":"Priority value for the policy that determines the order of policy processing.","Name":"Priority","Option":"Write"},{"CIMType":"String[]","Description":"Specifies the audit logs of a specific record type that are retained by the policy.","Name":"RecordTypes","Option":"Write"},{"CIMType":"String","Description":"How long audit log records are kept","Name":"RetentionDuration","Option":"Write","ValueMap":["SevenDays","OneMonth","ThreeMonths","SixMonths","NineMonths","TwelveMonths","ThreeYears","FiveYears","SevenYears","TenYears"],"Values":["SevenDays","OneMonth","ThreeMonths","SixMonths","NineMonths","TwelveMonths","ThreeYears","FiveYears","SevenYears","TenYears"]},{"CIMType":"String[]","Description":"Specifies the audit logs that are retained by the policy based on the ID of the user who performed the action","Name":"UserIds","Option":"Write"},{"CIMType":"string","Description":"Present ensures the instance exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory tenant used for authentication.","Name":"ApplicationSecret","Option":"Write"}],"Description":"The resource configures a Unified Audit Log Retention Policy in the Purview."},{"ClassName":"MSFT_SentinelAlertRuleEventGroupingSettings","Parameters":[{"CIMType":"String","Description":"The event grouping aggregation kinds","Name":"aggregationKind","Option":"Write"}],"Description":"Configures alert rules in Azure Sentinel."},{"ClassName":"MSFT_SentinelAlertRuleCustomDetails","Parameters":[{"CIMType":"String","Description":"Key of the custom detail.","Name":"DetailKey","Option":"Write"},{"CIMType":"String","Description":"Associated value with the custom detail.","Name":"DetailValue","Option":"Write"}],"Description":"Configures alert rules in Azure Sentinel."},{"ClassName":"MSFT_SentinelAlertRuleEntityMapping","Parameters":[{"CIMType":"String","Description":"Type of entity.","Name":"entityType","Option":"Write"},{"CIMType":"MSFT_SentinelAlertRuleEntityMappingFieldMapping[]","Description":"List of field mappings.","Name":"fieldMappings","Option":"Write"}],"Description":"Configures alert rules in Azure Sentinel."},{"ClassName":"MSFT_SentinelAlertRuleEntityMappingFieldMapping","Parameters":[{"CIMType":"String","Description":"Name of the column","Name":"columnName","Option":"Key"},{"CIMType":"String","Description":"Identifier of the associated field.","Name":"identifier","Option":"Key"}],"Description":"Configures alert rules in Azure Sentinel."},{"ClassName":"MSFT_SentinelAlertRuleAlertDetailsOverride","Parameters":[{"CIMType":"String","Description":"The format containing columns name(s) to override the alert description","Name":"alertDescriptionFormat","Option":"Write"},{"CIMType":"String","Description":"The format containing columns name(s) to override the alert name","Name":"alertDisplayNameFormat","Option":"Write"},{"CIMType":"String","Description":"The column name to take the alert severity from","Name":"alertSeverityColumnName","Option":"Write"},{"CIMType":"String","Description":"The column name to take the alert tactics from","Name":"alertTacticsColumnName","Option":"Write"},{"CIMType":"MSFT_SentinelAlertRuleAlertDetailsOverrideAlertDynamicProperty[]","Description":"List of additional dynamic properties to override","Name":"alertDynamicProperties","Option":"Write"}],"Description":"Configures alert rules in Azure Sentinel."},{"ClassName":"MSFT_SentinelAlertRuleAlertDetailsOverrideAlertDynamicProperty","Parameters":[{"CIMType":"String","Description":"Dynamic property key.","Name":"alertProperty","Option":"Key"},{"CIMType":"String","Description":"Dynamic property value.","Name":"alertPropertyValue","Option":"Write"}],"Description":"Configures alert rules in Azure Sentinel."},{"ClassName":"MSFT_SentinelAlertRuleIncidentConfiguration","Parameters":[{"CIMType":"Boolean","Description":"Create incidents from alerts triggered by this analytics rule","Name":"createIncident","Option":"Write"},{"CIMType":"MSFT_SentinelAlertRuleIncidentConfigurationGroupingConfiguration","Description":"Set how the alerts that are triggered by this analytics rule, are grouped into incidents","Name":"groupingConfiguration","Option":"Write"}],"Description":"Configures alert rules in Azure Sentinel."},{"ClassName":"MSFT_SentinelAlertRuleIncidentConfigurationGroupingConfiguration","Parameters":[{"CIMType":"Boolean","Description":"Grouping enabled","Name":"enabled","Option":"Write"},{"CIMType":"String[]","Description":"A list of alert details to group by (when matchingMethod is Selected)","Name":"groupByAlertDetails","Option":"Write","ValueMap":["DisplayName","Severity"],"Values":["DisplayName","Severity"]},{"CIMType":"String[]","Description":"A list of custom details keys to group by (when matchingMethod is Selected). Only keys defined in the current alert rule may be used.","Name":"groupByCustomDetails","Option":"Write"},{"CIMType":"String[]","Description":"A list of entity types to group by (when matchingMethod is Selected). Only entities defined in the current alert rule may be used.","Name":"groupByEntities","Option":"Write"},{"CIMType":"String","Description":"Limit the group to alerts created within the lookback duration (in ISO 8601 duration format)","Name":"lookbackDuration","Option":"Write"},{"CIMType":"String","Description":"Grouping matching method. When method is Selected at least one of groupByEntities, groupByAlertDetails, groupByCustomDetails must be provided and not empty.","Name":"matchingMethod","Option":"Write"},{"CIMType":"Boolean","Description":"Re-open closed matching incidents","Name":"reopenClosedIncident","Option":"Write"}],"Description":"Configures alert rules in Azure Sentinel."},{"ClassName":"MSFT_SentinelAlertRule","Parameters":[{"CIMType":"String","Description":"The display name of the indicator","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"The name of the resource group. The name is case insensitive.","Name":"SubscriptionId","Option":"Write"},{"CIMType":"String","Description":"The name of the resource group. The name is case insensitive.","Name":"ResourceGroupName","Option":"Write"},{"CIMType":"String","Description":"The name of the workspace.","Name":"WorkspaceName","Option":"Write"},{"CIMType":"String","Description":"The unique id of the indicator.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"The name of the workspace.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"The alerts' productName on which the cases will be generated","Name":"ProductFilter","Option":"Write"},{"CIMType":"Boolean","Description":"Determines whether this alert rule is enabled or disabled.","Name":"Enabled","Option":"Write"},{"CIMType":"String","Description":"The severity for alerts created by this alert rule.","Name":"Severity","Option":"Write"},{"CIMType":"String[]","Description":"The tactics of the alert rule","Name":"Tactics","Option":"Write"},{"CIMType":"String[]","Description":"The techniques of the alert rule","Name":"Techniques","Option":"Write"},{"CIMType":"String[]","Description":"The sub-techniques of the alert rule","Name":"SubTechniques","Option":"Write"},{"CIMType":"String","Description":"The query that creates alerts for this rule.","Name":"Query","Option":"Write"},{"CIMType":"String","Description":"The frequency (in ISO 8601 duration format) for this alert rule to run.","Name":"QueryFrequency","Option":"Write"},{"CIMType":"String","Description":"The period (in ISO 8601 duration format) that this alert rule looks at.","Name":"QueryPeriod","Option":"Write"},{"CIMType":"String","Description":"The operation against the threshold that triggers alert rule.","Name":"TriggerOperator","Option":"Write"},{"CIMType":"UInt32","Description":"The threshold triggers this alert rule.","Name":"TriggerThreshold","Option":"Write"},{"CIMType":"String","Description":"The suppression (in ISO 8601 duration format) to wait since last time this alert rule been triggered.","Name":"SuppressionDuration","Option":"Write"},{"CIMType":"String","Description":"Determines whether the suppression for this alert rule is enabled or disabled.","Name":"SuppressionEnabled","Option":"Write"},{"CIMType":"String","Description":"The Name of the alert rule template used to create this rule.","Name":"AlertRuleTemplateName","Option":"Write"},{"CIMType":"String[]","Description":"The alerts' displayNames on which the cases will not be generated.","Name":"DisplayNamesExcludeFilter","Option":"Write"},{"CIMType":"String[]","Description":"The alerts' displayNames on which the cases will be generated.","Name":"DisplayNamesFilter","Option":"Write"},{"CIMType":"String[]","Description":"The alerts' severities on which the cases will be generated","Name":"SeveritiesFilter","Option":"Write"},{"CIMType":"MSFT_SentinelAlertRuleEventGroupingSettings","Description":"The event grouping settings.","Name":"EventGroupingSettings","Option":"Write"},{"CIMType":"MSFT_SentinelAlertRuleCustomDetails[]","Description":"Dictionary of string key-value pairs of columns to be attached to the alert","Name":"CustomDetails","Option":"Write"},{"CIMType":"MSFT_SentinelAlertRuleEntityMapping[]","Description":"Array of the entity mappings of the alert rule","Name":"EntityMappings","Option":"Write"},{"CIMType":"MSFT_SentinelAlertRuleAlertDetailsOverride","Description":"The alert details override settings","Name":"AlertDetailsOverride","Option":"Write"},{"CIMType":"MSFT_SentinelAlertRuleIncidentConfiguration","Description":"The settings of the incidents that created from alerts triggered by this analytics rule","Name":"IncidentConfiguration","Option":"Write"},{"CIMType":"String","Description":"The kind of the alert rule","Name":"Kind","Option":"Write"},{"CIMType":"string","Description":"Present ensures the instance exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Absent","Present"],"Values":["Absent","Present"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Configures alert rules in Azure Sentinel."},{"ClassName":"MSFT_SentinelSetting","Parameters":[{"CIMType":"String","Description":"The Resource Group Name","Name":"ResourceGroupName","Option":"Key"},{"CIMType":"String","Description":"The name of the workspace.","Name":"WorkspaceName","Option":"Required"},{"CIMType":"String","Description":"Gets subscription credentials which uniquely identify Microsoft Azure subscription. The subscription ID forms part of the URI for every service call.","Name":"SubscriptionId","Option":"Write"},{"CIMType":"Boolean","Description":"Specififies if Anomaly detection should be enabled or not.","Name":"AnomaliesIsEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"Specififies if Entity Analyticsshould be enabled or not.","Name":"EntityAnalyticsIsEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"Specififies if Auditing and Health Monitoring should be enabled or not.","Name":"EyesOnIsEnabled","Option":"Write"},{"CIMType":"String[]","Description":"The list of Data sources associated with the UEBA.","Name":"UebaDataSource","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Configures settings for a Sentinel instance."},{"ClassName":"MSFT_SentinelThreatIntelligenceIndicator","Parameters":[{"CIMType":"String","Description":"The display name of the indicator","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"The name of the resource group. The name is case insensitive.","Name":"SubscriptionId","Option":"Write"},{"CIMType":"String","Description":"The name of the resource group. The name is case insensitive.","Name":"ResourceGroupName","Option":"Write"},{"CIMType":"String","Description":"The name of the workspace.","Name":"WorkspaceName","Option":"Write"},{"CIMType":"String","Description":"The unique id of the indicator.","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"The name of the workspace.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Pattern type of a threat intelligence entity","Name":"PatternType","Option":"Write"},{"CIMType":"String","Description":"Pattern of a threat intelligence entity","Name":"Pattern","Option":"Write"},{"CIMType":"String","Description":"Is threat intelligence entity revoked","Name":"Revoked","Option":"Write"},{"CIMType":"String","Description":"Valid from","Name":"ValidFrom","Option":"Write"},{"CIMType":"String","Description":"Valid until","Name":"ValidUntil","Option":"Write"},{"CIMType":"String","Description":"Source type.","Name":"Source","Option":"Write"},{"CIMType":"String[]","Description":"Labels of threat intelligence entity","Name":"Labels","Option":"Write"},{"CIMType":"String[]","Description":"List of tags","Name":"ThreatIntelligenceTags","Option":"Write"},{"CIMType":"String[]","Description":"Threat types","Name":"ThreatTypes","Option":"Write"},{"CIMType":"String[]","Description":"Kill chain phases","Name":"KillChainPhases","Option":"Write"},{"CIMType":"UInt32","Description":"Confidence of threat intelligence entity","Name":"Confidence","Option":"Write"},{"CIMType":"string","Description":"Present ensures the instance exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Absent","Present"],"Values":["Absent","Present"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Configures threat intelligence indicators in Azure Sentinel."},{"ClassName":"MSFT_SentinelWatchlist","Parameters":[{"CIMType":"String","Description":"Tha name of the watchlist.","Name":"Name","Option":"Key"},{"CIMType":"String","Description":"The name of the resource group. The name is case insensitive.","Name":"SubscriptionId","Option":"Write"},{"CIMType":"String","Description":"The name of the resource group. The name is case insensitive.","Name":"ResourceGroupName","Option":"Write"},{"CIMType":"String","Description":"The name of the workspace.","Name":"WorkspaceName","Option":"Write"},{"CIMType":"String","Description":"The id (a Guid) of the watchlist","Name":"Id","Option":"Write"},{"CIMType":"String","Description":"The display name of the watchlist.","Name":"DisplayName","Option":"Write"},{"CIMType":"String","Description":"The source of the watchlist. Only accepts 'Local file' and 'Remote storage'. And it must included in the request.","Name":"SourceType","Option":"Write"},{"CIMType":"String","Description":"The search key is used to optimize query performance when using watchlists for joins with other data. For example, enable a column with IP addresses to be the designated SearchKey field, then use this field as the key field when joining to other event data by IP address.","Name":"ItemsSearchKey","Option":"Write"},{"CIMType":"String","Description":"A description of the watchlist","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"The default duration of a watchlist (in ISO 8601 duration format)","Name":"DefaultDuration","Option":"Write"},{"CIMType":"String","Description":"The watchlist alias","Name":"Alias","Option":"Write"},{"CIMType":"UInt32","Description":"The number of lines in a csv content to skip before the header","Name":"NumberOfLinesToSkip","Option":"Write"},{"CIMType":"String","Description":"The raw content that represents to watchlist items to create. Example : This line will be skipped header1,header2 value1,value2","Name":"RawContent","Option":"Write"},{"CIMType":"string","Description":"Present ensures the instance exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Absent","Present"],"Values":["Absent","Present"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Configures watchlists in Azure Sentinel."},{"ClassName":"MSFT_SHSpaceGroup","Parameters":[{"CIMType":"String","Description":"Name of the associated Services Hub space.","Name":"SpaceName","Option":"Key"},{"CIMType":"String","Description":"Name of the group.","Name":"GroupName","Option":"Key"},{"CIMType":"String[]","Description":"List of roles associated with the group. Accepted values are: CustomerActivityPagePermissionRole, HealthPermissionRole, InviteUsersPermissionRole, PlansPermissionRole, SharedFilesPermissionRole, SupportCasePermissionRole, TrainingManager, TrainingPermissionRole, WorkspaceAdministratorRole. Role Account manager,IncidentManagerUnified,CSMAdministrator, ContractSupportUser are read-only and inherited from the upstream system and cannot be modified.","Name":"Roles","Option":"Write"},{"CIMType":"string","Description":"Present ensures the instance exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Absent","Present"],"Values":["Absent","Present"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Represents a Services Hub space group."},{"ClassName":"MSFT_SHSpaceUser","Parameters":[{"CIMType":"String","Description":"Name of the associated Services Hub space.","Name":"SpaceName","Option":"Key"},{"CIMType":"String","Description":"Email identifier for the user.","Name":"Email","Option":"Key"},{"CIMType":"String[]","Description":"List of roles associated with the user. Accepted values are: CustomerActivityPagePermissionRole, HealthPermissionRole, InviteUsersPermissionRole, PlansPermissionRole, SharedFilesPermissionRole, SupportCasePermissionRole, TrainingManager, TrainingPermissionRole, WorkspaceAdministratorRole. Role Account manager,IncidentManagerUnified,CSMAdministrator, ContractSupportUser are read-only and inherited from the upstream system and cannot be modified.","Name":"Roles","Option":"Write"},{"CIMType":"string","Description":"Present ensures the instance exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Absent","Present"],"Values":["Absent","Present"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Represents a Services Hub space user."},{"ClassName":"MSFT_SPOAccessControlSettings","Parameters":[{"CIMType":"String","Description":"Specifies the resource is a single instance, the value must be 'Yes'","Name":"IsSingleInstance","Option":"Key","ValueMap":["Yes"],"Values":["Yes"]},{"CIMType":"boolean","Description":"Determines whether tenant users see the Start a Site menu option","Name":"DisplayStartASiteOption","Option":"Write"},{"CIMType":"string","Description":"Specifies URL of the form to load in the Start a Site dialog. The valid values are:<emptyString> (default) - Blank by default, this will also remove or clear any value that has been set.Full URL - Example: https://contoso.sharepoint.com/path/to/form","Name":"StartASiteFormUrl","Option":"Write"},{"CIMType":"boolean","Description":"Allows access from network locations that are defined by an administrator.","Name":"IPAddressEnforcement","Option":"Write"},{"CIMType":"string","Description":"Configures multiple IP addresses or IP address ranges (IPv4 or IPv6). Use commas to separate multiple IP addresses or IP address ranges.","Name":"IPAddressAllowList","Option":"Write"},{"CIMType":"uint32","Description":"Office webapps TokenLifeTime in minutes","Name":"IPAddressWACTokenLifetime","Option":"Write"},{"CIMType":"boolean","Description":"Prevents the Download button from being displayed on the Virus Found warning page.","Name":"DisallowInfectedFileDownload","Option":"Write"},{"CIMType":"boolean","Description":"Enables external services for a tenant. External services are defined as services that are not in the Office 365 datacenters.","Name":"ExternalServicesEnabled","Option":"Write"},{"CIMType":"boolean","Description":"Sets email attestation to required","Name":"EmailAttestationRequired","Option":"Write"},{"CIMType":"uint32","Description":"Sets email attestation re-auth days","Name":"EmailAttestationReAuthDays","Option":"Write"},{"CIMType":"boolean","Description":"Enables or disables the restricted access control.","Name":"EnableRestrictedAccessControl","Option":"Write"},{"CIMType":"String","Description":"Only value accepted is 'Present'","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the account to authenticate with.","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory application to authenticate with.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Name of the Azure Active Directory tenant used for authentication. Format contoso.onmicrosoft.com","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for certificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"string","Description":"Blocks or limits access to SharePoint and OneDrive content from un-managed devices.","Name":"ConditionalAccessPolicy","Option":"Write","ValueMap":["AllowFullAccess","AllowLimitedAccess","BlockAccess","ProtectionLevel"],"Values":["AllowFullAccess","AllowLimitedAccess","BlockAccess","ProtectionLevel"]},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource allows users to configure and monitor the access control settings for\nyour SPO tenant sharing settings."},{"ClassName":"MSFT_SPOApp","Parameters":[{"CIMType":"string","Description":"The name of the App.","Name":"Identity","Option":"Key"},{"CIMType":"string","Description":"The path the the app package on disk.","Name":"Path","Option":"Key"},{"CIMType":"boolean","Description":"This will deploy/trust an app into the app catalog.","Name":"Publish","Option":"Write"},{"CIMType":"boolean","Description":"Overwrites the existing app package if it already exists.","Name":"Overwrite","Option":"Write"},{"CIMType":"string","Description":"Present ensures the site collection exists, absent ensures it is removed","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the account to authenticate with.","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory application to authenticate with.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Name of the Azure Active Directory tenant used for authentication. Format contoso.onmicrosoft.com","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for certificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource allows users to deploy App instances in the\nApp Catalog."},{"ClassName":"MSFT_SPOBrowserIdleSignout","Parameters":[{"CIMType":"String","Description":"Specifies the resource is a single instance, the value must be 'Yes'","Name":"IsSingleInstance","Option":"Key","ValueMap":["Yes"],"Values":["Yes"]},{"CIMType":"Boolean","Description":"Enables the browser idle sign-out policy","Name":"Enabled","Option":"Write"},{"CIMType":"String","Description":"Specifies a time interval of inactivity before the user gets signed out","Name":"SignOutAfter","Option":"Write"},{"CIMType":"String","Description":"Specifies a time interval of inactivity before the user gets a warning about being signed out","Name":"WarnAfter","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Credentials of the SharePoint Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory application to authenticate with.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Name of the Azure Active Directory tenant used for authentication. Format contoso.onmicrosoft.com","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for certificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures an SharePoint Online Idle session sign-out policy."},{"ClassName":"MSFT_SPOHomeSite","Parameters":[{"CIMType":"String","Description":"Specifies the resource is a single instance, the value must be 'Yes'","Name":"IsSingleInstance","Option":"Key","ValueMap":["Yes"],"Values":["Yes"]},{"CIMType":"string","Description":"The URL of the home site collection","Name":"Url","Option":"Write"},{"CIMType":"string","Description":"Present ensures the site collection is registered as home site, absent ensures it is unregistered","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the account to authenticate with.","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory application to authenticate with.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Name of the Azure Active Directory tenant used for authentication. Format contoso.onmicrosoft.com","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for certificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource allows administrators to configure a Site Collection as the Home\nSite of the tenant. The menu of this SharePoint Site Collection will be shown on\nSharePoint Home.\n\n> NOTE:\n> This setting is not applied immediately and can take several hours to be fully\n> available within the tenant. Please use this resource with caution, as a direct\n> test run can lead to incorrect status results.\n> For more details about setting the home site, go to> aka.ms/homesites"},{"ClassName":"MSFT_SPOHubSite","Parameters":[{"CIMType":"string","Description":"The URL of the site collection","Name":"Url","Option":"Key"},{"CIMType":"string","Description":"The title of the hub site","Name":"Title","Option":"Write"},{"CIMType":"string","Description":"The description of the hub site","Name":"Description","Option":"Write"},{"CIMType":"string","Description":"The url to the logo of the hub site","Name":"LogoUrl","Option":"Write"},{"CIMType":"boolean","Description":"Does the hub site require approval to join","Name":"RequiresJoinApproval","Option":"Write"},{"CIMType":"string[]","Description":"The users or mail-enabled security groups which are allowed to associate their site with a hub site","Name":"AllowedToJoin","Option":"Write"},{"CIMType":"string","Description":"The guid of the site design to link to the hub site","Name":"SiteDesignId","Option":"Write"},{"CIMType":"string","Description":"Present ensures the site collection is registered as hub site, absent ensures it is unregistered","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the account to authenticate with.","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory application to authenticate with.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Name of the Azure Active Directory tenant used for authentication. Format contoso.onmicrosoft.com","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for certificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource allows users to configure a Site Collection as Hub Site\nCollection and configure its properties.\n\nNOTE:\nThe AllowedToJoin parameter accepts e-mail addresses (for users, Office\n365 Groups and Mail-Enabled Security groups) or DisplayName (for\nSecurity groups). However, when using DisplayName it is required that\nthere is only one group with that name. The resource will throw an\nexception if there are multiple groups with that name found!"},{"ClassName":"MSFT_SPOOrgAssetsLibrary","Parameters":[{"CIMType":"String","Description":"Indicates the absolute URL of the library to be designated as a central location for organization assets.","Name":"LibraryUrl","Option":"Key"},{"CIMType":"String","Description":"Specifies the CDN type. The valid values are public or private.","Name":"CdnType","Option":"Write","ValueMap":["Public","Private"],"Values":["Public","Private"]},{"CIMType":"String","Description":"Indicates the absolute URL of the library to be designated as a central location for organization Indicates the URL of the background image used when the library is publicly displayed. If no thumbnail URL is indicated, the card will have a gray background.","Name":"ThumbnailUrl","Option":"Write"},{"CIMType":"String","Description":"Specify if the SPO Org Assets library should exist or not.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the SharePoint Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory application to authenticate with.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Name of the Azure Active Directory tenant used for authentication. Format contoso.onmicrosoft.com","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for certificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures an SharePoint Online Org site assets library."},{"ClassName":"MSFT_SPOPropertyBag","Parameters":[{"CIMType":"String","Description":"Url of the site where to configure the PropertyBag property.","Name":"Url","Option":"Key"},{"CIMType":"String","Description":"Key that should be configured.","Name":"Key","Option":"Key"},{"CIMType":"String","Description":"Value of the assigned key.","Name":"Value","Option":"Key"},{"CIMType":"String","Description":"Specify if this policy should exist or not.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Global Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory application to authenticate with.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Name of the Azure Active Directory tenant used for authentication. Format contoso.onmicrosoft.com","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for certificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Configures a value in a site's property bag."},{"ClassName":"MSFT_SPORetentionLabelsSettings","Parameters":[{"CIMType":"String","Description":"Specifies the resource is a single instance, the value must be 'Yes'","Name":"IsSingleInstance","Option":"Key","ValueMap":["Yes"],"Values":["Yes"]},{"CIMType":"Boolean","Description":"Set whether files with Keep Label can be deleted in OneDrive for Business.","Name":"AllowFilesWithKeepLabelToBeDeletedODB","Option":"Write"},{"CIMType":"Boolean","Description":"Set whether files with Keep Label can be deleted in SharePoint Online.","Name":"AllowFilesWithKeepLabelToBeDeletedSPO","Option":"Write"},{"CIMType":"Boolean","Description":"Set to enable or disable the advanced record versioning.","Name":"AdvancedRecordVersioningDisabled","Option":"Write"},{"CIMType":"Boolean","Description":"Set metadata edit blocking enabled setting.","Name":"MetadataEditBlockingEnabled","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Configures the retention label settings. This setting is accessible via the Purview Record Management settings screen."},{"ClassName":"MSFT_SPOSearchManagedProperty","Parameters":[{"CIMType":"string","Description":"The Name of the Managed Property","Name":"Name","Option":"Key"},{"CIMType":"string","Description":"The Type of the Managed Property","Name":"Type","Option":"Key","ValueMap":["Text","Integer","Decimal","DateTime","YesNo","Double","Binary"],"Values":["Text","Integer","Decimal","DateTime","YesNo","Double","Binary"]},{"CIMType":"string","Description":"Description of the Managed Property","Name":"Description","Option":"Write"},{"CIMType":"boolean","Description":"Enables querying against the content of the managed property.  The content of this managed property is included in the full-text index. For example, if the property is 'author', a simple query for 'Smith' returns items containing the word 'Smith' and items whose author property contains 'Smith'.","Name":"Searchable","Option":"Write"},{"CIMType":"string","Description":"Defines which full-text index the Managed Property is stored in.","Name":"FullTextIndex","Option":"Write"},{"CIMType":"uint32","Description":"Defines the context of a managed property within its full-text index.","Name":"FullTextContext","Option":"Write"},{"CIMType":"boolean","Description":"Enables querying against the specific Managed Property. The Managed Property field name must be included in the query, either specified in the query itself or included in the query programmatically. If the Managed Property is 'author', the query must contain 'author:Smith'.","Name":"Queryable","Option":"Write"},{"CIMType":"boolean","Description":"Enables the content of this managed property to be returned in search results. Enable this setting for managed properties that are relevant to present in search results.","Name":"Retrievable","Option":"Write"},{"CIMType":"boolean","Description":"Allow multiple values of the same type in this managed property. For example, if this is the 'author' managed property, and a document has multiple authors, each author name will be stored as a separate value in this managed property.","Name":"AllowMultipleValues","Option":"Write"},{"CIMType":"string","Description":"Yes: Enables using the property as a refiner for search results in the front end. You must manually configure the refiner in the web part. Yes - latent: Enables switching refinable to active later, without having to do a full re-crawl when you switch. Both options require a full crawl to take effect.","Name":"Refinable","Option":"Write","ValueMap":["No","Yes - latent","Yes"],"Values":["No","Yes - latent","Yes"]},{"CIMType":"string","Description":"Yes: Enables sorting the result set based on the property before the result set is returned. Use for example for large result sets that cannot be sorted and retrieved at the same time. Yes - latent: Enables switching sortable to active later, without having to do a full re-crawl when you switch. Both options require a full crawl to take effect.","Name":"Sortable","Option":"Write","ValueMap":["No","Yes - latent","Yes"],"Values":["No","Yes - latent","Yes"]},{"CIMType":"boolean","Description":"Enables this managed property to be returned for queries executed by anonymous users. Enable this setting for managed properties that do not contain sensitive information and are appropriate for anonymous users to view.","Name":"Safe","Option":"Write"},{"CIMType":"string[]","Description":"Define an alias for a managed property if you want to use the alias instead of the managed property name in queries and in search results. Use the original managed property and not the alias to map to a crawled property. Use an alias if you don't want to or don't have permission to create a new managed property.","Name":"Aliases","Option":"Write"},{"CIMType":"boolean","Description":"Enable to return results independent of letter casing and diacritics(for example accented characters) used in the query.","Name":"TokenNormalization","Option":"Write"},{"CIMType":"boolean","Description":"By default, search returns partial matches between queries against this managed property and its content. Select Complete Matching for search to return exact matches instead. If a managed property 'Title' contains 'Contoso Sites', only the query Title: 'Contoso Sites' will give a result.","Name":"CompleteMatching","Option":"Write"},{"CIMType":"boolean","Description":"By default, search depends on language when it breaks queries and content into parts (tokenization). Select language neutral tokenization if you have multilingual content and this managed property contains tags that are based on metadata term sets or other identifiers.","Name":"LanguageNeutralTokenization","Option":"Write"},{"CIMType":"boolean","Description":"By default, search tokenizes queries coarser than content. If a managed property 'ID' contains the string '1-23-456#7', and you query ID:'1-23', you might not get a partial match because search didn't break the query into small enough parts. Consider selecting finer query tokenization if the content of this managed property contains separators such as dots and dashes. Finer query tokenization makes queries against this managed property slower.","Name":"FinerQueryTokenization","Option":"Write"},{"CIMType":"string[]","Description":"Names of the crawled properties that are mapped to this managed property","Name":"MappedCrawledProperties","Option":"Write"},{"CIMType":"boolean","Description":"Enables the system to extract company name entities from the managed property when crawling new or updated items. Afterwards, the extracted entities can be used to set up refiners in the web part.","Name":"CompanyNameExtraction","Option":"Write"},{"CIMType":"string","Description":"Present ensures the Search Managed Property exists.","Name":"Ensure","Option":"Write","ValueMap":["Present"],"Values":["Present"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the account to authenticate with.","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory application to authenticate with.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Name of the Azure Active Directory tenant used for authentication. Format contoso.onmicrosoft.com","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for certificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource allows users to create and monitor SharePoint Online Search\nManaged Properties."},{"ClassName":"MSFT_SPOSearchResultSource","Parameters":[{"CIMType":"string","Description":"The Name of the Result Source.","Name":"Name","Option":"Key"},{"CIMType":"string","Description":"Description of the Result Source.","Name":"Description","Option":"Write"},{"CIMType":"string","Description":"The protocol of the Result Source.","Name":"Protocol","Option":"Required","ValueMap":["Local","Remote","OpenSearch","Exchange"],"Values":["Local","Remote","OpenSearch","Exchange"]},{"CIMType":"string","Description":"Address of the root site collection of the remote SharePoint farm or Exchange server.","Name":"SourceURL","Option":"Write"},{"CIMType":"string","Description":"Select SharePoint Search Results to search over the entire index. Select People Search Results to enable query processing specific to People Search, such as phonetic name matching or nickname matching. Only people profiles will be returned from a People Search source.","Name":"Type","Option":"Write","ValueMap":["SharePoint","People"],"Values":["SharePoint","People"]},{"CIMType":"string","Description":"Change incoming queries to use this new query text instead. Include the incoming query in the new text by using the query variable '{searchTerms}'.","Name":"QueryTransform","Option":"Write"},{"CIMType":"boolean","Description":"Show partial search or not","Name":"ShowPartialSearch","Option":"Write"},{"CIMType":"boolean","Description":"Specifies if AutoDiscover should be used for the Exchange Source URL","Name":"UseAutoDiscover","Option":"Write"},{"CIMType":"string","Description":"Present ensures the Search Result Source exists.","Name":"Ensure","Option":"Write","ValueMap":["Present"],"Values":["Present"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the account to authenticate with.","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory application to authenticate with.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Name of the Azure Active Directory tenant used for authentication. Format contoso.onmicrosoft.com","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for certificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource allows users to create and monitor SharePoint Online Search\nResult Sources."},{"ClassName":"MSFT_SPOSharingSettings","Parameters":[{"CIMType":"String","Description":"Specifies the resource is a single instance, the value must be 'Yes'","Name":"IsSingleInstance","Option":"Key","ValueMap":["Yes"],"Values":["Yes"]},{"CIMType":"string","Description":"Configures sharing capability for SharePoint","Name":"SharingCapability","Option":"Write","ValueMap":["ExistingExternalUserSharingOnly","ExternalUserAndGuestSharing","Disabled","ExternalUserSharingOnly"],"Values":["ExistingExternalUserSharingOnly","ExternalUserAndGuestSharing","Disabled","ExternalUserSharingOnly"]},{"CIMType":"string","Description":"Configures sharing capability for mysite (onedrive)","Name":"MySiteSharingCapability","Option":"Write","ValueMap":["ExistingExternalUserSharingOnly","ExternalUserAndGuestSharing","Disabled","ExternalUserSharingOnly"],"Values":["ExistingExternalUserSharingOnly","ExternalUserAndGuestSharing","Disabled","ExternalUserSharingOnly"]},{"CIMType":"boolean","Description":"Enables the administrator to hide the Everyone claim in the People Picker.","Name":"ShowEveryoneClaim","Option":"Write"},{"CIMType":"boolean","Description":"Enables the administrator to hide the All Users claim groups in People Picker.","Name":"ShowAllUsersClaim","Option":"Write"},{"CIMType":"boolean","Description":"Enables the administrator to hide the Everyone except external users claim in the People Picker.","Name":"ShowEveryoneExceptExternalUsersClaim","Option":"Write"},{"CIMType":"boolean","Description":"Creates a Shared with Everyone folder in every user's new OneDrive for Business document library.","Name":"ProvisionSharedWithEveryoneFolder","Option":"Write"},{"CIMType":"boolean","Description":"Accelerates guest-enabled site collections as well as member-only site collections when the SignInAccelerationDomain parameter is set.","Name":"EnableGuestSignInAcceleration","Option":"Write"},{"CIMType":"boolean","Description":"When the feature is enabled, all external sharing invitations that are sent will blind copy the e-mail messages listed in the BccExternalSharingsInvitationList.","Name":"BccExternalSharingInvitations","Option":"Write"},{"CIMType":"string","Description":"Specifies a list of e-mail addresses to be BCC'd when the BCC for External Sharing feature is enabled.Multiple addresses can be specified by creating a comma separated list with no spaces.","Name":"BccExternalSharingInvitationsList","Option":"Write"},{"CIMType":"uint32","Description":"Specifies all anonymous links that have been created (or will be created) will expire after the set number of days.","Name":"RequireAnonymousLinksExpireInDays","Option":"Write"},{"CIMType":"string[]","Description":"Specifies a list of email domains that is allowed for sharing with the external collaborators. Entry values as an array of domains.","Name":"SharingAllowedDomainList","Option":"Write"},{"CIMType":"string[]","Description":"Specifies a list of email domains that is blocked or prohibited for sharing with the external collaborators. Entry values as an array of domains.","Name":"SharingBlockedDomainList","Option":"Write"},{"CIMType":"string","Description":"Specifies the external sharing mode for domains.","Name":"SharingDomainRestrictionMode","Option":"Write","ValueMap":["None","AllowList","BlockList"],"Values":["None","AllowList","BlockList"]},{"CIMType":"string","Description":"Lets administrators choose what type of link appears is selected in the 'Get a link' sharing dialog box in OneDrive for Business and SharePoint Online","Name":"DefaultSharingLinkType","Option":"Write","ValueMap":["None","Direct","Internal","AnonymousAccess"],"Values":["None","Direct","Internal","AnonymousAccess"]},{"CIMType":"boolean","Description":"Allow or deny external users re-sharing","Name":"PreventExternalUsersFromResharing","Option":"Write"},{"CIMType":"boolean","Description":"Enables the administrator to hide the guest users claim in the People Picker.","Name":"ShowPeoplePickerSuggestionsForGuestUsers","Option":"Write"},{"CIMType":"string","Description":"Configures anonymous link types for files","Name":"FileAnonymousLinkType","Option":"Write","ValueMap":["View","Edit"],"Values":["View","Edit"]},{"CIMType":"string","Description":"Configures anonymous link types for folders","Name":"FolderAnonymousLinkType","Option":"Write","ValueMap":["View","Edit"],"Values":["View","Edit"]},{"CIMType":"boolean","Description":"When this parameter is set to $true and another user re-shares a document from a user’s OneDrive for Business, the OneDrive for Business owner is notified by e-mail.","Name":"NotifyOwnersWhenItemsReshared","Option":"Write"},{"CIMType":"string","Description":"Specifies the link permission on the tenant level. Valid values to set are View and Edit. A value of None will be set to Edit as its the default value.","Name":"DefaultLinkPermission","Option":"Write","ValueMap":["None","View","Edit"],"Values":["None","View","Edit"]},{"CIMType":"String","Description":"Only accepted value is 'Present'.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the account to authenticate with.","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory application to authenticate with.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Name of the Azure Active Directory tenant used for authentication. Format contoso.onmicrosoft.com","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for certificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"boolean","Description":"Enable Guest access to a site or Onedrive to expire after","Name":"ExternalUserExpirationRequired","Option":"Write"},{"CIMType":"uint32","Description":"Specifies Number of days for Guest Access links to expire.","Name":"ExternalUserExpireInDays","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource allows users to configure and monitor the sharing settings for\nyour SPO tenant sharing settings"},{"ClassName":"MSFT_SPOSite","Parameters":[{"CIMType":"string","Description":"The URL of the site collection.","Name":"Url","Option":"Key"},{"CIMType":"string","Description":"The title of the site collection.","Name":"Title","Option":"Required"},{"CIMType":"string","Description":"Specifies the owner of the site.","Name":"Owner","Option":"Required"},{"CIMType":"uint32","Description":"TimeZone ID of the site collection.","Name":"TimeZoneId","Option":"Required"},{"CIMType":"string","Description":"Specifies with template of site to create.","Name":"Template","Option":"Write"},{"CIMType":"string","Description":"The URL of the Hub site the site collection needs to get connected to.","Name":"HubUrl","Option":"Write"},{"CIMType":"boolean","Description":"Disables Microsoft Flow for this site.","Name":"DisableFlows","Option":"Write"},{"CIMType":"string","Description":"Specifies what the sharing capabilities are for the site. Possible values: Disabled, ExternalUserSharingOnly, ExternalUserAndGuestSharing, ExistingExternalUserSharingOnly.","Name":"SharingCapability","Option":"Write","ValueMap":["Disabled","ExistingExternalUserSharingOnly","ExternalUserSharingOnly","ExternalUserAndGuestSharing"],"Values":["Disabled","ExistingExternalUserSharingOnly","ExternalUserSharingOnly","ExternalUserAndGuestSharing"]},{"CIMType":"uint32","Description":"Specifies the storage quota for this site collection in megabytes. This value must not exceed the company's available quota.","Name":"StorageMaximumLevel","Option":"Write"},{"CIMType":"uint32","Description":"Specifies the warning level for the storage quota in megabytes. This value must not exceed the values set for the StorageMaximumLevel parameter.","Name":"StorageWarningLevel","Option":"Write"},{"CIMType":"boolean","Description":"Specifies if the site administrator can upgrade the site collection.","Name":"AllowSelfServiceUpgrade","Option":"Write"},{"CIMType":"boolean","Description":"Specifies if comments on site pages are enabled or disabled.","Name":"CommentsOnSitePagesDisabled","Option":"Write"},{"CIMType":"string","Description":"Specifies the default link permission for the site collection. None - Respect the organization default link permission. View - Sets the default link permission for the site to 'view' permissions. Edit - Sets the default link permission for the site to 'edit' permissions.","Name":"DefaultLinkPermission","Option":"Write","ValueMap":["None","View","Edit"],"Values":["None","View","Edit"]},{"CIMType":"string","Description":"Specifies the default link type for the site collection. None - Respect the organization default sharing link type. AnonymousAccess - Sets the default sharing link for this site to an Anonymous Access or Anyone link. Internal - Sets the default sharing link for this site to the 'organization' link or company shareable link. Direct - Sets the default sharing link for this site to the 'Specific people' link.","Name":"DefaultSharingLinkType","Option":"Write","ValueMap":["None","AnonymousAccess","Internal","Direct"],"Values":["None","AnonymousAccess","Internal","Direct"]},{"CIMType":"string","Description":"Disables App Views.","Name":"DisableAppViews","Option":"Write","ValueMap":["Unknown","Disabled","NotDisabled"],"Values":["Unknown","Disabled","NotDisabled"]},{"CIMType":"string","Description":"Disables Company wide sharing links.","Name":"DisableCompanyWideSharingLinks","Option":"Write","ValueMap":["Unknown","Disabled","NotDisabled"],"Values":["Unknown","Disabled","NotDisabled"]},{"CIMType":"uint32","Description":"Specifies the language of the new site collection. Defaults to the current language of the web connected to.","Name":"LocaleId","Option":"Write"},{"CIMType":"boolean","Description":"Determines whether the Add And Customize Pages right is denied on the site collection. For more information about permission levels, see User permissions and permission levels in SharePoint.","Name":"DenyAddAndCustomizePages","Option":"Write"},{"CIMType":"string","Description":"Defines geo-restriction settings for this site","Name":"RestrictedToRegion","Option":"Write","ValueMap":["NoRestriction","BlockMoveOnly","BlockFull","Unknown"],"Values":["NoRestriction","BlockMoveOnly","BlockFull","Unknown"]},{"CIMType":"string","Description":"Specifies a list of email domains that is allowed for sharing with the external collaborators. Use the space character as the delimiter.","Name":"SharingAllowedDomainList","Option":"Write"},{"CIMType":"string","Description":"Specifies a list of email domains that is blocked for sharing with the external collaborators.","Name":"SharingBlockedDomainList","Option":"Write"},{"CIMType":"string","Description":"Specifies the external sharing mode for domains.","Name":"SharingDomainRestrictionMode","Option":"Write","ValueMap":["None","AllowList","BlockList"],"Values":["None","AllowList","BlockList"]},{"CIMType":"boolean","Description":"To enable the option to search for existing guest users at Site Collection Level, set this parameter to $true.","Name":"ShowPeoplePickerSuggestionsForGuestUsers","Option":"Write"},{"CIMType":"uint32","Description":"Specifies that all anonymous/anyone links that have been created (or will be created) will expire after the set number of days. Only applies if OverrideTenantAnonymousLinkExpirationPolicy is set to true. To remove the expiration requirement, set the value to zero (0)","Name":"AnonymousLinkExpirationInDays","Option":"Write"},{"CIMType":"boolean","Description":"Disables or enables the Social Bar for Site Collection.","Name":"SocialBarOnSitePagesDisabled","Option":"Write"},{"CIMType":"boolean","Description":"False - Respect the organization-level policy for anonymous or anyone link expiration. True - Override the organization-level policy for anonymous or anyone link expiration (can be more or less restrictive)","Name":"OverrideTenantAnonymousLinkExpirationPolicy","Option":"Write"},{"CIMType":"string","Description":"Present ensures the site collection exists, absent ensures it is removed","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the account to authenticate with.","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory application to authenticate with.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Name of the Azure Active Directory tenant used for authentication. Format contoso.onmicrosoft.com","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for certificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource allows users to create and monitor SharePoint Online Site Collections."},{"ClassName":"MSFT_SPOSiteAuditSettings","Parameters":[{"CIMType":"String","Description":"URL of the site collection to configure.","Name":"Url","Option":"Key"},{"CIMType":"String","Description":"Audit flag for the site collection. Can be 'All' or 'None'.","Name":"AuditFlags","Option":"Required","ValueMap":["All","None"],"Values":["All","None"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the account to authenticate with.","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory application to authenticate with.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Name of the Azure Active Directory tenant used for authentication. Format contoso.onmicrosoft.com","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for certificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Set Audit settings for a site."},{"ClassName":"MSFT_SPOSiteDesign","Parameters":[{"CIMType":"string","Description":"The title of the site design.","Name":"Title","Option":"Key"},{"CIMType":"string[]","Description":"The names of the site design scripts.","Name":"SiteScriptNames","Option":"Write"},{"CIMType":"string","Description":"Web template to which the site design is applied to when invoked.","Name":"WebTemplate","Option":"Write","ValueMap":["CommunicationSite","TeamSite","GrouplessTeamSite"],"Values":["CommunicationSite","TeamSite","GrouplessTeamSite"]},{"CIMType":"string","Description":"Description of site design.","Name":"Description","Option":"Write"},{"CIMType":"Boolean","Description":"Is site design applied by default to web templates.","Name":"IsDefault","Option":"Write"},{"CIMType":"string","Description":"Site design alternate preview image text.","Name":"PreviewImageAltText","Option":"Write"},{"CIMType":"string","Description":"Site design preview image url.","Name":"PreviewImageUrl","Option":"Write"},{"CIMType":"uint32","Description":"Site design version number.","Name":"Version","Option":"Write"},{"CIMType":"String","Description":"Used to add or remove site design.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Office365 Tenant Admin.","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory application to authenticate with.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Name of the Azure Active Directory tenant used for authentication. Format contoso.onmicrosoft.com","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for certificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures Site Designs."},{"ClassName":"MSFT_SPOSiteDesignRights","Parameters":[{"CIMType":"string","Description":"The title of the site design","Name":"SiteDesignTitle","Option":"Key"},{"CIMType":"string","Description":"Rights to grant user principals on site design rights.","Name":"Rights","Option":"Key","ValueMap":["View","None"],"Values":["View","None"]},{"CIMType":"string[]","Description":"List of user principals with separated by commas to site design rights.","Name":"UserPrincipals","Option":"Write"},{"CIMType":"String","Description":"Used to add or remove list of users from site design rights.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Office365 Tenant Admin.","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory application to authenticate with.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Name of the Azure Active Directory tenant used for authentication. Format contoso.onmicrosoft.com","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for certificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures rights on Site Designs."},{"ClassName":"MSFT_SPOSiteGroup","Parameters":[{"CIMType":"string","Description":"The name of the site group","Name":"Identity","Option":"Key"},{"CIMType":"string","Description":"The URL of the site.","Name":"Url","Option":"Key"},{"CIMType":"string","Description":"The owner (email address) of the site group","Name":"Owner","Option":"Write"},{"CIMType":"string[]","Description":"The permission level of the site group","Name":"PermissionLevels","Option":"Write"},{"CIMType":"String","Description":"Used to add or remove site design.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Office365 Tenant Admin.","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory application to authenticate with.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Name of the Azure Active Directory tenant used for authentication. Format contoso.onmicrosoft.com","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for certificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Configure groups for a SharePoint Online site."},{"ClassName":"MSFT_SPOSiteScript","Parameters":[{"CIMType":"string","Description":"The title of the site script.","Name":"Title","Option":"Key"},{"CIMType":"string","Description":"ID of the site Script","Name":"Identity","Option":"Write"},{"CIMType":"string","Description":"The description of the site script.","Name":"Description","Option":"Write"},{"CIMType":"string","Description":"A JSON string containing the site script.","Name":"Content","Option":"Write"},{"CIMType":"string","Description":"Present ensures the site script exists, absent ensures it is removed","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the account to authenticate with.","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory application to authenticate with.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Name of the Azure Active Directory tenant used for authentication. Format contoso.onmicrosoft.com","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for certificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource allows users to manage JSON files that specify an ordered list of actions to run when creating the new sites."},{"ClassName":"MSFT_SPOStorageEntity","Parameters":[{"CIMType":"string","Description":"The key of the storage entity.","Name":"Key","Option":"Key"},{"CIMType":"string","Description":"Scope of the storage entity.","Name":"EntityScope","Option":"Write","ValueMap":["Tenant","Site"],"Values":["Tenant","Site"]},{"CIMType":"string","Description":"Value of the storage entity.","Name":"Value","Option":"Write"},{"CIMType":"string","Description":"Description of storage entity.","Name":"Description","Option":"Write"},{"CIMType":"string","Description":"Comment for the storage entity.","Name":"Comment","Option":"Write"},{"CIMType":"string","Description":"Used to add or remove storage entity.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"string","Description":"The url of site collection or tenant.","Name":"SiteUrl","Option":"Required"},{"CIMType":"MSFT_Credential","Description":"Credentials of the Office365 Tenant Admin.","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory application to authenticate with.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Name of the Azure Active Directory tenant used for authentication. Format contoso.onmicrosoft.com","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for certificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures Storage Entity for SharePoint Online."},{"ClassName":"MSFT_SPOTenantCdnEnabled","Parameters":[{"CIMType":"String","Description":"Specifies the CDN type. The valid values are public or private.","Name":"CdnType","Option":"Key","ValueMap":["Public","Private"],"Values":["Public","Private"]},{"CIMType":"Boolean","Description":"Specify to enable or disable tenant CDN.","Name":"Enable","Option":"Write"},{"CIMType":"String","Description":"Get-PNPTenantCdnEnabled always returns a value, only support value is Present","Name":"Ensure","Option":"Write","ValueMap":["Present"],"Values":["Present"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the SharePoint Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory application to authenticate with.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Name of the Azure Active Directory tenant used for authentication. Format contoso.onmicrosoft.com","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for certificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource enables / disables SharePoint online CDN\n\n* Not supported in GCC High"},{"ClassName":"MSFT_SPOTenantCDNPolicy","Parameters":[{"CIMType":"string","Description":"Type of Content Delivery Network. Can be 'Private' or 'Public'.","Name":"CDNType","Option":"Key","ValueMap":["Private","Public"],"Values":["Private","Public"]},{"CIMType":"string[]","Description":"List of site classifications to exclude.","Name":"ExcludeRestrictedSiteClassifications","Option":"Write"},{"CIMType":"string[]","Description":"List of file extensions to include in the Policy.","Name":"IncludeFileExtensions","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Credentials of the Office365 Tenant Admin.","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory application to authenticate with.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Name of the Azure Active Directory tenant used for authentication. Format contoso.onmicrosoft.com","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for certificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures Content Delivery Network policies\nfor SharePoint Online.\n\n* Not supported in GCC High"},{"ClassName":"MSFT_SPOTenantSettings","Parameters":[{"CIMType":"String","Description":"Specifies the resource is a single instance, the value must be 'Yes'","Name":"IsSingleInstance","Option":"Key","ValueMap":["Yes"],"Values":["Yes"]},{"CIMType":"boolean","Description":"Enables OneDrive and SharePoint integration with Microsoft Entra B2B.","Name":"EnableAzureADB2BIntegration","Option":"Write"},{"CIMType":"string","Description":"DEPRECATED - Determines what level of sharing is available for OneDrive sites. It corresponds to the SharingCapabilities for OneDrive sites.","Name":"OneDriveSharingCapability","Option":"Write","ValueMap":["ExternalUserAndGuestSharing","Disabled","ExternalUserSharingOnly","ExistingExternalUserSharingOnly"],"Values":["ExternalUserAndGuestSharing","Disabled","ExternalUserSharingOnly","ExistingExternalUserSharingOnly"]},{"CIMType":"uint32","Description":"Specifies the lower bound on the compatibility level for new sites.","Name":"MinCompatibilityLevel","Option":"Write"},{"CIMType":"uint32","Description":"Specifies the upper bound on the compatibility level for new sites.","Name":"MaxCompatibilityLevel","Option":"Write"},{"CIMType":"boolean","Description":"Removes the search capability from People Picker. Note, recently resolved names will still appear in the list until browser cache is cleared or expired.","Name":"SearchResolveExactEmailOrUPN","Option":"Write"},{"CIMType":"boolean","Description":"When set to true this will disable the ability to use Modern Authentication that leverages ADAL across the tenant.","Name":"OfficeClientADALDisabled","Option":"Write"},{"CIMType":"boolean","Description":"Setting this parameter prevents Office clients using non-modern authentication protocols from accessing SharePoint Online resources.","Name":"LegacyAuthProtocolsEnabled","Option":"Write"},{"CIMType":"String","Description":"Specifies the home realm discovery value to be sent to Azure Active Directory (AAD) during the user sign-in process.","Name":"SignInAccelerationDomain","Option":"Write"},{"CIMType":"boolean","Description":"Lets SharePoint issue a special cookie that will allow this feature to work even when Keep Me Signed In is not selected.","Name":"UsePersistentCookiesForExplorerView","Option":"Write"},{"CIMType":"boolean","Description":"Configure PublicCDN","Name":"PublicCdnEnabled","Option":"Write"},{"CIMType":"String","Description":"Configure filetypes allowed for PublicCDN","Name":"PublicCdnAllowedFileTypes","Option":"Write"},{"CIMType":"boolean","Description":"When set to $true, users aren't able to share with security groups or SharePoint groups.","Name":"UseFindPeopleInPeoplePicker","Option":"Write"},{"CIMType":"boolean","Description":"When set to $true, users aren't able to share with security groups or SharePoint groups.","Name":"NotificationsInSharePointEnabled","Option":"Write"},{"CIMType":"boolean","Description":"Specifies whether an email notification should be sent to the OneDrive for Business owners when an anonymous links are created or changed.","Name":"OwnerAnonymousNotification","Option":"Write"},{"CIMType":"boolean","Description":"When the feature is enabled, all guest users are subject to conditional access policy. By default guest users who are accessing SharePoint Online files with pass code are exempt from the conditional access policy.","Name":"ApplyAppEnforcedRestrictionsToAdHocRecipients","Option":"Write"},{"CIMType":"boolean","Description":"Sets whether webparts that support inserting images, like for example Image or Hero webpart, the Web search (Powered by Bing) should allow choosing external images.","Name":"FilePickerExternalImageSearchEnabled","Option":"Write"},{"CIMType":"boolean","Description":"Defines if the default themes are visible or hidden","Name":"HideDefaultThemes","Option":"Write"},{"CIMType":"boolean","Description":"To enable or disable Sync button on Team sites","Name":"HideSyncButtonOnTeamSite","Option":"Write"},{"CIMType":"string","Description":"Allow or block external sharing until at least one Office DLP policy scans the content of the file.","Name":"MarkNewFilesSensitiveByDefault","Option":"Write","ValueMap":["AllowExternalSharing","BlockExternalSharing"],"Values":["AllowExternalSharing","BlockExternalSharing"]},{"CIMType":"string[]","Description":"Provide GUID for the Web Parts that are to be disabled on the Sharepoint Site","Name":"DisabledWebPartIds","Option":"Write"},{"CIMType":"boolean","Description":"Disables or enables the Social Bar. It will give users the ability to like a page, see the number of views, likes, and comments on a page, and see the people who have liked a page.","Name":"SocialBarOnSitePagesDisabled","Option":"Write"},{"CIMType":"boolean","Description":"Set to false to enable a comment section on all site pages, users who have access to the pages can leave comments. Set to true to disable this feature.","Name":"CommentsOnSitePagesDisabled","Option":"Write"},{"CIMType":"boolean","Description":"Boolean indicating if Azure Information Protection (AIP) should be enabled on the tenant.","Name":"EnableAIPIntegration","Option":"Write"},{"CIMType":"Boolean","Description":"Determines whether or not we need to include external participants in shared channels for SharePoint access restriction.","Name":"ExemptNativeUsersFromTenantLevelRestricedAccessControl","Option":"Write"},{"CIMType":"String[]","Description":"List of security groups to include in OneDrive access restrictions","Name":"AllowSelectSGsInODBListInTenant","Option":"Write"},{"CIMType":"String[]","Description":"List of security groups to exclude in OneDrive access restrictions","Name":"DenySelectSGsInODBListInTenant","Option":"Write"},{"CIMType":"String[]","Description":"List of security groups to exclude in SharePoint access restrictions","Name":"DenySelectSecurityGroupsInSPSitesList","Option":"Write"},{"CIMType":"String[]","Description":"List of security groups to include in SharePoint access restrictions.","Name":"AllowSelectSecurityGroupsInSPSitesList","Option":"Write"},{"CIMType":"String","Description":"The default timezone of a tenant for newly created sites.","Name":"TenantDefaultTimezone","Option":"Write"},{"CIMType":"Boolean","Description":"Gets or sets a value to specify if user checks handle mobile friendly url.","Name":"MobileFriendlyUrlEnabledInTenant","Option":"Write"},{"CIMType":"Boolean","Description":"Gets or sets a value to specify the advanced setting of the conditional access policy.","Name":"AllowDownloadingNonWebViewableFiles","Option":"Write"},{"CIMType":"Boolean","Description":"Prevents users from editing Office files in the browser and copying and pasting Office file contents out of the browser window.","Name":"AllowEditing","Option":"Write"},{"CIMType":"Boolean","Description":"Set whether to hide the sync button on OneDrive for Business sites.","Name":"HideSyncButtonOnODB","Option":"Write"},{"CIMType":"Boolean","Description":"Configure if ACS-based app-only authentication should be disabled or not.","Name":"DisableCustomAppAuthentication","Option":"Write"},{"CIMType":"String[]","Description":"Guids of out of the box modern list templates to hide when creating a new list.","Name":"DisabledModernListTemplateIds","Option":"Write"},{"CIMType":"Boolean","Description":"Allows configuring whether personal lists created within the OneDrive for Business site of the user is enabled or disabled in the tenant. If set to $false, personal lists will be allowed to be created in the tenant. If set to $true, it will be disabled in the tenant.","Name":"DisablePersonalListCreation","Option":"Write"},{"CIMType":"Boolean","Description":"Allows configuring whether display name of people who view the file are visible in the property pane of the site in SharePoint site collection.","Name":"DisplayNamesOfFileViewersInSpo","Option":"Write"},{"CIMType":"Boolean","Description":"Allows configuration on whether Fluid components are enabled or disabled in the tenant. If set to $true, then this feature will be enabled on all sites in the tenant. If set to $false, it will be disabled on all sites in the tenant.","Name":"IsFluidEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"Allows configuring whether loop components are enabled or disabled in the tenant. If set to $true, loop components will be allowed to be created in the tenant. If set to $false, it will be disabled in the tenant.","Name":"IsLoopEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether the newsfeed is allowed on the modern site pages in SharePoint.","Name":"IsSharePointNewsfeedEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether users are allowed to create sites.","Name":"IsSiteCreationEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether the UI commands for creating sites are shown.","Name":"IsSiteCreationUiEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether creating new modern pages is allowed on SharePoint sites.","Name":"IsSitePagesCreationEnabled","Option":"Write"},{"CIMType":"String","Description":"Specifies the URL of the redirected site for those site collections which have the locked state 'NoAccess'. The valid values are: '' (default) - Blank by default, this will also remove or clear any value that has been set. Full URL - Example: https://contoso.sharepoint.com/Pages/Locked.aspx","Name":"NoAccessRedirectUrl","Option":"Write"},{"CIMType":"Boolean","Description":"Ensures that an external user can only accept an external sharing invitation with an account matching the invited email address. Note, this only applies to new external users accepting new sharing invitations. Also, the resource owner must share with an organizational or Microsoft account or the external user will be unable to access the resource. ","Name":"RequireAcceptingAccountMatchInvitedAccount","Option":"Write"},{"CIMType":"String","Description":"Permits the use of special characters in file and folder names in SharePoint Online and OneDrive for Business document libraries. The only two characters that can be managed at this time are the # and % characters.","Name":"SpecialCharactersStateInFileFolderNames","Option":"Write","ValueMap":["NoPreference","Allowed","Disallowed"],"Values":["NoPreference","Allowed","Disallowed"]},{"CIMType":"String","Description":"Only accepted value is 'Present'.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the account to authenticate with.","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory application to authenticate with.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Name of the Azure Active Directory tenant used for authentication. Format contoso.onmicrosoft.com","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for certificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource allows users to configure and monitor the tenant settings for\ntheir SPO tenant settings."},{"ClassName":"MSFT_SPOThemePaletteProperty","Parameters":[{"CIMType":"String","Description":"Name of the property.","Name":"Property","Option":"Key"},{"CIMType":"String","Description":"Color value in Hexadecimal.","Name":"Value","Option":"Write"}],"Description":"This resource allows users to configure and monitor the themes for\ntheir SPO tenant.\n\nTo configure your SPO themes using this configuration resource requires you to\nprovide a color palette which at the end defines the colors of your theme.\n\nYou can use the SPO Theme builder under:\n\n[https://aka.ms/spthemebuilder](https://aka.ms/spthemebuilder)\n\nto create and preview your color palette.\n\nOnce you are satisfied with the color of your theme you can copy\nthe JSON Output and put it directly into your configuration.\n\nMore details on the theme schema can be found\n[here](https://aka.ms/AboutSPOThemes)"},{"ClassName":"MSFT_SPOTheme","Parameters":[{"CIMType":"String","Description":"The name of the theme, which appears in the theme picker UI and is also used by administrators and developers to refer to the theme in PowerShell cmdlets or calls to the SharePoint REST API.","Name":"Name","Option":"Key"},{"CIMType":"boolean","Description":"This value should be false for light themes and true for dark themes; it controls whether SharePoint uses dark or light theme colors to render text on colored backgrounds.","Name":"IsInverted","Option":"Write"},{"CIMType":"MSFT_SPOThemePaletteProperty[]","Description":"Specifies the color scheme which composes your theme.","Name":"Palette","Option":"Write"},{"CIMType":"String","Description":"Only accepted value is 'Present'.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the account to authenticate with.","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory application to authenticate with.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Name of the Azure Active Directory tenant used for authentication. Format contoso.onmicrosoft.com","Name":"TenantId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Username can be made up to anything but password will be used for certificatePassword","Name":"CertificatePassword","Option":"Write"},{"CIMType":"String","Description":"Path to certificate used in service principal usually a PFX file.","Name":"CertificatePath","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource allows users to configure and monitor the themes for\ntheir SPO tenant.\n\nTo configure your SPO themes using this configuration resource requires you to\nprovide a color palette which at the end defines the colors of your theme.\n\nYou can use the SPO Theme builder under:\n\n[https://aka.ms/spthemebuilder](https://aka.ms/spthemebuilder)\n\nto create and preview your color palette.\n\nOnce you are satisfied with the color of your theme you can copy\nthe JSON Output and put it directly into your configuration.\n\nMore details on the theme schema can be found\n[here](https://aka.ms/AboutSPOThemes)"},{"ClassName":"MSFT_SPOUserProfilePropertyInstance","Parameters":[{"CIMType":"String","Description":"Name of the User Profile Property.","Name":"Key","Option":"Key"},{"CIMType":"String","Description":"Value of the User Profile Property.","Name":"Value","Option":"Write"}],"Description":"This resource allows users to configure and monitor the profile\nproperties of a user."},{"ClassName":"MSFT_SPOUserProfileProperty","Parameters":[{"CIMType":"String","Description":"Username of the user to configure the profile properties for. E.g. John.Smith@contoso.com","Name":"UserName","Option":"Key"},{"CIMType":"MSFT_SPOUserProfilePropertyInstance[]","Description":"Array of MSFT_SPOUserProfilePropertyInstance representing the profile properties to set.","Name":"Properties","Option":"Write"},{"CIMType":"String","Description":"Only accepted value is 'Present'.","Name":"Ensure","Option":"Write","ValueMap":["Present"],"Values":["Present"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Global Admin.","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Secret of the Azure Active Directory application to authenticate with.","Name":"ApplicationSecret","Option":"Write"},{"CIMType":"String","Description":"Name of the Azure Active Directory tenant used for authentication. Format contoso.onmicrosoft.com","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource allows users to configure and monitor the profile\nproperties of a user."},{"ClassName":"MSFT_TeamsAIPolicy","Parameters":[{"CIMType":"String","Description":"Unique identity of the AI Policy.","Name":"Identity","Option":"Key"},{"CIMType":"String","Description":"Provides explanatory text about the Teams AI policy.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"EnrollFace controls user access to user face enrollment in the Teams app settings.","Name":"EnrollFace","Option":"Write","ValueMap":["Enabled","Disabled"],"Values":["Enabled","Disabled"]},{"CIMType":"String","Description":"EnrollVoice controls user access to user voice enrollment in the Teams app settings.","Name":"EnrollVoice","Option":"Write","ValueMap":["Enabled","Disabled"],"Values":["Enabled","Disabled"]},{"CIMType":"String","Description":"Setting to Enabled turns on speaker attribution in BYOD scenarios while Disabled will turn off the function.","Name":"SpeakerAttributionForBYOD","Option":"Write","ValueMap":["Enabled","Disabled"],"Values":["Enabled","Disabled"]},{"CIMType":"string","Description":"Present ensures the instance exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource implements Teams AI Policies."},{"ClassName":"MSFT_TeamsApplicationInstance","Parameters":[{"CIMType":"String","Description":"The display name of the resource instance.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"The user principal name associated with the resource instance.","Name":"UserPrincipalName","Option":"Key"},{"CIMType":"String","Description":"The type of resource account. Values can be: AutoAttendant or CallQueue.","Name":"ResourceAccountType","Option":"Write","ValueMap":["AutoAttendant","CallQueue"],"Values":["AutoAttendant","CallQueue"]},{"CIMType":"string","Description":"Present ensures the instance exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Absent","Present"],"Values":["Absent","Present"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Manages Teams Resource Accounts."},{"ClassName":"MSFT_TeamsAppPermissionPolicy","Parameters":[{"CIMType":"String","Description":"Unique identifier to be assigned to the new Teams app permission policy. Use the 'Global' Identity if you wish to assign this policy to the entire tenant.","Name":"Identity","Option":"Key"},{"CIMType":"String","Description":"Enables administrators to provide explanatory text to accompany a Teams app permission policy.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"The types of apps for the Global Catalog.","Name":"GlobalCatalogAppsType","Option":"Write"},{"CIMType":"String","Description":"The types of apps for the Private Catalog.","Name":"PrivateCatalogAppsType","Option":"Write"},{"CIMType":"String","Description":"The types of apps for the Default Catalog.","Name":"DefaultCatalogAppsType","Option":"Write"},{"CIMType":"String[]","Description":"The list of apps for the Global Catalog.","Name":"GlobalCatalogApps","Option":"Write"},{"CIMType":"String[]","Description":"The list of apps for the Private Catalog.","Name":"PrivateCatalogApps","Option":"Write"},{"CIMType":"String[]","Description":"The list of apps for the Default Catalog.","Name":"DefaultCatalogApps","Option":"Write"},{"CIMType":"string","Description":"Present ensures the instance exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Manages the Teams App Permission Policies."},{"ClassName":"MSFT_TeamsAppSetupPolicy","Parameters":[{"CIMType":"String","Description":"Unique identifier to be assigned to the new Teams app setup policy. Use the 'Global' Identity if you wish to assign this policy to the entire tenant.","Name":"Identity","Option":"Key"},{"CIMType":"String","Description":"Enables administrators to provide explanatory text to accompany a Teams app setup policy.","Name":"Description","Option":"Write"},{"CIMType":"String[]","Description":"Choose which apps and messaging extensions you want to be installed in your users' personal Teams environment and in meetings they create. Users can install other available apps from the Teams app store.","Name":"AppPresetList","Option":"Write"},{"CIMType":"String[]","Description":"Choose which apps and meeting extensions you want to be installed in your users' personal Teams environment and in meetings they create. Users can install other available apps from the Teams app store.","Name":"AppPresetMeetingList","Option":"Write"},{"CIMType":"String[]","Description":"Pinning an app displays the app in the app bar in Teams client. Admins can pin apps and they can allow users to pin apps. Pinning is used to highlight apps that are needed the most by users and promote ease of access.","Name":"PinnedAppBarApps","Option":"Write"},{"CIMType":"String[]","Description":"Determines the list of apps that are pre pinned for a participant in Calls.","Name":"PinnedCallingBarApps","Option":"Write"},{"CIMType":"String[]","Description":"Apps are pinned in messaging extensions and into the ellipsis menu.","Name":"PinnedMessageBarApps","Option":"Write"},{"CIMType":"Boolean","Description":"If you turn this on, the user's existing app pins will be added to the list of pinned apps set in this policy. Users can rearrange, add, and remove pins as they choose. If you turn this off, the user's existing app pins will be removed and replaced with the apps defined in this policy.","Name":"AllowUserPinning","Option":"Write"},{"CIMType":"Boolean","Description":"This is also known as side loading. This setting determines if a user can upload a custom app package in the Teams app. Turning it on lets you create or develop a custom app to be used personally or across your organization without having to submit it to the Teams app store. Uploading a custom app also lets you test an app before you distribute it more widely by only assigning it to a single user or group of users.","Name":"AllowSideLoading","Option":"Write"},{"CIMType":"string","Description":"Present ensures the instance exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Manages Teams app setup policies in your tenant."},{"ClassName":"MSFT_TeamsAudioConferencingPolicy","Parameters":[{"CIMType":"String","Description":"Specify the name of the policy that you are creating","Name":"Identity","Option":"Key"},{"CIMType":"Boolean","Description":"Determines whether users of the Policy can have Toll free numbers","Name":"AllowTollFreeDialin","Option":"Write"},{"CIMType":"String","Description":"Determines the list of audio-conferencing Toll- and Toll-free telephone numbers that will be included in meetings invites created by users of this policy.","Name":"MeetingInvitePhoneNumbers","Option":"Write"},{"CIMType":"string","Description":"Present ensures the instance exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Configures a Teams Audio Conferencing Policy."},{"ClassName":"MSFT_TeamsCallHoldPolicy","Parameters":[{"CIMType":"String","Description":"Unique identifier to be assigned to the new Teams call hold policy. Use the 'Global' Identity if you wish to assign this policy to the entire tenant.","Name":"Identity","Option":"Key"},{"CIMType":"String","Description":"A string representing the ID referencing an audio file uploaded via the Import-CsOnlineAudioFile cmdlet.","Name":"AudioFileId","Option":"Write"},{"CIMType":"String","Description":"Enables administrators to provide explanatory text to accompany a Teams call hold policy.","Name":"Description","Option":"Write"},{"CIMType":"string","Description":"Present ensures the instance exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Creates a new Teams call hold policy in your tenant. The Teams call hold policy is used to customize the call hold experience for Teams clients."},{"ClassName":"MSFT_TeamsCallingPolicy","Parameters":[{"CIMType":"String","Description":"Identity of the Teams Calling Policy.","Name":"Identity","Option":"Key"},{"CIMType":"String","Description":"Description of the Teams Calling Policy.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Enables the user to use the AI Interpreter related features. Possible values are: Disabled, Enabled","Name":"AIInterpreter","Option":"Write","ValueMap":["Disabled","Enabled"],"Values":["Disabled","Enabled"]},{"CIMType":"UInt32","Description":"The maximum amount a user can spend on outgoing PSTN calls, including all calls made through Pay-as-you-go Calling Plans and any overages on plans with bundled minutes.","Name":"CallingSpendUserLimit","Option":"Write"},{"CIMType":"String","Description":"Setting this parameter lets you control how Copilot is used during calls and if transcription is needed to be turned on and saved after the call. Possible values: Enabled, EnabledWithTranscript, Disabled","Name":"Copilot","Option":"Write","ValueMap":["Enabled","EnabledWithTranscript","Disabled"],"Values":["Enabled","EnabledWithTranscript","Disabled"]},{"CIMType":"Boolean","Description":"This setting allows an admin to enable or disable spend limits on PSTN calls for their user base.","Name":"EnableSpendLimits","Option":"Write"},{"CIMType":"Boolean","Description":"Determines if MediaBypass is enabled for PSTN calls on specified Web platforms.","Name":"EnableWebPstnMediaBypass","Option":"Write"},{"CIMType":"String","Description":"This setting controls whether users must provide or obtain explicit consent before recording a 1:1 PSTN or Teams call. When enabled, both parties will receive a notification, and consent must be given before recording starts. Possible values: Enabled: Requires users to give and obtain explicit consent before starting a call recording. Disabled: Users are not required to obtain explicit consent before recording starts.","Name":"ExplicitRecordingConsent","Option":"Write","ValueMap":["Disabled","Enabled"],"Values":["Disabled","Enabled"]},{"CIMType":"String","Description":"Setting this parameter lets you control how inbound federated calls should be routed. Possible values are: RegularIncoming, Unanswered, Voicemail.","Name":"InboundFederatedCallRoutingTreatment","Option":"Write","ValueMap":["RegularIncoming","Unanswered","Voicemail"],"Values":["RegularIncoming","Unanswered","Voicemail"]},{"CIMType":"String","Description":"Setting this parameter lets you control how inbound PSTN calls should be routed. Possible values are: RegularIncoming, Unanswered, Voicemail, UserOverride.","Name":"InboundPstnCallRoutingTreatment","Option":"Write","ValueMap":["RegularIncoming","Unanswered","Voicemail","UserOverride"],"Values":["RegularIncoming","Unanswered","Voicemail","UserOverride"]},{"CIMType":"String","Description":"Setting this parameter allows you to set the PopoutForIncomingPstnCalls setting's URL path of the website to launch upon receiving incoming PSTN calls. This parameter accepts an HTTPS URL with less than 1024 characters. The URL can contain a {phone} placeholder that is replaced with the caller's PSTN number in E.164 format when launched.","Name":"PopoutAppPathForIncomingPstnCalls","Option":"Write"},{"CIMType":"String","Description":"Setting this parameter allows you to control the tenant users' ability to launch an external website URL automatically in the browser window upon incoming PSTN calls for specific users or user groups. Possible values are: Enabled, Disabled.","Name":"PopoutForIncomingPstnCalls","Option":"Write","ValueMap":["Disabled","Enabled"],"Values":["Disabled","Enabled"]},{"CIMType":"String","Description":"Allows users to use real time text during a call, allowing them to communicate by typing their messages in real time. Possible values are: Disabled, Enabled","Name":"RealTimeText","Option":"Write","ValueMap":["Disabled","Enabled"],"Values":["Disabled","Enabled"]},{"CIMType":"Boolean","Description":"Controls if Teams calls are shown in the call log.","Name":"ShowTeamsCallsInCallLog","Option":"Write"},{"CIMType":"String","Description":"Enables the user to use the voice simulation feature while being AI interpreted. Possible values are: Disabled, Enabled","Name":"VoiceSimulationInInterpreter","Option":"Write","ValueMap":["Disabled","Enabled"],"Values":["Disabled","Enabled"]},{"CIMType":"Boolean","Description":"Controls all calling capabilities in Teams. Turning this off will turn off all calling functionality in Teams. If you use Skype for Business for calling, this policy will not affect calling functionality in Skype for Business.","Name":"AllowPrivateCalling","Option":"Write"},{"CIMType":"String","Description":"Enables inbound calls to be routed to voice mail. Valid options are: AlwaysEnabled, AlwaysDisabled, UserOverride.","Name":"AllowVoicemail","Option":"Write","ValueMap":["AlwaysEnabled","AlwaysDisabled","UserOverride"],"Values":["AlwaysEnabled","AlwaysDisabled","UserOverride"]},{"CIMType":"Boolean","Description":"Enables inbound calls to be routed to call groups.","Name":"AllowCallGroups","Option":"Write"},{"CIMType":"Boolean","Description":"Enables inbound calls to be routed to delegates; allows delegates to make outbound calls on behalf of the users for whom they have delegated permissions.","Name":"AllowDelegation","Option":"Write"},{"CIMType":"Boolean","Description":"Enables call forwarding or simultaneous ringing of inbound calls to other users in your tenant.","Name":"AllowCallForwardingToUser","Option":"Write"},{"CIMType":"Boolean","Description":"Enables call forwarding or simultaneous ringing of inbound calls to any phone number.","Name":"AllowCallForwardingToPhone","Option":"Write"},{"CIMType":"String","Description":"Setting this parameter provides the ability to configure call redirection capabilities on Teams phones.","Name":"AllowCallRedirect","Option":"Write","ValueMap":["Enabled","Disabled","UserOverride"],"Values":["Enabled","Disabled","UserOverride"]},{"CIMType":"Boolean","Description":"Determines whether the user is allowed to use SIP devices for calling on behalf of a Teams client.","Name":"AllowSIPDevicesCalling","Option":"Write"},{"CIMType":"Boolean","Description":"Allows PSTN calling from the Team web client","Name":"AllowWebPSTNCalling","Option":"Write"},{"CIMType":"Boolean","Description":"Setting this parameter to True will send calls through PSTN and incur charges rather than going through the network and bypassing the tolls.","Name":"PreventTollBypass","Option":"Write"},{"CIMType":"String","Description":"Setting this parameter lets you configure how incoming calls are handled when a user is already in a call or conference or has a call placed on hold. New or incoming calls will be rejected with a busy signal. Valid options are: Enabled, Disabled and Unanswered.","Name":"BusyOnBusyEnabledType","Option":"Write","ValueMap":["Enabled","Disabled","Unanswered","UserOverride"],"Values":["Enabled","Disabled","Unanswered","UserOverride"]},{"CIMType":"UInt32","Description":"Sets the expiration of the recorded 1:1 calls.","Name":"CallRecordingExpirationDays","Option":"Write"},{"CIMType":"String","Description":"Setting this parameter allows you to turn on or turn off music on hold when a PSTN caller is placed on hold. It is turned on by default. Valid options are: Enabled, Disabled, UserOverride. For now setting the value to UserOverride is the same as Enabled. This setting does not apply to call park and SLA boss delegate features. Valid options are: Enabled, Disabled, UserOverride.","Name":"MusicOnHoldEnabledType","Option":"Write","ValueMap":["Enabled","Disabled","UserOverride"],"Values":["Enabled","Disabled","UserOverride"]},{"CIMType":"String","Description":"This parameter is not available for use. Valid options are: Enabled, Disabled, UserOverride.","Name":"SafeTransferEnabled","Option":"Write","ValueMap":["Enabled","Disabled","UserOverride"],"Values":["Enabled","Disabled","UserOverride"]},{"CIMType":"Boolean","Description":"Setting this parameter to True will allows 1:1 Calls to be recorded.","Name":"AllowCloudRecordingForCalls","Option":"Write"},{"CIMType":"Boolean","Description":"Determines whether post-meeting captions and transcriptions are allowed in a user's meetings. Set this to TRUE to allow. Set this to FALSE to prohibit.","Name":"AllowTranscriptionforCalling","Option":"Write"},{"CIMType":"String","Description":"Determines whether real-time captions are available for the user in Teams meetings. Set this to DisabledUserOverride to allow user to turn on live captions. Set this to Disabled to prohibit.","Name":"LiveCaptionsEnabledTypeForCalling","Option":"Write","ValueMap":["DisabledUserOverride","Disabled"],"Values":["DisabledUserOverride","Disabled"]},{"CIMType":"String","Description":"This setting allows the tenant admin to enable or disable the Auto-Answer setting. Valid options are: Enabled, Disabled.","Name":"AutoAnswerEnabledType","Option":"Write","ValueMap":["Enabled","Disabled"],"Values":["Enabled","Disabled"]},{"CIMType":"String","Description":"Setting this parameter determines whether calls identified as Spam will be rejected or not (probably). Valid options are: Enabled, Disabled.","Name":"SpamFilteringEnabledType","Option":"Write","ValueMap":["Enabled","Disabled"],"Values":["Enabled","Disabled"]},{"CIMType":"String","Description":"Present ensures the policyexists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Teams Admin.","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Name of the Azure Active Directory tenant used for authentication. Format contoso.onmicrosoft.com","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures a Teams Calling Policy.\n\nMore information: <https://docs.microsoft.com/en-us/microsoftteams/teams-calling-policy/>"},{"ClassName":"MSFT_TeamsCallParkPolicy","Parameters":[{"CIMType":"String","Description":"A unique identifier for the policy - this will be used to retrieve the policy later on to assign it to specific users.","Name":"Identity","Option":"Key"},{"CIMType":"Boolean","Description":"If set to true, customers will be able to leverage the call park feature to place calls on hold and then decide how the call should be handled - transferred to another department, retrieved using the same phone, or retrieved using a different phone.","Name":"AllowCallPark","Option":"Write"},{"CIMType":"String","Description":"Description of the Teams Call Park Policy.","Name":"Description","Option":"Write"},{"CIMType":"UInt64","Description":"Specify the number of seconds to wait before ringing the parker when the parked call hasn't been picked up. Value can be from 120 to 1800 (seconds).","Name":"ParkTimeoutSeconds","Option":"Write"},{"CIMType":"UInt64","Description":"Specify the maximum value that a rendered pickup code can take. Value can be from 10 to 9999. Note: PickupRangeStart must be smaller than PickupRangeEnd.","Name":"PickupRangeEnd","Option":"Write"},{"CIMType":"UInt64","Description":"Specify the minimum value that a rendered pickup code can take. Value can be from 10 to 9999.","Name":"PickupRangeStart","Option":"Write"},{"CIMType":"string","Description":"Present ensures the instance exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures a Teams Call Park Policy. Call park allows enterprise voice customers to place a call on hold and then perform a number of actions on that call: transfer to another department, retrieve via the same phone, or retrieve via a different Teams phone."},{"ClassName":"MSFT_TeamsCallQueue","Parameters":[{"CIMType":"String","Description":"The Name parameter specifies a unique name for the Call Queue.","Name":"Name","Option":"Key"},{"CIMType":"UInt16","Description":"The Name parameter specifies a unique name for the Call Queue.","Name":"AgentAlertTime","Option":"Write"},{"CIMType":"Boolean","Description":"The AllowOptOut parameter indicates whether or not agents can opt in or opt out from taking calls from a Call Queue.","Name":"AllowOptOut","Option":"Write"},{"CIMType":"String[]","Description":"The DistributionLists parameter lets you add all the members of the distribution lists to the Call Queue. This is a list of distribution list GUIDs. A service wide configurable maximum number of DLs per Call Queue are allowed. Only the first N (service wide configurable) agents from all distribution lists combined are considered for accepting the call. Nested DLs are supported. O365 Groups can also be used to add members to the Call Queue.","Name":"DistributionLists","Option":"Write"},{"CIMType":"Boolean","Description":"The UseDefaultMusicOnHold parameter indicates that this Call Queue uses the default music on hold. This parameter cannot be specified together with MusicOnHoldAudioFileId.","Name":"UseDefaultMusicOnHold","Option":"Write"},{"CIMType":"String","Description":"The WelcomeMusicAudioFileId parameter represents the audio file to play when callers are connected with the Call Queue. This is the unique identifier of the audio file.","Name":"WelcomeMusicAudioFileId","Option":"Write"},{"CIMType":"String","Description":"The MusicOnHoldFileContent parameter represents music to play when callers are placed on hold. This is the unique identifier of the audio file. This parameter is required if the UseDefaultMusicOnHold parameter is not specified.","Name":"MusicOnHoldAudioFileId","Option":"Write"},{"CIMType":"String","Description":"The OverflowAction parameter designates the action to take if the overflow threshold is reached. The OverflowAction property must be set to one of the following values: DisconnectWithBusy, Forward, Voicemail, and SharedVoicemail. The default value is DisconnectWithBusy.","Name":"OverflowAction","Option":"Write","ValueMap":["DisconnectWithBusy","Forward","Voicemail","SharedVoicemail"],"Values":["DisconnectWithBusy","Forward","Voicemail","SharedVoicemail"]},{"CIMType":"String","Description":"The OverflowActionTarget parameter represents the target of the overflow action. If the OverFlowAction is set to Forward, this parameter must be set to a Guid or a telephone number with a mandatory 'tel:' prefix. If the OverflowAction is set to SharedVoicemail, this parameter must be set to a group ID (Microsoft 365, Distribution list, or Mail-enabled security). Otherwise, this parameter is optional.","Name":"OverflowActionTarget","Option":"Write"},{"CIMType":"UInt16","Description":"The OverflowThreshold parameter defines the number of calls that can be in the queue at any one time before the overflow action is triggered. The OverflowThreshold can be any integer value between 0 and 200, inclusive. A value of 0 causes calls not to reach agents and the overflow action to be taken immediately.","Name":"OverflowThreshold","Option":"Write"},{"CIMType":"String","Description":"The TimeoutAction parameter defines the action to take if the timeout threshold is reached. The TimeoutAction property must be set to one of the following values: Disconnect, Forward, Voicemail, and SharedVoicemail. The default value is Disconnect.","Name":"TimeoutAction","Option":"Write","ValueMap":["Disconnect","Forward","Voicemail","SharedVoicemail"],"Values":["Disconnect","Forward","Voicemail","SharedVoicemail"]},{"CIMType":"String","Description":"The TimeoutActionTarget represents the target of the timeout action. If the TimeoutAction is set to Forward, this parameter must be set to a Guid or a telephone number with a mandatory 'tel:' prefix. If the TimeoutAction is set to SharedVoicemail, this parameter must be set to an Office 365 Group ID. Otherwise, this field is optional.","Name":"TimeoutActionTarget","Option":"Write"},{"CIMType":"UInt16","Description":"The TimeoutThreshold parameter defines the time (in seconds) that a call can be in the queue before that call times out. At that point, the system will take the action specified by the TimeoutAction parameter. The TimeoutThreshold can be any integer value between 0 and 2700 seconds (inclusive), and is rounded to the nearest 15th interval. For example, if set to 47 seconds, then it is rounded down to 45. If set to 0, welcome music is played, and then the timeout action will be taken.","Name":"TimeoutThreshold","Option":"Write"},{"CIMType":"String","Description":"The RoutingMethod defines how agents will be called in a Call Queue. If the routing method is set to Serial, then agents will be called one at a time. If the routing method is set to Attendant, then agents will be called in parallel. If routing method is set to RoundRobin, the agents will be called using Round Robin strategy so that all agents share the call-load equally. If routing method is set to LongestIdle, the agents will be called based on their idle time, i.e., the agent that has been idle for the longest period will be called.","Name":"RoutingMethod","Option":"Write","ValueMap":["Attendant","Serial","RoundRobin","LongestIdle"],"Values":["Attendant","Serial","RoundRobin","LongestIdle"]},{"CIMType":"Boolean","Description":"The PresenceBasedRouting parameter indicates whether or not presence based routing will be applied while call being routed to Call Queue agents. When set to False, calls will be routed to agents who have opted in to receive calls, regardless of their presence state. When set to True, opted-in agents will receive calls only when their presence state is Available.","Name":"PresenceBasedRouting","Option":"Write"},{"CIMType":"Boolean","Description":"The ConferenceMode parameter indicates whether or not Conference mode will be applied on calls for this Call queue. Conference mode significantly reduces the amount of time it takes for a caller to be connected to an agent, after the agent accepts the call.","Name":"ConferenceMode","Option":"Write"},{"CIMType":"String[]","Description":"The Users parameter lets you add agents to the Call Queue. This parameter expects a list of user unique identifiers (GUID).","Name":"Users","Option":"Write"},{"CIMType":"String","Description":"The LanguageId parameter indicates the language that is used to play shared voicemail prompts. This parameter becomes a required parameter If either OverflowAction or TimeoutAction is set to SharedVoicemail. You can query the supported languages using the Get-CsAutoAttendantSupportedLanguage cmdlet.","Name":"LanguageId","Option":"Write"},{"CIMType":"String[]","Description":"The OboResourceAccountIds parameter lets you add resource account with phone number to the Call Queue. The agents in the Call Queue will be able to make outbound calls using the phone number on the resource accounts. This is a list of resource account GUIDs. Only Call Queue managed by a Teams Channel will be able to use this feature.","Name":"OboResourceAccountIds","Option":"Write"},{"CIMType":"String","Description":"The OverflowDisconnectTextToSpeechPrompt parameter indicates the Text-to-Speech (TTS) prompt which is played to the caller when being disconnected due to overflow.","Name":"OverflowDisconnectTextToSpeechPrompt","Option":"Write"},{"CIMType":"String","Description":"The OverflowDisconnectAudioFilePrompt parameter indicates the unique identifier for the Audio file prompt which is played to the caller when being disconnected due to overflow.","Name":"OverflowDisconnectAudioFilePrompt","Option":"Write"},{"CIMType":"String","Description":"The OverflowRedirectPersonTextToSpeechPrompt parameter indicates the Text-to-Speech (TTS) prompt which is played to the caller when being redirected to a person in the organization due to overflow.","Name":"OverflowRedirectPersonTextToSpeechPrompt","Option":"Write"},{"CIMType":"String","Description":"The OverflowRedirectPersonAudioFilePrompt parameter indicates the unique identifier for the Audio file prompt which is played to the caller when being redirected to a person in the organization due to overflow.","Name":"OverflowRedirectPersonAudioFilePrompt","Option":"Write"},{"CIMType":"String","Description":"The OverflowRedirectVoiceAppsTextToSpeechPrompt parameter indicates the Text-to-Speech (TTS) prompt which is played to the caller when being redirected to a voice application due to overflow.","Name":"OverflowRedirectVoiceAppTextToSpeechPrompt","Option":"Write"},{"CIMType":"String","Description":"The OverflowRedirectVoiceAppAudioFilePrompt parameter indicates the unique identifier for the Audio file prompt which is played to the caller when being redirected to a voice application due to overflow.","Name":"OverflowRedirectVoiceAppAudioFilePrompt","Option":"Write"},{"CIMType":"String","Description":"The OverflowRedirectPhoneNumberTextToSpeechPrompt parameter indicates the Text-to-Speech (TTS) prompt which is played to the caller when being redirected to an external PSTN phone number due to overflow.","Name":"OverflowRedirectPhoneNumberTextToSpeechPrompt","Option":"Write"},{"CIMType":"String","Description":"The OverflowRedirectPhoneNumberAudioFilePrompt parameter indicates the unique identifier for the Audio file prompt which is played to the caller when being redirected to an external PSTN phone number due to overflow.","Name":"OverflowRedirectPhoneNumberAudioFilePrompt","Option":"Write"},{"CIMType":"String","Description":"The OverflowRedirectVoicemailTextToSpeechPrompt parameter indicates the Text-to-Speech (TTS) prompt which is played to the caller when being redirected to a person's voicemail due to overflow.","Name":"OverflowRedirectVoicemailTextToSpeechPrompt","Option":"Write"},{"CIMType":"String","Description":"The OverflowRedirectVoiceMailAudioFilePrompt parameter indicates the unique identifier for the Audio file prompt which is played to the caller when being redirected to a person's voicemail due to overflow.","Name":"OverflowRedirectVoicemailAudioFilePrompt","Option":"Write"},{"CIMType":"String","Description":"The OverflowRedirectVoicemailTextToSpeechPrompt parameter indicates the Text-to-Speech (TTS) prompt which is played to the caller when being redirected to a person's voicemail due to overflow.","Name":"OverflowSharedVoicemailTextToSpeechPrompt","Option":"Write"},{"CIMType":"String","Description":"The OverflowSharedVoicemailAudioFilePrompt parameter indicates the unique identifier for the Audio file prompt which is to be played as a greeting to the caller when transferred to shared voicemail on overflow. This parameter becomes a required parameter when OverflowAction is SharedVoicemail and OverflowSharedVoicemailTextToSpeechPrompt is null.","Name":"OverflowSharedVoicemailAudioFilePrompt","Option":"Write"},{"CIMType":"Boolean","Description":"The EnableOverflowSharedVoicemailTranscription parameter is used to turn on transcription for voicemails left by a caller on overflow. This parameter is only applicable when OverflowAction is set to SharedVoicemail.","Name":"EnableOverflowSharedVoicemailTranscription","Option":"Write"},{"CIMType":"String","Description":"The TimeoutDisconnectTextToSpeechPrompt parameter indicates the Text-to-Speech (TTS) prompt which is played to the caller when being disconnected due to timeout.","Name":"TimeoutDisconnectTextToSpeechPrompt","Option":"Write"},{"CIMType":"String","Description":"The TimeoutDisconnectAudioFilePrompt parameter indicates the unique identifier for the Audio file prompt which is played to the caller when being disconnected due to timeout.","Name":"TimeoutDisconnectAudioFilePrompt","Option":"Write"},{"CIMType":"String","Description":"The TimeoutRedirectPersonTextToSpeechPrompt parameter indicates the Text-to-Speech (TTS) prompt which is played to the caller when being redirected to a person in the organization due to timeout.","Name":"TimeoutRedirectPersonTextToSpeechPrompt","Option":"Write"},{"CIMType":"String","Description":"The TimeoutRedirectPersonAudioFilePrompt parameter indicates the unique identifier for the Audio file prompt which is played to the caller when being redirected to a person in the organization due to timeout.","Name":"TimeoutRedirectPersonAudioFilePrompt","Option":"Write"},{"CIMType":"String","Description":"The TimeoutRedirectVoiceAppsTextToSpeechPrompt parameter indicates the Text-to-Speech (TTS) prompt which is played to the caller when being redirected to a voice application due to timeout.","Name":"TimeoutRedirectVoiceAppTextToSpeechPrompt","Option":"Write"},{"CIMType":"String","Description":"The TimeoutRedirectVoiceAppAudioFilePrompt parameter indicates the unique identifier for the Audio file prompt which is played to the caller when being redirected to a voice application due to timeout.","Name":"TimeoutRedirectVoiceAppAudioFilePrompt","Option":"Write"},{"CIMType":"String","Description":"The TimeoutRedirectPhoneNumberTextToSpeechPrompt parameter indicates the Text-to-Speech (TTS) prompt which is played to the caller when being redirected to an external PSTN phone number due to timeout.","Name":"TimeoutRedirectPhoneNumberTextToSpeechPrompt","Option":"Write"},{"CIMType":"String","Description":"The TimeoutRedirectPhoneNumberAudioFilePrompt parameter indicates the unique identifier for the Audio file prompt which is played to the caller when being redirected to an external PSTN phone number due to timeout.","Name":"TimeoutRedirectPhoneNumberAudioFilePrompt","Option":"Write"},{"CIMType":"String","Description":"The TimeoutRedirectVoicemailTextToSpeechPrompt parameter indicates the Text-to-Speech (TTS) prompt which is played to the caller when being redirected to a person's voicemail due to timeout.","Name":"TimeoutRedirectVoicemailTextToSpeechPrompt","Option":"Write"},{"CIMType":"String","Description":"The TimeoutRedirectVoiceMailAudioFilePrompt parameter indicates the unique identifier for the Audio file prompt which is played to the caller when being redirected to a person's voicemail due to timeout.","Name":"TimeoutRedirectVoicemailAudioFilePrompt","Option":"Write"},{"CIMType":"String","Description":"The TimeoutSharedVoicemailTextToSpeechPrompt parameter indicates the Text-to-Speech (TTS) prompt which is to be played as a greeting to the caller when transferred to shared voicemail on timeout. This parameter becomes a required parameter when TimeoutAction is SharedVoicemail and TimeoutSharedVoicemailAudioFilePrompt is null.","Name":"TimeoutSharedVoicemailTextToSpeechPrompt","Option":"Write"},{"CIMType":"String","Description":"The TimeoutSharedVoicemailAudioFilePrompt parameter indicates the unique identifier for the Audio file prompt which is to be played as a greeting to the caller when transferred to shared voicemail on timeout. This parameter becomes a required parameter when TimeoutAction is SharedVoicemail and TimeoutSharedVoicemailTextToSpeechPrompt is null.","Name":"TimeoutSharedVoicemailAudioFilePrompt","Option":"Write"},{"CIMType":"Boolean","Description":"The EnableTimeoutSharedVoicemailTranscription parameter is used to turn on transcription for voicemails left by a caller on timeout. This parameter is only applicable when TimeoutAction is set to SharedVoicemail.","Name":"EnableTimeoutSharedVoicemailTranscription","Option":"Write"},{"CIMType":"String","Description":"Id of the channel to connect a call queue to.","Name":"ChannelId","Option":"Write"},{"CIMType":"String","Description":"Guid should contain 32 digits with 4 dashes (xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx). This is the GUID of one of the owners of the team the channels belongs to.","Name":"ChannelUserObjectId","Option":"Write"},{"CIMType":"String[]","Description":"This is a list of GUIDs for users who are authorized to make changes to this call queue. The users must also have a TeamsVoiceApplications policy assigned. The GUID should contain 32 digits with 4 dashes (xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx).","Name":"AuthorizedUsers","Option":"Write"},{"CIMType":"String","Description":"Present ensures the Team Message Policy exists, absent ensures it is removed","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Teams Service Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Name of the Azure Active Directory tenant used for authentication. Format contoso.onmicrosoft.com","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource is used to manage Call Queue in your Skype for Business Online organization."},{"ClassName":"MSFT_TeamsChannel","Parameters":[{"CIMType":"string","Description":"Current channel name","Name":"DisplayName","Option":"Key"},{"CIMType":"string","Description":"Name of the team the Channel belongs to","Name":"TeamName","Option":"Key"},{"CIMType":"string","Description":"Team group ID, only used to target a Team when duplicated display names occurs.","Name":"GroupID","Option":"Write"},{"CIMType":"string","Description":"Used to update current channel name","Name":"NewDisplayName","Option":"Write"},{"CIMType":"string","Description":"Channel description","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Present ensures the Team channel exists, absent ensures it is removed","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Teams Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource is used to add and update channels in existing Teams."},{"ClassName":"MSFT_TeamsChannelsPolicy","Parameters":[{"CIMType":"String","Description":"Identity of the Teams Channel Policy.","Name":"Identity","Option":"Key"},{"CIMType":"String","Description":"Description of the Teams Channel Policy.","Name":"Description","Option":"Write"},{"CIMType":"Boolean","Description":"Determines whether a user is allowed to share a shared channel with an external user. Set this to TRUE to allow. Set this FALSE to prohibit.","Name":"AllowChannelSharingToExternalUser","Option":"Write"},{"CIMType":"Boolean","Description":"Determines whether a user is allowed to create an org-wide team. Set this to TRUE to allow. Set this FALSE to prohibit.","Name":"AllowOrgWideTeamCreation","Option":"Write"},{"CIMType":"Boolean","Description":"Determines whether a user is allowed to discover private teams in suggestions and search results. Set this to TRUE to allow. Set this FALSE to prohibit.","Name":"EnablePrivateTeamDiscovery","Option":"Write"},{"CIMType":"Boolean","Description":"Determines whether a user is allowed to create a private channel. Set this to TRUE to allow. Set this FALSE to prohibit.","Name":"AllowPrivateChannelCreation","Option":"Write"},{"CIMType":"Boolean","Description":"Determines whether a user is allowed to create a shared channel. Set this to TRUE to allow. Set this FALSE to prohibit.","Name":"AllowSharedChannelCreation","Option":"Write"},{"CIMType":"Boolean","Description":"Determines whether a user is allowed to participate in a shared channel that has been shared by an external user. Set this to TRUE to allow. Set this FALSE to prohibit.","Name":"AllowUserToParticipateInExternalSharedChannel","Option":"Write"},{"CIMType":"String","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Teams Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Name of the Azure Active Directory tenant used for authentication. Format contoso.onmicrosoft.com","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures a Teams Channel Policy.\n\nMore information: <https://docs.microsoft.com/en-us/microsoftteams/teams-policies/>"},{"ClassName":"MSFT_TeamsChannelTab","Parameters":[{"CIMType":"String","Description":"Display Name of the Channel Tab.","Name":"DisplayName","Option":"Key"},{"CIMType":"String","Description":"Display Name of the Team.","Name":"TeamName","Option":"Key"},{"CIMType":"String","Description":"Display Name of the Channel.","Name":"ChannelName","Option":"Key"},{"CIMType":"String","Description":"Unique Id of the Team of the instance on the source tenant.","Name":"TeamId","Option":"Write"},{"CIMType":"String","Description":"Id of the Teams App associated with the custom tab.","Name":"TeamsApp","Option":"Write"},{"CIMType":"UInt32","Description":"Index of the sort order for the custom tab.","Name":"SortOrderIndex","Option":"Write"},{"CIMType":"String","Description":"Url of the website linked to the Channel Tab.","Name":"WebSiteUrl","Option":"Write"},{"CIMType":"String","Description":"Url of the content linked to the Channel Tab.","Name":"ContentUrl","Option":"Write"},{"CIMType":"String","Description":"Url of the location used to remove the app.","Name":"RemoveUrl","Option":"Write"},{"CIMType":"String","Description":"Id of the Entity linked to the Channel Tab.","Name":"EntityId","Option":"Write"},{"CIMType":"String","Description":"Present ensures the Tab exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Teams Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures a new Custom tab in a Channel."},{"ClassName":"MSFT_TeamsClientConfiguration","Parameters":[{"CIMType":"String","Description":"Only valid value is 'Yes'.","Name":"IsSingleInstance","Option":"Key","ValueMap":["Yes"],"Values":["Yes"]},{"CIMType":"Boolean","Description":"Designates whether users are able to leverage Box as a third party storage solution in Microsoft Teams. If $true, users will be able to add Box in the client and interact with the files stored there.","Name":"AllowBox","Option":"Write"},{"CIMType":"Boolean","Description":"Designates whether users are able to leverage DropBox as a third party storage solution in Microsoft Teams. If $true, users will be able to add DropBox in the client and interact with the files stored there.","Name":"AllowDropBox","Option":"Write"},{"CIMType":"Boolean","Description":"When set to $true, mail hooks are enabled, and users can post messages to a channel by sending an email to the email address of Teams channel.","Name":"AllowEmailIntoChannel","Option":"Write"},{"CIMType":"Boolean","Description":"Designates whether users are able to leverage GoogleDrive as a third party storage solution in Microsoft Teams. If $true, users will be able to add Google Drive in the client and interact with the files stored there.","Name":"AllowGoogleDrive","Option":"Write"},{"CIMType":"Boolean","Description":"Designates whether or not guest users in your organization will have access to the Teams client. If $true, guests in your tenant will be able to access the Teams client. Note that this setting has a core dependency on Guest Access being enabled in your Office 365 tenant.","Name":"AllowGuestUser","Option":"Write"},{"CIMType":"Boolean","Description":"When set to $true, users will be able to see the organizational chart icon other users' contact cards, and when clicked, this icon will display the detailed organizational chart.","Name":"AllowOrganizationTab","Option":"Write"},{"CIMType":"Boolean","Description":"Surface Hub uses a device account to provide email and collaboration services (IM, video, voice). This device account is used as the originating identity (the from party) when sending email, IM, and placing calls. As this account is not coming from an individual, identifiable user, it is deemed anonymous because it originated from the Surface Hub's device account. If set to $true, these device accounts will be able to send chat messages in Skype for Business Online (does not apply to Microsoft Teams).","Name":"AllowResourceAccountSendMessage","Option":"Write"},{"CIMType":"Boolean","Description":"When set to True, Supervised Chat is enabled for the tenant.","Name":"AllowRoleBasedChatPermissions","Option":"Write"},{"CIMType":"Boolean","Description":"If set to $true, the Exchange address book policy (ABP) will be used to provide customized view of the global address book for each user. This is only a virtual separation and not a legal separation.","Name":"AllowScopedPeopleSearchandAccess","Option":"Write"},{"CIMType":"Boolean","Description":"Designates whether users are able to leverage ShareFile as a third party storage solution in Microsoft Teams. If $true, users will be able to add ShareFile in the client and interact with the files stored there.","Name":"AllowShareFile","Option":"Write"},{"CIMType":"Boolean","Description":"When set to $true, Teams conversations automatically show up in Skype for Business for users that aren't enabled for Teams.","Name":"AllowSkypeBusinessInterop","Option":"Write"},{"CIMType":"Boolean","Description":"Designates whether users are able to leverage Egnyte as a third party storage solution in Microsoft Teams. If $true, users will be able to add Egnyte in the client and interact with the files stored there.","Name":"AllowEgnyte","Option":"Write"},{"CIMType":"string","Description":"This setting applies only to Skype for Business Online (not Microsoft Teams) and defines whether the user must provide a secondary form of authentication to access the meeting content from a resource device account. Meeting content is defined as files that are shared to the Content Bin - files that have been attached to the meeting.","Name":"ContentPin","Option":"Write","ValueMap":["NotRequired","RequiredOutsideScheduleMeeting","AlwaysRequired"],"Values":["NotRequired","RequiredOutsideScheduleMeeting","AlwaysRequired"]},{"CIMType":"string","Description":"Require a secondary form of authentication to access meeting content.","Name":"ResourceAccountContentAccess","Option":"Write","ValueMap":["NoAccess","PartialAccess","FullAccess"],"Values":["NoAccess","PartialAccess","FullAccess"]},{"CIMType":"string[]","Description":"Senders domains can be further restricted to ensure that only allowed SMTP domains can send emails to the Teams channels. This is a comma-separated string of the domains you'd like to allow to send emails to Teams channels.","Name":"RestrictedSenderList","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Credentials of the Teams Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Name of the Azure Active Directory tenant used for authentication. Format contoso.onmicrosoft.com","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource is used to configure the Teams client settings.\n\nMore information: <https://docs.microsoft.com/en-us/microsoftteams/enable-features-office-365#teams-settings-and-teams-upgrade-settings-in-the-microsoft-teams-admin-center/>"},{"ClassName":"MSFT_TeamsComplianceRecordingApplication","Parameters":[{"CIMType":"String","Description":"A name that uniquely identifies the application instance of the policy-based recording application.","Name":"Id","Option":"Key"},{"CIMType":"String[]","Description":"Determines the other policy-based recording applications to pair with this application to achieve application resiliency. Can only have one paired application.","Name":"ComplianceRecordingPairedApplications","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether the policy-based recording application must be in the meeting before the user is allowed to join the meeting.","Name":"RequiredBeforeMeetingJoin","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether the policy-based recording application must be in the call before the call is allowed to establish.","Name":"RequiredBeforeCallEstablishment","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether the policy-based recording application must be in the meeting while the user is in the meeting.","Name":"RequiredDuringMeeting","Option":"Write"},{"CIMType":"Boolean","Description":"Indicates whether the policy-based recording application must be in the call while the call is active.","Name":"RequiredDuringCall","Option":"Write"},{"CIMType":"String","Description":"Determines the number of invites to send out to the application instance of the policy-based recording application. Can be set to 1 or 2 only.","Name":"ConcurrentInvitationCount","Option":"Write"}],"Description":"Creates a new Teams recording policy for governing automatic policy-based recording in your tenant. Automatic policy-based recording is only applicable to Microsoft Teams users."},{"ClassName":"MSFT_TeamsComplianceRecordingPolicy","Parameters":[{"CIMType":"String","Description":"Unique identifier of the application instance of a policy-based recording application to be retrieved.","Name":"Identity","Option":"Key"},{"CIMType":"MSFT_TeamsComplianceRecordingApplication[]","Description":"A list of application instances of policy-based recording applications to assign to this policy. The Id of each of these application instances must be the ObjectId of the application instance as obtained by the Get-CsOnlineApplicationInstance cmdlet.","Name":"ComplianceRecordingApplications","Option":"Write"},{"CIMType":"String","Description":"Enables administrators to provide explanatory text to accompany a Teams recording policy. For example, the Description might include information about the users the policy should be assigned to.","Name":"Description","Option":"Write"},{"CIMType":"Boolean","Description":"Setting this attribute to true disables recording audio notifications for 1:1 calls that are under compliance recording.","Name":"DisableComplianceRecordingAudioNotificationForCalls","Option":"Write"},{"CIMType":"Boolean","Description":"Controls whether this Teams recording policy is active or not.","Name":"Enabled","Option":"Write"},{"CIMType":"Boolean","Description":"Setting this attribute to true enables compliance recording for calls that have been re-routed from a compliance recording-enabled user. Supported call scenarios include forward, transfer, delegation, call groups, and simultaneous ring.","Name":"RecordReroutedCalls","Option":"Write"},{"CIMType":"Boolean","Description":"This parameter is reserved for future use.","Name":"WarnUserOnRemoval","Option":"Write"},{"CIMType":"string","Description":"Present ensures the instance exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Creates a new Teams recording policy for governing automatic policy-based recording in your tenant. Automatic policy-based recording is only applicable to Microsoft Teams users."},{"ClassName":"MSFT_TeamsCortanaPolicy","Parameters":[{"CIMType":"String","Description":"Unique identifier for Teams cortana policy you're creating.","Name":"Identity","Option":"Key"},{"CIMType":"String","Description":"The value of this field indicates if Cortana is enabled and mode of invocation.","Name":"CortanaVoiceInvocationMode","Option":"Write","ValueMap":["Disabled","PushToTalkUserOverride","WakeWordPushToTalkUserOverride"],"Values":["Disabled","PushToTalkUserOverride","WakeWordPushToTalkUserOverride"]},{"CIMType":"String","Description":"Provide a description of your policy to identify purpose of creating it.","Name":"Description","Option":"Write"},{"CIMType":"string","Description":"Present ensures the instance exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"The CsTeamsCortanaPolicy resources enable administrators to control settings for Cortana voice assistant in Microsoft Teams."},{"ClassName":"MSFT_TeamsDialInConferencingTenantSettings","Parameters":[{"CIMType":"String","Description":"Only accepted value is Yes.","Name":"IsSingleInstance","Option":"Key","ValueMap":["Yes"],"Values":["Yes"]},{"CIMType":"Boolean","Description":"Specifies the default value that gets assigned to the 'AllowPSTNOnlyMeetings' setting of users when they are enabled for dial-in conferencing, or when a user's dial-in conferencing provider is set to Microsoft. If set to $true, the 'AllowPSTNOnlyMeetings' setting of the user will also be set to true. If $false, the user setting will be false. The default value for AllowPSTNOnlyMeetingsByDefault is $false.","Name":"AllowPSTNOnlyMeetingsByDefault","Option":"Write"},{"CIMType":"Boolean","Description":"Automatically Migrate User Meetings.","Name":"AutomaticallyMigrateUserMeetings","Option":"Write"},{"CIMType":"Boolean","Description":"Automatically replace ACP Provider.","Name":"AutomaticallyReplaceAcpProvider","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies whether advisory emails will be sent to users when the events listed below occur. Setting the parameter to $true enables the emails to be sent, $false disables the emails. The default is $true.","Name":"AutomaticallySendEmailsToUsers","Option":"Write"},{"CIMType":"Boolean","Description":"Enable Dial out join confirmation.","Name":"EnableDialOutJoinConfirmation","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies if, by default, announcements are made as users enter and exit a conference call. Set to $true to enable notifications, $false to disable notifications. The default is $true.","Name":"EnableEntryExitNotifications","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies whether the name of a user is recorded on entry to the conference. This recording is used during entry and exit notifications. Set to $true to enable name recording, set to $false to bypass name recording. The default is $true.","Name":"EnableNameRecording","Option":"Write"},{"CIMType":"String","Description":"Supported entry and exit announcement type.","Name":"EntryExitAnnouncementsType","Option":"Write"},{"CIMType":"String","Description":"This parameter allows tenant administrators to configure masking of PSTN participant phone numbers in the roster view for Microsoft Teams meetings enabled for Audio Conferencing, scheduled within the organization. Possible values are MaskedForExternalUsers, MaskedForAllUsers or NoMasking","Name":"MaskPstnNumbersType","Option":"Write","ValueMap":["MaskedForExternalUsers","MaskedForAllUsers","NoMasking"],"Values":["MaskedForExternalUsers","MaskedForAllUsers","NoMasking"]},{"CIMType":"Boolean","Description":"Specifies whether service numbers assigned to the tenant should be migrated to the new forest of the tenant when the tenant is migrated cross region. If false, service numbers will be released back to stock once the migration completes. This settings does not apply to ported-in numbers that are always migrated.","Name":"MigrateServiceNumbersOnCrossForestMove","Option":"Write"},{"CIMType":"UInt32","Description":"Specifies the number of digits in the automatically generated PINs. Organizers can enter their PIN to start a meeting they scheduled if they join via phone and are the first person to join. The minimum value is 4, the maximum is 12, and the default is 5.","Name":"PinLength","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies if Private Meetings are enabled for the users in this tenant.","Name":"UseUniqueConferenceIds","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Credentials of the Teams Global Admin.","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Name of the Azure Active Directory tenant used for authentication. Format contoso.onmicrosoft.com","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures a Teams User's Calling Settings.\n\nMore information: <https://learn.microsoft.com/en-us/microsoftteams/user-call-settings/>"},{"ClassName":"MSFT_TeamsEmergencyCallingExtendedNotification","Parameters":[{"CIMType":"String","Description":"The emergency dial string.","Name":"EmergencyDialString","Option":"Key"},{"CIMType":"String[]","Description":"The email recipients of the notifications.","Name":"NotificationGroup","Option":"Write"},{"CIMType":"String","Description":"The additional number to call when contacting an emergency number.","Name":"NotificationDialOutNumber","Option":"Write"},{"CIMType":"String","Description":"The notification mode for the additional number. Possible values: ConferenceMuted - Join the emergency call muted. ConferenceUnMuted - Join the emergency call unmuted. NotificationOnly - Only receive a notification for an emergency call.","Name":"NotificationMode","Option":"Write","ValueMap":["ConferenceMuted","ConferenceUnMuted","NotificationOnly"],"Values":["ConferenceMuted","ConferenceUnMuted","NotificationOnly"]}],"Description":"This resource configures the Teams Emergency Calling Policies.\n\nMore information: <https://docs.microsoft.com/en-us/microsoftteams/manage-emergency-calling-policies/>"},{"ClassName":"MSFT_TeamsEmergencyCallingPolicy","Parameters":[{"CIMType":"String","Description":"Identity of the Teams Emergency Calling Policy.","Name":"Identity","Option":"Key"},{"CIMType":"String","Description":"Description of the Teams Emergency Calling Policy.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Allows the tenant administrator to configure a text string, which is shown at the top of the Calls app.","Name":"EnhancedEmergencyServiceDisclaimer","Option":"Write"},{"CIMType":"MSFT_TeamsEmergencyCallingExtendedNotification[]","Description":"A list of one or more instances of TeamsEmergencyCallingExtendedNotification. Each TeamsEmergencyCallingExtendedNotification should use a unique EmergencyDialString. If an extended notification is found for an emergency phone number based on the EmergencyDialString parameter the extended notification will be controlling the notification. If no extended notification is found the notification settings on the policy instance itself will be used.","Name":"ExtendedNotifications","Option":"Write"},{"CIMType":"String","Description":"Enables ExternalLocationLookupMode. This mode allows users to set Emergency addresses for remote locations.","Name":"ExternalLocationLookupMode","Option":"Write","ValueMap":["Disabled","Enabled"],"Values":["Disabled","Enabled"]},{"CIMType":"String","Description":"This parameter represents PSTN number which can be dialed out if NotificationMode is set to either of the two Conference values.","Name":"NotificationDialOutNumber","Option":"Write"},{"CIMType":"String","Description":"NotificationGroup is a email list of users and groups to be notified of an emergency call.","Name":"NotificationGroup","Option":"Write"},{"CIMType":"String","Description":"The type of conference experience for security desk notification.","Name":"NotificationMode","Option":"Write","ValueMap":["NotificationOnly","ConferenceMuted","ConferenceUnMuted"],"Values":["NotificationOnly","ConferenceMuted","ConferenceUnMuted"]},{"CIMType":"String","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Teams Global Admin.","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Name of the Azure Active Directory tenant used for authentication. Format contoso.onmicrosoft.com","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures the Teams Emergency Calling Policies.\n\nMore information: <https://docs.microsoft.com/en-us/microsoftteams/manage-emergency-calling-policies/>"},{"ClassName":"MSFT_TeamsEmergencyNumber","Parameters":[{"CIMType":"String","Description":"Specifies the emergency phone number.","Name":"EmergencyDialString","Option":"Key"},{"CIMType":"String","Description":"For each Teams emergency number, you can specify zero or more emergency dial masks. A dial mask is a number that you want to translate into the value of the emergency dial number value when it is dialed.","Name":"EmergencyDialMask","Option":"Write"},{"CIMType":"String","Description":"Specify the online public switched telephone network (PSTN) usage","Name":"OnlinePSTNUsage","Option":"Write"}],"Description":"This resource configures the Teams Emergency Call Routing Policies.\n\nMore information: <https://docs.microsoft.com/en-us/microsoftteams/manage-emergency-call-routing-policies/>"},{"ClassName":"MSFT_TeamsEmergencyCallRoutingPolicy","Parameters":[{"CIMType":"String","Description":"Identity of the Teams Emergency Call Routing Policy.","Name":"Identity","Option":"Key"},{"CIMType":"String","Description":"Description of the Teams Emergency Call Routing Policy.","Name":"Description","Option":"Write"},{"CIMType":"MSFT_TeamsEmergencyNumber[]","Description":"Emergency number(s) associated with the policy.","Name":"EmergencyNumbers","Option":"Write"},{"CIMType":"Boolean","Description":"Flag to enable Enhanced Emergency Services","Name":"AllowEnhancedEmergencyServices","Option":"Write"},{"CIMType":"String","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Teams Admin.","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Name of the Azure Active Directory tenant used for authentication. Format contoso.onmicrosoft.com","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures the Teams Emergency Call Routing Policies.\n\nMore information: <https://docs.microsoft.com/en-us/microsoftteams/manage-emergency-call-routing-policies/>"},{"ClassName":"MSFT_TeamsEnhancedEncryptionPolicy","Parameters":[{"CIMType":"String","Description":"Unique identifier assigned to the Teams enhanced encryption policy.","Name":"Identity","Option":"Key"},{"CIMType":"String","Description":"Determines whether End-to-end encrypted calling is available for the user in Teams. Set this to DisabledUserOverride to allow user to turn on End-to-end encrypted calls. Set this to Disabled to prohibit.","Name":"CallingEndtoEndEncryptionEnabledType","Option":"Write"},{"CIMType":"String","Description":"Enables administrators to provide explanatory text to accompany a Teams enhanced encryption policy.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"N/A","Name":"MeetingEndToEndEncryption","Option":"Write"},{"CIMType":"string","Description":"Present ensures the instance exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Use this resource to create a new Teams enhanced encryption policy."},{"ClassName":"MSFT_TeamsEventsPolicy","Parameters":[{"CIMType":"String","Description":"Identity of the Teams Events Policy.","Name":"Identity","Option":"Key"},{"CIMType":"String","Description":"Description of the Teams Events Policy.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"This setting governs if a user is allowed to edit the communication emails in Teams Town Hall or Teams Webinar events.","Name":"AllowEmailEditing","Option":"Write","ValueMap":["Disabled","Enabled"],"Values":["Disabled","Enabled"]},{"CIMType":"Boolean","Description":"This setting governs access to the integrations tab in the event creation workflow.","Name":"AllowEventIntegrations","Option":"Write"},{"CIMType":"String","Description":"Determines if webinars are allowed by the policy or not.","Name":"AllowWebinars","Option":"Write","ValueMap":["Disabled","Enabled"],"Values":["Disabled","Enabled"]},{"CIMType":"String","Description":"This setting governs if a user can create town halls using Teams Events.","Name":"AllowTownhalls","Option":"Write","ValueMap":["Disabled","Enabled"],"Values":["Disabled","Enabled"]},{"CIMType":"String","Description":"This setting governs which users in a tenant can add which registration form questions to an event registration page for attendees to answer when registering for the event.","Name":"AllowedQuestionTypesInRegistrationForm","Option":"Write","ValueMap":["DefaultOnly","DefaultAndPredefinedOnly","AllQuestions"],"Values":["DefaultOnly","DefaultAndPredefinedOnly","AllQuestions"]},{"CIMType":"String","Description":"This setting describes how IT admins can control which types of Town Hall attendees can have their recordings published.","Name":"AllowedTownhallTypesForRecordingPublish","Option":"Write","ValueMap":["None","InviteOnly","EveryoneInCompanyIncludingGuests","Everyone"],"Values":["None","InviteOnly","EveryoneInCompanyIncludingGuests","Everyone"]},{"CIMType":"String","Description":"This setting describes how IT admins can control which types of webinar attendees can have their recordings published.","Name":"AllowedWebinarTypesForRecordingPublish","Option":"Write","ValueMap":["None","InviteOnly","EveryoneInCompanyIncludingGuests","Everyone"],"Values":["None","InviteOnly","EveryoneInCompanyIncludingGuests","Everyone"]},{"CIMType":"String","Description":"This setting will enable Tenant Admins to specify if an organizer of a Teams Premium town hall may add an app that is accessible by everyone, including attendees, in a broadcast style Event including a Town hall.","Name":"BroadcastPremiumApps","Option":"Write","ValueMap":["Enabled","Disabled"],"Values":["Enabled","Disabled"]},{"CIMType":"String","Description":"This setting governs if a user can create Immersive Events using Teams Events.","Name":"ImmersiveEvents","Option":"Write","ValueMap":["Enabled","Disabled"],"Values":["Enabled","Disabled"]},{"CIMType":"String","Description":"Determines whether recording is allowed in a user's townhall.","Name":"RecordingForTownhall","Option":"Write","ValueMap":["Enabled","Disabled"],"Values":["Enabled","Disabled"]},{"CIMType":"String","Description":"Determines whether recording is allowed in a user's webinar.","Name":"RecordingForWebinar","Option":"Write","ValueMap":["Enabled","Disabled"],"Values":["Enabled","Disabled"]},{"CIMType":"String","Description":"This setting governs what identity types may attend a Town hall that is scheduled by a particular person or group that is assigned this policy.","Name":"TownhallEventAttendeeAccess","Option":"Write","ValueMap":["Everyone","EveryoneInOrganizationAndGuests"],"Values":["Everyone","EveryoneInOrganizationAndGuests"]},{"CIMType":"String","Description":"Determines whether transcriptions are allowed in a user's townhall.","Name":"TranscriptionForTownhall","Option":"Write","ValueMap":["Enabled","Disabled"],"Values":["Enabled","Disabled"]},{"CIMType":"String","Description":"Determines whether transcriptions are allowed in a user's webinar.","Name":"TranscriptionForWebinar","Option":"Write","ValueMap":["Enabled","Disabled"],"Values":["Enabled","Disabled"]},{"CIMType":"String","Description":"Defines who is allowed to join the event.","Name":"EventAccessType","Option":"Write","ValueMap":["Everyone","EveryoneInCompanyExcludingGuests"],"Values":["Everyone","EveryoneInCompanyExcludingGuests"]},{"CIMType":"String","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"String","Description":"This setting governs whether the user can enable the Comment Stream chat experience for Town Halls.","Name":"TownhallChatExperience","Option":"Write","ValueMap":["Optimized","None"],"Values":["Optimized","None"]},{"CIMType":"Boolean","Description":"This setting governs whether the global admin disables this property and prevents the organizers from creating town halls that use Microsoft eCDN even though they have been assigned a Teams Premium license.","Name":"UseMicrosoftECDN","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Credentials of the Teams Global Admin.","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Name of the Azure Active Directory tenant used for authentication. Format contoso.onmicrosoft.com","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures the Teams Events Policies."},{"ClassName":"MSFT_TeamsFederationConfiguration","Parameters":[{"CIMType":"String","Description":"Only valid value is 'Yes'.","Name":"IsSingleInstance","Option":"Key","ValueMap":["Yes"],"Values":["Yes"]},{"CIMType":"Boolean","Description":"When set to True users will be potentially allowed to communicate with users from other domains.","Name":"AllowFederatedUsers","Option":"Write"},{"CIMType":"String[]","Description":"List of federated domains to allow.","Name":"AllowedDomains","Option":"Write"},{"CIMType":"String[]","Description":"List of federated domains to block.","Name":"BlockedDomains","Option":"Write"},{"CIMType":"Boolean","Description":"Allows federation with people using Teams with an account that's not managed by an organization.","Name":"AllowTeamsConsumer","Option":"Write"},{"CIMType":"Boolean","Description":"Allows people using Teams with an account that's not managed by an organization, to discover and start communication with users in your organization.","Name":"AllowTeamsConsumerInbound","Option":"Write"},{"CIMType":"String","Description":"When set to 'Enabled', security operations team will be able to add domains to the blocklist on security portal. When set to 'Disabled', security operations team will not have permissions to update the domains blocklist.","Name":"DomainBlockingForMDOAdminsInTeams","Option":"Write","ValueMap":["Disabled","Enabled"],"Values":["Disabled","Enabled"]},{"CIMType":"String","Description":"When set to Blocked, all external access with users from Teams subscriptions that contain only trial licenses will be blocked. This means users from these trial-only tenants will not be able to reach to your users via chats, Teams calls, and meetings (using the users authenticated identity) and your users will not be able to reach users in these trial-only tenants. If this setting is set to Blocked, users from the trial-only tenant will also be removed from existing chats.","Name":"ExternalAccessWithTrialTenants","Option":"Write","ValueMap":["Allowed","Blocked"],"Values":["Allowed","Blocked"]},{"CIMType":"Boolean","Description":"When set to True, messages sent from discovered partners are considered unverified. That means that those messages will be delivered only if they were sent from a person who is on the recipient's Contacts list.","Name":"TreatDiscoveredPartnersAsUnverified","Option":"Write"},{"CIMType":"Boolean","Description":"When set to True, indicates that the users homed on Skype for Business Online use the same SIP domain as users homed on the on-premises version of Skype for Business Server.","Name":"SharedSipAddressSpace","Option":"Write"},{"CIMType":"Boolean","Description":"When set to True, Teamsconsumer have access only to external user profiles","Name":"RestrictTeamsConsumerToExternalUserProfiles","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Credentials of the Teams Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Name of the Azure Active Directory tenant used for authentication. Format contoso.onmicrosoft.com","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource is used to configure the Teams Federation Configuration (CsTenantFederationConfiguration).\nIn the Teams admin center this is available in 'External access' in the Users section.\n\nMore information: <https://docs.microsoft.com/en-us/microsoftteams/manage-external-access/>"},{"ClassName":"MSFT_TeamsFeedbackPolicy","Parameters":[{"CIMType":"String","Description":"Specify the name of the Teams Feedback Policy.","Name":"Identity","Option":"Key"},{"CIMType":"String","Description":"Specifies if users are allowed to give feedback.","Name":"UserInitiatedMode","Option":"Write"},{"CIMType":"String","Description":"Specifies if users are allowed to receive the survey.","Name":"ReceiveSurveysMode","Option":"Write","ValueMap":["Enabled","Disabled","EnabledUserOverride"],"Values":["Enabled","Disabled","EnabledUserOverride"]},{"CIMType":"Boolean","Description":"Specifies if Screenshot Collection is enabled or not.","Name":"AllowScreenshotCollection","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies if Email Collection is enabled or not.","Name":"AllowEmailCollection","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies if Log Collection is enabled or not.","Name":"AllowLogCollection","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies if users are allowed to provide feature suggestions","Name":"EnableFeatureSuggestions","Option":"Write"},{"CIMType":"string","Description":"Present ensures the instance exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures a Teams Feedback Policy."},{"ClassName":"MSFT_TeamsFilesPolicy","Parameters":[{"CIMType":"String","Description":"Specifies the policy instance name","Name":"Identity","Option":"Key"},{"CIMType":"String","Description":"Indicates if file sharing in chats with external users is enabled. It is by default enabled, to disable admins can run following command.","Name":"FileSharingInChatswithExternalUsers","Option":"Write","ValueMap":["Enabled","Disabled"],"Values":["Enabled","Disabled"]},{"CIMType":"String","Description":"Specifies whether users see the options to upload files from OneDrive for Business, other cloud storage services configured for the user account, and SharePoint Online","Name":"NativeFileEntryPoints","Option":"Write","ValueMap":["Enabled","Disabled"],"Values":["Enabled","Disabled"]},{"CIMType":"String","Description":"Specifies whether users see the Teams Files channel tab in any channel or in Teams chat.","Name":"SPChannelFilesTab","Option":"Write","ValueMap":["Enabled","Disabled"],"Values":["Enabled","Disabled"]},{"CIMType":"String","Description":"This can be used by the 3p apps to configure their app, so when the files will be dragged and dropped in compose, it will get uploaded in that 3P app.","Name":"DefaultFileUploadAppId","Option":"Write"},{"CIMType":"string","Description":"Present ensures the instance exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures a Teams Files Policy."},{"ClassName":"MSFT_TeamsGroupPolicyAssignment","Parameters":[{"CIMType":"string","Description":"Group Displayname of the group the policies are assigned to","Name":"GroupDisplayName","Option":"Key"},{"CIMType":"String","Description":"GroupId, alternatively to Group Displayname","Name":"GroupId","Option":"Write"},{"CIMType":"String","Description":"Teams PolicyType. The type of the policy to be assigned. Possible values:","Name":"PolicyType","Option":"Key","ValueMap":["ApplicationAccessPolicy","CallingLineIdentity","OnlineAudioConferencingRoutingPolicy","OnlineVoicemailPolicy","OnlineVoiceRoutingPolicy","TeamsAudioConferencingPolicy","TeamsCallHoldPolicy","TeamsCallParkPolicy","TeamsChannelsPolicy","TeamsComplianceRecordingPolicy","TeamsCortanaPolicy","TeamsEmergencyCallingPolicy","TeamsEnhancedEncryptionPolicy","TeamsFeedbackPolicy","TeamsFilesPolicy","TeamsIPPhonePolicy","TeamsMediaLoggingPolicy","TeamsMeetingBroadcastPolicy","TeamsMeetingPolicy","TeamsMessagingPolicy","TeamsMobilityPolicy","TeamsRoomVideoTeleConferencingPolicy","TeamsShiftsPolicy","TeamsUpdateManagementPolicy","TeamsVdiPolicy","TeamsVideoInteropServicePolicy","TenantDialPlan","ExternalAccessPolicy","TeamsAppSetupPolicy","TeamsCallingPolicy","TeamsEventsPolicy","TeamsMeetingBrandingPolicy","TeamsMeetingTemplatePermissionPolicy","TeamsVerticalPackagePolicy"],"Values":["ApplicationAccessPolicy","CallingLineIdentity","OnlineAudioConferencingRoutingPolicy","OnlineVoicemailPolicy","OnlineVoiceRoutingPolicy","TeamsAudioConferencingPolicy","TeamsCallHoldPolicy","TeamsCallParkPolicy","TeamsChannelsPolicy","TeamsComplianceRecordingPolicy","TeamsCortanaPolicy","TeamsEmergencyCallingPolicy","TeamsEnhancedEncryptionPolicy","TeamsFeedbackPolicy","TeamsFilesPolicy","TeamsIPPhonePolicy","TeamsMediaLoggingPolicy","TeamsMeetingBroadcastPolicy","TeamsMeetingPolicy","TeamsMessagingPolicy","TeamsMobilityPolicy","TeamsRoomVideoTeleConferencingPolicy","TeamsShiftsPolicy","TeamsUpdateManagementPolicy","TeamsVdiPolicy","TeamsVideoInteropServicePolicy","TenantDialPlan","ExternalAccessPolicy","TeamsAppSetupPolicy","TeamsCallingPolicy","TeamsEventsPolicy","TeamsMeetingBrandingPolicy","TeamsMeetingTemplatePermissionPolicy","TeamsVerticalPackagePolicy"]},{"CIMType":"string","Description":"Teams PolicyName. The name of the policy to be assigned.","Name":"PolicyName","Option":"Write"},{"CIMType":"string","Description":"Teams Priority. The rank of the policy assignment, relative to other group policy assignments for the same policy type","Name":"Priority","Option":"Write"},{"CIMType":"String","Description":"Present ensures the group policy assignment exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Teams Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource is used to assign Teams policy to a specified group"},{"ClassName":"MSFT_TeamsGuestCallingConfiguration","Parameters":[{"CIMType":"String","Description":"Only valid value is 'Yes'.","Name":"IsSingleInstance","Option":"Key","ValueMap":["Yes"],"Values":["Yes"]},{"CIMType":"Boolean","Description":"Designates whether guests who have been enabled for Teams can use calling functionality. If $false, guests cannot call.","Name":"AllowPrivateCalling","Option":"Required"},{"CIMType":"MSFT_Credential","Description":"Credentials of the Teams Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Name of the Azure Active Directory tenant used for authentication. Format contoso.onmicrosoft.com","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource is used to configure the Teams guest calling configuration.\n\nMore information: <https://docs.microsoft.com/en-us/microsoftteams/set-up-guests/>"},{"ClassName":"MSFT_TeamsGuestMeetingConfiguration","Parameters":[{"CIMType":"String","Description":"Only valid value is 'Yes'.","Name":"IsSingleInstance","Option":"Key","ValueMap":["Yes"],"Values":["Yes"]},{"CIMType":"boolean","Description":"Determines whether video is enabled in a user's meetings or calls. Set this to TRUE to allow guests to share their video. Set this to FALSE to prohibit guests from sharing their video.","Name":"AllowIPVideo","Option":"Write"},{"CIMType":"string","Description":"Determines whether real-time captions are available for guests in Teams meetings.","Name":"LiveCaptionsEnabledType","Option":"Write","ValueMap":["Disabled","DisabledUserOverride"],"Values":["Disabled","DisabledUserOverride"]},{"CIMType":"string","Description":"Determines the mode in which guests can share a screen in calls or meetings. Set this to SingleApplication to allow the user to share an application at a given point in time. Set this to EntireScreen to allow the user to share anything on their screens. Set this to Disabled to prohibit the user from sharing their screens.","Name":"ScreenSharingMode","Option":"Write","ValueMap":["Disabled","EntireScreen","SingleApplication"],"Values":["Disabled","EntireScreen","SingleApplication"]},{"CIMType":"boolean","Description":"Determines whether guests can start ad-hoc meetings. Set this to TRUE to allow guests to start ad-hoc meetings. Set this to FALSE to prohibit guests from starting ad-hoc meetings.","Name":"AllowMeetNow","Option":"Write"},{"CIMType":"boolean","Description":"Determines whether guests can enable post-meeting captions and transcriptions in meetings. Set this to TRUE to allow. Set this to FALSE to prohibit.","Name":"AllowTranscription","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Credentials of the Teams Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Name of the Azure Active Directory tenant used for authentication. Format contoso.onmicrosoft.com","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource is used to configure the Teams Guest Meetings Configuration.\n\nMore information: <https://docs.microsoft.com/en-us/microsoftteams/set-up-guests/>"},{"ClassName":"MSFT_TeamsGuestMessagingConfiguration","Parameters":[{"CIMType":"String","Description":"Only valid value is 'Yes'.","Name":"IsSingleInstance","Option":"Key","ValueMap":["Yes"],"Values":["Yes"]},{"CIMType":"Boolean","Description":"Determines if a user is allowed to edit their own messages.","Name":"AllowUserEditMessage","Option":"Write"},{"CIMType":"Boolean","Description":"Determines if a user is allowed to delete their own messages.","Name":"AllowUserDeleteMessage","Option":"Write"},{"CIMType":"Boolean","Description":"Determines if a user is allowed to chat.","Name":"AllowUserChat","Option":"Write"},{"CIMType":"Boolean","Description":"Turn this setting on to allow users to permanently delete their one-on-one chat, group chat, and meeting chat as participants (this deletes the chat only for them, not other users in the chat).","Name":"AllowUserDeleteChat","Option":"Write"},{"CIMType":"String","Description":"Determines Giphy content restrictions. Default value is Moderate, other options are Strict and NoRestriction.","Name":"GiphyRatingType","Option":"Write","ValueMap":["Moderate","Strict","NoRestriction"],"Values":["Moderate","Strict","NoRestriction"]},{"CIMType":"Boolean","Description":"Determines if memes are available for use.","Name":"AllowMemes","Option":"Write"},{"CIMType":"Boolean","Description":"Determines if stickers are available for use.","Name":"AllowStickers","Option":"Write"},{"CIMType":"Boolean","Description":"Determines if Giphy are available for use.","Name":"AllowGiphy","Option":"Write"},{"CIMType":"Boolean","Description":"Determines if Immersive Reader is enabled.","Name":"AllowImmersiveReader","Option":"Write"},{"CIMType":"Boolean","Description":"Determines whether a user is allowed to delete messages sent by bots. Set this to TRUE to allow. Set this to FALSE to prohibit.","Name":"UsersCanDeleteBotMessages","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Credentials of the Teams Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Name of the Azure Active Directory tenant used for authentication. Format contoso.onmicrosoft.com","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource is used to configure the Teams Guest Messaging Configuration.\n\nMore information: <https://docs.microsoft.com/en-us/microsoftteams/set-up-guests/>"},{"ClassName":"MSFT_TeamsIPPhonePolicy","Parameters":[{"CIMType":"String","Description":"Specifies the policy instance name","Name":"Identity","Option":"Key"},{"CIMType":"String","Description":"Determines whether Better Together mode is enabled, phones can lock and unlock in an integrated fashion when connected to their Windows PC running a 64-bit Teams desktop client.","Name":"AllowBetterTogether","Option":"Write","ValueMap":["Enabled","Disabled"],"Values":["Enabled","Disabled"]},{"CIMType":"String","Description":"Determines whether the Home Screen feature of the Teams IP Phones is enabled.","Name":"AllowHomeScreen","Option":"Write","ValueMap":["Enabled","EnabledUserOverride","Disabled"],"Values":["Enabled","EnabledUserOverride","Disabled"]},{"CIMType":"Boolean","Description":"Determines whether hot desking mode is enabled.","Name":"AllowHotDesking","Option":"Write"},{"CIMType":"String","Description":"Specifies the description of the policy","Name":"Description","Option":"Write"},{"CIMType":"UInt64","Description":"Determines the idle timeout value in minutes for the signed in user account. When the timeout is reached, the account is logged out.","Name":"HotDeskingIdleTimeoutInMinutes","Option":"Write"},{"CIMType":"String","Description":"Determines whether a user can search the Global Address List in Common Area Phone Mode.","Name":"SearchOnCommonAreaPhoneMode","Option":"Write","ValueMap":["Enabled","Disabled"],"Values":["Enabled","Disabled"]},{"CIMType":"String","Description":"Determines the sign in mode for the device when signing in to Teams.","Name":"SignInMode","Option":"Write","ValueMap":["UserSignIn","CommonAreaPhoneSignIn","MeetingSignIn"],"Values":["UserSignIn","CommonAreaPhoneSignIn","MeetingSignIn"]},{"CIMType":"string","Description":"Present ensures the instance exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures a Teams IP Phone Policy."},{"ClassName":"MSFT_TeamsM365App","Parameters":[{"CIMType":"String","Description":"Application ID of Microsoft Teams app.","Name":"Id","Option":"Key"},{"CIMType":"Boolean","Description":"The state of the app in the tenant.","Name":"IsBlocked","Option":"Write"},{"CIMType":"String","Description":"App availability type.","Name":"AssignmentType","Option":"Write","ValueMap":["Everyone","UsersAndGroups","NoOne"],"Values":["Everyone","UsersAndGroups","NoOne"]},{"CIMType":"String[]","Description":"List of all the users for whom the app is enabled or disabled.","Name":"Users","Option":"Write"},{"CIMType":"String[]","Description":"List of all the groups for whom the app is enabled or disabled.","Name":"Groups","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource manages Teams app. This includes app state, app availability, user who updated app availability, and the associated timestamp."},{"ClassName":"MSFT_TeamsMeetingBroadcastConfiguration","Parameters":[{"CIMType":"String","Description":"Only valid value is 'Yes'.","Name":"IsSingleInstance","Option":"Key","ValueMap":["Yes"],"Values":["Yes"]},{"CIMType":"String","Description":"Specifies a URL where broadcast event attendees can find support information or FAQs specific to that event. The URL will be displayed to the attendees during the broadcast.","Name":"SupportURL","Option":"Write"},{"CIMType":"Boolean","Description":"If set to $true, Teams meeting broadcast streams are enabled to take advantage of the network and bandwidth management capabilities of your Software Defined Network (SDN) provider.","Name":"AllowSdnProviderForBroadcastMeeting","Option":"Write"},{"CIMType":"String","Description":"Specifies the Software Defined Network (SDN) provider's name. This parameter is only required if AllowSdnProviderForBroadcastMeeting is set to $true.","Name":"SdnProviderName","Option":"Write"},{"CIMType":"String","Description":"Specifies the Software Defined Network (SDN) license identifier. This is required and provided by some SDN providers. This parameter is only required if AllowSdnProviderForBroadcastMeeting is set to $true.","Name":"SdnLicenseId","Option":"Write"},{"CIMType":"String","Description":"Specifies the Software Defined Network (SDN) provider's HTTP API endpoint. This information is provided to you by the SDN provider. This parameter is only required if AllowSdnProviderForBroadcastMeeting is set to $true.","Name":"SdnApiTemplateUrl","Option":"Write"},{"CIMType":"String","Description":"Specifies the Software Defined Network (SDN) provider's authentication token which is required to use their SDN license. This is required by some SDN providers who will give you the required token. This parameter is only required if AllowSdnProviderForBroadcastMeeting is set to $true.","Name":"SdnApiToken","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Credentials of the Teams Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Name of the Azure Active Directory tenant used for authentication. Format contoso.onmicrosoft.com","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource is used to configure the Teams Meeting Broadcast Settings.\n\nMore information: <https://docs.microsoft.com/en-us/microsoftteams/teams-live-events/configure-teams-live-events/>"},{"ClassName":"MSFT_TeamsMeetingBroadcastPolicy","Parameters":[{"CIMType":"string","Description":"The identifier of the Teams Meeting Broadcast Policy.","Name":"Identity","Option":"Key"},{"CIMType":"Boolean","Description":"Specifies whether this user can create broadcast events in Teams. This setting impacts broadcasts that use both self-service and external encoder production methods.","Name":"AllowBroadcastScheduling","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies whether real-time transcription and translation can be enabled in the broadcast event. Note: this setting is applicable to broadcast events that use Teams Meeting production only and does not apply when external encoder is used as production method.","Name":"AllowBroadcastTranscription","Option":"Write"},{"CIMType":"String","Description":"Specifies the attendee visibility mode of the broadcast events created by this user.  This setting controls who can watch the broadcast event - e.g. anyone can watch this event including anonymous users or only authenticated users in my company can watch the event.  Note: this setting is applicable to broadcast events that use Teams Meeting production only and does not apply when external encoder is used as production method.","Name":"BroadcastAttendeeVisibilityMode","Option":"Write","ValueMap":["Everyone","EveryoneInCompany","InvitedUsersInCompany","EveryoneInCompanyAndExternal","InvitedUsersInCompanyAndExternal"],"Values":["Everyone","EveryoneInCompany","InvitedUsersInCompany","EveryoneInCompanyAndExternal","InvitedUsersInCompanyAndExternal"]},{"CIMType":"String","Description":"Specifies whether broadcast events created by this user are always recorded, never recorded or user can choose whether to record or not. Note: this setting is applicable to broadcast events that use Teams Meeting production only and does not apply when external encoder is used as production method.","Name":"BroadcastRecordingMode","Option":"Write","ValueMap":["AlwaysEnabled","AlwaysDisabled","UserOverride"],"Values":["AlwaysEnabled","AlwaysDisabled","UserOverride"]},{"CIMType":"String","Description":"Present ensures the Policy exists, absent ensures it is removed","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Teams Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Name of the Azure Active Directory tenant used for authentication. Format contoso.onmicrosoft.com","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource is used to configure the Teams Meeting Broadcast Policies.\n\nMore information: <https://docs.microsoft.com/en-us/microsoftteams/teams-live-events/set-up-for-teams-live-events/>"},{"ClassName":"MSFT_TeamsMeetingConfiguration","Parameters":[{"CIMType":"String","Description":"Only valid value is 'Yes'.","Name":"IsSingleInstance","Option":"Key","ValueMap":["Yes"],"Values":["Yes"]},{"CIMType":"String","Description":"URL to a logo image. This would be included in the meeting invite. Please ensure this URL is publicly accessible for invites that go beyond your federation boundaries.","Name":"LogoURL","Option":"Write"},{"CIMType":"String","Description":"URL to a website containing legal information and meeting disclaimers. This would be included in the meeting invite. Please ensure this URL is publicly accessible for invites that go beyond your federation boundaries.","Name":"LegalURL","Option":"Write"},{"CIMType":"String","Description":"URL to a website where users can obtain assistance on joining the meeting.This would be included in the meeting invite. Please ensure this URL is publicly accessible for invites that go beyond your federation boundaries.","Name":"HelpURL","Option":"Write"},{"CIMType":"String","Description":"Text to be used on custom meeting invitations.","Name":"CustomFooterText","Option":"Write"},{"CIMType":"Boolean","Description":"Determines whether anonymous users are blocked from joining meetings in the tenant. Set this to TRUE to block anonymous users from joining. Set this to FALSE to allow anonymous users to join meetings.","Name":"DisableAnonymousJoin","Option":"Write"},{"CIMType":"Boolean","Description":"Determines if anonymous users can interact with apps in meetings. Set to TRUE to disable App interaction. ","Name":"DisableAppInteractionForAnonymousUsers","Option":"Write"},{"CIMType":"Boolean","Description":"Determines whether Quality of Service Marking for real-time media (audio, video, screen/app sharing) is enabled in the tenant. Set this to TRUE to enable and FALSE to disable.","Name":"EnableQoS","Option":"Write"},{"CIMType":"String","Description":"Determines if anonymous participants receive surveys to provide feedback about their meeting experience. Set to Disabled to disable anonymous meeting participants to receive surveys. Set to Enabled to allow anonymous meeting participants to receive surveys. Possible values: Enabled, Disabled","Name":"FeedbackSurveyForAnonymousUsers","Option":"Write","ValueMap":["Disabled","Enabled"],"Values":["Disabled","Enabled"]},{"CIMType":"Boolean","Description":"When set to True, users within the Tenant will have their presenter role capabilities limited. When set to False, the presenter role capabilities will not be impacted and will remain as is.","Name":"LimitPresenterRolePermissions","Option":"Write"},{"CIMType":"UInt32","Description":"Determines the starting port number for client audio. Minimum allowed value: 1024 Maximum allowed value: 65535 Default value: 50000.","Name":"ClientAudioPort","Option":"Write"},{"CIMType":"UInt32","Description":"Determines the total number of ports available for client audio. Default value is 20.","Name":"ClientAudioPortRange","Option":"Write"},{"CIMType":"UInt32","Description":"Determines the starting port number for client video. Minimum allowed value: 1024 Maximum allowed value: 65535 Default value: 50020.","Name":"ClientVideoPort","Option":"Write"},{"CIMType":"UInt32","Description":"Determines the total number of ports available for client video. Default value is 20.","Name":"ClientVideoPortRange","Option":"Write"},{"CIMType":"UInt32","Description":"Determines the starting port number for client screen sharing or application sharing. Minimum allowed value: 1024 Maximum allowed value: 65535 Default value: 50040.","Name":"ClientAppSharingPort","Option":"Write"},{"CIMType":"Boolean","Description":"Determines whether custom media port and range selections need to be enforced. When set to True, clients will use the specified port range for media traffic. When set to False (the default value) for any available port (from port 1024 through port 65535) will be used to accommodate media traffic.","Name":"ClientMediaPortRangeEnabled","Option":"Write"},{"CIMType":"UInt32","Description":"Determines the total number of ports available for client sharing or application sharing. Default value is 20.","Name":"ClientAppSharingPortRange","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Credentials of the Teams Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Name of the Azure Active Directory tenant used for authentication. Format contoso.onmicrosoft.com","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource is used to configure the Teams Meeting Configuration.\n\nMore information: <https://docs.microsoft.com/en-us/microsoftteams/meeting-settings-in-teams/>"},{"ClassName":"MSFT_TeamsMeetingPolicy","Parameters":[{"CIMType":"String","Description":"Identity of the Teams Meeting Policy.","Name":"Identity","Option":"Key"},{"CIMType":"String","Description":"Description of the Teams Meeting Policy.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Enables the user to use the AI Interpreter related features. Possible values: Disabled, Enabled","Name":"AIInterpreter","Option":"Write","ValueMap":["Disabled","Enabled"],"Values":["Disabled","Enabled"]},{"CIMType":"Boolean","Description":"Determines whether a user can use the Annotation feature","Name":"AllowAnnotations","Option":"Write"},{"CIMType":"Boolean","Description":"CURRENTLY DISABLED: Determines whether anonymous users can use the Call Me At feature for meeting audio.","Name":"AllowAnonymousUsersToDialOut","Option":"Write"},{"CIMType":"Boolean","Description":"Determines whether anonymous users can join the meetings that impacted users organize. Set this to TRUE to allow anonymous users to join a meeting. Set this to FALSE to prohibit them from joining a meeting.","Name":"AllowAnonymousUsersToJoinMeeting","Option":"Write"},{"CIMType":"Boolean","Description":"Determines whether anonymous users can initiate a meeting. Set this to TRUE to allow anonymous users to initiate a meeting. Set this to FALSE to prohibit them from initiating a meeting.","Name":"AllowAnonymousUsersToStartMeeting","Option":"Write"},{"CIMType":"Boolean","Description":"If admins disable avatars in 2D meetings, then users cannot represent themselves as avatars in the Gallery view. This does not disable avatars in Immersive view.","Name":"AllowAvatarsInGallery","Option":"Write"},{"CIMType":"Boolean","Description":"Determines whether or not meetings created by users with this policy are able to utilize the Breakout Rooms feature.","Name":"AllowBreakoutRooms","Option":"Write"},{"CIMType":"String","Description":"Determines whether a user can add a URL for captions from a Communications Access Real-Time Translation (CART) captioner for providing real-time captions in meetings.","Name":"AllowCartCaptionsScheduling","Option":"Write","ValueMap":["EnabledUserOverride","DisabledUserOverride","Disabled"],"Values":["EnabledUserOverride","DisabledUserOverride","Disabled"]},{"CIMType":"Boolean","Description":"Determines whether a user can schedule channel meetings. Set this to TRUE to allow a user to schedule channel meetings. Set this to FALSE to prohibit the user from scheduling channel meetings. Note this only restricts from scheduling and not from joining a meeting scheduled by another user.","Name":"AllowChannelMeetingScheduling","Option":"Write"},{"CIMType":"Boolean","Description":"Determines whether cloud recording is allowed in a user's meetings. Set this to TRUE to allow the user to be able to record meetings. Set this to FALSE to prohibit the user from recording meetings.","Name":"AllowCloudRecording","Option":"Write"},{"CIMType":"String","Description":"This setting will allow admins to choose which users will be able to use the Document Collaboration feature.","Name":"AllowDocumentCollaboration","Option":"Write","ValueMap":["Enabled","Disabled"],"Values":["Enabled","Disabled"]},{"CIMType":"String","Description":"Enables the use of RTMP-In in Teams meetings.","Name":"AllowedStreamingMediaInput","Option":"Write"},{"CIMType":"String","Description":"Controls which users should have ability to see the meeting info details on join screen. 'None' option should disable the feature completely. Possible Values: UsersAllowedToByPassTheLobby: Users who are able to bypass lobby can see the meeting info details. Everyone: All meeting participants can see the meeting info details.","Name":"AllowedUsersForMeetingDetails","Option":"Write","ValueMap":["Everyone","UsersAllowedToByPassTheLobby"],"Values":["Everyone","UsersAllowedToByPassTheLobby"]},{"CIMType":"String","Description":"Determines whether or not a meeting Organizer can track join and leave times for all users within their meetings as well as download a roster.","Name":"AllowEngagementReport","Option":"Write","ValueMap":["Enabled","Disabled","ForceEnabled"],"Values":["Enabled","Disabled","ForceEnabled"]},{"CIMType":"Boolean","Description":"Determines whether external participants can request or give control of screen sharing during meetings scheduled by this user. Set this to TRUE to allow the user to be able to give or request control. Set this to FALSE to prohibit an external user from giving or requesting control in a meeting.","Name":"AllowExternalParticipantGiveRequestControl","Option":"Write"},{"CIMType":"Boolean","Description":"If admins have disabled avatars, this does not disable using avatars in Immersive view on Teams desktop or web. Additionally, it does not prevent users from joining the Teams meeting on VR headsets.","Name":"AllowImmersiveView","Option":"Write"},{"CIMType":"Boolean","Description":"Determines whether audio is enabled in a user's meetings or calls. Set this to TRUE to allow the user to share their audioo. Set this to FALSE to prohibit the user from sharing their audio.","Name":"AllowIPAudio","Option":"Write"},{"CIMType":"Boolean","Description":"Determines whether video is enabled in a user's meetings or calls. Set this to TRUE to allow the user to share their video. Set this to FALSE to prohibit the user from sharing their video.","Name":"AllowIPVideo","Option":"Write"},{"CIMType":"Boolean","Description":"This setting will allow admins to allow users the option of turning on Meeting Coach during meetings, which provides users with private personalized feedback on their communication and inclusivity.","Name":"AllowMeetingCoach","Option":"Write"},{"CIMType":"Boolean","Description":"Determines whether or not meetings created by users with this policy are able to utilize the Meeting Reactions feature.","Name":"AllowMeetingReactions","Option":"Write"},{"CIMType":"Boolean","Description":"Controls if a user can create a webinar meeting. The default value is True.","Name":"AllowMeetingRegistration","Option":"Write"},{"CIMType":"Boolean","Description":"Determines whether a user can start ad-hoc meetings. Set this to TRUE to allow a user to start ad-hoc meetings. Set this to FALSE to prohibit the user from starting ad-hoc meetings.","Name":"AllowMeetNow","Option":"Write"},{"CIMType":"Boolean","Description":"Determines whether a user is able to use NDI (Network Device Interface) in meetings - both for output and input streams.","Name":"AllowNDIStreaming","Option":"Write"},{"CIMType":"Boolean","Description":"Determines whether network configuration setting lookups can be made by users who are not Enterprise Voice enabled. It is used to enable Network Roaming policies.","Name":"AllowNetworkConfigurationSettingsLookup","Option":"Write"},{"CIMType":"Boolean","Description":"Determines whether organizers can override lobby settings for both VOIP and PSTN. Set this to TRUE to allow. Set this to FALSE to prohibit.","Name":"AllowOrganizersToOverrideLobbySettings","Option":"Write"},{"CIMType":"Boolean","Description":"Determines whether a user can schedule Teams Meetings in Outlook desktop client. Set this to TRUE to allow the user to be able to schedule Teams meetings in Outlook client. Set this to FALSE to prohibit a user from scheduling Teams meeting in Outlook client.","Name":"AllowOutlookAddIn","Option":"Write"},{"CIMType":"Boolean","Description":"Determines whether participants can request or give control of screen sharing during meetings scheduled by this user. Set this to TRUE to allow the user to be able to give or request control. Set this to FALSE to prohibit the user from giving, requesting control in a meeting.","Name":"AllowParticipantGiveRequestControl","Option":"Write"},{"CIMType":"Boolean","Description":"Determines whether Powerpoint sharing is allowed in a user's meetings. Set this to TRUE to allow. Set this to FALSE to prohibit.","Name":"AllowPowerPointSharing","Option":"Write"},{"CIMType":"Boolean","Description":"Determines whether a user can schedule private meetings. Note this only restricts from scheduling and not from joining a meeting scheduled by another user. Set this to TRUE to allow a user to schedule private meetings. Set this to FALSE to prohibit the user from scheduling private meetings. Note this only restricts from scheduling and not from joining a meeting scheduled by another user.","Name":"AllowPrivateMeetingScheduling","Option":"Write"},{"CIMType":"Boolean","Description":"Determines whether a user can start private ad-hoc meetings. Set this to TRUE to allow a user to start private ad-hoc meetings. Set this to FALSE to prohibit the user from starting private ad-hoc meetings.","Name":"AllowPrivateMeetNow","Option":"Write"},{"CIMType":"Boolean","Description":"Determines whether PSTN users should be automatically admitted to the meetings. Set this to TRUE to allow the PSTN user to be able bypass the meetinglobby. Set this to FALSE to prohibit the PSTN user from bypassing the meetinglobby.","Name":"AllowPSTNUsersToBypassLobby","Option":"Write"},{"CIMType":"Boolean","Description":"Determines whether cloud recording can be stored out of region for go-local tenants where recording is not yet enabled.","Name":"AllowRecordingStorageOutsideRegion","Option":"Write"},{"CIMType":"Boolean","Description":"Determines whether users are allowed to take shared notes. Set this to TRUE to allow. Set this to FALSE to prohibit.","Name":"AllowSharedNotes","Option":"Write"},{"CIMType":"String","Description":"This policy setting allows for the extraction of AI-Assisted Action Items/Tasks from the Meeting Transcript.","Name":"AllowTasksFromTranscript","Option":"Write","ValueMap":["Disabled","Enabled"],"Values":["Disabled","Enabled"]},{"CIMType":"Boolean","Description":"Determines whether real-time and/or post-meeting captions and transcriptions are allowed in a user's meetings. Set this to TRUE to allow. Set this to FALSE to prohibit.","Name":"AllowTranscription","Option":"Write"},{"CIMType":"String","Description":"Determines what types of external meetings users can join. Enabled is able join all external meetings.","Name":"AllowUserToJoinExternalMeeting","Option":"Write","ValueMap":["Enabled","FederatedOnly","Disabled"],"Values":["Enabled","FederatedOnly","Disabled"]},{"CIMType":"Boolean","Description":"This setting allows scheduling meetings with customized watermarking for video enabled.","Name":"AllowWatermarkCustomizationForCameraVideo","Option":"Write"},{"CIMType":"Boolean","Description":"This setting allows scheduling meetings with customized watermarking for screen sharing enabled.","Name":"AllowWatermarkCustomizationForScreenSharing","Option":"Write"},{"CIMType":"Boolean","Description":"This setting allows scheduling meetings with watermarking for video enabled.","Name":"AllowWatermarkForCameraVideo","Option":"Write"},{"CIMType":"Boolean","Description":"This setting allows scheduling meetings with watermarking for screen sharing enabled.","Name":"AllowWatermarkForScreenSharing","Option":"Write"},{"CIMType":"Boolean","Description":"Determines whether whiteboard is allowed in a user's meetings. Set this to TRUE to allow. Set this to FALSE to prohibit.","Name":"AllowWhiteboard","Option":"Write"},{"CIMType":"String","Description":"Determines how anonymous users will be authenticated when joining a meeting. Possible values are: OneTimePasscode, if you would like anonymous users to be sent a one time passcode to their email when joining a meeting. None, if you would like to disable authentication for anonymous users joining a meeting","Name":"AnonymousUserAuthenticationMethod","Option":"Write","ValueMap":["None","OneTimePasscode"],"Values":["None","OneTimePasscode"]},{"CIMType":"String","Description":"This setting will allow admins to enable or disable Masked Attendee mode in Meetings. Masked Attendee meetings will hide attendees' identifying information (e.g., name, contact information, profile photo).","Name":"AttendeeIdentityMasking","Option":"Write","ValueMap":["Enabled","Disabled","DisabledUserOverride"],"Values":["Enabled","Disabled","DisabledUserOverride"]},{"CIMType":"String","Description":"The setting controls whether recording notification is played to all attendees or just PSTN users.","Name":"AudibleRecordingNotification","Option":"Write","ValueMap":["AllAttendees","PstnOnly"],"Values":["AllAttendees","PstnOnly"]},{"CIMType":"String","Description":"Determines what types of participants will automatically be added to meetings organized by this user. Set this to EveryoneInCompany if you would like meetings to place every external user in the lobby but allow all users in the company to join the meeting immediately. Set this to Everyone if you'd like to admit anonymous users by default. Set this to EveryoneInSameAndFederatedCompany if you would like meetings to allow federated users to join like your company's users, but place all other external users in a lobby. Set this to InvitedUsers if you would like meetings to allow only the invited users.","Name":"AutoAdmittedUsers","Option":"Write","ValueMap":["EveryoneInCompany","Everyone","EveryoneInSameAndFederatedCompany","OrganizerOnly","InvitedUsers","EveryoneInCompanyExcludingGuests"],"Values":["EveryoneInCompany","Everyone","EveryoneInSameAndFederatedCompany","OrganizerOnly","InvitedUsers","EveryoneInCompanyExcludingGuests"]},{"CIMType":"String","Description":"This setting gives admins the ability to auto-start Copilot.","Name":"AutomaticallyStartCopilot","Option":"Write","ValueMap":["Enabled","Disabled"],"Values":["Enabled","Disabled"]},{"CIMType":"String","Description":"This setting will enable Tenant Admins to turn on/off auto recording feature.","Name":"AutoRecording","Option":"Write","ValueMap":["Enabled","Disabled"],"Values":["Enabled","Disabled"]},{"CIMType":"String","Description":"A user can join a Teams meeting anonymously using a Teams client or using a custom application built using Azure Communication Services. When anonymous meeting join is enabled, both types of clients may be used by default. This optional parameter can be used to block one of the client types that can be used. The allowed values are ACS (to block the use of Azure Communication Services clients) or Teams (to block the use of Teams clients). Both can also be specified, separated by a comma, but this is equivalent to disabling anonymous join completely.","Name":"BlockedAnonymousJoinClientTypes","Option":"Write"},{"CIMType":"String","Description":"Require a verification check for meeting join.","Name":"CaptchaVerificationForMeetingJoin","Option":"Write"},{"CIMType":"String","Description":"Determines how channel meeting recordings are saved, permissioned, and who can download them.","Name":"ChannelRecordingDownload","Option":"Write","ValueMap":["Allow","Block"],"Values":["Allow","Block"]},{"CIMType":"String","Description":"Allows external connections of thirdparty apps to Microsoft Teams.","Name":"ConnectToMeetingControls","Option":"Write","ValueMap":["Enabled","Disabled"],"Values":["Enabled","Disabled"]},{"CIMType":"String","Description":"This policy allows admins to determine whether the user can share content in meetings organized by external organizations. The user should have a Teams Premium license to be protected under this policy.","Name":"ContentSharingInExternalMeetings","Option":"Write","ValueMap":["EnabledForAnyone","EnabledForTrustedOrgs","Disabled"],"Values":["EnabledForAnyone","EnabledForTrustedOrgs","Disabled"]},{"CIMType":"String","Description":"This setting allows the admin to choose whether Copilot will be enabled with a persisted transcript or a non-persisted transcript.","Name":"Copilot","Option":"Write","ValueMap":["Disabled","Enabled","EnabledWithTranscript","EnabledWithTranscriptDefaultOn"],"Values":["Disabled","Enabled","EnabledWithTranscript","EnabledWithTranscriptDefaultOn"]},{"CIMType":"Boolean","Description":"This parameter enables a setting that controls a meeting option which allows users to disable right-click or Ctrl+C to copy, Copy link, Forward message, and Share to Outlook for meeting chat messages.","Name":"CopyRestriction","Option":"Write"},{"CIMType":"String","Description":"Determines if users can change the default value of the Who can present? setting in Meeting options in the Teams client. This policy setting affects all meetings, including Meet Now meetings.","Name":"DesignatedPresenterRoleMode","Option":"Write","ValueMap":["OrganizerOnlyUserOverride","EveryoneInCompanyUserOverride","EveryoneUserOverride"],"Values":["OrganizerOnlyUserOverride","EveryoneInCompanyUserOverride","EveryoneUserOverride"]},{"CIMType":"Boolean","Description":"Allows the admin to enable sensitive content detection during screen share.","Name":"DetectSensitiveContentDuringScreenSharing","Option":"Write"},{"CIMType":"String","Description":"Determines whether or not users will be able to enroll/capture their Biometric data: Face & Voice.","Name":"EnrollUserOverride","Option":"Write","ValueMap":["Disabled","Enabled"],"Values":["Disabled","Enabled"]},{"CIMType":"String","Description":"This setting will enable Tenant Admins to turn on/off Explicit Recording Consent feature.","Name":"ExplicitRecordingConsent","Option":"Write","ValueMap":["Disabled","Enabled"],"Values":["Disabled","Enabled"]},{"CIMType":"String","Description":"Determines whether the user is allowed to join external meetings.","Name":"ExternalMeetingJoin","Option":"Write","ValueMap":["EnabledForAnyone","EnabledForTrustedOrgs","Disabled"],"Values":["EnabledForAnyone","EnabledForTrustedOrgs","Disabled"]},{"CIMType":"String","Description":"This policy controls what kind of information get shown for the user's attendance in attendance report/dashboard.","Name":"InfoShownInReportMode","Option":"Write"},{"CIMType":"String","Description":"Determines whether audio can be turned on in meetings and group calls.","Name":"IPAudioMode","Option":"Write","ValueMap":["EnabledOutgoingIncoming","Disabled"],"Values":["EnabledOutgoingIncoming","Disabled"]},{"CIMType":"String","Description":"Determines whether video can be turned on in meetings and group calls. Can only be enabled if IPAudioMode is enabled","Name":"IPVideoMode","Option":"Write","ValueMap":["EnabledOutgoingIncoming","Disabled"],"Values":["EnabledOutgoingIncoming","Disabled"]},{"CIMType":"String","Description":"Determines whether a user should have the option to view live captions or not in a meeting.","Name":"LiveCaptionsEnabledType","Option":"Write","ValueMap":["Disabled","DisabledUserOverride"],"Values":["Disabled","DisabledUserOverride"]},{"CIMType":"String","Description":"Determines how meeting organizers can configure a meeting for language interpretation, select attendees of the meeting to become interpreters that other attendees can select and listen to the real-time translation they provide.","Name":"LiveInterpretationEnabledType","Option":"Write"},{"CIMType":"String","Description":"Determines whether you provide support for your users to stream their Teams meetings to large audiences through Real-Time Messaging Protocol (RTMP).","Name":"LiveStreamingMode","Option":"Write","ValueMap":["Disabled","Enabled"],"Values":["Disabled","Enabled"]},{"CIMType":"String","Description":"Determines whether chat messages are allowed in the lobby. Possible values are: Enabled, Disabled","Name":"LobbyChat","Option":"Write","ValueMap":["Disabled","Enabled"],"Values":["Disabled","Enabled"]},{"CIMType":"UInt32","Description":"Determines the media bit rate for audio/video/app sharing transmissions in meetings.","Name":"MediaBitRateKb","Option":"Write"},{"CIMType":"String","Description":"Determines whether or not Chat will be enabled, enabled except anonymous or disabled for meetings.","Name":"MeetingChatEnabledType","Option":"Write","ValueMap":["Disabled","Enabled","EnabledExceptAnonymous"],"Values":["Disabled","Enabled","EnabledExceptAnonymous"]},{"CIMType":"String","Description":"Controls how the join information in meeting invitations is displayed by enforcing a common language or enabling up to two languages to be displayed. Note: All Teams supported languages can be specified using language codes.","Name":"MeetingInviteLanguages","Option":"Write"},{"CIMType":"SInt32","Description":"Specifies the number of days before meeting recordings will expire and move to the recycle bin. Value can be from 1 to 99,999 days. NOTE: You may opt to set Meeting Recordings to never expire by entering the value -1.","Name":"NewMeetingRecordingExpirationDays","Option":"Write"},{"CIMType":"String","Description":"Control Noises Supression Feature for PST legs joining a meeting. Possible Values: MicrosoftDefault, Enabled, Disabled","Name":"NoiseSuppressionForDialInParticipants","Option":"Write","ValueMap":["Disabled","Enabled","MicrosoftDefault"],"Values":["Disabled","Enabled","MicrosoftDefault"]},{"CIMType":"String","Description":"This setting will enable Tenant Admins to turn on/off participant renaming feature.","Name":"ParticipantNameChange","Option":"Write","ValueMap":["Disabled","Enabled"],"Values":["Disabled","Enabled"]},{"CIMType":"String","Description":"Determines whether participants can give control of presentation slides during meetings scheduled by this user. Set the type of users you want to be able to give control and be given control of presentation slides in meetings. Users excluded from the selected group will be prohibited from giving control, or being given control, in a meeting. Possible Values: Everyone: Anyone in the meeting can give or take control. EveryoneInOrganization: Only internal AAD users and Multi-Tenant Organization (MTO) users can give or take control. EveryoneInOrganizationAndGuests: Only those who are Guests to the tenant, MTO users, and internal AAD users can give or take control. None: No one in the meeting can give or take control","Name":"ParticipantSlideControl","Option":"Write","ValueMap":["Everyone","EveryoneInOrganization","EveryoneInOrganizationAndGuests","None"],"Values":["Everyone","EveryoneInOrganization","EveryoneInOrganizationAndGuests","None"]},{"CIMType":"String","Description":"Determines which Outlook Add-in the user will get as preferred Meeting provider(TeamsAndSfb or Teams).","Name":"PreferredMeetingProviderForIslandsMode","Option":"Write","ValueMap":["TeamsAndSfb","Teams"],"Values":["TeamsAndSfb","Teams"]},{"CIMType":"String","Description":"This setting enables Microsoft 365 Tenant Admins to Enable or Disable the Questions and Answers experience (Q+A).","Name":"QnAEngagementMode","Option":"Write","ValueMap":["Disabled","Enabled"],"Values":["Disabled","Enabled"]},{"CIMType":"String","Description":"Allows users to use real time text during a meeting, allowing them to communicate by typing their messages in real time. Possible Values: Enabled: User is allowed to turn on real time text. Disabled: User is not allowed to turn on real time text.","Name":"RealTimeText","Option":"Write","ValueMap":["Disabled","Enabled"],"Values":["Disabled","Enabled"]},{"CIMType":"String","Description":"Determines whether or not biometric data will be used to distinguish and or attribute in the transcript.","Name":"RoomAttributeUserOverride","Option":"Write","ValueMap":["Off","Distinguish","Attribute"],"Values":["Off","Distinguish","Attribute"]},{"CIMType":"String","Description":"Determines if people recognition option is enabled for Teams Rooms. Enabling requires the RoomAttributeUserOverride to be Attribute for allowing individual voice and face profiles to be used for recognition in meetings.","Name":"RoomPeopleNameUserOverride","Option":"Write","ValueMap":["Off","On"],"Values":["Off","On"]},{"CIMType":"String","Description":"Determines the mode in which a user can share a screen in calls or meetings. Set this to SingleApplication to allow the user to share an application at a given point in time. Set this to EntireScreen to allow the user to share anything on their screens. Set this to Disabled to prohibit the user from sharing their screens.","Name":"ScreenSharingMode","Option":"Write","ValueMap":["SingleApplication","EntireScreen","Disabled"],"Values":["SingleApplication","EntireScreen","Disabled"]},{"CIMType":"String","Description":"Participants can sign up for text message meeting reminders.","Name":"SmsNotifications","Option":"Write","ValueMap":["OnAllowOrganizerOverride","OffAllowOrganizerOverride","Off"],"Values":["OnAllowOrganizerOverride","OffAllowOrganizerOverride","Off"]},{"CIMType":"String","Description":"Determines if users are identified in transcriptions and if they can change the value of the Automatically identify me in meeting captions and transcripts setting.","Name":"SpeakerAttributionMode","Option":"Write","ValueMap":["Disabled","DisabledUserOverride","EnabledUserOverride","Enabled"],"Values":["Disabled","DisabledUserOverride","EnabledUserOverride","Enabled"]},{"CIMType":"String","Description":"Controls if Teams uses overflow capability once a meeting reaches its capacity (1,000 users with full functionality).","Name":"StreamingAttendeeMode","Option":"Write","ValueMap":["Disabled","Enabled"],"Values":["Disabled","Enabled"]},{"CIMType":"String","Description":"Determines whether or not meetings created by users with this policy are able to utilize the Camera Far-End PTZ Mode.","Name":"TeamsCameraFarEndPTZMode","Option":"Write","ValueMap":["Disabled","AutoAcceptInTenant","AutoAcceptAll"],"Values":["Disabled","AutoAcceptInTenant","AutoAcceptAll"]},{"CIMType":"String","Description":"This policy controls who can admit from the lobby.","Name":"UsersCanAdmitFromLobby","Option":"Write","ValueMap":["OrganizerAndCoOrganizersOnly","OrganizersAndPresentersOnly"],"Values":["OrganizerAndCoOrganizersOnly","OrganizersAndPresentersOnly"]},{"CIMType":"String","Description":"Determines whether you provide support for your users to enable voice isolation in Teams meeting calls.","Name":"VoiceIsolation","Option":"Write","ValueMap":["Disabled","Enabled"],"Values":["Disabled","Enabled"]},{"CIMType":"String","Description":"Enables the user to use the voice simulation feature while being AI interpreted. Possible Values: Disabled, Enabled","Name":"VoiceSimulationInInterpreter","Option":"Write","ValueMap":["Disabled","Enabled"],"Values":["Disabled","Enabled"]},{"CIMType":"String","Description":"Determines the meeting experience and watermark content of an anonymous user.","Name":"WatermarkForAnonymousUsers","Option":"Write","ValueMap":["JoinWithAudioOnly","WatermarkWithDisplayName"],"Values":["JoinWithAudioOnly","WatermarkWithDisplayName"]},{"CIMType":"SInt32","Description":"Allows the transparency of watermark to be customizable. Must be between 1 and 100 inclusive.","Name":"WatermarkForCameraVideoOpacity","Option":"Write"},{"CIMType":"String","Description":"Allows the pattern design of watermark to be customizable.","Name":"WatermarkForCameraVideoPattern","Option":"Write","ValueMap":["Single","Tiled"],"Values":["Single","Tiled"]},{"CIMType":"SInt32","Description":"Allows the transparency of watermark to be customizable. Must be between 1 and 100 inclusive.","Name":"WatermarkForScreenSharingOpacity","Option":"Write"},{"CIMType":"String","Description":"Allows the pattern design of watermark to be customizable.","Name":"WatermarkForScreenSharingPattern","Option":"Write","ValueMap":["Single","Tiled"],"Values":["Single","Tiled"]},{"CIMType":"String","Description":"Determines the background effects that a user can configure in the Teams client. ","Name":"VideoFiltersMode","Option":"Write","ValueMap":["NoFilters","BlurOnly","BlurAndDefaultBackgrounds","AllFilters"],"Values":["NoFilters","BlurOnly","BlurAndDefaultBackgrounds","AllFilters"]},{"CIMType":"String","Description":"Specifies who can attend and register for webinars.","Name":"WhoCanRegister","Option":"Write","ValueMap":["Everyone","EveryoneInCompany"],"Values":["Everyone","EveryoneInCompany"]},{"CIMType":"String","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Teams Global Admin.","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Name of the Azure Active Directory tenant used for authentication. Format contoso.onmicrosoft.com","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures the Teams Meeting Policies.\n\nMore information: <https://docs.microsoft.com/en-us/microsoftteams/meeting-policies-overview/>"},{"ClassName":"MSFT_TeamsMessagingConfiguration","Parameters":[{"CIMType":"String","Description":"Only valid value is 'Yes'.","Name":"IsSingleInstance","Option":"Key","ValueMap":["Yes"],"Values":["Yes"]},{"CIMType":"Boolean","Description":"This setting determines if closed captions will be displayed, for Teams Video Clips, during playback. Possible values: True, False","Name":"EnableVideoMessageCaptions","Option":"Write"},{"CIMType":"Boolean","Description":"This setting determines if chat regulation for internal communication in tenant is allowed. Possible Values: True, False","Name":"EnableInOrganizationChatControl","Option":"Write"},{"CIMType":"Boolean","Description":"This setting enables/disables the use of custom emojis and reactions across the whole tenant. Upon enablement, admins and/or users can define a user group that is allowed. Possible Values: True, False","Name":"CustomEmojis","Option":"Write"},{"CIMType":"String","Description":"This setting enables/disables the availability of Viva Engage storylines in Teams chats across the whole tenant.","Name":"Storyline","Option":"Write","ValueMap":["Disabled","Enabled"],"Values":["Disabled","Enabled"]},{"CIMType":"String","Description":"This setting enables/disables MessagingNotes integration across the whole tenant. Possible Values: Disabled, Enabled","Name":"MessagingNotes","Option":"Write","ValueMap":["Disabled","Enabled"],"Values":["Disabled","Enabled"]},{"CIMType":"String","Description":"This setting enables weaponizable file detection in Teams messages in the tenant. Possible Values: Enabled, Disabled","Name":"FileTypeCheck","Option":"Write","ValueMap":["Disabled","Enabled"],"Values":["Disabled","Enabled"]},{"CIMType":"String","Description":"This setting enables malicious URL detection in Teams messages in the tenant. Possible Values: Enabled, Disabled","Name":"UrlReputationCheck","Option":"Write","ValueMap":["Disabled","Enabled"],"Values":["Disabled","Enabled"]},{"CIMType":"String","Description":"This setting enables content-based phishing detection for Teams messages in the tenant.","Name":"ContentBasedPhishingCheck","Option":"Write","ValueMap":["Disabled","Enabled"],"Values":["Disabled","Enabled"]},{"CIMType":"String","Description":"This setting enables the end users to Report incorrect security detections in Teams messages in the tenant. Possible Values: Enabled, Disabled","Name":"ReportIncorrectSecurityDetections","Option":"Write","ValueMap":["Disabled","Enabled"],"Values":["Disabled","Enabled"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"}],"Description":"The TeamsMessagingConfiguration determines the messaging settings for users in your tenant."},{"ClassName":"MSFT_TeamsMessagingPolicy","Parameters":[{"CIMType":"string","Description":"Identity for the teams messaging policy you're modifying. To modify the global policy, use this syntax: -Identity global. To modify a per-user policy, use syntax similar to this: -Identity TeamsMessagingPolicy.","Name":"Identity","Option":"Key"},{"CIMType":"Boolean","Description":"This setting determines if users can chat with groups (Distribution, M365 and Security groups). Possible values: True, False","Name":"AllowChatWithGroup","Option":"Write"},{"CIMType":"Boolean","Description":"These settings enables, disables updating or fetching custom group chat avatars for the users included in the messaging policy. Possible values: True, False","Name":"AllowCustomGroupChatAvatars","Option":"Write"},{"CIMType":"Boolean","Description":"This setting enables/disables showing company name and department name in search results for MTO users. Possible values: True, False","Name":"AllowExtendedWorkInfoInSearch","Option":"Write"},{"CIMType":"Boolean","Description":"This setting determines if users with the 'Full permissions' role can delete any group or meeting chat message within their tenant. Possible values: True, False","Name":"AllowFullChatPermissionUserToDeleteAnyMessage","Option":"Write"},{"CIMType":"Boolean","Description":"Determines if Giphy images should be displayed that had been already sent or received in chat. Possible values: True, False","Name":"AllowGiphyDisplay","Option":"Write"},{"CIMType":"Boolean","Description":"This setting determines if users in a group chat can create and share join links for other users within the organization to join that chat. Possible values: True, False","Name":"AllowGroupChatJoinLinks","Option":"Write"},{"CIMType":"Boolean","Description":"Determines if a user is allowed to paste internet-based images in compose. Possible values: True, False","Name":"AllowPasteInternetImage","Option":"Write"},{"CIMType":"String","Description":"Determines whether files are automatically shared in external chats. Possible values: Enabled: Files are automatically shared in external chats. Disabled: Files are not automatically shared in external chats.","Name":"AutoShareFilesInExternalChats","Option":"Write","ValueMap":["Enabled","Disabled"],"Values":["Enabled","Disabled"]},{"CIMType":"String","Description":"Determines the Supervised Chat role of the user. Set this to Full to allow the user to supervise chats. Supervisors have the ability to initiate chats with and invite any user within the environment. Set this to Limited to allow the user to initiate conversations with Full and Limited permissioned users, but not Restricted. Set this to Restricted to block chat creation with anyone other than Full permissioned users.","Name":"ChatPermissionRole","Option":"Write","ValueMap":["Full","Limited","Restricted"],"Values":["Full","Limited","Restricted"]},{"CIMType":"Boolean","Description":"This setting enables the creation of custom emojis and reactions within an organization for the specified policy users.","Name":"CreateCustomEmojis","Option":"Write"},{"CIMType":"Boolean","Description":"These settings enable and disable the editing and deletion of custom emojis and reactions for the users included in the messaging policy.","Name":"DeleteCustomEmojis","Option":"Write"},{"CIMType":"String","Description":"This setting determines whether a user is allowed to create custom AI-powered backgrounds and images with MS Designer.Possible values are: Enabled, Disabled","Name":"DesignerForBackgroundsAndImages","Option":"Write","ValueMap":["Enabled","Disabled"],"Values":["Enabled","Disabled"]},{"CIMType":"String","Description":"This setting determines if chat regulation for internal communication in the tenant is allowed. Possible values: BlockingAllowed, BlockingDisallowed","Name":"InOrganizationChatControl","Option":"Write","ValueMap":["BlockingDisallowed","BlockingAllowed"],"Values":["BlockingDisallowed","BlockingAllowed"]},{"CIMType":"Boolean","Description":"Determines whether a user is allowed to delete messages sent by bots. Possible values are: True, False","Name":"UsersCanDeleteBotMessages","Option":"Write"},{"CIMType":"boolean","Description":"Report inappropriate content.","Name":"AllowCommunicationComplianceEndUserReporting","Option":"Write"},{"CIMType":"boolean","Description":"Determines is Fluid Collaboration should be enabled or not.","Name":"AllowFluidCollaborate","Option":"Write"},{"CIMType":"boolean","Description":"Report a security concern.","Name":"AllowSecurityEndUserReporting","Option":"Write"},{"CIMType":"boolean","Description":"Determines whether a user is allowed to access and post Giphys. Set this to TRUE to allow. Set this FALSE to prohibit.","Name":"AllowGiphy","Option":"Write"},{"CIMType":"boolean","Description":"Determines whether a user is allowed to access and post memes. Set this to TRUE to allow. Set this FALSE to prohibit.","Name":"AllowMemes","Option":"Write"},{"CIMType":"boolean","Description":"Determines whether owners are allowed to delete all the messages in their team. Set this to TRUE to allow. Set this to FALSE to prohibit.","Name":"AllowOwnerDeleteMessage","Option":"Write"},{"CIMType":"boolean","Description":"Determines whether a user is allowed to edit their own messages. Set this to TRUE to allow. Set this to FALSE to prohibit.","Name":"AllowUserEditMessage","Option":"Write"},{"CIMType":"boolean","Description":"Turn on this setting to let a user get text predictions for chat messages.","Name":"AllowSmartCompose","Option":"Write"},{"CIMType":"boolean","Description":"Turn this setting on to enable suggested replies for chat messages. Set this to TRUE to allow. Set this to FALSE to prohibit.","Name":"AllowSmartReply","Option":"Write"},{"CIMType":"boolean","Description":"Determines whether a user is allowed to access and post stickers. Set this to TRUE to allow. Set this FALSE to prohibit.","Name":"AllowStickers","Option":"Write"},{"CIMType":"boolean","Description":"Use this setting to turn automatic URL previewing on or off in messages. Set this to TRUE to turn on. Set this to FALSE to turn off.","Name":"AllowUrlPreviews","Option":"Write"},{"CIMType":"boolean","Description":"Determines whether a user is allowed to chat. Set this to TRUE to allow a user to chat across private chat, group chat and in meetings. Set this to FALSE to prohibit all chat.","Name":"AllowUserChat","Option":"Write"},{"CIMType":"boolean","Description":"Determines whether a user is allowed to delete their own messages. Set this to TRUE to allow. Set this to FALSE to prohibit.","Name":"AllowUserDeleteMessage","Option":"Write"},{"CIMType":"boolean","Description":"Determines whether a user is allowed to translate messages to their client languages. Set this to TRUE to allow. Set this to FALSE to prohibit.","Name":"AllowUserTranslation","Option":"Write"},{"CIMType":"boolean","Description":"Determines whether a user is allowed to use Immersive Reader for reading conversation messages. Set this to TRUE to allow. Set this FALSE to prohibit.","Name":"AllowImmersiveReader","Option":"Write"},{"CIMType":"boolean","Description":"Determines whether a user is allowed to remove a user from a conversation. Set this to TRUE to allow. Set this FALSE to prohibit.","Name":"AllowRemoveUser","Option":"Write"},{"CIMType":"boolean","Description":"Determines whether a user is allowed to send priorities messages. Set this to TRUE to allow. Set this FALSE to prohibit.","Name":"AllowPriorityMessages","Option":"Write"},{"CIMType":"boolean","Description":"Turn this setting on to allow users to permanently delete their 1:1, group chat, and meeting chat as participants (this deletes the chat only for them, not other users in the chat).","Name":"AllowUserDeleteChat","Option":"Write"},{"CIMType":"boolean","Description":"Determines whether a user is allowed to send video messages in Chat. Set this to TRUE to allow a user to send video messages. Set this to FALSE to prohibit sending video messages.","Name":"AllowVideoMessages","Option":"Write"},{"CIMType":"string","Description":"Provide a description of your policy to identify purpose of creating it.","Name":"Description","Option":"Write"},{"CIMType":"string","Description":"Determines the Giphy content restrictions applicable to a user. Set this to STRICT, MODERATE or NORESTRICTION.","Name":"GiphyRatingType","Option":"Write","ValueMap":["STRICT","MODERATE","NORESTRICTION"],"Values":["STRICT","MODERATE","NORESTRICTION"]},{"CIMType":"string","Description":"Use this setting to specify whether read receipts are user controlled, enabled for everyone, or disabled. Set this to UserPreference, Everyone or None.","Name":"ReadReceiptsEnabledType","Option":"Write","ValueMap":["UserPreference","Everyone","None"],"Values":["UserPreference","Everyone","None"]},{"CIMType":"string","Description":"Possible values are: DisabledUserOverride,EnabledUserOverride.","Name":"ChannelsInChatListEnabledType","Option":"Write","ValueMap":["DisabledUserOverride","EnabledUserOverride"],"Values":["DisabledUserOverride","EnabledUserOverride"]},{"CIMType":"string","Description":"Determines whether a user is allowed to send audio messages. Possible values are: ChatsAndChannels,ChatsOnly,Disabled.","Name":"AudioMessageEnabledType","Option":"Write","ValueMap":["ChatsAndChannels","ChatsOnly","Disabled"],"Values":["ChatsAndChannels","ChatsOnly","Disabled"]},{"CIMType":"String","Description":"Indicates whether B2B invites should be used to add external users when necessary. Possible values: Enabled: External users will be added using B2B invites. Disabled: External users will not be added using B2B invites.","Name":"UseB2BInvitesToAddExternalUsers","Option":"Write","ValueMap":["Enabled","Disabled"],"Values":["Enabled","Disabled"]},{"CIMType":"string","Description":"Globally unique identifier (GUID) of the tenant account whose external user communication policy are being created.","Name":"Tenant","Option":"Write"},{"CIMType":"String","Description":"Present ensures the Team Message Policy exists, absent ensures it is removed","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Teams Service Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Name of the Azure Active Directory tenant used for authentication. Format contoso.onmicrosoft.com","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource is used to configure the Teams messaging policy.\n\nMore information: <https://docs.microsoft.com/en-us/microsoftteams/messaging-policies-in-teams/>"},{"ClassName":"MSFT_TeamsMobilityPolicy","Parameters":[{"CIMType":"String","Description":"Specify the name of the Teams Mobility Policy.","Name":"Identity","Option":"Key"},{"CIMType":"String","Description":"Enables administrators to provide explanatory text about the policy. For example, the Description might indicate the users the policy should be assigned to.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"When set to WifiOnly, prohibits the user from making and receiving calls or joining meetings using VoIP calls on the mobile device while on a cellular data connection. Possible values are: WifiOnly, AllNetworks.","Name":"IPAudioMobileMode","Option":"Write","ValueMap":["WifiOnly","AllNetworks"],"Values":["WifiOnly","AllNetworks"]},{"CIMType":"String","Description":"When set to WifiOnly, prohibits the user from making and receiving video calls or enabling video in meetings using VoIP calls on the mobile device while on a cellular data connection. Possible values are: WifiOnly, AllNetworks.","Name":"IPVideoMobileMode","Option":"Write","ValueMap":["WifiOnly","AllNetworks"],"Values":["WifiOnly","AllNetworks"]},{"CIMType":"String","Description":"Determines the mobile dialer preference, possible values are: Teams, Native, UserOverride.","Name":"MobileDialerPreference","Option":"Write","ValueMap":["Teams","Native","UserOverride"],"Values":["Teams","Native","UserOverride"]},{"CIMType":"string","Description":"Present ensures the instance exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"The TeamsMobilityPolicy allows Admins to control Teams mobile usage for users."},{"ClassName":"MSFT_TeamsNetworkRoamingPolicy","Parameters":[{"CIMType":"String","Description":"Specify the name of the Teams Network Roaming Policy.","Name":"Identity","Option":"Key"},{"CIMType":"Boolean","Description":"Determines whether video is enabled in a user's meetings or calls. Set this to TRUE to allow the user to share their video. Set this to FALSE to prohibit the user from sharing their video.","Name":"AllowIPVideo","Option":"Write"},{"CIMType":"String","Description":"Description of the new policy to be created.","Name":"Description","Option":"Write"},{"CIMType":"UInt64","Description":"Determines the media bit rate for audio/video/app sharing transmissions in meetings.","Name":"MediaBitRateKb","Option":"Write"},{"CIMType":"string","Description":"Present ensures the instance exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resources configures a Teams Network Roaming Policy."},{"ClassName":"MSFT_TeamsOnlineVoicemailPolicy","Parameters":[{"CIMType":"String","Description":"Identity of the Teams Online Voicemail Policy.","Name":"Identity","Option":"Key"},{"CIMType":"Boolean","Description":"Controls if editing call answer rule settings are enabled or disabled for a user. Possible values are $true or $false.","Name":"EnableEditingCallAnswerRulesSetting","Option":"Write"},{"CIMType":"Boolean","Description":"Allows you to disable or enable voicemail transcription. Possible values are $true or $false.","Name":"EnableTranscription","Option":"Write"},{"CIMType":"Boolean","Description":"Allows you to disable or enable profanity masking for the voicemail transcriptions. Possible values are $true or $false.","Name":"EnableTranscriptionProfanityMasking","Option":"Write"},{"CIMType":"Boolean","Description":"Allows you to disable or enable translation for the voicemail transcriptions. Possible values are $true or $false.","Name":"EnableTranscriptionTranslation","Option":"Write"},{"CIMType":"String","Description":"A duration of voicemail maximum recording length. The length should be between 30 seconds to 600 seconds.","Name":"MaximumRecordingLength","Option":"Write"},{"CIMType":"String","Description":"The audio file to play to the caller after the user's voicemail greeting has played and before the caller is allowed to leave a voicemail message.","Name":"PostambleAudioFile","Option":"Write"},{"CIMType":"String","Description":"The audio file to play to the caller before the user's voicemail greeting is played.","Name":"PreambleAudioFile","Option":"Write"},{"CIMType":"Boolean","Description":"Is playing the Pre- or Post-amble mandatory before the caller can leave a message. Possible values are $true or $false.","Name":"PreamblePostambleMandatory","Option":"Write"},{"CIMType":"String","Description":"The primary (or first) language that voicemail system prompts will be presented in. Must also set SecondarySystemPromptLanguage. When set, this overrides the user language choice.","Name":"PrimarySystemPromptLanguage","Option":"Write"},{"CIMType":"String","Description":"The secondary language that voicemail system prompts will be presented in. Must also set PrimarySystemPromptLanguage and may not be the same value as PrimarySystemPromptanguage. When set, this overrides the user language choice. ","Name":"SecondarySystemPromptLanguage","Option":"Write"},{"CIMType":"String","Description":"Specifies whether voicemail and transcription data are shared with the service for training and improving accuracy. Possible values are Defer and Deny.","Name":"ShareData","Option":"Write"},{"CIMType":"String","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Teams Global Admin.","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Name of the Azure Active Directory tenant used for authentication. Format contoso.onmicrosoft.com","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures the Teams Online Voicemail Policies.\n\nMore information: <https://learn.microsoft.com/en-us/microsoftteams/manage-voicemail-policies/>"},{"ClassName":"MSFT_TeamsOnlineVoicemailUserSettings","Parameters":[{"CIMType":"String","Description":"The Identity parameter represents the ID of the specific user in your organization; this can be either a SIP URI or an Object ID.","Name":"Identity","Option":"Key"},{"CIMType":"String","Description":"The CallAnswerRule parameter represents the value of the call answer rule, which can be any of the following: DeclineCall, PromptOnly, PromptOnlyWithTransfer, RegularVoicemail, VoicemailWithTransferOption.","Name":"CallAnswerRule","Option":"Write","ValueMap":["DeclineCall","PromptOnly","PromptOnlyWithTransfer","RegularVoicemail","VoicemailWithTransferOption"],"Values":["DeclineCall","PromptOnly","PromptOnlyWithTransfer","RegularVoicemail","VoicemailWithTransferOption"]},{"CIMType":"String","Description":"The DefaultGreetingPromptOverwrite parameter represents the contents that overwrite the default normal greeting prompt. If the user's normal custom greeting is not set and DefaultGreetingPromptOverwrite is not empty, the voicemail service will play this overwrite greeting instead of the default normal greeting in the voicemail deposit scenario.","Name":"DefaultGreetingPromptOverwrite","Option":"Write"},{"CIMType":"String","Description":"The DefaultOofGreetingPromptOverwrite parameter represents the contents that overwrite the default out-of-office greeting prompt. If the user's out-of-office custom greeting is not set and DefaultOofGreetingPromptOverwrite is not empty, the voicemail service will play this overwrite greeting instead of the default out-of-office greeting in the voicemail deposit scenario.","Name":"DefaultOofGreetingPromptOverwrite","Option":"Write"},{"CIMType":"Boolean","Description":"The OofGreetingEnabled parameter represents whether to play out-of-office greeting in voicemail deposit scenario.","Name":"OofGreetingEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The OofGreetingFollowAutomaticRepliesEnabled parameter represents whether to play out-of-office greeting in voicemail deposit scenario when user set automatic replies in Outlook.","Name":"OofGreetingFollowAutomaticRepliesEnabled","Option":"Write"},{"CIMType":"Boolean","Description":"The OofGreetingFollowCalendarEnabled parameter represents whether to play out-of-office greeting in voicemail deposit scenario when user set out-of-office in calendar.","Name":"OofGreetingFollowCalendarEnabled","Option":"Write"},{"CIMType":"String","Description":"The PromptLanguage parameter represents the language that is used to play voicemail prompts.","Name":"PromptLanguage","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies whether voicemail and transcription data is shared with the service for training and improving accuracy.","Name":"ShareData","Option":"Write"},{"CIMType":"String","Description":"The TransferTarget parameter represents the target to transfer the call when call answer rule set to PromptOnlyWithTransfer or VoicemailWithTransferOption. Value of this parameter should be a SIP URI of another user in your organization. For user with Enterprise Voice enabled, a valid telephone number could also be accepted as TransferTarget.","Name":"TransferTarget","Option":"Write"},{"CIMType":"Boolean","Description":"The VoicemailEnabled parameter represents whether to enable voicemail service. If set to $false, the user has no voicemail service.","Name":"VoicemailEnabled","Option":"Write"},{"CIMType":"String","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Teams Global Admin.","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Name of the Azure Active Directory tenant used for authentication. Format contoso.onmicrosoft.com","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures a Teams User's Online Voicemail Settings."},{"ClassName":"MSFT_TeamsOnlineVoiceUser","Parameters":[{"CIMType":"String","Description":"Specifies the identity of the target user.","Name":"Identity","Option":"Key"},{"CIMType":"String","Description":"Specifies the unique identifier of the emergency location to assign to the user. Location identities can be discovered by using the Get-CsOnlineLisLocation cmdlet.","Name":"LocationID","Option":"Write"},{"CIMType":"String","Description":"Specifies the telephone number to be assigned to the user. The value must be in E.164 format: +14255043920. Setting the value to $Null clears the user's telephone number.","Name":"TelephoneNumber","Option":"Write"},{"CIMType":"String","Description":"Present ensures the online voice user exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Teams Global Admin.","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Name of the Azure Active Directory tenant used for authentication. Format contoso.onmicrosoft.com","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures the Teams Online Voice User."},{"ClassName":"MSFT_TeamsOrgWideAppSettings","Parameters":[{"CIMType":"String","Description":"Specifies the resource is a single instance, the value must be 'Yes'","Name":"IsSingleInstance","Option":"Key","ValueMap":["Yes"],"Values":["Yes"]},{"CIMType":"Boolean","Description":"Determines whether or not to allow interaction with custom apps.","Name":"IsSideloadedAppsInteractionEnabled","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Credentials of the Teams Global Admin.","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Name of the Azure Active Directory tenant used for authentication. Format contoso.onmicrosoft.com","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures Org-Wide App Settings for Teams.\n\n**Please note:** This resource does not support certificate based authentication."},{"ClassName":"MSFT_TeamsPstnUsage","Parameters":[{"CIMType":"String","Description":"An online PSTN usage (such as Local or Long Distance) that can be used in conjunction with voice routes and voice routing policies.","Name":"Usage","Option":"Key"},{"CIMType":"String","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Teams Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Name of the Azure Active Directory tenant used for authentication. Format contoso.onmicrosoft.com","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures a Teams PSTN Usage.\n\nMore information: <https://docs.microsoft.com/en-us/microsoftteams/direct-routing-voice-routing/>"},{"ClassName":"MSFT_TeamsShiftsPolicy","Parameters":[{"CIMType":"String","Description":"Specifies the policy instance name","Name":"Identity","Option":"Key"},{"CIMType":"UInt64","Description":"Determines the grace period time in minutes between when the first shift starts or last shift ends and when access is blocked","Name":"AccessGracePeriodMinutes","Option":"Write"},{"CIMType":"String","Description":"Determines the Teams access type granted to the user. Today, only unrestricted access to Teams app is supported.","Name":"AccessType","Option":"Write","ValueMap":["UnrestrictedAccess_TeamsApp"],"Values":["UnrestrictedAccess_TeamsApp"]},{"CIMType":"Boolean","Description":"Determines whether a user can manage a Shifts schedule as a team member.","Name":"EnableScheduleOwnerPermissions","Option":"Write"},{"CIMType":"String","Description":"Determines the frequency of warning dialog displayed when user opens Teams.","Name":"ShiftNoticeFrequency","Option":"Write","ValueMap":["Always","ShowOnceOnChange","Never"],"Values":["Always","ShowOnceOnChange","Never"]},{"CIMType":"String","Description":"Specifies a custom message. Must set ShiftNoticeMessageType to 'CustomMessage' to enforce this","Name":"ShiftNoticeMessageCustom","Option":"Write"},{"CIMType":"String","Description":"Specifies the warning message is shown in the blocking dialog when a user access Teams off shift hours. Select one of 7 Microsoft provided messages, a default message or a custom message.","Name":"ShiftNoticeMessageType","Option":"Write","ValueMap":["DefaultMessage","Message1","Message2","Message3","Message4","Message5","Message6","Message7","CustomMessage"],"Values":["DefaultMessage","Message1","Message2","Message3","Message4","Message5","Message6","Message7","CustomMessage"]},{"CIMType":"string","Description":"Present ensures the instance exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource allows you to create a new TeamsShiftPolicy instance and set it's properties."},{"ClassName":"MSFT_TeamsTeam","Parameters":[{"CIMType":"string","Description":"Display Name of the Team","Name":"DisplayName","Option":"Key"},{"CIMType":"string","Description":"Description of Team.","Name":"Description","Option":"Write"},{"CIMType":"string","Description":"Team group ID, only used to target a Team when duplicated display names occurs.","Name":"GroupID","Option":"Write"},{"CIMType":"string","Description":"MailNickName of O365 Group associated with Team","Name":"MailNickName","Option":"Write"},{"CIMType":"string[]","Description":"Owners of the Team. At least one entry is required.","Name":"Owner","Option":"Write"},{"CIMType":"String","Description":"Visibility of the Team","Name":"Visibility","Option":"Write","ValueMap":["Public","Private","HiddenMembership"],"Values":["Public","Private","HiddenMembership"]},{"CIMType":"Boolean","Description":"Allow add or remove apps from the Team.","Name":"AllowAddRemoveApps","Option":"Write"},{"CIMType":"Boolean","Description":"Allow giphy in Team.","Name":"AllowGiphy","Option":"Write"},{"CIMType":"string","Description":"Giphy content rating of the Team.","Name":"GiphyContentRating","Option":"Write","ValueMap":["Strict","Moderate"],"Values":["Strict","Moderate"]},{"CIMType":"Boolean","Description":"Allow stickers and mimes in the Team.","Name":"AllowStickersAndMemes","Option":"Write"},{"CIMType":"Boolean","Description":"Allow custom memes in Team.","Name":"AllowCustomMemes","Option":"Write"},{"CIMType":"Boolean","Description":"Allow members to edit messages within Team.","Name":"AllowUserEditMessages","Option":"Write"},{"CIMType":"Boolean","Description":"Allow members to delete messages within Team.","Name":"AllowUserDeleteMessages","Option":"Write"},{"CIMType":"Boolean","Description":"Allow owners to delete messages within Team.","Name":"AllowOwnerDeleteMessages","Option":"Write"},{"CIMType":"Boolean","Description":"Allow members to delete channels within Team.","Name":"AllowDeleteChannels","Option":"Write"},{"CIMType":"Boolean","Description":"Determines whether private channel creation is allowed for the team.","Name":"AllowCreatePrivateChannels","Option":"Write"},{"CIMType":"Boolean","Description":"Allow members to manage connectors within Team.","Name":"AllowCreateUpdateRemoveConnectors","Option":"Write"},{"CIMType":"Boolean","Description":"Allow members to manage tabs within Team.","Name":"AllowCreateUpdateRemoveTabs","Option":"Write"},{"CIMType":"Boolean","Description":"Allow mentions in Team.","Name":"AllowTeamMentions","Option":"Write"},{"CIMType":"Boolean","Description":"Allow channel mention in Team.","Name":"AllowChannelMentions","Option":"Write"},{"CIMType":"Boolean","Description":"Allow guests to create and update channels in Team.","Name":"AllowGuestCreateUpdateChannels","Option":"Write"},{"CIMType":"Boolean","Description":"Allow guests to delete channel in Team.","Name":"AllowGuestDeleteChannels","Option":"Write"},{"CIMType":"Boolean","Description":"Allow members to create and update channels within Team.","Name":"AllowCreateUpdateChannels","Option":"Write"},{"CIMType":"Boolean","Description":"determines whether or not private teams should be searchable from Teams clients for users who do not belong to that team.  Set to $false to make those teams not discoverable from Teams clients.","Name":"ShowInTeamsSearchAndSuggestions","Option":"Write"},{"CIMType":"String","Description":"Present ensures the Team exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Teams Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures or creates a new Team."},{"ClassName":"MSFT_TeamsTemplatesPolicy","Parameters":[{"CIMType":"String","Description":"Identity of the Teams Templates Policy.","Name":"Identity","Option":"Key"},{"CIMType":"String","Description":"Description of the Teams Templates Policy.","Name":"Description","Option":"Write"},{"CIMType":"String[]","Description":"The list of Teams templates to hide.","Name":"HiddenTemplates","Option":"Write"},{"CIMType":"String","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Teams Admin.","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Name of the Azure Active Directory tenant used for authentication. Format contoso.onmicrosoft.com","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures a Teams Templates Policy.\n\nMore information: <https://learn.microsoft.com/en-us/microsoftteams/templates-policies/>"},{"ClassName":"MSFT_TeamsVoiceNormalizationRule","Parameters":[{"CIMType":"String","Description":"A unique identifier for the rule. The Identity specified must include the scope followed by a slash and then the name; for example: site:Redmond/Rule1, where site:Redmond is the scope and Rule1 is the name. The name portion will automatically be stored in the Name property. You cannot specify values for Identity and Name in the same command.","Name":"Identity","Option":"Key"},{"CIMType":"UInt32","Description":"The order in which rules are applied. A phone number might match more than one rule. This parameter sets the order in which the rules are tested against the number.","Name":"Priority","Option":"Write"},{"CIMType":"String","Description":"A friendly description of the normalization rule.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"A regular expression that the dialed number must match in order for this rule to be applied.","Name":"Pattern","Option":"Write"},{"CIMType":"String","Description":"The regular expression pattern that will be applied to the number to convert it to E.164 format.","Name":"Translation","Option":"Write"},{"CIMType":"Boolean","Description":"If True, the result of applying this rule will be a number internal to the organization. If False, applying the rule results in an external number. This value is ignored if the value of the OptimizeDeviceDialing property of the associated dial plan is set to False.","Name":"IsInternalExtension","Option":"Write"}],"Description":"This resource is used to configure the tenant-wide dial plans for Microsoft Teams.\n\nMore information: <https://docs.microsoft.com/en-us/microsoftteams/create-and-manage-dial-plans/>"},{"ClassName":"MSFT_TeamsTenantDialPlan","Parameters":[{"CIMType":"String","Description":"The Identity parameter is a unique identifier that designates the name of the tenant dial plan. Identity is an alphanumeric string that cannot exceed 49 characters. Valid characters are alphabetic or numeric characters, hyphen (-) and dot (.). The value should not begin with a (.).","Name":"Identity","Option":"Key"},{"CIMType":"String","Description":"The Description parameter describes the tenant dial plan - what it's for, what type of user it applies to and any other information that helps to identify the purpose of the tenant dial plan. Maximum characters: 512.","Name":"Description","Option":"Write"},{"CIMType":"MSFT_TeamsVoiceNormalizationRule[]","Description":"List of normalization rules that are applied to this dial plan.","Name":"NormalizationRules","Option":"Write"},{"CIMType":"String","Description":"The SimpleName parameter is a display name for the tenant dial plan. This name must be unique among all tenant dial plans within the Skype for Business Server deployment.This string can be up to 49 characters long. Valid characters are alphabetic or numeric characters, hyphen (-), dot (.) and parentheses (()).","Name":"SimpleName","Option":"Write"},{"CIMType":"String","Description":"Specify if this dial plan should exist or not.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Teams Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Name of the Azure Active Directory tenant used for authentication. Format contoso.onmicrosoft.com","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource is used to configure the tenant-wide dial plans for Microsoft Teams.\n\nMore information: <https://docs.microsoft.com/en-us/microsoftteams/create-and-manage-dial-plans/>"},{"ClassName":"MSFT_TeamsTenantNetworkRegion","Parameters":[{"CIMType":"String","Description":"Unique identifier for the network region to be created.","Name":"Identity","Option":"Key"},{"CIMType":"String","Description":"Name of the associated Central Site.","Name":"CentralSite","Option":"Write"},{"CIMType":"String","Description":"Provide a description of the network region to identify purpose of creating it.","Name":"Description","Option":"Write"},{"CIMType":"string","Description":"Present ensures the instance exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures a Teams Tenant Network Region. A network region interconnects various parts of a network across multiple geographic areas. The RegionID parameter is a logical name that represents the geography of the region, and has no dependencies or restrictions. Tenant network region is used for Location Based Routing."},{"ClassName":"MSFT_TeamsTenantNetworkSite","Parameters":[{"CIMType":"String","Description":"Unique identifier for the network site to be created.","Name":"Identity","Option":"Key"},{"CIMType":"String","Description":"Provide a description of the network site to identify purpose of creating it.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"This parameter is used to assign a custom emergency calling policy to a network site","Name":"EmergencyCallingPolicy","Option":"Write"},{"CIMType":"String","Description":"This parameter is used to assign a custom emergency call routing policy to a network site","Name":"EmergencyCallRoutingPolicy","Option":"Write"},{"CIMType":"Boolean","Description":"This parameter determines whether the current site is enabled for location based routing.","Name":"EnableLocationBasedRouting","Option":"Write"},{"CIMType":"String","Description":"LocationPolicy is the identifier for the location policy which the current network site is associating to.","Name":"LocationPolicy","Option":"Write"},{"CIMType":"String","Description":"NetworkRegionID is the identifier for the network region which the current network site is associating to.","Name":"NetworkRegionID","Option":"Write"},{"CIMType":"String","Description":"NetworkRoamingPolicy is the identifier for the network roaming policy to which the network site will associate to.","Name":"NetworkRoamingPolicy","Option":"Write"},{"CIMType":"String","Description":"The address of current network site.","Name":"SiteAddress","Option":"Write"},{"CIMType":"string","Description":"Present ensures the instance exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures a Teams Tenant Network Site. Network sites are defined as a collection of IP subnets. Each network site must be associated with a network region. Tenant network site is used for Location Based Routing."},{"ClassName":"MSFT_TeamsTenantNetworkSubnet","Parameters":[{"CIMType":"UInt32","Description":"This parameter determines the length of bits to mask to the subnet. IPv4 format subnet accepts maskbits from 0 to 32 inclusive. IPv6 format subnet accepts maskbits from 0 to 128 inclusive.","Name":"MaskBits","Option":"Key"},{"CIMType":"String","Description":"Unique identifier for the network subnet to be created.","Name":"Identity","Option":"Key"},{"CIMType":"String","Description":"Provide a description of the network subnet to identify purpose of creating it.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"NetworkSiteID is the identifier for the network site which the current network subnet is associating to.","Name":"NetworkSiteID","Option":"Write"},{"CIMType":"string","Description":"Present ensures the instance exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures a Teams Tenant Network Subnet. Each internal subnet may only be associated with one site. Tenant network subnet is used for Location Based Routing."},{"ClassName":"MSFT_TeamsTenantTrustedIPAddress","Parameters":[{"CIMType":"String","Description":"Unique identifier for the IP address to be created.","Name":"Identity","Option":"Key"},{"CIMType":"String","Description":"Provide a description of the trusted IP address to identify purpose of creating it.","Name":"Description","Option":"Write"},{"CIMType":"UInt32","Description":"This parameter determines the length of bits to mask to the subnet.","Name":"MaskBits","Option":"Write"},{"CIMType":"string","Description":"Present ensures the instance exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures a Teams Tenant Trusted IP Address."},{"ClassName":"MSFT_TeamsTranslationRule","Parameters":[{"CIMType":"String","Description":"The Identifier of the rule. This parameter is required and later used to assign the rule to the Inbound or Outbound Trunk Normalization policy.","Name":"Identity","Option":"Key"},{"CIMType":"String","Description":"A friendly description of the normalization rule.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"A regular expression that caller or callee number must match in order for this rule to be applied.","Name":"Pattern","Option":"Write"},{"CIMType":"String","Description":"The regular expression pattern that will be applied to the number to convert it.","Name":"Translation","Option":"Write"},{"CIMType":"string","Description":"Present ensures the instance exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Cmdlet to create a new telephone number manipulation rule."},{"ClassName":"MSFT_TeamsUnassignedNumberTreatment","Parameters":[{"CIMType":"String","Description":"The Id of the treatment.","Name":"Identity","Option":"Key"},{"CIMType":"String","Description":"Free format description of this treatment.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"A regular expression that the called number must match in order for the treatment to take effect. It is best practice to start the regular expression with the hat character and end it with the dollar character. You can use various regular expression test sites on the Internet to validate the expression.","Name":"Pattern","Option":"Write"},{"CIMType":"String","Description":"The identity of the destination the call should be routed to. Depending on the TargetType it should either be the ObjectId of the user or application instance/resource account or the AudioFileId of the uploaded audio file.","Name":"Target","Option":"Write"},{"CIMType":"String","Description":"The type of target used for the treatment. Allowed values are User, ResourceAccount and Announcement.","Name":"TargetType","Option":"Write","ValueMap":["User","ResourceAccount","Announcement"],"Values":["User","ResourceAccount","Announcement"]},{"CIMType":"UInt32","Description":"The priority of the treatment. Used to distinguish identical patterns. The lower the priority the higher preference. The priority needs to be unique.","Name":"TreatmentPriority","Option":"Write"},{"CIMType":"string","Description":"Present ensures the instance exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Creates a new treatment for how calls to an unassigned number range should be routed. The call can be routed to a user, an application or to an announcement service where a custom message will be played to the caller."},{"ClassName":"MSFT_TeamsUpdateManagementPolicy","Parameters":[{"CIMType":"String","Description":"Identity of the Teams Update Management Policy.","Name":"Identity","Option":"Key"},{"CIMType":"String","Description":"The description of the Teams Update Management Policy.","Name":"Description","Option":"Write"},{"CIMType":"Boolean","Description":"Determines if managed updates should be allowed or not.","Name":"AllowManagedUpdates","Option":"Write"},{"CIMType":"Boolean","Description":"Determines if preview builds should be allowed or not.","Name":"AllowPreview","Option":"Write"},{"CIMType":"String","Description":"Determines the ring of public previews to subscribes to.","Name":"AllowPublicPreview","Option":"Write","ValueMap":["Disabled","Enabled","Forced","FollowOfficePreview"],"Values":["Disabled","Enabled","Forced","FollowOfficePreview"]},{"CIMType":"Boolean","Description":"This setting will force Teams clients to enforce session revocation for core Messaging and Calling/Meeting scenarios. If turned ON, session revocation will be enforced for calls, chats and meetings for opted-in users. If turned OFF, session revocation will not be enforced for calls, chats and meetings for opted-in users.","Name":"BlockLegacyAuthorization","Option":"Write"},{"CIMType":"String[]","Description":"List of IDs of the categories of the in-product messages that will be disabled. You can choose one of the categories from this table: 91382d07-8b89-444c-bbcb-cfe43133af33 = What's New. edf2633e-9827-44de-b34c-8b8b9717e84c = Conferences","Name":"DisabledInProductMessages","Option":"Write","ValueMap":["91382d07-8b89-444c-bbcb-cfe43133af33","edf2633e-9827-44de-b34c-8b8b9717e84c"],"Values":["91382d07-8b89-444c-bbcb-cfe43133af33","edf2633e-9827-44de-b34c-8b8b9717e84c"]},{"CIMType":"UInt32","Description":"Determines the day of week to perform the updates. Value should be between 0 and 6.","Name":"UpdateDayOfWeek","Option":"Write"},{"CIMType":"String","Description":"Determines the time of day to perform the updates. Must be a valid HH:MM format string with leading 0. For instance 08:30.","Name":"UpdateTime","Option":"Write"},{"CIMType":"String","Description":"Determines the time of day to perform the updates. Accepts a DateTime as string. Only the time will be considered.","Name":"UpdateTimeOfDay","Option":"Write"},{"CIMType":"String","Description":"Determines whether or not users will use the new Teams client.","Name":"UseNewTeamsClient","Option":"Write","ValueMap":["NewTeamsAsDefault","UserChoice","MicrosoftChoice","AdminDisabled","NewTeamsOnly"],"Values":["NewTeamsAsDefault","UserChoice","MicrosoftChoice","AdminDisabled","NewTeamsOnly"]},{"CIMType":"String","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Teams Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Name of the Azure Active Directory tenant used for authentication. Format contoso.onmicrosoft.com","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures the Teams Update policies. For additional information, please refer to <https://docs.microsoft.com/en-us/MicrosoftTeams/public-preview-doc-updates#set-the-update-policy/>"},{"ClassName":"MSFT_TeamsUpgradeConfiguration","Parameters":[{"CIMType":"String","Description":"Specifies the resource is a single instance, the value must be 'Yes'","Name":"IsSingleInstance","Option":"Key","ValueMap":["Yes"],"Values":["Yes"]},{"CIMType":"Boolean","Description":"The DownloadTeams property allows admins to control whether the Skype for Business client should automatically download Teams in the background. This Boolean setting is only honored on Windows clients, and only for certain values of the user's TeamsUpgradePolicy. If NotifySfbUser=true or if Mode=TeamsOnly in TeamsUpgradePolicy, this setting is honored. Otherwise it is ignored.","Name":"DownloadTeams","Option":"Write"},{"CIMType":"String","Description":"The SfBMeetingJoinUx property allows admins to specify which app is used to join Skype for Business meetings, even after the user has been upgraded to Teams. Allowed values are: 'SkypeMeetingsApp' and 'NativeLimitedClient'. 'NativeLimitedClient' means the existing Skype for Business rich client will be used, but since the user is upgraded, only meeting functionality is available. Calling and Messaging are done via Teams. 'SkypeMeetingsApp' means use the web-downloadable app. This setting can be useful for organizations that have upgraded to Teams and no longer want to install Skype for Business on their users' computers.","Name":"SfBMeetingJoinUx","Option":"Write","ValueMap":["SkypeMeetingsApp","NativeLimitedClient"],"Values":["SkypeMeetingsApp","NativeLimitedClient"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Teams Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Name of the Azure Active Directory tenant used for authentication. Format contoso.onmicrosoft.com","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures the Teams Upgrade settings.\n\nMore information: <https://docs.microsoft.com/en-us/MicrosoftTeams/migration-interop-guidance-for-teams-with-skype/>"},{"ClassName":"MSFT_TeamsUpgradePolicy","Parameters":[{"CIMType":"String","Description":"Identity of the Teams Upgrade Policy.","Name":"Identity","Option":"Key"},{"CIMType":"String[]","Description":"DEPRECATED. Use the TeamsUserPolicyAssignment resource instead.","Name":"Users","Option":"Write"},{"CIMType":"Boolean","Description":"Specifies whether to move existing Skype for Business meetings organized by the user to Teams. This parameter can only be true if the mode of the specified policy instance is either TeamsOnly or SfBWithTeamsCollabAndMeetings, and if the policy instance is being granted to a specific user. It not possible to trigger meeting migration when granting TeamsUpgradePolicy to the entire tenant.","Name":"MigrateMeetingsToTeams","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Credentials of the Teams Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Name of the Azure Active Directory tenant used for authentication. Format contoso.onmicrosoft.com","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures the Teams Upgrade policies.\n\nMore information: <https://docs.microsoft.com/en-us/microsoftteams/meetings-first#prepare-for-teams-meetings-in-meetings-first/>"},{"ClassName":"MSFT_TeamsUser","Parameters":[{"CIMType":"string","Description":"Team NAme","Name":"TeamName","Option":"Key"},{"CIMType":"string","Description":"UPN of user to add to Team","Name":"User","Option":"Key"},{"CIMType":"String","Description":"User role in Team","Name":"Role","Option":"Write","ValueMap":["Guest","Member","Owner"],"Values":["Guest","Member","Owner"]},{"CIMType":"String","Description":"Present ensures the Team user exists, absent ensures it is removed","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Teams Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource is used to add new users to a team"},{"ClassName":"MSFT_TeamsUserCallingSettings","Parameters":[{"CIMType":"String","Description":"The Identity of the user to set call forwarding, simultaneous ringing and call group settings for. Can be specified using the ObjectId or the SIP address.","Name":"Identity","Option":"Key"},{"CIMType":"String","Description":"The group notification override that will be set on the specified user. The supported values are Ring, Mute and Banner.","Name":"GroupNotificationOverride","Option":"Write","ValueMap":["Ring","Mute","Banner"],"Values":["Ring","Mute","Banner"]},{"CIMType":"String","Description":"The order in which to call members of the Call Group. The supported values are Simultaneous and InOrder.","Name":"CallGroupOrder","Option":"Write"},{"CIMType":"String[]","Description":"The members of the Call Group. You need to always specify the full set of members as the parameter value. What you set here will overwrite the current call group membership.","Name":"CallGroupTargets","Option":"Write"},{"CIMType":"Boolean","Description":"This parameter controls whether forwarding for unasnwered calls is enabled or not.","Name":"IsUnansweredEnabled","Option":"Write"},{"CIMType":"String","Description":"The time the call will ring the user before it is forwarded to the unanswered target. The supported format is hh:mm:ss and the delay range needs to be between 10 and 60 seconds in 10 seconds increments, i.e. 00:00:10, 00:00:20, 00:00:30, 00:00:40, 00:00:50 and 00:01:00. The default value is 20 seconds.","Name":"UnansweredDelay","Option":"Write"},{"CIMType":"String","Description":"The unanswered target. Supported type of values are ObjectId, SIP address and phone number. For phone numbers we support the following types of formats: E.164 (+12065551234 or +1206555000;ext=1234) or non-E.164 like 1234.","Name":"UnansweredTarget","Option":"Write"},{"CIMType":"String","Description":"The unanswered target type. Supported values are Voicemail, SingleTarget, MyDelegates and Group.","Name":"UnansweredTargetType","Option":"Write","ValueMap":["Group","MyDelegates","SingleTarget","Voicemail"],"Values":["Group","MyDelegates","SingleTarget","Voicemail"]},{"CIMType":"Boolean","Description":"This parameter controls whether forwarding is enabled or not.","Name":"IsForwardingEnabled","Option":"Write"},{"CIMType":"String","Description":"The type of forwarding to set. Supported values are Immediate and Simultaneous","Name":"ForwardingType","Option":"Write","ValueMap":["Immediate","Simultaneous"],"Values":["Immediate","Simultaneous"]},{"CIMType":"String","Description":"The forwarding target type. Supported values are Voicemail, SingleTarget, MyDelegates and Group. Voicemail is only supported for Immediate forwarding.","Name":"ForwardingTargetType","Option":"Write","ValueMap":["Group","MyDelegates","SingleTarget","Voicemail"],"Values":["Group","MyDelegates","SingleTarget","Voicemail"]},{"CIMType":"String","Description":"The forwarding target. Supported types of values are ObjectId's, SIP addresses and phone numbers. For phone numbers we support the following types of formats: E.164 (+12065551234 or +1206555000;ext=1234) or non-E.164 like 1234.","Name":"ForwardingTarget","Option":"Write"},{"CIMType":"String","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Teams Global Admin.","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Name of the Azure Active Directory tenant used for authentication. Format contoso.onmicrosoft.com","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures a Teams User's Calling Settings.\n\nMore information: <https://learn.microsoft.com/en-us/microsoftteams/user-call-settings/>"},{"ClassName":"MSFT_TeamsUserPolicyAssignment","Parameters":[{"CIMType":"string","Description":"User Principal Name of the user representing the policy assignments.","Name":"User","Option":"Key"},{"CIMType":"String","Description":"Name of the Calling Line Policy.","Name":"CallingLineIdentity","Option":"Write"},{"CIMType":"String","Description":"Name of the External Access Policy.","Name":"ExternalAccessPolicy","Option":"Write"},{"CIMType":"String","Description":"Name of the Online Voicemail Policy.","Name":"OnlineVoicemailPolicy","Option":"Write"},{"CIMType":"String","Description":"Name of the Online VOice Routing Policy.","Name":"OnlineVoiceRoutingPolicy","Option":"Write"},{"CIMType":"String","Description":"Name of the Teams App Permission Policy.","Name":"TeamsAppPermissionPolicy","Option":"Write"},{"CIMType":"String","Description":"Name of the Teams App Setup Policy.","Name":"TeamsAppSetupPolicy","Option":"Write"},{"CIMType":"String","Description":"Name of the Teams Audio Conferencing Policy.","Name":"TeamsAudioConferencingPolicy","Option":"Write"},{"CIMType":"String","Description":"Name of the Teams Call Hold Policy.","Name":"TeamsCallHoldPolicy","Option":"Write"},{"CIMType":"String","Description":"Name of the Teams Calling Policy.","Name":"TeamsCallingPolicy","Option":"Write"},{"CIMType":"String","Description":"Name of the Teams Call Park Policy.","Name":"TeamsCallParkPolicy","Option":"Write"},{"CIMType":"String","Description":"Name of the Teams Channel Policy.","Name":"TeamsChannelsPolicy","Option":"Write"},{"CIMType":"String","Description":"Name of the Teams Emergency Calling Policy.","Name":"TeamsEmergencyCallingPolicy","Option":"Write"},{"CIMType":"String","Description":"Name of the Teams Emergency Call Routing Policy.","Name":"TeamsEmergencyCallRoutingPolicy","Option":"Write"},{"CIMType":"String","Description":"Name of the Teams Enhanced Encryption Policy.","Name":"TeamsEnhancedEncryptionPolicy","Option":"Write"},{"CIMType":"String","Description":"Name of the Teams Events Policy.","Name":"TeamsEventsPolicy","Option":"Write"},{"CIMType":"String","Description":"Name of the Teams Meeting Broadcast Policy.","Name":"TeamsMeetingBroadcastPolicy","Option":"Write"},{"CIMType":"String","Description":"Name of the Teams Meeting Policy.","Name":"TeamsMeetingPolicy","Option":"Write"},{"CIMType":"String","Description":"Name of the Teams Messaging Policy.","Name":"TeamsMessagingPolicy","Option":"Write"},{"CIMType":"String","Description":"Name of the Teams Mobility Policy.","Name":"TeamsMobilityPolicy","Option":"Write"},{"CIMType":"String","Description":"Name of the Teams Update Management Policy.","Name":"TeamsUpdateManagementPolicy","Option":"Write"},{"CIMType":"String","Description":"Name of the Teams Upgrade Policy.","Name":"TeamsUpgradePolicy","Option":"Write"},{"CIMType":"String","Description":"Name of the Tenant Dial Plan Policy.","Name":"TenantDialPlan","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Credentials of the Teams Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource is used to assign Teams policy to a specified user."},{"ClassName":"MSFT_TeamsVdiPolicy","Parameters":[{"CIMType":"String","Description":"Unique identity of the VDI Policy.","Name":"Identity","Option":"Key"},{"CIMType":"Boolean","Description":"Disables Audio and Video in Calls and Meeting.","Name":"DisableAudioVideoInCallsAndMeetings","Option":"Write"},{"CIMType":"Boolean","Description":"Disables Calls and Meetings.","Name":"DisableCallsAndMeetings","Option":"Write"},{"CIMType":"String","Description":"Determines whether a user can be VDI 2.0 optimized.","Name":"VDI2Optimization","Option":"Write"},{"CIMType":"string","Description":"Present ensures the instance exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource implements Teams VDI Policies."},{"ClassName":"MSFT_TeamsVoiceRoute","Parameters":[{"CIMType":"String","Description":"Identity of the Teams Voice Route.","Name":"Identity","Option":"Key"},{"CIMType":"String","Description":"BridgeSourcePhoneNumber is an E.164 formatted Operator Connect Conferencing phone number assigned to your Audio Conferencing Bridge. Using BridgeSourcePhoneNumber in an online voice route is mutually exclusive with using OnlinePstnGatewayList in the same online voice route. When using BridgeSourcePhoneNumber in an online voice route, the OnlinePstnUsages used in the online voice route should only be used in a corresponding OnlineAudioConferencingRoutingPolicy. The same OnlinePstnUsages should not be used in online voice routes that are not using BridgeSourcePhoneNumber.","Name":"BridgeSourcePhoneNumber","Option":"Write"},{"CIMType":"String","Description":"A description of what this online voice route is for.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"A regular expression that specifies the phone numbers to which this route applies. Numbers matching this pattern will be routed according to the rest of the routing settings.","Name":"NumberPattern","Option":"Write"},{"CIMType":"String[]","Description":"This parameter contains a list of online gateways associated with this online voice route.  Each member of this list must be the service Identity of the online PSTN gateway.","Name":"OnlinePstnGatewayList","Option":"Write"},{"CIMType":"String[]","Description":"A list of online PSTN usages (such as Local, Long Distance, etc.) that can be applied to this online voice route. The PSTN usage must be an existing usage (PSTN usages can be retrieved by calling the Get-CsOnlinePstnUsage cmdlet).","Name":"OnlinePstnUsages","Option":"Write"},{"CIMType":"UInt32","Description":"A number could resolve to multiple online voice routes. The priority determines the order in which the routes will be applied if more than one route is possible.","Name":"Priority","Option":"Write"},{"CIMType":"String","Description":"Present ensures the route exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Teams Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Name of the Azure Active Directory tenant used for authentication. Format contoso.onmicrosoft.com","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures a Teams Voice Route.\n\nMore information: <https://docs.microsoft.com/en-us/microsoftteams/direct-routing-voice-routing/>"},{"ClassName":"MSFT_TeamsVoiceRoutingPolicy","Parameters":[{"CIMType":"String","Description":"Identity of the Teams Voice Routing Policy.","Name":"Identity","Option":"Key"},{"CIMType":"String[]","Description":"A list of online PSTN usages (such as Local or Long Distance) that can be applied to this online voice routing policy. The online PSTN usage must be an existing usage (PSTN usages can be retrieved by calling the Get-CsOnlinePstnUsage cmdlet).","Name":"OnlinePstnUsages","Option":"Write"},{"CIMType":"String","Description":"Enables administrators to provide explanatory text to accompany an online voice routing policy. For example, the Description might include information about the users the policy should be assigned to.","Name":"Description","Option":"Write"},{"CIMType":"String","Description":"Present ensures the policy exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the Teams Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Name of the Azure Active Directory tenant used for authentication. Format contoso.onmicrosoft.com","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resource configures a Teams Voice Routing Policy.\n\nMore information: <https://docs.microsoft.com/en-us/microsoftteams/manage-voice-routing-policies/>"},{"ClassName":"MSFT_TeamsWorkloadPolicy","Parameters":[{"CIMType":"String","Description":"Unique identity for the Teams workload policy","Name":"Identity","Option":"Key"},{"CIMType":"Boolean","Description":"Allows calling.","Name":"AllowCalling","Option":"Write"},{"CIMType":"Boolean","Description":"Allows pinning a call.","Name":"AllowCallingPinned","Option":"Write"},{"CIMType":"Boolean","Description":"Allows meetins.","Name":"AllowMeeting","Option":"Write"},{"CIMType":"Boolean","Description":"Allows pinning meetings.","Name":"AllowMeetingPinned","Option":"Write"},{"CIMType":"Boolean","Description":"Allows messaging.","Name":"AllowMessaging","Option":"Write"},{"CIMType":"Boolean","Description":"Allows pinning a message.","Name":"AllowMessagingPinned","Option":"Write"},{"CIMType":"String","Description":"Description of the policy.","Name":"Description","Option":"Write"},{"CIMType":"string","Description":"Present ensures the instance exists, absent ensures it is removed.","Name":"Ensure","Option":"Write","ValueMap":["Present","Absent"],"Values":["Present","Absent"]},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"This resources implements a Teams workload policy."},{"ClassName":"MSFT_VivaEngagementRoleMember","Parameters":[{"CIMType":"String","Description":"Name of the engagement role.","Name":"Role","Option":"Key"},{"CIMType":"String[]","Description":"User principal names of the users to assign to the role.","Name":"Members","Option":"Write"},{"CIMType":"MSFT_Credential","Description":"Credentials of the workload's Admin","Name":"Credential","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory application to authenticate with.","Name":"ApplicationId","Option":"Write"},{"CIMType":"String","Description":"Id of the Azure Active Directory tenant used for authentication.","Name":"TenantId","Option":"Write"},{"CIMType":"String","Description":"Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.","Name":"CertificateThumbprint","Option":"Write"},{"CIMType":"Boolean","Description":"Managed ID being used for authentication.","Name":"ManagedIdentity","Option":"Write"},{"CIMType":"String[]","Description":"Access token used for authentication.","Name":"AccessTokens","Option":"Write"}],"Description":"Manage a Viva Engage roles assigned to a user."}]
diff --git a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOActiveSyncMailboxPolicy.Tests.ps1 b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOActiveSyncMailboxPolicy.Tests.ps1
index 039297b9ab..d0e6163a47 100644
--- a/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOActiveSyncMailboxPolicy.Tests.ps1
+++ b/Tests/Unit/Microsoft365DSC/Microsoft365DSC.EXOActiveSyncMailboxPolicy.Tests.ps1
@@ -35,25 +35,25 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture {
                 return "Credentials"
             }
 
-            Mock -CommandName New-ActiveSyncMailboxPolicy -MockWith {
+            Mock -CommandName New-MobileDeviceMailboxPolicy -MockWith {
                 return $null
             }
 
-            Mock -CommandName Set-ActiveSyncMailboxPolicy -MockWith {
+            Mock -CommandName Set-MobileDeviceMailboxPolicy -MockWith {
                 return $null
             }
 
-            Mock -CommandName Remove-ActiveSyncMailboxPolicy -MockWith {
+            Mock -CommandName Remove-MobileDeviceMailboxPolicy -MockWith {
                 return $null
             }
 
-            Mock -CommandName Get-ActiveSyncMailboxPolicy -MockWith {
+            Mock -CommandName Get-MobileDeviceMailboxPolicy -MockWith {
                 return @{
                     Identity                    = 'FakeStringValue'
                     Name                        = 'FakeStringValue'
                     AllowHTMLEmail              = $true
                     ApprovedApplicationList     = @('FakeStringValue1', 'FakeStringValue2')
-                    DevicePasswordHistory       = 5
+                    PasswordHistory       = 5
                 }
             }
 
@@ -72,7 +72,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture {
                     Credential          = $Credential;
                 }
 
-                Mock -CommandName Get-ActiveSyncMailboxPolicy -MockWith {
+                Mock -CommandName Get-MobileDeviceMailboxPolicy -MockWith {
                     return $null
                 }
             }
@@ -85,7 +85,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture {
 
             It 'Should create a new instance from the Set method' {
                 Set-TargetResource @testParams
-                Should -Invoke -CommandName New-ActiveSyncMailboxPolicy -Exactly 1
+                Should -Invoke -CommandName New-MobileDeviceMailboxPolicy -Exactly 1
             }
         }
 
@@ -106,7 +106,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture {
 
             It 'Should remove the instance from the Set method' {
                 Set-TargetResource @testParams
-                Should -Invoke -CommandName Remove-ActiveSyncMailboxPolicy -Exactly 1
+                Should -Invoke -CommandName Remove-MobileDeviceMailboxPolicy -Exactly 1
             }
         }
 
@@ -118,7 +118,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture {
                     Name                        = 'FakeStringValue'
                     AllowHTMLEmail              = $true
                     ApprovedApplicationList     = @('FakeStringValue1', 'FakeStringValue2')
-                    DevicePasswordHistory       = 5
+                    PasswordHistory       = 5
                     Credential                  = $Credential;
                 }
             }
@@ -136,7 +136,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture {
                     Name                        = 'FakeStringValue'
                     AllowHTMLEmail              = $true
                     ApprovedApplicationList     = @('FakeStringValue1') # Drift
-                    DevicePasswordHistory       = 5
+                    PasswordHistory       = 5
                     Credential                  = $Credential;
                 }
             }
@@ -151,7 +151,7 @@ Describe -Name $Global:DscHelper.DescribeHeader -Fixture {
 
             It 'Should call the Set method' {
                 Set-TargetResource @testParams
-                Should -Invoke -CommandName Set-ActiveSyncMailboxPolicy -Exactly 1
+                Should -Invoke -CommandName Set-MobileDeviceMailboxPolicy -Exactly 1
             }
         }
 
diff --git a/Tests/Unit/Stubs/Microsoft365.psm1 b/Tests/Unit/Stubs/Microsoft365.psm1
index bdd6b01673..e799dcd359 100644
--- a/Tests/Unit/Stubs/Microsoft365.psm1
+++ b/Tests/Unit/Stubs/Microsoft365.psm1
@@ -2314,7 +2314,7 @@ function Get-ActiveSyncDevice
     )
 }
 
-function Get-ActiveSyncMailboxPolicy
+function Get-MobileDeviceMailboxPolicy
 {
     [CmdletBinding()]
     param(
@@ -5294,7 +5294,7 @@ function New-ActiveSyncDeviceAccessRule
     )
 }
 
-function New-ActiveSyncMailboxPolicy
+function New-MobileDeviceMailboxPolicy
 {
     [CmdletBinding()]
     param(
@@ -5332,7 +5332,7 @@ function New-ActiveSyncMailboxPolicy
 
         [Parameter()]
         [System.Boolean]
-        $DevicePasswordEnabled,
+        $PasswordEnabled,
 
         [Parameter()]
         [System.Boolean]
@@ -5340,7 +5340,7 @@ function New-ActiveSyncMailboxPolicy
 
         [Parameter()]
         [System.Int32]
-        $DevicePasswordHistory,
+        $PasswordHistory,
 
         [Parameter()]
         [System.Boolean]
@@ -5352,7 +5352,7 @@ function New-ActiveSyncMailboxPolicy
 
         [Parameter()]
         [System.Int32]
-        $MinDevicePasswordComplexCharacters,
+        $MinPasswordComplexCharacters,
 
         [Parameter()]
         [System.Object]
@@ -5364,7 +5364,7 @@ function New-ActiveSyncMailboxPolicy
 
         [Parameter()]
         [System.Object]
-        $DevicePasswordExpiration,
+        $PasswordExpiration,
 
         [Parameter()]
         [System.Boolean]
@@ -5376,7 +5376,7 @@ function New-ActiveSyncMailboxPolicy
 
         [Parameter()]
         [System.Object]
-        $MaxDevicePasswordFailedAttempts,
+        $MaxPasswordFailedAttempts,
 
         [Parameter()]
         [System.Boolean]
@@ -5432,11 +5432,11 @@ function New-ActiveSyncMailboxPolicy
 
         [Parameter()]
         [System.Object]
-        $MaxInactivityTimeDeviceLock,
+        $MaxInactivityTimeLock,
 
         [Parameter()]
         [System.Boolean]
-        $AlphanumericDevicePasswordRequired,
+        $AlphanumericPasswordRequired,
 
         [Parameter()]
         [System.Boolean]
@@ -5460,7 +5460,7 @@ function New-ActiveSyncMailboxPolicy
 
         [Parameter()]
         [System.Boolean]
-        $AllowSimpleDevicePassword,
+        $AllowSimplePassword,
 
         [Parameter()]
         [System.Boolean]
@@ -5512,7 +5512,7 @@ function New-ActiveSyncMailboxPolicy
 
         [Parameter()]
         [System.Object]
-        $MinDevicePasswordLength,
+        $MinPasswordLength,
 
         [Parameter()]
         [System.Boolean]
@@ -9658,7 +9658,7 @@ function Remove-ActiveSyncDevice
     )
 }
 
-function Remove-ActiveSyncMailboxPolicy
+function Remove-MobileDeviceMailboxPolicy
 {
     [CmdletBinding()]
     param(
@@ -10612,7 +10612,7 @@ function Set-ActiveSyncDeviceAccessRule
     )
 }
 
-function Set-ActiveSyncMailboxPolicy
+function Set-MobileDeviceMailboxPolicy
 {
     [CmdletBinding()]
     param(
@@ -10650,7 +10650,7 @@ function Set-ActiveSyncMailboxPolicy
 
         [Parameter()]
         [System.Boolean]
-        $DevicePasswordEnabled,
+        $PasswordEnabled,
 
         [Parameter()]
         [System.Boolean]
@@ -10658,7 +10658,7 @@ function Set-ActiveSyncMailboxPolicy
 
         [Parameter()]
         [System.Int32]
-        $DevicePasswordHistory,
+        $PasswordHistory,
 
         [Parameter()]
         [System.Boolean]
@@ -10670,7 +10670,7 @@ function Set-ActiveSyncMailboxPolicy
 
         [Parameter()]
         [System.Int32]
-        $MinDevicePasswordComplexCharacters,
+        $MinPasswordComplexCharacters,
 
         [Parameter()]
         [System.Object]
@@ -10682,7 +10682,7 @@ function Set-ActiveSyncMailboxPolicy
 
         [Parameter()]
         [System.Object]
-        $DevicePasswordExpiration,
+        $PasswordExpiration,
 
         [Parameter()]
         [System.Boolean]
@@ -10694,7 +10694,7 @@ function Set-ActiveSyncMailboxPolicy
 
         [Parameter()]
         [System.Object]
-        $MaxDevicePasswordFailedAttempts,
+        $MaxPasswordFailedAttempts,
 
         [Parameter()]
         [System.Boolean]
@@ -10750,11 +10750,11 @@ function Set-ActiveSyncMailboxPolicy
 
         [Parameter()]
         [System.Object]
-        $MaxInactivityTimeDeviceLock,
+        $MaxInactivityTimeLock,
 
         [Parameter()]
         [System.Boolean]
-        $AlphanumericDevicePasswordRequired,
+        $AlphanumericPasswordRequired,
 
         [Parameter()]
         [System.Boolean]
@@ -10778,7 +10778,7 @@ function Set-ActiveSyncMailboxPolicy
 
         [Parameter()]
         [System.Boolean]
-        $AllowSimpleDevicePassword,
+        $AllowSimplePassword,
 
         [Parameter()]
         [System.Boolean]
@@ -10834,7 +10834,7 @@ function Set-ActiveSyncMailboxPolicy
 
         [Parameter()]
         [System.Object]
-        $MinDevicePasswordLength,
+        $MinPasswordLength,
 
         [Parameter()]
         [System.Boolean]